Kathie McDonald-McClure



Kathie McDonald-McClure leads the Firm’s Data Privacy & Security Service Team and is a member of the Health Care Service Team. She regularly advises on compliance with laws prohibiting kickbacks and regulating provider referrals. She counsels clients on chronic care and population health management initiatives aimed at reducing health care costs. She often advices on HIPAA, GDPR and state data breach laws and on electronic data collection and tracking practices. Other areas of advice include clinical trials; Program Interoperability of electronic health records; concierge medicine; Medicare and Medicaid enrollment/revalidation; False Claims Act liability; Medicare and Medicaid liens.

Ms. McDonald-McClure also assists clients with responding to data privacy and security incidents.  She is the editor of the Wyatt HITECH Law Blog (wyatthitechlaw.com), which focuses on legal developments related to the privacy and security of confidential consumer and business information.  She also assists clients with the data privacy and security policies, healthcare compliance programs and with risk and insurance issues.

Her healthcare clients include medical device manufacturers, hospitals, nursing homes, physicians, behavioral health, home health, physical and occupational therapy providers, pharmacies, healthcare billing companies and a non-profit managed care insurance entity. Her non-healthcare clients include community support agencies, public school districts, and colleges and universities.

Show More


  • Structuring chronic care and population health arrangements between vendors and group health plans.
  • Reviewing arrangements between providers for compliance under Stark Law and Anti-Kickback Statute, Civil Monetary Penalities Law
  • Advising on compliance with HIPAA, HITECH, FERPA, FTC, drug, alcohol and behavioral health privacy and security regulations and standards.
  • Preparing and updating website and mobile application privacy notices and vendor agreements for compliance with applicable consumer data privacy laws.
  • Advising on data security incident response, forensics, breach notification and HHS OCR investigations
  • Advising hospitals and physicians on EHR Program Interoperability (formerly Meaningful Use) and information blocking compliance under the 21st Century Cures Act,  HITECH Act, MIPS and other Medicare quality initiatives
  • Advising on compliance with the FTC Red Flags Rule and Identity Theft policies
  • Advising concierge medicine practices including patient consent forms, space sharing arrangements, HIPAA and federal healthcare program requirements
  • Advising durable medical equipment (DME) suppliers on compliance with Medicare’s DME standards, billing and competitive bidding program rules
  • Assisting with Medicare and Medicaid audits and overpayment demands (ZPIC, RAC, OIG, DOJ)
  • Negotiating clinical trial research agreements between industry and health care providers, advising on regulatory compliance (e.g., FDA, IRB, False Claims Act, Anti-Kickback Statute, Stark Law), and developing research related policies
  • Advising on Medicare reimbursement rules and coverage decisions applicable to a variety of provider and supplier types (e.g., IPPS, OPPS, DRGs, RUGs, MIPS, Value-Based, APCs, HCPCS, NDC codes, etc.)
  • Advising on ACO and acute/post-acute arrangements
  • Structuring clinical integration arrangements for behavioral health, primary care, acute/post-acute and insurance
  • Assisting with state pharmacy board matters including licensure and complaints
  • Structuring compliant discount programs for sales of health care products and services
  • Preparing nursing home medical director, rehab and other ancillary services contracts
  • Structuring and advising on group purchasing organization member and vendor arrangements
  • Developing and auditing compliance programs and related education and training
  • Preparing enrollment, revalidation and change of information for Medicare and Medicaid programs, including disclosure of ownership and control and adverse actions
  • Advising plaintiff and defense counsel on, and assisting providers and self-insured entities with, compliance under the Medicare Secondary Payer law and mandatory insurance reporting requirements related to liability claims involving Medicare beneficiaries
  • Assisting with government surveys, citations, subpoenas, warrants, and civil investigative demands
  • Advising on DOJ and OIG settlements and exclusionary issues
  • Advising on compliance with the Deficit Reduction Act of 2005 applicable to Medicaid providers and their fraud, waste and abuse policies
  • Assisting with cyber liability insurance policy coverage considerations
  • Negotiating insurance and indemnity provisions
  • Representing health care professionals before licensing boards


J.D., University of Louisville, 1985

  • Executive Editor of the Journal of Family Law, 1984-1985

B.S.B.A. with highest honors, University of Louisville, 1982


  • Kentucky


  • Highest Professional AV Rating by Martindale-Hubbell Law Directory. Peer references stated that “her ability to navigate an extremely complicated area of the law and then communicate with clients in a plain-spoken, easy to understand manner is admirable. Kathie practices with high ethical standards and is always very responsive to client concerns and schedules.” “Kathie is an excellent attorney, a true advocate for her clients and a model for legal ethics.”
  • Woodward/White’s The Best Lawyers in America® Lawyer of the Year Health Care Law, 2018
  • Woodward/White’s The Best Lawyers in America® Health Care Law, 2009-present
  • Selected as a “Partner in Healthcare” by Business First, 2008-2016


  • Enjoyed 12-year tenure as in-house counsel with Kindred Healthcare, LLC, a national long-term care company operating nursing homes, hospitals and other healthcare services in over 40 states. Was responsible for day-to-day legal advice in the areas of healthcare, employment, liability and risk management culminating in a position as Vice President and Counsel of Liability Claims with responsibility for administration of general and professional liability claims and management of a staff of lawyers and legal professionals.
  • Prior to in-house counsel position with Kindred, was with Greenebaum Doll & McDonald for six years, representing local, regional and national corporations before state and federal courts in commercial, insurance, employment and copyright and trademark protection cases.
  • Before joining Wyatt, served as an independent healthcare liability consultant and claims mediator.


  • Louisville, Kentucky and American Bar Associations’ Healthcare, Litigation, Tort & Insurance Sections
  • Louisville Bar Association, 2005 Chair of Health Law Section, 1991 Chair Litigation Section Mock Trial Seminar, Past Member of Board of Directors, Past Member of Publications Committee
  • American Health Law Association (AHLA), including membership in the following groups: Life Sciences; Fraud & Abuse; Hospitals and Health Systems; Payors, Plans, and Managed Care; and Post Acute and Long Term Care Services
  • Health Care Compliance Association (HCCA), Certification in Healthcare Compliance (CHC)
  • LTC Legal Risk Forum
  • Healthcare Financial Management Association (HFMA)
  • Kentucky and American Societies of Healthcare Risk Management (KSHRM and ASHRM)
  • American Society for Pharmacy Law (ASPL)
  • International Association of Privacy Professionals (IAPP)
  • Association for Conflict Resolution (ACR), Member 2003-2016
  • Chair of the Washington, D.C. based American Health Care Association’s Medical Liability Subcommittee from December 2001 through July 2003


  • Member of the Advisory Board for the Greater Louisville Inc. (GLI) Health Enterprises Network (HEN), 2007-present, and Executive Committee, 2008-present; Vice-Chair, HEN Nominating Committee, 2016-present, and Policy Forum, 2010-2014
  • Leadership Kentucky, Class of 2017 Graduate
  • Member, 2017 American Heart Association Executive Leadership Team, 25th Anniversary Heart Ball (fundraiser for heart and stroke research)
  • Honorary Chair, ElderServe’s 2012 Champion for the Aging Awards Luncheon
  • HEN Fellows Class of 2006
  • Co-Chair, Local Organizing Committee for the first ever US Figure Skating’s Regional Championships in Louisville, KY, 2006-2007
  • Member, Board of Directors, Louisville Skating Academy, 2007-2008
  • Member, Board of Directors, Court Appointed Special Advocates (CASA), 1994-1995


Ms. McDonald-McClure has written or edited more than 100 articles for the Wyatt HITECH Law Blog, a blog that she created soon after passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 to track legal developments related to health information technology, privacy and security.  The blog’s scope was expanded in 2015 to report legal developments and enforcement actions regarding the privacy and security of sensitive data of individuals, businesses and organizations in all industry sectors.

Ms. McDonald-McClure is also a frequent contributor to Wyatt’s Coronavirus News and Resources Blog – a blog created to keep clients up-to-date with issues relating to the novel coronavirus. She authors articles with health care information, reopening news, cyber risk news, economic recovery news and more on a weekly basis.

Other publications include:

  • Lorman Education Services:  “Data Security in the ‘New Normal’ of Teleworking” (September 2020) (co-author with Margaret Young Levi)
  • Lorman Education Services:  “Audio-Video Conferencing Risks and Tips for Healthcare Providers” (September 2020) (co-author with Margaret Young Levi)
  • Lorman Education Services:  “CISA/NCSC Joint Alert Warns of APT Groups Targeting Healthcare and Essential Services” (August 2020) (co-author with Margaret Young Levi)
  • Risk Management in Health Care Institutions: Limiting Liability and Enhancing Care, Chapter 16, “Risk Management in Long Term Care Institutions and Services” (2014 3rd Ed.)
  • Valeo Communications: OCR Steps Up HIPAA Audits (July 2011)
  • HCCA Compliance Today, “Medicare’s New Mandatory Reporting Requirements for Liability Insurers, Including Self-Insured Entities” (July 2009)
  • LBA Bar Briefs, “Mandatory Reporting of Liability Settlements:  Law to Shine Spotlight on Attorney’s and Their Clients’ Pocketbooks” (June 2009)
  • “Enforcement Activities By Investigating Authorities and Responding to Investigations,” Chp. 5, Kentucky Health Law (2009 5th Ed.) (co-author with R. Benvenuti, III)
  • HCCA Compliance Today, “Outpatient Therapy Clinics and Their Referring Physicians: Fraud and Abuse Risks” (April 2008)
  • HFMA Kentucky Chapter Financial Scene, “Deficit Reduction Act Update” (January 2007)
  • HFMA Kentucky Chapter Financial Scene, “The DRA’s New False Claims Requirements” (June-July, 2006)
  • HFMA Kentucky Chapter Financial Scene, “US Supreme Court Limits Medicaid Recoveries in Personal Injuries Settlements” (June-July, 2006)
  • HCCA Compliance Today, “Compliance 101, Clinical Trials Primer” (June 2006)


  • Ms. McDonald-McClure has given more than 70 presentations on a variety of healthcare and data privacy and security topics, including cyber-security insurance, HIPAA/HITECH and state data breach laws, Anti-Kickback Statute, False Claims Act, Affordable Care Act, ACOs and acute/post-acute collaborative arrangements, Physicians Payments Sunshine Act, the HITECH Act of 2009 (e.g., EHR Meaningful Use and Program Interoperability Rules, Security Rule Risk Assessments), Medicare reimbursement and payment methodologies, hospital in-patient 2-midnight rule, Medicare Secondary Payer law and the MMSEA Section 111 mandatory insurance reporting requirements, the Deficit Reduction Act of 2005’s false claims education requirements, behavioral health and more.  She also presents in-house seminars for legal, operations, sales, risk and insurance personnel of clients, either in person or through the use of the firm’s webinar technology.


Ms. McDonald-McClure is the creator and editor of the Wyatt HITECH Law Blog. The HITECH Law blog focuses on legal developments related to the privacy and security of confidential consumer and business information in today’s “high tech” world.  Since 2009, the year this blog was created, there has been an explosion in consumer and business electronic data privacy and security issues, beyond healthcare, HIPAA and the Health Information Technology for Economic and Clinical Health Act of 2009 (aka “The HITECH Act,” the original impetus for the blog).  This compelled us to expand the blog’s scope in late 2015 to cover legal developments regarding the creation, access, collection, maintenance or transmission of confidential information regarding an individual, business or organization in all industry sectors.