Photo of Michael Sutton

Michael Sutton

Subscribe to Michael Sutton's Posts

Michael Sutton is an associate in the Corporate Practice Group in the firm's Dallas office.

Contact:Read more about Michael Sutton

In an era where cyber threats are escalating, healthcare has emerged as a critical battleground for security. Its significance has become increasingly crucial as the intersection of healthcare, cybersecurity, and technology permeates every aspect of our lives. In the fifteenth episode of Sheppard Mullin’s Health-e Law Podcast, Jonathan Meyer, former General Counsel of the Department of Homeland Security and current partner at Sheppard Mullin, offers a deep dive into the implications of cybersecurity threats on the healthcare industry as well as national security.Continue Reading Healthcare Security is Homeland Security: A Discussion with Jonathan Meyer

2024 marked a notable year in AI and healthcare, with AI being top of mind for all healthcare players, including providers, technology companies, developers and regulators. The adoption of AI into clinical settings became more common, as scribe and clinical-decision support products gained popularity and EMR vendors incorporated AI tools into their products. The federal government released guidance, established task forces and implemented the directives of the 2023 Executive Order on AI. Similarly, state regulation began to unfold with some states passing legislation around AI’s use in healthcare.Continue Reading Healthy AI: 2024 Year in Review

Cyberattacks on healthcare organizations are on the rise, with the number of affected individuals nearly tripling between 2022 and 2024, according to data compiled by the Department of Health and Human Services Office for Civil Rights (“OCR”).[1] OCR data also reveals a 239% and 278% increase in hacking incidents and ransomware attacks, respectively, between January 2018 and September 2023.Continue Reading New York Adopts Comprehensive Hospital Cybersecurity Requirements

The U.S. Department of Health and Human Services (“HHS”) issued a Notice of Proposed Rulemaking (the “Proposed Rule”) on December 27, 2024, to significantly amend HIPAA’s Security Rule, which sets forth the security standards for the protection of protected health information by covered entities and their business associates. The Proposed Rule’s issuance was expected, especially in light of the growing number of health data breaches and disclosures of large scale foreign cyberattacks.Continue Reading HHS’ Last-Minute Holiday Gift: Proposed Changes to the HIPAA Security Rule

Texas is joining a growing number of states in considering comprehensive laws regulating use of AI. In particular, the Texas Legislature is scheduled to consider the draft “Texas Responsible AI Governance Act” (the “Act”), which seeks to regulate development and deployment of artificial intelligence systems in Texas. Critically, as most states continue to grapple with the emergence of AI, the Act could serve as a model for other states and could prove tremendously impactful.Continue Reading Texas Considers Comprehensive AI Bill

As the shift toward value-based care continues to transform the healthcare industry, hospitals and health systems are increasingly utilizing incentive-based physician compensation structures. Incentive-based compensation often includes a combination of a base salary with a variable bonus component tied to performance metrics, with the metrics being chosen based on overarching organizational goals, such as improving quality of care and managing costs. With these aims in mind, hospitals and health systems often base bonus achievement on meeting certain objective metrics, such as patient satisfaction scores, productivity measures, adherence to clinical guidelines, cost-saving measures, or other quality indicators most applicable to the department or physician group involved.Continue Reading Navigating Gainsharing Pitfalls in Value-Based Models

California Governor Newsom signed Senate Bill 1120 into law, which is known as the Physicians Make Decisions Act. At a high level, the Act aims to safeguard patient access to treatments by mandating a certain level of health care provider oversight when payors use AI to assess the medical necessity of requested medical services, and by extension, coverage for such medical services.Continue Reading California Limits Health Plan Use of AI in Utilization Management

Ethical hackers are becoming crucial allies in the battle against healthcare data breaches and ransomware attacks. In the twelfth episode of Sheppard Mullin’s Health-e Law Podcast, Ilona Cohen, Chief Legal Officer and Chief Policy Officer of HackerOne, delved into the pressing issue of cybersecurity in the healthcare sector and the pivotal role that ethical hacking may play, with Sheppard Mullin’s Phil Kim, Sara Shanti, and Michael Sutton.Continue Reading Healthcare Needs More Hackers: A Discussion with Ilona Cohen

CMS recently published the First Annual Evaluation Report (the “Report”) highlighting its most significant observations in the first year following implementation of the Kidney Care Choices Model (the “KCC Model”). By way of background, the KCC Model is a payment model which creates certain incentives for providers that are intended to improve care management for Medicare patients with chronic kidney disease (“CKD”) (Stage 4 or 5) or end-stage renal disease (“ESRD”). The KCC Model is intended to, among other things, delay the dialysis progression and increase use of home dialysis, while also aiming to reduce the cost of care and improve quality of outcomes.Continue Reading CMS Releases First Annual Evaluation Report for Kidney Care Choices Model

With technology rapidly evolving and jurisdictions appearing blurred, it is increasingly important to be mindful of data flow and use. This is particularly true where patient data is being accessed by offshore subcontractors.Continue Reading Do You Catch Our Drift? Navigating the Waters of Offshoring and Patient Data