Leeann Habte counsels clients on information privacy and security programs, health care regulatory compliance, and Medicare and Medicaid reimbursement issues. She represents health plans, hospitals, physicians, pharmacies, medical device companies, health information exchanges, digital health companies, and other public and private organizations on a broad range of legal issues.
Leeann applies her practical and legal experience to help clients find real-world business solutions to complex legal and regulatory issues.
Privacy and Security
A Certified Information Privacy Professional, Leeann advises organizations that handle health care, personal or educational data on security incident response, security breach notification, security risk assessments, privacy and security policies and procedures, vendor management practices, business associate agreements, website privacy policies, training, and related issues. She is highly experienced in counseling clients on the interaction of state and federal law, including the Health Insurance Portability and Accountability Act, the Confidentiality of Alcohol and Drug Abuse Treatment Records (42 CFR Part 2), the Federal Trade Commission Act, the Family Educational Rights and Privacy Act, employer-focused laws, and state laws regarding sensitive information (Lanterman-Petris-Short Act, Board of Pharmacy rules). She has advised on complex data-sharing arrangements related to clinical integration, clinical research, telemedicine, health information exchange, electronic health records systems, medical/mobile devices, and on emerging privacy and security risks.
Health Care Compliance
Leeann counsels clients on fraud and abuse compliance; licensing, certification and change of ownership; provider enrollment; credentialing; Knox-Keene Act and Medi-Cal managed care compliance; governance; medical staff issues and informed consent policies.
Leeann advises clients on Medicaid and Medicare reimbursement issues, including Medi-Cal rate appeals and audits, Medicaid waiver issues, reimbursement rules, medical necessity determinations, billing issues, utilization review and bankruptcy issues. She is actively involved in Medicaid waiver program implementation.
Leeann provides strategic counseling to emerging medical device and digital health companies on privacy and security, fraud and abuse, and regulatory issues (including Food and Drug Administration clearance). She handles clinical research agreements and supply chain contracting, and coordinates health regulatory, business and intellectual property advice.
Prior to joining Best Best & Krieger LLP as a partner, Leeann was a senior counsel at Foley & Lardner LLP, a law firm with a nationally recognized health care practice. She also has years of practical experience, having served as an associate director at the UCLA Center for Health Policy Research and research director at the Minnesota Department of Health prior to becoming an attorney. In those positions, she was responsible for HIPAA and data security, data-sharing and compliance issues. She also led initiatives and developed regulations on health quality, administrative simplification, charity care, rural hospital and primary care center issues.
A native of Minnesota, Leeann obtained her master’s degree in communications from the University of Minnesota. She has worked in the health care field for more than 20 years, having begun in public relations, transitioned to health policy, and then to a legal career. She attended and ranked highly in Loyola Law School’s evening program for professionals while working full-time at UCLA. She is a devoted mother, a world traveler, and a Tai Chi practitioner.
Privacy and Security
- Advised California hospitals on Office for Civil Rights investigations regarding large breaches and ransomware, and on security risk assessments.
- Counseled California hospitals and national health care system on health information exchange participation strategy, developed participation agreements, and privacy/security policies and negotiated agreements.
- Conducted numerous 50-state surveys for a national pharmacy company on state minor consent laws, state law restrictions on disclosure of sensitive information, pharmacy-specific privacy requirements and related issues.
- Assisted state hospital system to disaffiliate data systems and information, considering data ownership, contractual arrangements and compliance.
- Advised on Whole Person Care CalAIM data sharing arrangements and approaches, in compliance with California and federal law.
- Drafted and revised health plan Medicare/Medi-Cal compliance policies and developed and delivered Fraud, Waste, and Abuse and HIPAA training for a California health plan.
- Drafted and revised compliance policies, including hospital medical staff bylaws, hospital consent to treatment and credentialing/peer review.
- Drafted Institutional Review Board Policies for creation of new IRB, advised on clinical research agreements.
- Assisted in internal investigations on fraud and abuse issues.
- Advised counties and public hospitals on implementation of Medicaid Bridge to Reform Waiver programs.
- Advised on development and updates to hospital utilization review policies and procedures, and end of life directives and orders.
- Advised counties on issues related to jails and correctional health services and health care.
- Advised counties on mental health/substance use disorder legal issues.
- Counseled a health plan on litigation appealing Medi-Cal managed care rates, represented various counties in Medi-Cal administrative appeals of mental health administrative expenses, Federally Qualified Health Center payments and related issues.
- Assisted a public hospital association in development of claiming protocols for low income health program, including administrative claiming protocol.
- Advised clients on medical necessity determinations in appeals of overpayment charges from Office of Inspector General, Centers for Medicare and Medicare Services, or Department of Health Care Services.
- Advised hospitals and physician groups on specific coding and billing issues, in particular billing for substance abuse and mental health services.
- Develop protocol for Medicaid State Plan for IT, including reimbursement for electronic health record implementation, advise on hospitals on EHR audits and appeals.
- Advised clients on medical necessity issues, including special considerations for homeless persons and other special populations.
- Counseled emerging medical device and telemedicine companies on health care regulatory strategy; provided oversight of intellectual property, general, and corporate matters.
- Developed privacy statements, consents and consulted on data security and data sharing arrangements.
- Provide analysis of fraud and abuse and corporate practice of medicine issues.
- Negotiated supplier, clinical research and other agreements.
- Top Health Care Lawyer, Daily Journal, 2021
- Woman of Influence: Health Care, Los Angeles Business Journal, 2021
- The Best Lawyers in America®, Health Care Law, 2021–2024
- American Health Lawyers Association, Digital Health Affinity Group Chair, 2021
- California Society for Health Care Attorneys
- Health Care Compliance Association, Southern California Conference Planning Committee Member, 2021
- International Association of Privacy Professionals
- Los Angeles County Bar Association, Health Law Section Executive Committee Member, 2021
- “Transitioning of Behavioral Health Data Sharing and Information Exchange: A Structured Approach to Decision Making,” Information Briefing, AHLA, April 2021
- "Health Data Defense: Understanding Security Standards and Certifications," AHLA Connections, Oct. 2021
- "Convener on Artificial Intelligence and Health Law: Designing a Trusted Framework for the Application of AI in Health Care," American Health Lawyers Association, Nov. 2020
- “Transitioning of Behavioral Health Data Sharing and Information Exchange: A Structured Approach to Decision Making” AHLA Briefing, April 2021
- "Artificial Intelligence in Health Care: Welcome to the Machine," AHLA Connections, June 2018
- “Federal and State Data Privacy Laws and Their Implications for the Creation and Use of Health Information Databases,” Big Data: A Business and Legal Guide, CRC Press, 2015
- “What is the Meaning of Meaningful Use? How to Decode the Opportunities and Risks in Health Information Technology,” Business Law News, July 13, 2015
- “The Big Data Dilemma: Compliance for the Health Professional in an Increasingly Data-Driven World,” Journal of Healthcare Compliance, June 2015
- “Deconstructing Cyberinsurance Coverage: Lessons From the Travelers Case,” AHLA HIT Practice Group E-alert, June 15, 2015
- “Medicare Penalties and Bonuses for Meaningful Use of EHRs Revamped as Part of the ‘Doc Fix’ Bill,” AHLA HIT Practice Group E-alert, June 8, 2015
- “Privacy Laws Impose Key Restrictions,” Executive Insight, April 20, 2015
- “Tapping Into the Big Value of Health Care Big Data,” Foley White Paper, Feb. 27, 2015
- “OIG 2015 Work Plan, Part 2: Do Fewer Projects Mean a Sharper Focus?” Compliance Today, Feb. 2, 2015.
- “Genetic Information Privacy: A Complex Regulatory Framework,” Bloomberg BNA: Medical Research Law & Policy Report, Jan. 7, 2015
- “Federal and State Privacy Laws: Strategies for Analysis of Big Data in Healthcare,” Healthcare Informatics, Dec.5, 2014
- “Privacy Issues in the Sharing of Genetic Information,” Foley White Paper, Sept.18, 2014
- “A Proactive Approach to Cloud Computing in the Health Care Industry,” AHLA Connections, June 1, 2013
- “Minnesota AG Reaches First Settlement With Business Associate Under HITECH Act,” Bloomberg BNA's Health IT Law & Industry Report, Aug. 20, 2012
- “HHS Imposes First Civil Penalty and Resolution Agreement Resulting from HITECH Breach Notification Rule,” Managed Care Outlook, April 15, 2012
- “DMEPOS Supplier Marketing Arrangements and HIPAA Compliance,” Compliance Today, Sept. 1, 2011
- "Addressing Cybersecurity Risks: Best Practices to Keep Your Special District Secure," Webinar, California Special Districts Association, Oct. 6, 2022
- "Exploring Data Breaches: What State, Local, and Private Institutions can do to Protect Themselves and the Public," California State Senate Select Committee on Cybersecurity and Identity Theft Prevention, Nov. 8, 2021
- "Cybersecurity Risks and Cities: Strategies to Address Escalating Threats," League of California Cities Annual Conference, Sept. 23, 2021
- "Addressing Cybersecurity Risks: Best Practices to Keep Your Special District Secure," Webinar, California Special Districts Association, May 25, 2021
- "Designing a Trusted Framework for the Application of AI in Health Care," AHLA’s Convener on Artificial Intelligence and Health Law, Nov. 2, 2020
- "What COVID-19 and Other Changes Mean for Your Privacy Impact Analysis," Health Care Compliance Association, May 29, 2020
- "COVID-19 and the Mainstreaming of Telehealth," COVID-19 and the Mainstreaming of Telehealth, Los Angeles County Bar Association Healthcare Law Section, June 2, 2020
- "Artificial Intelligence in Health Care: Welcome to the Machine," American Health Lawyers Association AI and Health Law Convener, Mar. 5, 2020
- "Health Care Artificial Intelligence: Law, Regulation, and Policy," The Stanford Center for Continuing Medical Education Conference, Nov. 8, 2019
- "Legal Panel: Cybersecurity, Artificial Intelligence, and Medical Devices," Artificial Intelligence in Healthcare Presentation, Maurice A. Deane School of Law at Hofstra University, Apr. 4, 2019
- "Behavioral Health Privacy Compliance in a Changing Health Care Environment," Health Care Compliance Association Orange County Regional Compliance Conference, June 15, 2018
- "When Ransomware Attacks — Dancing with the Devil," American Health Lawyers Association’s Physicians and Hospitals Law Institute, Feb. 6, 2018
- "Insurance Considerations, Privacy and Cybersecurity," The Seminar Group Legal and Policy Considerations of Automated Vehicles: Balancing Innovation and Regulation Event, Sep. 15, 2017
- “In the Trenches: OCR Audits, Data Breaches, and Cybersecurity Threats & Mitigations,” Southern California Health Care Compliance Association Conference, June 16, 2017
- Strategies for Managing Business Associate Relations,” Southern California Health Care Compliance Association Conference, June 17, 2016
- “How to Navigate Proposed Changes to Substance Abuse Confidentiality Regulations,” Foley Web Conf., Mar. 29, 2016
- “Best Practices in HIPAA Security Risk Analysis,” Health Information and Management Systems Society Privacy and Security Forum, Dec. 2, 2015
- “EHR Technology: Where Meaningful Use, Compliance, and Clinical IT Intersect,” Foley Compliance Immersion Program, Nov. 18, 2015
- “Telehealth Data Privacy and Security: Strategies and Solutions for Providers,” Foley Web Conf., Sept.16, 2015
- “HIPAA and Beyond: Compliance with Federal and State Privacy Laws,” Health Care Compliance Association Southern California Regional Conf., June 19, 2015
- “How Digital Health will Enable BioPharma to be More Patient-Centered,” CalBIO Conf., Mar. 3, 2015
- “Data Breach Prevention and Response – Managing the Risk,” Foley Web Conf., Oct. 7, 2014
- “Protecting Patient Rights in Your ASC: What’s New in Compliance with Privacy Laws,” Ambulatory Surgical Centers Association National Conf., Apr. 19, 2013
- “Preparing to Comply With the HITECH Final Rule,” Foley Web Conf., Mar. 19, 2013
- “Health Care Data in the Cloud: Strategies for Contracting With Cloud Providers,” Foley Web Conf., Jan. 16, 2013
- “Cloud Computing in Healthcare: HIPAA and State Law Challenges,” Foley Web Conf., June 7, 2012
- “Privacy and Security in the HITECH Era,” Foley Web Conf., Dec. 16, 2011