Paulette M. Thomas

Counsel

Cincinnati
T +1.513.929.3483
F +1.513.929.0303

Overview

Paulette Thomas brings more than 25 years of healthcare legal experience, with major emphasis on compliance with the Health Insurance Portability and Accountability Act (HIPAA), privacy and security, and related laws. Paulette has an expansive understanding of healthcare operations, having worked with hospital systems for most of her entire career, including serving as in-house counsel with two healthcare systems and practicing as a registered nurse prior to becoming an attorney. With her in-depth knowledge of regulatory compliance and practical experience, Paulette is uniquely positioned to help a variety of clients, including hospitals, physician practices, pharmacies and homecare providers, navigate through complex issues. Paulette has represented a variety of healthcare providers in their responses to data breaches, as well as before the Office for Civil Rights and state regulatory investigations.

Paulette is a frequent speaker at national conferences on a host of topics, including HIPAA privacy and security compliance, data breach response and regulatory investigations.

Select Experience

Data Privacy and Security
  • Assists clients with data privacy and security compliance, including in the development and review of HIPAA Privacy and Security policies and procedures and compliance programs, confidentiality of information, access to confidential information, business associate relationships and oversight.
  • Assists clients with electronic health records (EHR) products, system implementation and data use to comply with state and federal privacy and security laws, and telehealth system privacy and security. For example, Paulette helped a client navigate the implementation of an EHR system and data sharing for accountable care organizations and clinically integrated networks, in which the client aimed to achieve interoperability between two different facilities in different states.
More »

Experience

Data Privacy and Security
  • Assists clients with data privacy and security compliance, including in the development and review of HIPAA Privacy and Security policies and procedures and compliance programs, confidentiality of information, access to confidential information, business associate relationships and oversight.
  • Assists clients with electronic health records (EHR) products, system implementation and data use to comply with state and federal privacy and security laws, and telehealth system privacy and security. For example, Paulette helped a client navigate the implementation of an EHR system and data sharing for accountable care organizations and clinically integrated networks, in which the client aimed to achieve interoperability between two different facilities in different states.
  • Advises group health plans and employers on HIPAA compliance and employee confidentiality.
  • Provides risk management strategies for clients, including preparation for handling privacy or security incidents, and development and implementation of incident response plans.
Other Healthcare
  • Represents physician clients with administrative actions, including responses to various state medical boards. Completes medical staff review and revision of bylaws. Handles peer review, corrective action, hearings and reports to national practitioner databank.
  • Assists pharmacy clients with regulatory compliance, on-line services, and implementation and management of 340B Drug Pricing Program.
  • Performs supply chain and clinical engineering contract review and negotiations.

Recognitions and Memberships

Recognitions

  • The Legal 500 United States (2016)
    • Recommended in Media, Technology and Telecoms: Cyber law
    • Recommended in Media, Technology and Telecoms: Data protection and privacy

Memberships

  • American Health Lawyers Association
  • Ohio State Bar Association
  • Cincinnati Bar Association

Community

  • Southwest Ohio Doberman Rescue

Industries

Prior Positions

  • Catholic Health Initiatives: Corporate Counsel (1999 to 2015)
  • Synergon Health System
    • In-House Legal Counsel (1991 to 1998)
    • Registered Nurse (1976 to 1990)

Admissions

  • Kentucky
  • Ohio
  • Illinois

Education

  • LL.M., Healthcare, Loyola Law School
  • J.D., University of Cincinnati College of Law
  • B.A., Business, College of Mount St. Joseph
  • Diploma in Nursing, Washington Hospital School of Nursing

Blog

In The Blogs

Previous Next
Data Privacy Monitor
Clearly Defined HIPAA and FERPA Policies May Help Covered Entities in Defending a Claim for Unemployment Compensation
By Paulette M. Thomas
February 19, 2019
Recently, in Dantry v. Unemployment Compensation Board of Review, No. 1665 C.D. 2017 (Pa. Cmwlth. 2019), the Commonwealth Court of Pennsylvania reversed the order of the Unemployment Compensation Board of Review (Board) which had affirmed...
Read More ->
Data Privacy Monitor
Provisioning Workforce Access to Electronic Protected Health Information: It May Be ‘Common Sense,’ but Is It Easy to Implement?
By Paulette M. Thomas
January 22, 2019
In December 2018, Pagosa Springs Medical Center settled potential Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule violations and entered into a corrective action plan with the Office for Civil Rights...
Read More ->
Health Law Update
Provisioning Workforce Access to Electronic Protected Health Information: It May Be ‘Common Sense,’ but Is It Easy to Implement?
By Paulette M. Thomas
January 22, 2019
In December 2018, Pagosa Springs Medical Center settled potential Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule violations and entered into a corrective action plan with the Office for Civil Rights...
Read More ->
Data Privacy Monitor
Physician Hospitalist Group Settles with OCR and Enters Into a Resolution Agreement for Failure to Have HIPAA Policies and Business Associate Agreement in Place
By Paulette M. Thomas
December 18, 2018
On Dec. 5, 2018, the Office for Civil Rights (OCR) of the U. S. Department of Health and Human Services (HHS) announced that Advanced Care Hospitalists PL (ACH) had entered into a $500,000 settlement and resolution agreement (RA) resulting...
Read More ->
Health Law Update
Physician Hospitalist Group Settles with OCR and Enters Into a Resolution Agreement for Failure to Have HIPAA Policies and Business Associate Agreement in Place
By Paulette M. Thomas
December 18, 2018
On Dec. 5, 2018, the Office for Civil Rights (OCR) of the U. S. Department of Health and Human Services (HHS) announced that Advanced Care Hospitalists PL (ACH) had entered into a $500,000 settlement and resolution agreement (RA) resulting...
Read More ->