Sarah Cronan Spurlock
Sarah Cronan Spurlock is a member of the firm’s Health Care Service Group and is Co-Chair of the firm’s Privacy & Data Security Group. Sarah regularly advises clients on a wide range of health care issues, including fraud and abuse laws, compliance guidance, physician self-referral, physician employment agreements, physician and hospital contracting, technology and general contracting, HIPAA privacy and security, and data breach prevention and response. Her practice includes regulatory and transactional matters and health care litigation. Sarah is a Certified Information Privacy Professional (CIPP/US) and serves as the firm’s Chief Privacy Officer.
Framework debate shows as Kentucky nears comprehensive privacy law
by Joseph Duball, International Association of Privacy Professionals (IAPP), The Privacy Advisor, March 12, 2024
US Chamber Urges 6th Circ. To Ax FirstEnergy Class Cert.
By Katryna Perera, Law360.com, February 20, 2024
Mitigating Hospital Cyber Risks - Ransomware’s Impact on Operations and Outcomes
Cybersecurity Crisis Management: Strategies for Health Care Professionals, Kentucky Hospital Association, January 23, 2024
Artificial Intelligence in Healthcare
Stites & Harbison Client Event, November 2, 2023
Cybersecurity: The Rising Cost of Cyber Threats
by Shannon Clinton, The Lane Report, September 25, 2023
Cybersecurity: The Rising Cost of Cyber Threats
by Shannon Clinton, NationalCyberSecurity.com, September 2023
Mitigating Hospital Cyber Risks - Ransomware’s Impact on Operations and Outcomes
Kentucky Hospital Association 94th Annual Convention, Lexington, KY, May 15-17, 2023
Ransomware Threats: Prevention Tips and Response Strategies
panelist, American Bar Association, Infrastructure and Regulated Industries Section Webinar, February 28, 2023
Incident Preparedness: Developing a Program to Respond to Security Incidents
Speaker, Data Security and Privacy Symposium, Atlanta, February 8, 2023
Patient Inducement Prohibitions: Anti-Kickback and Civil Monetary Penalty Considerations
Kentucky Primary Care Association Annual Conference, October 11, 2022
Under Attack: Ransomware Threats, Prevention Tips, and Response Strategy for Health Care Providers
Revenue Cycle and Compliance Summit, First Healthcare Compliance, June 23, 2022
Help! They've Hijacked Our Network and They Want Money - Now What? Strategies for Managing the Cyber-Attack
Moderator, IADC 2021 Annual Meeting, August 15-19, 2021
Liberating Patient Data – Is Your Hospital Ready for the Information Blocking Rule?
Webinar, Kentucky Hospital Association, January 26, 2021
Not Your Grandma’s Quilt: Exploring the Current ‘Patchwork’ and Recent Trends in U.S. Data Privacy and Security Laws
Kentucky Bar Association Corporate House Counsel Webinar, November 18, 2020
Medical Liability Considerations for Physicians
Kentucky Medical Association Virtual Town Hall, September 24, 2020
Eliminating Kickbacks in Recovery Act
Kentucky Health Law Institute, UK CLE, September 2, 2020
The Future of Medicine for the Emerging Physician post COVID-19
Kentucky Medical Association Virtual Annual Meeting, August 22, 2020
Is Telehealth Here to Stay?
Medical News, June 30, 2020
Privacy 2020 – California’s Seismic Shift
Discussion of the California Consumer Privacy Act (CCPA), Southern Law Network, April 16, 2020
Shifting Sands of U.S. Privacy Laws
International Association of Defense Counsel Webinar, December 11, 2019
Cybersecurity and Data Breach Response for Lawyers: Threats, Prevention Tips, and Mitigation Strategies for Lessening the Risks of a Cyberattack
Kentucky Bar Association Annual Convention, June 12, 2019
The Race to Privacy
Stites & Harbsion Thirsty Thursday Speaker Series, April 25, 2019
Cyber Security for Rural and Critical Access Hospitals: Tips for Improving Data Security and Mitigating the Impact of a Cyber Attack
Alliant Management Services Management Meeting, April 10, 2019
Introduction to Health Law
Panel member, Health Enterprise Network Healthcare Fellows, University of Louisville Louis D. Brandies School of Law, March 19, 2019
Pings That Go Bump in the Night: A Discussion of Health Care, Cybersecurity Threats, Prevention Tips and Mitigation Tactics
Residents in Business
Employment Contracting Seminar
Kentucky Supreme Court Declines to Recognize New Tort of "Negligent Credentialing"
Leadership in Action: Take the Lead in Solving the Opioid Epidemic
Cyber Threats & Ransomware
Digital Fortress
Residents in Business
Cybersecurity for business: Improving data security and mitigating the impact of a cyber-attack
Be Cyberwise: Protect & Position Your Business for Growth
The Interplay Between Social Media and Healthcare Privacy
Improving Data Security and Mitigating the Impact of a Cyber-Attack
Under Attack: Cyber Threats Against the Health Care Industry
Passwords, Revisited
Residents in Business
Stop. Think. Connect.
Law Firm Data Security: It's the End of the World As We Know It (And I Don't Feel Fine)
Don't Bet on Longshots - Practical Advice on Data Security for Financial Institutions
Identifying and Protecting Your Core Data
Data Breaching Now Its Own Industry
Data Breaches: Is Your Attitude about Data Security Putting You and Your Company at Risk?
Employee Attitudes Fuel Your Data Security Plan
Are you ready for a HIPAA Audit?
Technology Highlights for the Restructuring Professional: Privacy, Data Security & Electronic Discovery
co-presenter, International Women's Insolvency & Restructuring Confederation (IWIRC) Day at Keeneland, October 9, 2015
Data breaches: Is your attitude about data security putting you and your company at risk?
Data breaches: Is your attitude about data security putting you and your company at risk?
Prevention and Response: Is Your Business Prepared for a Data Security Breach?
Is your attitude about data security putting you and your company at risk?
Hot Topics in the Area of Health Law Privacy
Physician Employment Contracting Symposium
Turning up the heat on HIPAA compliance: What to expect from increase enforcement and Office for Civil Rights audits
HIPAA Update for Physician Office Managers
HIPAA and HITECH's Impact on Certified Public Accountants
Keeping up with technology demands: Delayed deadlines for Meaningful Use and ICD-10 reflect overburdened healthcare providers
HIPAA Audits and Investigations - What to expect when the Office for Civil Rights comes knocking
Make Way for Medicaid Managed Care: What to expect as Kentucky departs from traditional fee-for-service reimbursement in favor of managed care for Medicaid recipients across the Commonwealth
HITECH Challenges for Physicians: Keeping Up with Changes to Health Information Privacy and Security Rules in an Expanding Electronic Environment
HIPAA and Social Media Issues for Employers, Hot Topics and Critical Issues Pertinent to Employers and Health Care Providers
HITECH's Amendments to HIPAA: Recent Changes to Health Information Privacy and Security Rules and their Impact on State Regulatory Investigations
HIPAA Update for Employers
How will the HITECH Act affect your law firm?
EMTALA
Current Trend: Employment of Physicians by Hospitals
Grounding Cyberspeech: Public Schools' Authority to Discipline Students for Internet Activity
Successfully obtained summary judgment for a healthcare provider in Jefferson Circuit Court in a putative class action asserting claims for negligence, negligence per se, and invasion of privacy stemming from an alleged data breach disclosing patient information. Judgment was obtained prior to any class being certified.
Chief Privacy Officer
Privacy & Data Security Practice Group, Co-Chair
Office of General Counsel, as Chief Privacy Officer
Yew Dell Botanical Gardens, Board of Directors (2018-present)
Louisville Legal Aid Society, Volunteer (2009-16)
Sisters of Charity of Nazareth, Inc., Board of Directors (2011-16)
Focus Louisville, February 2016 Class
magna cum laude
University of Kentucky College of Law
-
Order of the Coif
-
Kentucky Law Journal, Notes Editor and Outstanding 2L Source and Cite Editor
-
Robert G. Schwemm Scholarship; Dorothy Salmon Memorial Scholarship
-
Marshall Writing Club, best appellant brief and best appellant oral argument
-
University of Kentucky Equine Law Society
-
Golden Key International Honour Society
Indiana University
-
Double minor, Philosophy & Psychology
Sarah joined Stites & Harbison in September of 2009 after participating in the firm's summer associate program in 2008. In the summer of 2007, she worked in the legal department at Brown-Forman Corporation in Louisville. Before law school, Sarah lived in New York City where she worked at Friedman, Wang & Bleiberg, P.C. as a paralegal, and Lehman Brothers, Inc. in human resources supporting the information technology division.
Sarah is an accomplished equestrian and enjoys riding American Saddlebred horses in her free time.
Best Lawyers in America®, Health Care Law (2019-24)
Business First of Louisville, 20 People to Know in Law (2018)
Business First of Louisville, Partners in Health Care People to Watch (2014)
Stites & Harbison, PLLC Lawyers Named to 2024 Best Lawyers® Publications
LOUISVILLE, Ky.—Stites & Harbison, PLLC is pleased to announce that 101 of its lawyers are included in the 2024 edition of The Best Lawyers in America®.
Health Care Providers and Business Associates Beware: Use of Online Tracking Technology May Violate HIPAA
Entities regulated by the Health Insurance Portability and Accountability Act (HIPAA) may be surprised to learn that use of certain online tracking technology may result in inadvertently sharing information protected under HIPAA with unauthorized third parties. On December 1, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services issued guidance with far-reaching implications for HIPAA regulated entities highlighting their HIPAA compliance obligations when using third-party online tracking technologies designed to collect and analyze information pertaining to a user’s interaction with the regulated entity’s webpages and mobile apps.
Kentucky Hospital Association 94th Annual Convention
Central Bank Center, 430 W Vine Street, Lexington, Kentucky 40507
Stites & Harbison attorneys Sarah Spurlock, Ameena Khan and Shea Luna will be speakers at this year's Kentucky Hospital Association Convention in Lexington, Ky.
Kentucky Lawmakers Considering Comprehensive Data Privacy Legislation
Kentucky may soon join the growing number of states that have enacted data privacy legislation. On January 3, 2023, Senator Whitney Westerfield and Senator John Schickel introduced Senate Bill 15, which, if passed, will create new sections of KRS Chapter 367 to establish consumer protection rights for Kentucky residents relating to personal data.
Ransomware Threats: Prevention Tips and Response Strategies
Time: 1:00 p.m. - 2:30 p.m.
Webinar
Stites & Harbison attorneys, Mari-Elise Paul and Sarah Cronan Spurlock, will participate in this upcoming ABA program focused on cybersecurity law and cyber incident response preparedness.
Data Security and Privacy Symposium
Time: 8:15 a.m. - 3:00 p.m.
State Bar of Georgia Conference Center, 104 Marietta Street NW, Atlanta, GA 30303
Shannon Sprinkle and Sarah Spurlock will be speakers at this Atlanta Bar Association seminar being held February 8th.
Call to Action for Critical Infrastructure Businesses - New Federal Cyber Breach Reporting: Obligations and Ransomware Prevention Strategies
Kentucky Bar Association Bench & Bar article by Louisville office attorney Sarah Spurlock discussing cyber defenses and security breach reporting.
Stites & Harbison, PLLC Lawyers Named to 2023 Best Lawyers® Publications
LOUISVILLE, Ky.—Stites & Harbison, PLLC is pleased to announce that 98 of its lawyers are included in the 2023 Edition of The Best Lawyers in America©. Additionally, 11 Stites & Harbison attorneys are named as “Lawyer of the Year” and 19 attorneys are recognized in “Best Lawyers: Ones to Watch,” which recognizes attorneys early in their careers for outstanding professional excellence in private practice in the United States.