Cory J. Fox

Associate

Houston
T 713.646.1358  |  F 713.751.1717

Cory Fox focuses his practice on assisting clients in the healthcare industry, with an emphasis on issues related to privacy and data protection pursuant to the Health Insurance Portability and Accountability Act (HIPAA) and related state law. As a former research chemist, Cory leverages his prior experience working with academic medical centers, hospitals, pharmaceutical companies, and other healthcare organizations to efficiently assess a client's internal operations and provide the targeted advice and services necessary to address the wide variety of complex legal issues healthcare organizations face.

Cory is a regular contributor to the firm's Data Privacy Monitor and Health Law Update blogs.

Select Experience

  • Represented three large academic medical centers in data breach matters involving the theft of a laptop through all phases of breach response including crisis management, incident investigation, notification of affected individuals, and reporting to the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) and state regulators. Assisted with subsequent OCR investigations by responding to requests for information regarding the breach incidents as well as each entity's overall HIPAA compliance. The investigations closed with no disciplinary action taken.
  • Advised large hospital system during OCR investigation regarding the hospital's provision of auxiliary aids and services to the hearing impaired under Section 504 of the Rehabilitation Act and the Americans with Disabilities Act. Investigation closed with no disciplinary action taken.
  • Advised multiple compounding pharmacies and an industry trade organization regarding FDA regulatory issues under the Drug Quality and Security Act, including facility registration, cGMP compliance, and the submission of comments and information pursuant to FDA regulatory proposals and guidance. 
More »

Experience

  • Represented three large academic medical centers in data breach matters involving the theft of a laptop through all phases of breach response including crisis management, incident investigation, notification of affected individuals, and reporting to the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) and state regulators. Assisted with subsequent OCR investigations by responding to requests for information regarding the breach incidents as well as each entity's overall HIPAA compliance. The investigations closed with no disciplinary action taken.
  • Assisted two state chartered credit unions with data breach matters involving malware attacks by coordinating internal investigations regarding the incidents, preparing notification letters and regulatory filings in accordance with applicable state and federal laws, and providing legal support following breach notification.
  • Advised large hospital system during OCR investigation regarding the hospital's provision of auxiliary aids and services to the hearing impaired under Section 504 of the Rehabilitation Act and the Americans with Disabilities Act. Investigation closed with no disciplinary action taken.
  • Advised pain management clinic regarding drug diversion matter, including reporting of the incident to the Drug Enforcement Administration (DEA) and implementation of controlled substance recordkeeping policies and procedures. Assisted with subsequent DEA investigation and audit by responding to the DEA's requests for information regarding the diversion incident and the clinic's controlled substance records. No disciplinary action has been taken against the clinic.
  • Assisted two home health agencies with the development and implementation of comprehensive compliance programs addressing fraud and abuse prevention under the Stark Law and the Anti-Kickback statute, health information privacy under HIPAA and Texas law, and operational issues associated with regulations promulgated by the Texas Department of Aging and Disability Services.
  • Advises hospitals, academic medical centers, pharmacies, physicians, and business associates regarding development, implementation, and review of health information privacy policies and procedures pursuant to HIPAA and applicable state law. Assists these entities in periodically revising privacy policies and procedures in response to statutory and regulatory amendments and addresses operational questions related to privacy and safeguarding of patient information.
  • Advised multiple compounding pharmacies and an industry trade organization regarding FDA regulatory issues under the Drug Quality and SEcurity Act, including facility registration, cGMP compliance, and the submission of comments and information pursuant to FDA regulatory proposals and guidance.

Recognitions

  • Certified Information and Privacy Professional (CIPP/US)

Memberships

  • American Health Lawyers Association
  • International Association of Privacy Professionals
  • Food and Drug Law Institute
  • American Bar Association
  • State Bar of Texas
  • Houston Bar Association

Services

Industries

Prior Positions

  • U.S. Department of Health and Human Services Office of Counsel to the Inspector General: Summer Law Clerk (Summer 2011)
  • University of Texas Medical Branch: Law Clerk (2010 to 2012) 
  • MD Anderson Cancer Center Department of Pulmonary Medicine: Research Assistant (2009 to 2010)
  • BioAutomation: Research and Development Chemist (2007 to 2009)

Admissions

  • Texas, 2012

Education

  • J.D., University of Houston Law Center, 2012, National Order of Scribes; Chief Articles Editor, Houston Journal of Health Law & Policy; Moot Court
  • B.S., Biology and Chemistry, Texas Tech University, 2007, Beta Beta Beta Biological Honors Society

Blog

In The Blogs

Previous Next
Health Law Update
OIG Proposed Anti-Kickback Safe Harbors and CMP Regulations: The End of Frustration or Just the Beginning?
October 20, 2014
On October 3, 2014, the U.S. Department of Health and Human Services Office of Inspector General (OIG) published an unexpected, yet long-awaited, set of proposed rules that would add new anti-kickback law safe harbors, protect additional...
Read More ->
Health Law Update
Selby and Sessions Offer Advice for Building a Breach Response Team Before a Breach in an Article for CSO.com and CIO.com
October 15, 2014
Partners Judy Selby and Lynn Sessions co-authored an article entitled, “Building a Data Breach Response Team, Before You Have a Breach,” which was published by CSO.com and CIO.com on October 3, 2014. They advised companies to address the...
Read More ->
Health Law Update
Lee Simowitz Discusses Antitrust in the Healthcare Industry
October 15, 2014
BakerHostetler partner Lee Simowitz spoke as part of the panel, “Negotiating the antitrust minefield,” during Modern Healthcare’s Virtual Conference and Expo, “Building Tomorrow’s Delivery Model: Forging a Path to Value,” on October 15...
Read More ->
Data Privacy Monitor
Will Using “Apple Pay” Keep the Data Breach Away?
October 13, 2014
Recently Apple unveiled its latest iPhones and other new products. While the big screens on the new iPhones are making the splashy headlines, perhaps the most interesting reveal, from a data privacy perspective, is not a shiny gadget, but...
Read More ->
Health Law Update
Provider Competition Matters—Even for “Reference Pricing”
October 9, 2014
In a recent blog post, three Federal Trade Commission (FTC) economists splashed some cold water on advocates of “reference pricing” that seem to imply that such pricing “will increase competition between providers.”  In the FTC economists’...
Read More ->