Kathie McDonald-McClure leads the Firm’s Data Privacy & Security Service practice and is a member of the Healthcare Service Team. Her longtime passion for and attention to technology-related matters has given her a leg-up in assisting clients with regard to data privacy and security. She regularly advises clients on HIPAA, GDPR, state data privacy and breach reporting laws. Because data privacy has become so interconnected with cyber technology, she has become the firm’s go-to for advice on health technology agreements and the impact of the 21st Century Cures Act (“information blocking,” “interoperability,” “patient access,” etc.).
Ms. McDonald-McClure has broad experience in the area of human research. She regularly advises healthcare providers on clinical trial agreements, research policy development, FDA and OHRP regulatory compliance, informed consent form compliance and HIPAA research authorizations, insurance and indemnification for adverse outcomes, Medicare Secondary Payor recovery issues, Medicare billing compliance, and data de-identification. She drafted U.S. contracting and informed consent templates for a global medical device company and assisted in training the company’s staff on issues that impact contract compliance.
Ms. McDonald-McClure’s career in healthcare, both in-house and in private practice, has contributed to her broad healthcare regulatory practice, which revolves around state and federal healthcare program matters with a focus on compliance and risk management. She has continuously maintained her Certification in Healthcare Compliance (CHC) by the Compliance Certification Board (CCB)® since 2007. She assists clients with enrollment and revalidation in Medicare and state Medicaid programs and with due diligence for acquisitions (including CHOWs). She regularly advises on the Anti-Kickback Act safe harbors (with a niche specialty on the discount and rebate rules) and reimbursement issues under the False Claims Act.
In 2009, she created the Firm’s first legal blog: the Wyatt HITECH Law Blog, which originally tracked developments under the HITECH Act and Medicare’s evolving “meaningful use” program that encouraged providers to adopt electronic health records. As the “meaningful use” program came to an end, the blog’s focus shifted to data privacy and security legal developments impacting businesses and organizations both within and outside of healthcare.
Ms. McClure’s healthcare clients include hospitals, long-term care providers, physicians, chiropractors, pharmacies, durable medical equipment suppliers, behavioral health, clinical laboratories, home health, physical and occupational therapy providers, and medical device companies. Her non-healthcare clients include community support agencies, public school districts, and colleges and universities, among others.Show More
- State and federal data privacy laws including HIPAA, HITECH, FERPA, FTC, GDPR, CCPA, and Part 2 (Substance Use Disorder Confidentiality)
- Data security incident response (SIR), including forensics, breach notification, government agency investigations and the development of SIR policy and procedure
- Electronic Health Information (EHI) Interoperability (formerly Meaningful Use) and the Information Blocking Rule applicable ensuring patient and provider access to EHI
- Healthcare technology agreements (including electronic health records) review, advice and negotiation
- FTC Red Flags Rule and Identity Theft policies
- Employer wellness programs and on-site clinics as related to compliance with HIPAA and healthcare provider-related licensing rules and regulations
- Privacy notices on websites and mobile apps
- Human research compliance with the Federal Policy for the Protection of Human Subjects (Common Rule), HIPAA, FDA, False Claims Act, Anti-Kickback Statute, Stark Law and more
- Clinical trial research agreement development and negotiation between industry and institutional health care providers
- Physicians Payments Sunshine Act compliance guidance for both product manufacturers and teaching hospitals
- Anti-Kickback Statute, Stark Law, Civil Monetary Penalties Law compliance advice relevant to healthcare transactions
- Vendor discounts and rebates advice, including employee training, on healthcare product sales and services arrangements relevant to compliance with the Anti-Kickback Statute
- Healthcare mergers and acquisitions due diligence, including Medicare and Medicaid Change of Ownership (CHOW) transactions involving acquisition of the seller’s billing number(s).
- Enrollment, revalidation and change of information in Medicare and state Medicaid programs, including disclosure of ownership and control and adverse actions (hospitals, nursing homes, DME suppliers, pharmacies)
- State pharmacy board matters including licensure and complaints
- Nursing home arrangements advice for medical directors, PT/OT and other ancillary services, and I-SNPs
- Durable medical equipment (DME) compliance with Medicare DME standards, billing and competitive bidding program rules
- Long-term care pharmacy contracting and compliance matters
- Medicare Secondary Payer (MSP) recovery issues related to liability claim settlements involving Medicare beneficiaries
- Medicare reimbursement compliance advice involving billing under IPPS, OPPS, DRGs, RUGs, MIPS, APCs, HCPCS, NDC, etc.
- Concierge medicine practice advice including patient consent forms, space sharing arrangements, HIPAA, and Medicare billing compliance
- Clinical integration arrangements involving behavioral health, primary care and/or acute/post-acute care and population health
- Group purchasing organization (GPO) arrangements
- Compliance audits for hospitals, skilled nursing homes and DME suppliers, including employee training and education
- Government surveys, citations, subpoenas, warrants, and civil investigative demands
- DOJ and OIG exclusionary issues
- Fraud, Waste and Abuse (FWA) multi-state policy development for compliance with the Deficit Reduction Act of 2005 (DRA)
- Health care professional licensing board representation
- Liability insurance coverage questions including cyber liability insurance policies
J.D., University of Louisville
- Executive Editor of the Journal of Family Law
B.S.B.A. with highest honors, University of Louisville
- Highest Professional AV Rating by Martindale–Hubbell Law Directory. Peer references stated that “her ability to navigate an extremely complicated area of the law and then communicate with clients in a plain-spoken, easy to understand manner is admirable . Kathie practices with high ethical standards and is always very responsive to client concerns and schedules.” “Kathie is an excellent attorney, a true advocate for her clients and a model for legal ethics.”
- Woodward/White’s The Best Lawyers in America® Lawyer of the Year Health Care Law, 2018
- Woodward/White’s The Best Lawyers in America® Health Care Law, 2009-present
- Selected as a “Partner in Healthcare” by Business First, 2008-2016
- Vice President and Counsel with Kindred Healthcare, LLC, a national long-term care company which, at the time, provided long-term acute care (LTAC) services, skilled nursing home and rehab care, pharmacy and other healthcare services in over 40 states. As Vice President, was responsible for managing the company’s Liability Claims Department and a staff of approximately 13 lawyers and claims professionals. During her 12-year tenure at Kindred, she also was responsible for day-to-day legal advice in the areas of healthcare, employment, healthcare liability claims and risk management, and liability insurance policy coverage.
- Prior to in-house counsel position with Kindred, was with Greenebaum Doll & McDonald (now Dentons Bingham Greenebaum) for six years, representing local, regional and national companies before state and federal courts in commercial, insurance, employment and copyright and trademark protection litigation.
- Before joining Wyatt, she completed the Pepperdine Caruso School of Law Winter Intensive Course in Dispute Resolution and served as an independent healthcare liability claims mediator.
PROFESSIONAL ACTIVITIES AND MEMBERSHIPS
- Louisville, Kentucky and American Bar Associations (ABA) and the ABA’s Healthcare and Litigation, Tort & Insurance Sections
- Louisville Bar Association, 2005 Chair of Health Law Section, 1991 Chair Litigation Section Mock Trial Seminar, Past Member of Board of Directors, Past Member of Publications Committee
- International Association of Privacy Professionals (IAPP)
- American Health Law Association (AHLA) and the following AHLA practice groups: Life Sciences; Fraud & Abuse; Hospitals and Health Systems; Payors, Plans, and Managed Care; and Post-Acute and Long-Term Care (LTC) Services
- Health Care Compliance Association (HCCA)
- Certified in Healthcare Compliance (CHC) by the Compliance Certification Board (CCB)®, 2009 to present
- LTC Legal Risk Forum Participant, 2017-2019
- Healthcare Financial Management Association (HFMA)
- Kentucky and American Societies of Healthcare Risk Management (KSHRM and ASHRM)
- American Society for Pharmacy Law (ASPL)
- Association for Conflict Resolution (ACR), Member 2003-2016
- Member of the Advisory Board for the Greater Louisville (GLI) Health Enterprises Network (HEN), 2007-present, and Executive Committee, 2008- present; Vice-Chair, HEN Nominating Committee, 2016-2021, and Policy Forum, 2010-2014
- Leadership Kentucky, Class of 2017 Graduate
- Executive Leadership Team Member, American Heart Association 25th Anniversary Heart Ball fundraiser, 2017
- Honorary Chair, Elder Serve Champion for the Aging Awards Luncheon (fundraiser), 2012
- Health Enterprises Network Fellows Class, 2006
- Co-Chair, Local Organizing Committee for US Figure Skating’s Regional Championships in Louisville, KY, 2006-2007
- Member, Board of Directors, Louisville Skating Academy, 2007-2008
- Member, Board of Directors, Court Appointed Special Advocates (CASA), 1994-1995
Ms. McDonald-McClure has written or edited more than 100 articles for the Wyatt HITECH Law Blog (see BLOGS below). She’s also a frequent contributor to Wyatt’s Coronavirus News and Resources Blog – a blog (initially a newsletter) created in 2020 to keep clients up-to-date with issues relating to the Coronavirus pandemic. She regularly authors or edits articles with health care regulatory developments, cyber risk news, economic recovery news and more.
Other publications include:
- Overview & Guidance Note for Kentucky data privacy law for DataGuidance by OneTrust, a global privacy intelligence platform (September 2019, updated 2020)(co-author with Mary Fullington)
- Lorman Education Services: “Data Security in the ‘New Normal’ of Teleworking” (September 2020) (co-author with Margaret Young Levi)
- Lorman Education Services: “Audio-Video Conferencing Risks and Tips for Healthcare Providers” (September 2020) (co-author with Margaret Young Levi)
- Lorman Education Services: “CISA/NCSC Joint Alert Warns of APT Groups Targeting Healthcare and Essential Services” (August 2020) (co-author with Margaret Young Levi)
- Risk Management in Health Care Institutions: Limiting Liability and Enhancing Care, Chapter 16, “Risk Management in Long Term Care Institutions and Services” (2014 3rd )
- Valeo Communications: OCR Steps Up HIPAA Audits July 2011)
- HCCA Compliance Today, “Medicare’s New Mandatory Reporting Requirements for Liability Insurers, Including Self-Insured Entities” July 2009)
- LBA Bar Briefs, “Mandatory Reporting of Liability Settlements: Law to Shine Spotlight on Attorney’s and Their Clients’ Pocketbooks” June 2009)
- “Enforcement Activities By Investigating Authorities and Responding to Investigations,” Chapter 5, Kentucky Health Law (2009 5th ) (co-author with R. Benvenuti, Ill)
- HCCA Compliance Today, “Outpatient Therapy Clinics and Their Referring Physicians: Fraud and Abuse Risks” (April 2008)
- HFMA Kentucky Chapter Financial Scene, “Deficit Reduction Act Update” (January 2007)
- HFMA Kentucky Chapter Financial Scene, ”The DRA’s New False Claims Requirements” June-July, 2006)
- HFMA Kentucky Chapter Financial Scene, “US Supreme Court Limits Medicaid Recoveries in Persona l Injuries Settlements” June-July, 2006)
- HCCA Compliance Today, “Compliance 101, Clinical Trials Primer” June 2006)
Ms. McDonald-McClure has given more than 75 presentations on a variety of healthcare and data privacy and security topics, including HIPAA Privacy Rule, HIPAA Security Rule, data security incident response, state data breach laws, cyber-security insurance coverage, HITECH EHR Meaningful Use, 21st Century Cures Information Blocking and Medicare Program Interoperability Rules, Maintaining Electronic Health Record integrity, the Anti-Kickback Statute, False Claims Act, Affordable Care Act, ACOs and acute/post-acute collaborative arrangements, Physicians Payments Sunshine Act, Medicare reimbursement and payment methodologies, Medicare Hospital Two-Midnight Rule, Medicare Secondary Payer law and MMSEA Section 111, Section 6032 of the Deficit Reduction Act of 2005 (DRA)(Medicaid compliance mandates), behavioral health law and more. She also presents in-house seminars for legal, operations, sales, risk and insurance personnel of clients, either in person or through the use of virtual conferencing tools.
Ms. McDonald-McClure is the creator and editor of the Wyatt HITECH Law Blog, named after the Health Information Technology for Economic and Clinical Health Act of 2009 a/k/a The HITECH Act. The HITECH Act promoted the adoption of certified electronic health record technology (CEHRT). While the financial incentives were winding down, legal developments on the privacy and security front, beyond healthcare, were ramping up. By late 2015, the Wyatt HITECH Law Blog expanded its focus. Today, the blog is no longer limited to HIPAA and HITECH and covers legal developments in privacy and security that have implications for anyone handling confidential personal information in any industry sector.