Photo of Daniel F. Gottlieb

Daniel F. Gottlieb counsels a wide range of health care industry clients, including health care providers, health plans, health information technology (IT) vendors and life sciences companies. He represents these entities on health IT acquisitions, privacy and data protection, reimbursement, fraud and abuse, and other health care regulatory and transactional matters. Daniel is a co-leader of the Firm’s Global Privacy and Cybersecurity Practice. Read Daniel Gottlieb's full bio.

California’s Senate and Assembly unanimously approved AB 375 (also known as the California Consumer Privacy Act of 2018), on June 28, 2018. This new consumer privacy bill will be the most progressive and comprehensive privacy law in the United States, reaching far beyond California’s borders to give California consumers more visibility and control over their

Earlier this month, more than 45,000 attendees descended on Las Vegas, NV, for the nation’s largest annual health care technology conference: the 2018 HIMSS Conference & Exhibition (HIMSS18). Conversations and educational sessions covered a wide range of health tech topics, with thought leaders, solutions developers, health system executives, patient advocates and care providers coming together to discuss the myriad obstacles and opportunities facing the health care technology industry today.

On Tuesday March 6, during the HIMSS conference, McDermott Will & Emery along with our friends at Capstone Headwaters convened a panel discussion on “Financing High-Growth Healthcare IT Companies, which I had the pleasure of moderating. The seasoned mix of health care finance and private equity professionals discussed the various types and sources of capital available to fuel high-growth health IT organizations and how to choose the right mix of capital to support a company’s growth needs. We also reviewed the legal and regulatory implications for investments in health care IT companies, and discussed considerations for optimal positioning in a value-based care environment. 
Continue Reading

Last week, the US Court of Appeals for the DC Circuit issued a long-awaited decision on an omnibus challenge to the FCC’s interpretation of the TCPA. While the decision provides some relief for businesses, it does not eliminate the prospect of TCPA liability and leaves important TCPA interpretive questions unresolved. Businesses should continue to be

The General Data Protection Regulation (GDPR) establishes protections for the privacy and security of personal data (Personal Data) about individuals in the European Union (EU) single market countries, and potentially affects the clinical and other scientific research activities of academic medical centers and other research organizations in the United States.

This On the Subject includes

On May 31, 2017, the US Department of Justice announced a Settlement Agreement under which eClinicalWorks, a vendor of electronic health record software, agreed to pay $155 million and enter into a five-year Corporate Integrity Agreement to resolve allegations that it caused its customers to submit false claims for Medicare and Medicaid meaningful use payments

On December 7, 2016, the US Congress approved the 21st Century Cures Act (Cures legislation), which is intended to accelerate the “discovery, development and delivery” of medical therapies by encouraging public and private biomedical research investment, facilitating innovation review and approval processes, and continuing to invest and modernize the delivery of health care. The massive

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently posted guidance (OCR guidance) clarifying that a business associate such as an information technology vendor generally may not block or terminate access by a covered entity customer to protected health information (PHI) maintained by the vendor on behalf of the

On January 15, 2016,  the U.S. Food and Drug Administration (FDA) published a draft guidance entitled Postmarket Management of Cybersecurity in Medical Devices (Draft Guidance), which outlines FDA’s recommendations for managing postmarket cybersecurity vulnerabilities in medical devices that contain software or programmable logic and software that is a medical device, including networked medical devices. The

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently transmitted HIPAA pre-audit screening surveys to covered entities that may be selected for a second phase of HIPAA compliance audits (Phase 2 Audits). OCR is required to conduct compliance audits of covered entities and business associates under the 2009 Health Information

In 2014, regulators around the globe issued guidelines, legislation and penalties in an effort to enhance security and control within the ever-shifting field of privacy and data protection. The Federal Trade Commission confirmed its expanded reach in the United States, and Canada’s far-reaching anti-spam legislation takes full effect imminently. As European authorities grappled with the