The Health Care Compliance Association (HCAA) Research Compliance Conference: It’s Not Research, It’s Quality Improvement

Speaking Engagement | June.08.2022

Anaheim, CA

Thora Johnson, a partner in Orrick’s Cyber, Privacy & Data Innovation Group, will lead the session “It’s Not Research, It’s Quality Improvement,” at the Health Care Compliance Association (HCAA) Research Compliance Conference. Thora and her co-panelist, the Privacy and Research Compliance Officer at the American College of Cardiology, will discuss, examine and explore:

  • The differences between research and quality improvement activities
  • The Office for Human Research Protections (OHRP) guidance on quality improvement and the revised Common Rule exemptions
  • Case examples where organizations successfully navigated QI and research differences


  • Technology & Innovation Sector
  • Cyber Privacy and Data Innovation
  • Strategic Advisory & Government Enforcement (SAGE)

Thora Johnson Partner

Washington, D.C.

Thora has extensive experience counseling clients on the Health Insurance Portability and Accountability Act (HIPAA) and other state and federal health privacy and regulatory compliance regimes including:

  • Office of the National Coordinator for Health Information Technology’s interoperability and information blocking regulations
  • Centers for Medicare & Medicaid Service’s (CMS’s) interoperability and patient access regulations
  • Part 2 confidentiality requirements applicable to substance abuse records
  • State health information privacy laws
  • Medicare/Medicaid compliance
  • Mental Health Parity and Addiction Equity Act (MHPAEA)
  • Genetic Information Nondiscrimination Act (GINA)
  • Affordable Care Act (ACA) compliance
  • Regulatory requirements of the Employer Retirement Income Security Act (ERISA), the Internal Revenue Code, HIPAA, and the ACA as they apply to employer health and wellness plans
  • Price transparency and surprise billing rules applicable to hospitals and health plans