Health Information Technology

Information technology enables the health care system to communicate, analyze, and deliver care, from electronic health records to telemedicine, from clinical decision systems to "big data" health care analytics and mobile health to consumer wearables. Baker Donelson's lawyers have the knowledge and experience to address the full spectrum of legal needs faced by organizations struggling with the issues they face on a daily basis to ensure the regulatory, contractual, and business strategy is analyzed, understood, and managed.

In many cases, our clients are leading-edge innovators or first adopters. We provide advice and representation across a range of known and emerging matters, drawing on deep understanding of law and policy to provide context and clear counsel for moving businesses forward.

Clients. Our clients include health care providers, HIT companies, health financing companies, digital health applications, companies developing artificial intelligence, pharmaceutical companies, medical device companies, and medical software developers and vendors.

Regulatory compliance. We advise health care technology clients on topics relating to telemedicine issues, Medicare/Medicaid reimbursement, privacy and information security (including but not limited to Health Insurance Portability and Accountability Act (HIPAA), California Consumer Privacy Act (CCPA), and General Data Protection Regulation (GDPR)), interoperability and information blocking, fraud and abuse, Stark, compliance audits, Merit-based Incentive Payment System (MIPS) requirements, defending government investigations, and interpreting the ever-changing regulations that affect information technologies in the health care industry.

Transactions. Our team represents HIT companies (that develop and operate software solutions, electronic medical records (EMRs), digital health assets, and apps) in significant sales, affiliations, and merger transactions to national IT companies, private equity investors, and platforms. Our extensive knowledge of the health care and life sciences industries, and more specifically the niche of software and technology aspects and their unique set of issues, has helped our clients navigate the complexities of such transactions.

We also advise clients on all types of business transactions involving the purchase and sale of health care technology products and services, including related intellectual property issues, privacy and security issues, and other risk factors for diligence and negotiation. We routinely advise on licensing agreements for content, software, and other rights-protected intellectual property. We advise on a full range of commercial and contractual matters, including strategic alliance agreements, joint ventures, data center and web hosting agreements, managed service provider agreements and business associate agreements, and financing agreements.

Our attorneys strategize with clients to structure deals to meet the client's desired goals in the most tax-efficient manner. We also have experienced counsel to help with the myriad of issues posed, including antitrust, Committee on Foreign Investment in the United States (CIFUS), cross-border, tax, litigation, finance, real estate, employee benefits, securities, and other regulatory concerns.

mHealth. mHealth issues arise from the evolving landscape of our mobile society and the expectation that information is available at our fingertips. mHealth continues to have a profound and wide-ranging impact, with new technology developments triggering not only existing and emerging health-care-specific regulations, but a myriad of developing laws and regulations relating to the business use of technology. We offer comprehensive and proactive advice and solutions to these often complex mHealth issues.

Interoperability and Information Blocking. Federal law requires all members of the health care ecosystem to ensure that health information is available and usable by all actors. As health care systems and their partners move more and more to care management and care coordination among various providers along the continuum of care, the ability of patient information to be shared in real time becomes crucial. At Baker Donelson, the HIT team is familiar with these challenges and the mechanics of achieving interoperability. We understand the enormous potential of blockchain technology for the implementation of interoperability and have experience with the unique challenges that are developing with blockchain technologies and negotiations. Our attorneys guide clients through the issues associated with information blocking and the potential fines for violation of the law.

Information privacy and security management. We counsel HIT clients on a wide array of privacy, data security, and cybersecurity issues, including regulatory compliance with applicable federal and state laws. Our team brings deep experience in these areas and includes numerous attorneys who are Certified Information Privacy Professionals (CIPP) and Artificial Intelligence Governance Professionals (AIGP).

Public policy. We provide strategic counsel as well as day-to-day policy representation, working to protect and advance client interests throughout the course of federal policy-making. We work to guide the actions of clients both in anticipation of and as a result of expected HIT policies.

• "Illinois Passes Extensive Law Regulating AI in Behavioral Health" (August 2025)
• "OIG Advisory Opinion 25-08: Unfavorable DME – Vendor Payment Arrangement" (July 2025)
• "Insider Threats Are Just as Dangerous as Ransomware – Lessons from the Latest OCR HIPAA Settlement," republished July 1, 2025, in Cyber Defense Magazine (June 2025)
• "DOJ Bulk Data Rule: Key Takeaways for Healthcare and Life Sciences" (May 2025)
• "Executive Orders on Domestic Production of Critical Medicines and Biological Research Security" (May 2025)
• "Recent CCPA Decision Portends Potential Expansion of Class Action Liability Exposure For Cookies, Pixels, and Tracking Technologies," republished in Law360 (May 2025)
• "Information Blocking: Disincentives Established for Health Care Providers" (July 2024)
• "Medical Records Scams: What You Need to Know" (June 2024)
• "Providers Take Note: The Common Agreement Version 2.0 Released," republished May 8, 2024, in HealthIT Answers (April 2024)
• "HIPAA Updates: The Obligations Continue to Unfold" (February 2024)
• "Top Privacy and Cybersecurity Issues to Track In 2024," Republished February 5, 2024, in CPO Magazine (January 2024)
• "Health Care Remains a Top Target for Hackers" (November 2023)
• "OCR Enforcement Action Likely: Reminder of Steps to Take Now" (October 2023)
• "A Baker's Dozen: Top Questions In-House Legal Counsel Should Consider Asking to Better Understand AI including ChatGPT" (April 2023)
• "U.S. Health Care Sector Should Take Immediate Mitigating Actions Due to Targeted Attacks by Pro-Russia Hacktivist Group" (February 2023)
• "Mitigating Cyber Vulnerabilities in Medical Devices" (September 2022)
• "HHS Issues Post-Dobbs HIPAA Privacy Guidance for Employer Health Plans, Other Covered Entities" (July 2022)
• "Office For Civil Rights Seeks Input on Implementation of HITECH Amendments" (April 2022)
• "New Legislation Will Require Critical Sector Entities to Report Certain Cyber Incidents," republished April 7, 2022 in, CPO Magazine (March 2022)
• "Trusted Exchange Framework and the Common Agreement" (January 2022)
• "FTC Reminds Consumer Health Apps of Its Health Breach Notification Rule" (September 2021)
• "What You Should Know About California's New Health Facility Breach Reporting Regulations," republished in Westlaw (July 2021)
• "FBI Warns Hospital and Health Care Providers are Under Attack" (October 2020)
• "HHS Releases Update to Security Risk Assessment Tool" (September 2020)

• Baker Donelson's Julie A. Kilgore Earns AI Governance Professional Certification (July 10, 2025)
• Baker Donelson's Vivien F. Peaden and Alexandra P. Moylan Earn AI Governance Professional Certification (June 4, 2024)
• Michaela D. Poizner Named Chair of Baker Donelson's Nationally Recognized Health Law Group (April 10, 2023)
• Baker Donelson Names New Leaders in Health Law Group (October 28, 2021)
• Baker Donelson Continues Growth of Corporate Practice with Addition of Robert H. Laird Jr. (October 5, 2021)
• Layna Cook Rush Named Chair of Baker Donelson's Data Incident Response Team (March 5, 2021)
• Baker Donelson's Layna Cook Rush Earns Additional Information Privacy Certification (November 10, 2020)

• Vivien Peaden Discusses Adoption of European AI Code of Practice in Louisiana Illuminator (August 7, 2025)
• Vivien Peaden Quoted in The Fabricator on Robotic Process Automation as an AI Tool (July 28, 2025)
• Howard Sollins Discusses CMS Plans to Address Uncompetitive Certificate of Need Laws in Skilled Nursing News (July 28, 2025)
• Alex Moylan and Michael Halaiko Featured on SupplyChainBrain Discussing Recent Executive Orders Regarding Domestic Production of Critical Medicines (June 23, 2025)
• Health Law and Public Policy Department Chair Michaela Poizner Talks with Law.com About Her Path to Leadership (June 11, 2025)
• Layna Cook Rush Comments on Proposed HIPAA Security Rule in For the Record (May 29, 2025)
• Vivien Peaden Talks with Daily Report About Being Elected a Firm Shareholder (May 2, 2025)
• Law360 Highlights New Health Group Leaders Michaela Poizner, Robert Wells, and Craig Conley (April 3, 2025)
• Bruce Doeg Shares Insights from ViVE Conference in Teknovation (March 5, 2025)
• Alisa Chestler Quoted in Part B News on How Proposed HIPAA Rule May Mean 'Addressable' Measures Are 'Required' (January 20, 2025)
• In Report on Medicare Compliance, Sanford Teplitzky Addresses Anticipated Disruption of Health Compliance and Enforcement Under New Trump Administration (January 13, 2025)
• Robert Wells Discusses Data Privacy Regulatory Issues in Pharmaceutical Executive (December 20, 2024)
• Robert Wells Talks with Pharmaceutical Executive About Use of AI in Pharmaceutical Marketing (December 13, 2024)
• Robert Wells Featured in Pharmaceutical Executive Discussing Usage of AI in the Pharmaceutical Industry (December 6, 2024)
• Alissa Fleming and Matt Wolfe Quoted in Hospice News on CMS Memo Advising Surveyors to Watch for Potential Hospice Fraud (November 14, 2024)
• Layna Rush Shares Best Practices for Responding to HIPAA Complaints in Healthcare Risk Management (September 1, 2024)
• Layna Rush Addresses Question of Sending Patient Records Via Unsecure Email in Part B News (August 12, 2024)
• Matt Wolfe Comments in Behavioral Health Business on Uncertainty Following Chevron Ruling (July 9, 2024)
• Alisa Chestler Talks with Part B News About Fax Phishing Scams in Health Care (July 8, 2024)
• Layna Rush Quoted in Healthcare Risk Management on Resumption of HITECH Audits (July 1, 2024)
• Layna Rush Discusses HIPAA-Compliant Texting in Healthcare Risk Management (July 1, 2024)
• Layna Rush Comments in The Daily Upside on the Increasing Frequency and Costs of Hacks on Health Care Systems (June 23, 2024)
• New Chattanooga Managing Shareholder Clinton Sanko Featured in Hamilton County Herald (February 23, 2024)
• Robert Wells Featured in Pharmaceutical Executive Discussing Anticipated Regulatory Actions Governing Use of AI in Pharma Industry (January 17, 2024)
• Matt Wolfe Discusses Certificate of Need Issues Facing Hospice Providers in Hospice News (January 12, 2024)
• Matt Wolfe Quoted in Hospice News on Special Focus Certificates of Need to Reach Underserved Populations (December 1, 2023)
• Layna Rush Discusses What to Expect After a HIPAA Violation in Healthcare Risk Management (December 1, 2023)
• Layna Rush Comments on OCR's Security Risk Assessment Tool in Healthcare Risk Management (December 1, 2023)
• Alisa Chestler Featured in MedTech Intelligence Q&A on Overcoming Barriers to EHR Adoption in Behavioral Health (November 8, 2023)
• Alisa Chestler Featured on Healthcare IT News' HIMSS TV Discussing Behavioral Health Data Interoperability (October 18, 2023)
• Alisa Chestler Discusses SEC Rules Regulating Cybersecurity in Nashville Post Q&A (September 5, 2023)
• Layna Rush Quoted in Healthcare Risk Management on How a Hospital Cyberattack Can Critically Affect Other Hospitals in the Community (September 1, 2023)
• Alisa Chestler Quoted in Part B News on Cybersecurity Challenges Facing Providers in the Wake of MOVEit Data Breach (August 21, 2023)
• Alisa Chestler Comments on New SEC Cybersecurity Incident Disclosure Rule in VentureBeat (August 7, 2023)
• Alisa Chestler Talks with Healthcare Risk Management About Impact of Proposed OCR Rule Involving Reproductive Privacy Rights on HIPAA Policies and Procedures (July 1, 2023)
• Alisa Chestler Discusses Protecting Enterprise Assets Against Cybersecurity Failures in InformationWeek (June 21, 2023)
• Layna Rush Discusses Cyber Liability Insurance vs. Data Breach Insurance in CSO Magazine (June 14, 2023)
• Matthew Wolfe Talks with Home Health Care News About Recent Study on Potential Factors in Billing Fraud (June 9, 2023)
• Matthew Wolfe Comments in Home Health Care News on Medicaid Wage Proposal (May 25, 2023)
• Michaela Poizner Discusses Her New Role as Chair of Baker Donelson's Health Law Group in Law360 (April 11, 2023)
• Nashville Medical News Highlights Michaela Poizner as Chair of Baker Donelson's Health Law Group (April 10, 2023)
• Layna Rush Shares Best Practices for Cyberattack Response Planning in Healthcare Risk Management (April 1, 2023)
• Robert Wells Talks with PharmaVoice About Increased Antitrust Scrutiny of Pharmaceutical Companies (February 2, 2023)
• Robert Wells Quoted in PharmaVoice Newsletter on Increased Antitrust Enforcement for the Health Care Industry (January 17, 2023)
• Robert Wells Discusses How CMS's New Emphasis on Behavioral Health is Likely to Lead to Enforcement Action in Part B News (January 2, 2023)
• Matthew Wolfe Quoted in Part B News on Anticipated Growth in Behavioral Health Sector After CMS Changes (January 2, 2023)
• Kathleen Salsbury Comments in Part B News on Preparing for Policy and Compliance Changes as CMS Hints at End of COVID Public Health Emergency (September 8, 2022)
• Rob Laird Offers Advice on Venture Capital for Startups in the Nashville Post (September 7, 2022)
• Robert Wells Comments on Impact of OTC Hearing Aid Rule in Part B News (August 29, 2022)
• Alisa Chestler Quoted in Behavioral Health Business on Future of EHRs in Behavioral Health Care (August 18, 2022)
• Robert Wells Talks with Healthcare Risk Management About Flexibility That Value-Based Safe Harbor and Stark Exception Offer Providers (July 1, 2022)
• Newly Elected Nashville Shareholders Bert Chollet, Andy Droke and Ryan Richards Featured in Nashville Post (April 18, 2022)
• Robert Wells Featured Among Savoy's 2022 Most Influential Black Lawyers (February 14, 2022)
• Layna Rush Comments in Tech Target on Impact of Potential Litigation and Regulatory Action from Data Breaches (January 20, 2022)
• Robert Wells Discusses Demand for Health Law Attorneys in Law.com (December 6, 2021)
• Law360 Highlights Addition of Robert Wells to Health Law Group (November 19, 2021)
• Former Congresswoman Barbara Comstock Discusses Outcome of Virginia's Gubernatorial Election on PBS News Hour (November 3, 2021)
• Baker Donelson's Addition of Six North Carolina-Based Health Law Attorneys Featured in American Lawyer (October 13, 2021)
• Layna Rush Quoted in Commercial Risk on Data Breach Response for the Vaccine Supply Chain (October 12, 2021)
• Nashville Post Highlights Addition of Robert H. Laird Jr. to Baker Donelson's Corporate Group (October 5, 2021)
• Justin Daniels Discusses the Privacy and Security Risks of Connected Health Devices in Healthcare Info Security (August 23, 2021)
• Layna Rush Discusses Whistleblower Exception That Allows Reporting HIPAA Violations with PHI in Healthcare Risk Management (May 14, 2021)
• Alisa Chestler Comments on Recent OCR Right of Access Settlements in Hospital Access Management (November 10, 2020)
• Zachary Busey Comments on NLRB Decision on Cannabis Workers in Law360 (November 2, 2020)