1. Home
  2. Events
  3. The Health Care Compliance Association (HCAA) Research Compliance Conference: It’s Not Research, It’s Quality Improvement

The Health Care Compliance Association (HCAA) Research Compliance Conference: It’s Not Research, It’s Quality Improvement

Speaking Engagement | June.08.2022

Anaheim, CA

Thora Johnson, a partner in Orrick’s Cyber, Privacy & Data Innovation Group, will lead the session “It’s Not Research, It’s Quality Improvement,” at the Health Care Compliance Association (HCAA) Research Compliance Conference. Thora and her co-panelist, the Privacy and Research Compliance Officer at the American College of Cardiology, will discuss, examine and explore:

  • The differences between research and quality improvement activities
  • The Office for Human Research Protections (OHRP) guidance on quality improvement and the revised Common Rule exemptions
  • Case examples where organizations successfully navigated QI and research differences

Practice:

  • Technology & Innovation Sector
  • Life Sciences & HealthTech
  • Cyber, Privacy & Data Innovation
  • Strategic Advisory & Government Enforcement (SAGE)

Thora Johnson Partner

Washington, D.C.

Thora works with medical device, pharmaceutical, biotech and digital health companies, helping them navigate the increasingly complex patchwork of state and federal health privacy laws. One client described her to the Legal 500 as a “very practical” advisor providing “exceptional guidance” on health information privacy and HIPAA compliance matters.

Her breadth and depth of experience enable Thora to assist clients in harnessing the power of artificial intelligence and executing data-sharing arrangements, all while protecting health data. As a result, Thora spends much of her time counseling pioneering startups and high-growth companies on responsible innovation in healthcare and life sciences.

Thora brings extensive experience counseling clients, including Fortune 500 companies and brick and mortar providers, on the Health Insurance Portability and Accountability Act (HIPAA) and other state and federal health privacy and regulatory compliance regimes including:

  • Office of the National Coordinator for Health Information Technology’s interoperability and information blocking regulations
  • Centers for Medicare & Medicaid Service’s (CMS’s) interoperability and patient access regulations
  • Part 2 confidentiality requirements applicable to substance abuse records
  • State health information privacy laws
  • State consumer privacy laws with special controls for health data
  • Medicare/Medicaid compliance
  • Mental Health Parity and Addiction Equity Act (MHPAEA)
  • Genetic Information Nondiscrimination Act (GINA)
  • Affordable Care Act (ACA) compliance
  • Regulatory requirements of the Employer Retirement Income Security Act (ERISA), the Internal Revenue Code, HIPAA, and the ACA as they apply to employer health and wellness plans

Thora routinely helps companies and large employers prepare for and respond to privacy and security incidents involving health information. She also defends clients in government investigations initiated by the OCR, OIG, DOJ, FTC and State AGs, among others.