Leeann Habte

Privacy and Security

• Advised on Office for Civil Rights investigations regarding large breaches and ransomware, and on security risk assessments.
• Counseled national health care system and California health care entities on health information exchange participation strategy, developed participation agreements, and privacy/security policies and negotiated  agreements.
• Advised on integrated  data sharing arrangements and approaches and universal releases of information for health and social services data, in compliance with California and federal law.
• Conducted numerous 50-state surveys on state minor consent laws, state law restrictions on disclosure of sensitive information, pharmacy-specific privacy requirements and related issues.
• Assisted state health care  system to disaffiliate data systems and information, considering data ownership, contractual arrangements and compliance.

Regulatory Compliance

• Successfully obtained a full-service health plan license for a California Medi-Cal managed care plan; routinely advise on regulatory submissions.
• Drafted set of policies for implementing changes to Med-Cal 2024 agreement and a broad range of other compliance policies; related to health plan Medicare/Medi-Cal compliance elivered Fraud, Waste, and Abuse and HIPAA/Corporate Integrity Agreement training for California health plans, hospital medical staff bylaws, utilizaton review, and hospital informed consent policies
• Drafted Institutional Review Board Policies for creation of new IRB, advised on clinical research agreements.
• Assisted in internal investigations on fraud and abuse issues.
• Advised counties on issues related to jails and correctional health services and health care.

Reimbursement

• Counseled a health plan on successful litigation appealing health plan Medi-Cal managed care rates, represented various counties in Medi-Cal administrative appeals of mental health administrative expenses, Federally Qualified Health Center payments and related issues.
• Successfully represented a provider on stop-loss insurance issues.
• Advised clients on appeals of overpayment charges from Office of Inspector General, Centers for Medicare and Medicare Services, or Department of Health Care Services.

• Top Health Care Lawyer, Daily Journal, 2021
• Woman of Influence: Health Care, Los Angeles Business Journal, 2021
• ​The Best Lawyers in America®, Health Care Law, 2021–2025

• American Health Lawyers Association, Health Information Technology Practice Group, Publications Co-Chair, 2021-present
• American Health Lawyers Association, Digital Health Affinity Group Chair, 2021
• California Society for Health Care Attorneys
• Health Care Compliance Association, Southern California Conference Planning Committee Member, 2021-present
• International Association of Privacy Professionals
• Los Angeles County Bar Association, Health Law Section Executive Committee Member, 2021-present

Publications

• Co-author, “OCR Releases Final Rule on Reproductive Health Privacy, “ Health Law Weekly, May 3, 2024
• “Texas Court Vacates Office for Civil Rights Guidance on Third-Party Website Tracking Technology,” American Health Law Association, July 10 2024
• “Transitioning of Behavioral Health Data Sharing and Information Exchange: A Structured Approach to Decision Making,” Information Briefing, AHLA, April 2021
• "Health Data Defense: Understanding Security Standards and Certifications," AHLA Connections, Oct. 2021
• "Convener on Artificial Intelligence and Health Law: Designing a Trusted Framework for the Application of AI in Health Care," American Health Lawyers Association, Nov. 2020
• “Transitioning of Behavioral Health Data Sharing and Information Exchange: A Structured Approach to Decision Making” AHLA Briefing, April 2021
• "Artificial Intelligence in Health Care: Welcome to the Machine,"  AHLA Connections, June 2018
• “Federal and State Data Privacy Laws and Their Implications for the Creation and Use of Health Information Databases,” Big Data: A Business and Legal Guide, CRC Press, 2015
• “What is the Meaning of Meaningful Use? How to Decode the Opportunities and Risks in Health Information Technology,” Business Law News, July 13, 2015
• “The Big Data Dilemma: Compliance for the Health Professional in an Increasingly Data-Driven World,” Journal of Healthcare Compliance, June 2015
• “Deconstructing Cyberinsurance Coverage: Lessons From the Travelers Case,” AHLA HIT Practice Group E-alert, June 15, 2015
• “Medicare Penalties and Bonuses for Meaningful Use of EHRs Revamped as Part of the ‘Doc Fix’ Bill,” AHLA HIT Practice Group E-alert, June 8, 2015
• “Privacy Laws Impose Key Restrictions,” Executive Insight, April 20, 2015
• “Tapping Into the Big Value of Health Care Big Data,” Foley White Paper, Feb. 27, 2015
• “OIG 2015 Work Plan, Part 2: Do Fewer Projects Mean a Sharper Focus?” Compliance Today, Feb. 2, 2015.
• “Genetic Information Privacy: A Complex Regulatory Framework,” Bloomberg BNA: Medical Research Law & Policy Report, Jan. 7, 2015
• “Federal and State Privacy Laws: Strategies for Analysis of Big Data in Healthcare,” Healthcare Informatics, Dec.5, 2014
• “Privacy Issues in the Sharing of Genetic Information,” Foley White Paper, Sept.18, 2014
• “A Proactive Approach to Cloud Computing in the Health Care Industry,” AHLA Connections, June 1, 2013
• “Minnesota AG Reaches First Settlement With Business Associate Under HITECH Act,” Bloomberg BNA's Health IT Law & Industry Report, Aug. 20, 2012
• “HHS Imposes First Civil Penalty and Resolution Agreement Resulting from HITECH Breach Notification Rule,” Managed Care Outlook, April 15, 2012
• “DMEPOS Supplier Marketing Arrangements and HIPAA Compliance,” Compliance Today, Sept. 1, 2011

Presentations

• “Behavioral Health Privacy: Updates on 42 CFR Part 2 and Application to Telehealth,” American Health Lawyers Association, March 12, 2025
• “New Developments in Behavioral Health and Reproductive Health Privacy,” Southern California Health Care Compliance Association, June 7, 2024
• “Healthcare Privacy: Recent Updates and What to Expect in 2024,” County Counsel Association, Southern California, April 18, 2024
• “Telemedicine Series Part I: Telehealth Today – Compliance and Reimbursement Considerations,” American Health Law Association Webinar, March 12, 2024
• "Developments in Sensitive Health Data Privacy Regulations - What you Need to Know," Los Angeles County Bar Association Webinar, May 15, 2024
• "Addressing Cybersecurity Risks: Best Practices to Keep Your Special District Secure," Webinar, California Special Districts Association, Oct. 6, 2022
• "Exploring Data Breaches: What State, Local, and Private Institutions can do to Protect Themselves and the Public," California State Senate Select Committee on Cybersecurity and Identity Theft Prevention, Nov. 8, 2021
• "Cybersecurity Risks and Cities: Strategies to Address Escalating Threats," League of California Cities Annual Conference, Sept. 23, 2021
• "Addressing Cybersecurity Risks: Best Practices to Keep Your Special District Secure," Webinar, California Special Districts Association, May 25, 2021
• "Designing a Trusted Framework for the Application of AI in Health Care," AHLA’s Convener on Artificial Intelligence and Health Law, Nov. 2, 2020
• "What COVID-19 and Other Changes Mean for Your Privacy Impact Analysis," Health Care Compliance Association, May 29, 2020
• "COVID-19 and the Mainstreaming of Telehealth," COVID-19 and the Mainstreaming of Telehealth, Los Angeles County Bar Association Healthcare Law Section, June 2, 2020
• "Artificial Intelligence in Health Care: Welcome to the Machine," American Health Lawyers Association AI and Health Law Convener, Mar. 5, 2020
• "Health Care Artificial Intelligence: Law, Regulation, and Policy," The Stanford Center for Continuing Medical Education Conference, Nov. 8, 2019
• "Legal Panel: Cybersecurity, Artificial Intelligence, and Medical Devices," Artificial Intelligence in Healthcare Presentation, Maurice A. Deane School of Law at Hofstra University, Apr. 4, 2019
• "Behavioral Health Privacy Compliance in a Changing Health Care Environment," Health Care Compliance Association Orange County Regional Compliance Conference, June 15, 2018
• "When Ransomware Attacks — Dancing with the Devil," American Health Lawyers Association’s Physicians and Hospitals Law Institute, Feb. 6, 2018
• "Insurance Considerations, Privacy and Cybersecurity," The Seminar Group Legal and Policy Considerations of Automated Vehicles: Balancing Innovation and Regulation Event, Sep. 15, 2017
• “In the Trenches: OCR Audits, Data Breaches, and Cybersecurity Threats & Mitigations,” Southern California Health Care Compliance Association Conference, June 16, 2017
• Strategies for Managing Business Associate Relations,” Southern California Health Care Compliance Association Conference, June 17, 2016
• “How to Navigate Proposed Changes to Substance Abuse Confidentiality Regulations,” Foley Web Conf., Mar. 29, 2016
• “Best Practices in HIPAA Security Risk Analysis,” Health Information and Management Systems Society Privacy and Security Forum, Dec. 2, 2015
• “EHR Technology: Where Meaningful Use, Compliance, and Clinical IT Intersect,” Foley Compliance Immersion Program, Nov. 18, 2015
• “Telehealth Data Privacy and Security: Strategies and Solutions for Providers,” Foley Web Conf., Sept.16, 2015
• “HIPAA and Beyond: Compliance with Federal and State Privacy Laws,” Health Care Compliance Association Southern California Regional Conf., June 19, 2015
• “How Digital Health will Enable BioPharma to be More Patient-Centered,” CalBIO Conf., Mar. 3, 2015
• “Data Breach Prevention and Response – Managing the Risk,” Foley Web Conf., Oct. 7, 2014
• “Protecting Patient Rights in Your ASC: What’s New in Compliance with Privacy Laws,” Ambulatory Surgical Centers Association National Conf., Apr. 19, 2013
• “Preparing to Comply With the HITECH Final Rule,” Foley Web Conf., Mar. 19, 2013
• “Health Care Data in the Cloud: Strategies for Contracting With Cloud Providers,” Foley Web Conf., Jan. 16, 2013
• “Cloud Computing in Healthcare: HIPAA and State Law Challenges,” Foley Web Conf., June 7, 2012
• “Privacy and Security in the HITECH Era,” Foley Web Conf., Dec. 16, 2011