• vcard
D 314.889.7013
F 314.667.3698
  • Education
    • J.D., Saint Louis University, 2008, Journal of Health Law, Executive Articles Editor; Health Care Finance & Business Planning Academic Excellence Award
    • M.P.H., Saint Louis University, 2008, Health Policy; The Alumni Association Academic Achievement Award
    • B.S., University of Notre Dame, 2004

In a regulatory environment where even the most minor details matter, Rebecca Frigy Romine thrives on helping clients find practical and creative solutions and action plans.

Her practice focuses on many facets of the general health care business with a specific emphasis on the privacy and security of health information and issues related to health information technology and the digital health environment.

Rebecca has significant experience in the following areas and remains abreast of the ever changing regulatory environment: 

  • Addressing compliance issues and developing policies and procedures under HIPAA, the HITECH Act, state privacy laws, and 42 CFR Part 2 (alcohol and drug abuse treatment records).
  • Assisting clients navigate issues related to electronic health records, including advising on the 21st Century Cures Act information blocking regulations, promoting interoperability requirements, and issues specific to health information exchanges.

Rebecca regularly assists our M&A and transactions teams with privacy and security diligence, transactional documentation and considerations, transition services agreements, and post-closing compliance strategy and tasks. Her experience is deep across the spectrum of types of health care providers, which includes hospitals. These efforts include:

  • Coordinating with representations and warranties insurers and lenders to evaluate risk related to privacy and security compliance issues. 
  • Negotiating special indemnification provisions in purchase agreements related to HIPAA-related compliance issues.  
  • Assisting clients with negotiating and operationalizing post-closing transitional services agreements, which in several instances have involved integrated electronic health record issues.
  • Assisting clients with implementing HIPAA compliance programs post-closing.
  • Interpretation of state patient privacy and consent laws and related HIPAA preemption analysis for a broad range of purposes, including health information exchange consent structure, patient portals, and behavioral health integration efforts.
  • Assisted multiple clients in responding to OCR investigations and data requests, and negotiated two Resolution Agreements and Corrective Action Plans with OCR.
  • Prepares and drafts HIPAA policies and procedures and compliance documents for covered entities and business associates of various sizes.
  • Assisted multiple clients in potential HIPAA breach investigations and required notifications.
  • Assisted multiple mobile and virtual health providers in navigating privacy, security, telehealth, and consumer protection requirements.
  • Assisted a health system client in governance, policy, and document review needs for the creation of a health information exchange partnership with another health system.
Related News

Past Events