Thora Johnson


Washington, D.C.

Thora Johnson is co-chair of Orrick's Life Sciences Group. She helps clients navigate emerging and traditional regulatory challenges in the biotechnology, healthcare and pharmaceutical sectors. She advises on cybersecurity, privacy and healthcare regulatory matters.

Thora has extensive experience counseling clients on the Health Insurance Portability and Accountability Act (HIPAA) and other state and federal health privacy and regulatory compliance regimes including:

  • Office of the National Coordinator for Health Information Technology’s interoperability and information blocking regulations
  • Centers for Medicare & Medicaid Service’s (CMS’s) interoperability and patient access regulations
  • Part 2 confidentiality requirements applicable to substance abuse records
  • State health information privacy laws
  • Medicare/Medicaid compliance
  • Mental Health Parity and Addiction Equity Act (MHPAEA)
  • Genetic Information Nondiscrimination Act (GINA)
  • Affordable Care Act (ACA) compliance
  • Regulatory requirements of the Employer Retirement Income Security Act (ERISA), the Internal Revenue Code, HIPAA, and the ACA as they apply to employer health and wellness plans
  • Price transparency and surprise billing rules applicable to hospitals and health plans
  • Confidentiality of Health Information

    • Structures HIPAA compliance and incident response programs
    • Often provides guidance on the intersection of HIPAA, Part 2 and state laws governing the confidentiality of medical records
    • Represented a large health insurance company in negotiating and implementing a HIPAA Resolution Agreement and Corrective Action Plan with the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR)
    • Represented covered entities and business associates in Phase 2 HIPAA desk audits
    • Regularly represents covered entities and business associates in resolving complaints with the regional offices of OCR
    • Helps clients with investigating and responding to potential privacy and security incidents, including preparation of risk assessments and notices to affected individuals and OCR
    • Works with clients establishing medical registries and running research studies

    Health and Welfare Plan Compliance

    • Advises employers on how ACA legislation affects their health plans, including how to provide ACA-compliant health coverage to avoid penalties, report offers of health coverage, appeal eligibility determinations made by the health insurance exchanges and employer mandate penalties being assessed by the IRS and comply with disclosure obligations
    • Consolidated Appropriations Act’s no surprising billing, transparency, reporting and disclosure requirements
    • Provides day-to-day advice on health and welfare compliance to employers, including drafting plan documents, summary plan descriptions, and summaries of benefits and coverages; and negotiating administrative service agreements
    • Counsels employers on alternative means of providing healthcare, including onsite medical clinics and private exchanges
    • Serves as counsel in lawsuits brought against health plans and health insurers by out-of-network providers under ERISA

    Other Healthcare Regulatory Compliance

    • Advises on Section 1557 nondiscrimination requirements applicable to certain healthcare providers, health insurers and group health plans
    • Provides counsel on meaningful use, interoperability and care quality improvement initiatives
    • Represents multiple clients regarding their compliance obligations as First Tier, Downstream, and Related Entities (FDRs) to Medicare Advantage and Medicare prescription drug plans
    • Counsels wellness companies on a wide variety of complex regulatory and corporate issues, including HIPAA, the ACA, regulations on wellness programs issued under the ADA, Medicare and Medicaid compliance and other miscellaneous federal and state regulatory matters, such as cost transparency laws
    • Provides counsel on meaningful use, interoperability and care quality improvement initiatives