Post & Schell

Steven J. Fox

Partner
(202) 661-6940
(202) 661-6975 Fax
sjfox@postschell.com
Washington, D.C.

Steven J. Fox is a partner with Post & Schell, PC, a national law firm serving clients throughout the United States, and is an acknowledged and well-known national authority on legal issues regarding information technology, data privacy and healthcare information technology. He is Chair of the firm’s Information Technology Group and Co-Chair of its Data Protection Group. Mr. Fox assists clients with legal issues and strategic counseling involving technology, healthcare information systems, data privacy matters, healthcare regulatory compliance, and e-commerce. In particular, he has experience in the development, acquisition, negotiation, transfer and licensing of complex information systems; Health Information Exchanges (HIEs); Regional Health Information Organizations (RHIOs); networks and software; outsourcing transactions; acquisitions and implementations of Electronic Health Records (EHRs); data privacy protection, including Health Insurance Portability and Accountability Act of 1996 (HIPAA) compliance; Internet and technology-use policies; consulting/services agreements; and corporate, contractual, and intellectual property matters.

Most recently, Mr. Fox has been working with and advising clients on navigating the complexities of the American Recovery and Reinvestment Act of 2009 (ARRA) in order to obtain the EHR incentives and comply with the updated HIPAA provisions under the Health Information Technology for Economic and Clinical Health (HITECH) Act. Steve also continues to advise clients on the legal implications of establishing and maintaining HIEs and RHIOs, including the impact of privacy and security issues and Stark and Anti-Kickback regulations on the donation, adoption and sharing of EHRs.

Mr. Fox is co-author of "Guide to Establishing a Regional Health Information Organization," which was published in February 2007 by the Healthcare Information and Management Systems Society (HIMSS). He also is a co-author of "Guide to Medical Privacy and HIPAA," published by Thompson Publishing Group in 2002. Between 2000 and 2006, Mr. Fox authored a regular "Q&A" column about compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) at www.HIPAAdvisory.com.

Mr. Fox served on the HIMSS Board of Directors from 2006 to 2008, and continues to serve as a member of the HIMSS Privacy & Security Steering Committee and on the Board of the Maryland chapter of HIMSS. He also chairs the Policy Committee and serves as an ex-officio Board member of the Pennsylvania e-Health Initiative.

Mr. Fox is a frequent national speaker and author on issues involving technology and healthcare information. He recently presented or published articles regarding "meaningful use" regulations, data privacy compliance in the post-ARRA environment, and negotiating contracts for vendor-financed EHR systems.

Blog

www.healthitlawblog.com

Areas of Practice

Information Technology
Data Protection
Electronic Discovery
Health Law
Business Law & Litigation

Bar Memberships

District of Columbia
Maryland

Publications

"Protecting Patient Data -- New Rules, New Headaches, Risk Management: What Board Members and Senior Managers Need to Know," AHLA Business Law and Governance Practice Group Executive Summary, April 2010, by Steven J. Fox, Peter Hardy and Vadim Schick

"Negotiating Contracts For Vendor-Financed Purchases Of EHR Systems," Journal of Health Information Management, Vol. 24, No. 1, Winter 2010, by Steven J. Fox and Vadim Schick

"New Terminology in the HITECH Act," Advance for Health Information Executives, Vol. 13, No. 12, December 2009, by Steven J. Fox and Vadim Schick

"Risk Prevention/Management Advice to Hospitals Regarding Document-Sharing Technology," April 1, 2009, by Steven J. Fox and Vadim Schick

"Summary of EMR Incentives and New HIPAA Provisions in HITECH Act," MD HIMSS Newsletter, Spring 2009, by Steven J. Fox and Vadim Schick

"Secure Messaging Software May Be Ineligible for Donation by Hospitals to Physicians," HITS Newsletter, January 15, 2009, by Steven J. Fox and Vadim Schick

"Identity Theft Prevention Program Deadline Postponed; Overview of Program Requirements," November 25, 2008, by Steven J. Fox, Edward F. Shay and Vadim Schick

"HIPAA Lessons Learned From HHS-Providence Resolution Agreement," September 24, 2008, by Steven J. Fox, Edward F. Shay and Vadim Schick

"Health Care Providers and the Red Flag Rules: Time is Running Out," August 21, 2008, by Steven J. Fox, Edward F. Shay and Vadim Schick

"Implementation Solutions and Unintended Gaps of Cost Sharing: HHS Final Rules for e-Prescribing and Electronic Health Records," (co-author), The Journal of Healthcare Information Management, Summer 2007, Vol. 21, No. 3

"Guide to Establishing a Regional Health Information Organization," published by HIMSS, 2007

"Guide to Medical Privacy and HIPAA," co-author, Thompson Publishing Group, Washington, DC (2002)

Author of a regular "Q&A" column about compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) at www.HIPAAdvisory.com.

Publications - Full Text Available

Negotiating “Must-have” Provisions in HIT Contracts
A Lawyer’s Take on Meaningful Use
Risk Prevention/Management Advice to Hospitals Regarding Document-Sharing Technology
Identity Theft Prevention Program Deadline Postponed; Overview of Program Requirements
HIPAA Lessons Learned From HHS-Providence Resolution Agreement
Health Care Providers and the Red Flag Rules: Time is Running Out

Media

Quoted in “Zero Tolerance" by Gregg Blesch & Joe Carlson in Modern Healthcare at http://www.modernhealthcare.com/article/20100301/NEWS/303019988 , March 1, 2010.

Quoted in “Privacy policies over electronic health records expand reach” by Anya Litvak in the Pittsburgh Business Times at http://pittsburgh.bizjournals.com/pittsburgh/stories/2010/02/22/story11.html?surround=etf&ana=e_article&b=1266814800%5e2914361, February 19, 2010.

Quoted in “IT Vendor Negotiations in the ARRA Era” by Greg Goth in For The Record at http://www.fortherecordmag.com/archives/021510p14.shtml, February 15, 2010.

Quoted in “Shore Up Your HIPAA Compliance Before Enforcement Storm Hits This Year” in inhealthcare.com at http://hitnews.inhealthcare.com/hit-help-desk/shore-up-your-hipaa-compliance-before-enforcement-storm-hits-this-year/, February 3, 2010.

Affiliations

HIMSS (Advisory Board Member, 2006-2008)
HIMSS Privacy & Security Steering Committee (2009-2011)
Pennsylvania eHealth Initiative (Ex-officio member, Board of Directors and Chair of the Policy Committee)
American Health Lawyers Association
Maryland HIMSS (Board of Directors)

Education

Bachelor of Arts, University of Maryland, 1971 Graduated with honors
Juris Doctor, University of Maryland School of Law, 1974

Classes/Seminars/Speaking Engagements

"How Strong Contract Negotiation Strategies Can Impact EHR and HITECH Act Success," 2010 AHIMA Legal EHR Conference, Chicago, IL (August 16, 2010)

"Meaningful Use Update," presented by Steve Fox and Vadim Schick, Maryland HIMSS Conference, Baltimore, MD (March 25, 2010)

"Electronic Health Records Technology Contracts After HITECH," presented by Steve Fox and Vadim Schick, along with William Gillespie of WellSpan Health, Strafford Continuing Legal Education webinar (March 23, 2010)

"Negotiating Must-Have Provisions in HIT Contracts," Post & Schell Webinar, March 18, 2010

"Defusing Data Privacy, Confidentiality & Security Land Mines: Negotiating the HIT Deal, Implementing Compliance, Responding to Crisis," presented by Steve Fox, Peter Hardy and Vadim Schick; and "Electronic Health Records: Licensing and Incentives," presented by Steve Fox and William J. Gillespie of WellSpan Health, the Pennsylvania Bar Institute program, Philadelphia, PA (March 12, 2010)

"A Lawyer’s Take on Meaningful Use," Post & Schell Webinar, February 25, 2010

"Legal Strategies on the Road to Meaningful Use: Negotiating Strategies to Manage Expectations and Avoid Disputes," the HIMSS ARRA Road Show, Chicago, IL (January 15, 2010)

Panelist, Discussion on Privacy & Security Issues, Health Information Exchange Summit (sponsored by the Consulate of Canada and held at the Philadelphia College of Physicians), Philadelphia, PA (November 10, 2009)

"Privacy and Security: How HITECH is changing HIPAA," co-presented with Edward F. Shay of Post & Schell, PC, Health IT Stimulus Summit, Boston, MA (September 18, 2009)

"Untangling the Health Care Stimulus Package: 7 Months Later - ARRA’s Impact on HIPAA," The Health Care Connectivity Summit, Baltimore, MD (September 23, 2009)

Moderator: "A Real World Look at Successful Strategies for Acquisition, Implementation and Operation of an EHR in a Hospital Setting," CBI's Access Federal Stimulus Incentives for Electronic Health Records Conference, Alexandria, VA (September 24, 2009)

"Ensuring Privacy and Security of Health Information Exchange," presented by Steven J. Fox and William Gillespie, VP-Chief Technology Officer & CIO Emeritus at WellSpan Health, Collaborative Communications Summit, Fort Lauderdale, FL (June 17, 2009)

"Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable," presented by Steven J. Fox and Peter Hardy of Post & Schell, SCCE Conference, Austin, TX (June 2, 2009)

"Ensuring Privacy and Security of Health Information Exchange," presented by Steven J. Fox and William Gillespie, VP-Chief Technology Officer & CIO Emeritus of WellSpan Health, Maryland Tech Council's First Annual Mid-Atlantic Healthcare IT Conference, Bethesda, MD (April 30, 2009)

"Privacy and Security Aspects of the HITECH Act," co-presenter on AHLA Teleconference - Part II, Washington, D.C. (March 26, 2009)

"American Recovery and Reinvestment Act of 2009's Impact on Health IT and the Government's Role in Adoption of Electronic Health Records," FOSE 2009 Conference, Washington, DC (March 11, 2009)

"Security and Privacy Issues in Connection with Wireless Technologies," Maryland HIMSS Conference, Baltimore, MD (October 31, 2008)

Panel, "Privacy and Security: Health Information Exchange in Pennsylvania," Western PA HIMSS Conference, Pittsburgh, PA (October 16, 2008)

Moderator: "The Role of Stark Reform in the Transformation of Healthcare in Rural Maine," HIMSS Summit, Washington, D.C. (June 9, 2008)

"E-Discovery: Practical Knowledge About Data Retention and Management Under the Federal Rules on E-Discovery," the Central Pennsylvania Health Information Management Association (CPHIMA), Hershey, PA (December 14, 2007)

"Complying with the Amended Stark & Anti-Kickback Regulations," West Virginia HIMSS Chapter, Roanoke, WV (December 13, 2007)

"Legal Implications of the Ambulatory EHR - Complying with the Amended Stark & Anti-Kickback Regulations," Maryland HIMSS Conference, Sheppard Pratt Conference Center, Baltimore, MD (October 12, 2007)

"Implementation Solutions and Unintended Gaps of Cost Sharing: HHS Final Rules for e-Prescribing and Electronic Health Records," (co-author), The Journal of Healthcare Information Management, Summer 2007, Vol. 21, No. 3

"Complying with the Amended Stark & Anti-Kickback Regulations," Connecting Communities Regional Forums, Boston, MA (May 10, 2007); Orlando, FL (May 3, 2007); Chicago, IL (December 14, 2006); Salt Lake City, UT (December 12, 2006)

"Stark & Anti-Kickback Impact on EHR Adoption," HIMSS Summit, Washington, D.C. (June 6, 2006)

"RHIOs: Legal Issues," BIO-IT Coalition Conference on Using Advanced Information Technologies to Develop Personalized Medicine-Healthcare, George Mason University, Fairfax, VA (May 4, 2006)

"e-Health Initiatives: Collecting, Connecting and Collaborating with Electronic Health Records," sponsored by New Jersey Hospital Association, Princeton, NJ (March 23, 2006)

"RHIOs: Laws and Ethics," HIMSS Forum, San Diego, CA (February 12, 2006)

"Legal Issues and Considerations for RHIOs," sponsored by World Research Group, Las Vegas, NV (November 29, 2005)

"Connecting Providers to RHIOs - Legal Issues & Challenges for Regional Health Information Organizations," SoftMed Executive Forum, Aventura, FL (January 15, 2005)

"Implications of First HIPAA Criminal Conviction," Audio conference, sponsored by Strafford Publications, Inc., Washington, D.C. (November 9, 2004)

"Protecting Your Organization with Internal Policies and Procedures," Workaday HIPAA Conference, sponsored by UCG, Boston, MA (April 11, 2003)

"A HIPAA Primer," sponsored by InfraGard Philadelphia Chapter, Philadelphia, PA (March 4, 2003)

"HIPAA Privacy Implementation: Steps for Last 90 Days," Audio Conference, sponsored by Thompson Publishing Group, Washington, D.C. (January 30, 2003)

"Protect Your Organization with Internal Policies and Procedures," Workaday HIPAA Conference, sponsored by UCG, San Diego, CA (December 6, 2002)

"HIPAA for New Managers, Department Heads, Supervisors and Members of HIPAA Committees," Audio conference, sponsored by Health Resources Publishing (November 6, 2002)

"CIOs and the New HIPAA Privacy Rule," Audio conference, sponsored by HIS Insider Weekly, Washington, D.C. (October 2, 2002)

"HIPAA for Heath Care Vendors," Audio conference, sponsored by Health Resources Publishing, Washington, D.C. (September 12, 2002)

"Contracting and Negotiating for Health Care Information Systems," TEPR 2002, Seattle, WA (May 14, 2002)

"The New Privacy NPRM: An Authoritative Analysis," Audio conference, sponsored by Phoenix Health Systems (April 9, 2002)

"HIPAA Overview - Solutions to the HIPAA Deadline Challenge," 6th Annual Compliance Strategies Conference, Las Vegas, NV (March 13, 2002)

"Complying with HIPAA Deadlines," HIMSS 2002, Atlanta, GA (January 31, 2002)

"The Final Privacy Regulations — What Are They and How Do You Comply," HIPAA 101 Conference, Pittsburgh, PA (December 14, 2001)

"Preparing & Implementing Patient Privacy Requirements for HIPAA – Patient Consents & Authorizations," Audio conference, sponsored by Temple University School of Pharmacy, MediMedia Managed Care and Abbott Laboratories (November 14, 2001)

"What If You Don’t Meet the Deadlines," The Third National HIPAA Summit, Washington, D.C. (October 26, 2001)

"Legally HIPAA! A Summer Audio Conference Series," Washington, D.C. — Handling Consents and Authorizations (June 20, 2001); Handling Chain of Trust & Business Associate Agreements (July 18, 2001); Developing Privacy/Security Policies and Procedures (August 22, 2001)

"HIPAA Update and the Privacy Standards," Maryland Society of Healthcare Information Systems Management, Baltimore, MD (May 2001)

"Successful Health Care Information System Planning and Contracting," ACHE 2001 Congress, Chicago, IL (March 2001)

"RFP Development and HIS Contract Negotiations Under HIPAA," HIMSS 2001, New Orleans, LA (February 2001)

"HIPAA Update – Making Sense Out of the Final HIPAA Privacy Regulations," HIMSS 2001, New Orleans, LA (February 2001)

"HIPAA Compliance Issues," Straight Talk on HIPAA Conference, Washington, D.C. (July 2000)

"Nuts and Bolts of HIS Vendor/Product Evaluations and Contract Negotiations," HIMSS 2000, Dallas, TX (April 2000)

"Advanced Health Care Information Systems Licensing Issues," American Health Lawyers Association, Chicago, IL (May 1999)

"Nuts and Bolts of RFP Development and HIS Contract Negotiations," HIMSS 1999, Atlanta, GA (with William J. Gillespie and Deborah Kohn) (February 1999)

"Merger Mania CPR Contract Issues," Straight Talk on the Computerized Patient Record Conference, Fort Lauderdale, FL (January 1999)