Sarah Cronan Spurlock
Sarah Cronan Spurlock is a member of the firm’s Health Care Service Group and is Co-Chair of the firm’s Privacy & Data Security Group. Sarah regularly advises clients on a wide range of health care and privacy matters, including fraud and abuse laws, physician and hospital contracting, information privacy and security laws, and data breach prevention and response. Her practice includes regulatory and transactional matters and health care litigation. Sarah is a Certified Information Privacy Professional (CIPP/US) and serves as the firm’s Chief Privacy Officer.
Is Telehealth Here to Stay?
Medical News, June 30, 2020
Privacy 2020 – California’s Seismic Shift
Discussion of the California Consumer Privacy Act (CCPA), Southern Law Network, April 16, 2020
Shifting Sands of U.S. Privacy Laws
International Association of Defense Counsel Webinar, December 11, 2019
Cybersecurity and Data Breach Response for Lawyers: Threats, Prevention Tips, and Mitigation Strategies for Lessening the Risks of a Cyberattack
Kentucky Bar Association Annual Convention, June 12, 2019
The Race to Privacy
Stites & Harbsion Thirsty Thursday Speaker Series, April 25, 2019
Cyber Security for Rural and Critical Access Hospitals: Tips for Improving Data Security and Mitigating the Impact of a Cyber Attack
Alliant Management Services Management Meeting, April 10, 2019
Introduction to Health Law
Panel member, Health Enterprise Network Healthcare Fellows, University of Louisville Louis D. Brandies School of Law, March 19, 2019
Pings That Go Bump in the Night: A Discussion of Health Care, Cybersecurity Threats, Prevention Tips and Mitigation Tactics
Residents in Business
Employment Contracting Seminar
Kentucky Supreme Court Declines to Recognize New Tort of "Negligent Credentialing"
Leadership in Action: Take the Lead in Solving the Opioid Epidemic
Cyber Threats & Ransomware
Digital Fortress
Residents in Business
Cybersecurity for business: Improving data security and mitigating the impact of a cyber-attack
Be Cyberwise: Protect & Position Your Business for Growth
The Interplay Between Social Media and Healthcare Privacy
Improving Data Security and Mitigating the Impact of a Cyber-Attack
Under Attack: Cyber Threats Against the Health Care Industry
Passwords, Revisited
Residents in Business
Stop. Think. Connect.
Law Firm Data Security: It's the End of the World As We Know It (And I Don't Feel Fine)
Don't Bet on Longshots - Practical Advice on Data Security for Financial Institutions
Identifying and Protecting Your Core Data
Data Breaching Now Its Own Industry
Data Breaches: Is Your Attitude about Data Security Putting You and Your Company at Risk?
Employee Attitudes Fuel Your Data Security Plan
Are you ready for a HIPAA Audit?
Technology Highlights for the Restructuring Professional: Privacy, Data Security & Electronic Discovery
co-presenter, International Women's Insolvency & Restructuring Confederation (IWIRC) Day at Keeneland, October 9, 2015
Data breaches: Is your attitude about data security putting you and your company at risk?
Data breaches: Is your attitude about data security putting you and your company at risk?
Prevention and Response: Is Your Business Prepared for a Data Security Breach?
Is your attitude about data security putting you and your company at risk?
Hot Topics in the Area of Health Law Privacy
Physician Employment Contracting Symposium
Turning up the heat on HIPAA compliance: What to expect from increase enforcement and Office for Civil Rights audits
HIPAA Update for Physician Office Managers
HIPAA and HITECH's Impact on Certified Public Accountants
Keeping up with technology demands: Delayed deadlines for Meaningful Use and ICD-10 reflect overburdened healthcare providers
HIPAA Audits and Investigations - What to expect when the Office for Civil Rights comes knocking
Make Way for Medicaid Managed Care: What to expect as Kentucky departs from traditional fee-for-service reimbursement in favor of managed care for Medicaid recipients across the Commonwealth
HITECH Challenges for Physicians: Keeping Up with Changes to Health Information Privacy and Security Rules in an Expanding Electronic Environment
HIPAA and Social Media Issues for Employers, Hot Topics and Critical Issues Pertinent to Employers and Health Care Providers
HITECH's Amendments to HIPAA: Recent Changes to Health Information Privacy and Security Rules and their Impact on State Regulatory Investigations
HIPAA Update for Employers
How will the HITECH Act affect your law firm?
EMTALA
Current Trend: Employment of Physicians by Hospitals
Grounding Cyberspeech: Public Schools' Authority to Discipline Students for Internet Activity
Chief Privacy Officer
Privacy & Data Security Practice Group, Co-Chair
Yew Dell Botanical Gardens, Board of Directors (2018-present)
Louisville Legal Aid Society, Volunteer (2009-16)
Sisters of Charity of Nazareth, Inc., Board of Directors (2011-16)
Focus Louisville, February 2016 Class
magna cum laude
University of Kentucky College of Law
-
Order of the Coif
-
Kentucky Law Journal, Notes Editor and Outstanding 2L Source and Cite Editor
-
Robert G. Schwemm Scholarship; Dorothy Salmon Memorial Scholarship
-
Marshall Writing Club, best appellant brief and best appellant oral argument
-
University of Kentucky Equine Law Society
-
Golden Key International Honour Society
Indiana University
-
Double minor, Philosophy & Psychology
Sarah joined Stites & Harbison in September of 2009 after participating in the firm's summer associate program in 2008. In the summer of 2007, she worked in the legal department at Brown-Forman Corporation in Louisville. Before law school, Sarah lived in New York City where she worked at Friedman, Wang & Bleiberg, P.C. as a paralegal, and Lehman Brothers, Inc. in human resources supporting the information technology division.
Sarah is an accomplished equestrian and enjoys riding American Saddlebred horses in her free time.
Best Lawyers in America®, Health Care Law (2019-20)
Business First of Louisville, 20 People to Know in Law (2018)
Business First of Louisville, Partners in Health Care People to Watch (2014)
Kentucky Health Law Institute
Time: 8:00 a.m. - 5:00 p.m.
WEBINAR (via Zoom)
Sarah Spurlock, Janet Craig and Dustyn Jones will be presenters at this WEBINAR presented by UK Law Continuing Legal Education on September 2-3, 2020.
Information You Need on the COVID-19 Coronavirus
Stites & Harbison has assembled a Coronavirus Response Team which consists of a cross-disciplinary task force of attorneys and critical staff members to ensure our firm remains “On the Job” for you. Updated 06/30/20
OSHA Revises COVID-19 Guidance
On May 26, 2020, OSHA rescinded its prior memo dated April 10, 2020, and provided updated “Enforcement Guidance for Recording cases of Coronavirus Disease 2019 (COVID-19)”.
OCR Eases HIPAA Burdens for Telehealth during COVID-19 National Emergency
In response to the unprecedented public health emergency presented by COVID-19, the Department of Health and Human Services, Office for Civil Rights (OCR), responsible for enforcing the HIPAA Privacy, Security, and Breach Notification Rules, issued a notification of enforcement discretion for telehealth remote communications effective immediately.
Best Lawyers in America Honors 75 Stites & Harbison attorneys for 2020
LOUISVILLE, Ky.—The Best Lawyers in America© 2020 has recognized 75 Stites & Harbison, PLLC attorneys as selected by their peers in 49 areas of practice. Forty-three of those attorneys selected have been honored for 10 consecutive years or more.
No-fault insurance in Kentucky
House Bill 151, “An Act Relating to Insurance Fraud,” was signed by the Kentucky Governor on March 26, 2019 and went into effect on June 27, 2019.
The Race to Privacy
Time: 4:30 p.m. - 6:00 p.m.
Stites & Harbison, 401 Commerce Street, Suite 800, Nashville, Tennessee 37219
IP attorneys Alex MacKay, Mari-Elise Paul and Sarah Spurlock will discuss the latest information on data privacy.
Groundhog Day? Supreme Court Strikes Down Class Arbitration Efforts...Again
In what finally may prove to be the effective death knell for most efforts to pursue class-wide arbitration, a closely-divided United States Supreme Court has now held that a party cannot be required to arbitrate claims on a class-wide basis unless the arbitration agreement clearly contemplates such a possibility.
Taking Stock of Your 2019 Cybersecurity Resolutions
Did you decide that 2019 will be the year you tackle those cybersecurity threats to your organization that keep you up at night? It’s February, and a good time to take stock of whether your organization is following through on its cybersecurity goals. Some estimate that 80% of resolutions fail by the second week of February.
Best Lawyers in America honors 72 Stites & Harbison attorneys for 2019
2018 Kentucky Health Law Institute
Griffin Gate Marriott Resort, 1800 Newtown Pike, Lexington, KY40511
Presented by UK Law Continuing Legal Education in partnership with the Kentucky Bar Association Health Law Section and Kentucky Academy of Hospital Attorneys
MCM Financial Institutions Summit 2018
Buffalo Trace Distillery, 113 Great Buffalo Trace, Frankfort, KY 40601
The 2018 MCM Financial Institutions Summit will feature discussions with regional and national experts on the topics of risk management, bill payment, information technology, cybersecurity, and alternatives with insurance management.
Telehealth reform: Coverage expansion, reimbursement criteria will improve access to care
Technology advancements have had a significant impact on the way healthcare is delivered, particularly to patients in rural areas and to those with restricted access to medical care.
Sarah Cronan Spurlock appointed to Board of Yew Dell Botanical Gardens
Kentucky Medical Association Employment Contracting Seminar
Louisville Marriott East, 1903 Embassy Square Boulevard, Louisville, KY 40299
This event is designed to educate physicians on employment contracts.
2017 Kentucky Medical Association (KMA) Annual Meeting
Kentucky Society of Certified Public Accountants Spring Business Conference
Stites & Harbison promotes five attorneys in 2017
Build a Better Machine
We have read countless articles on data security, but not one about having a good relationship with the people you entrust with your data security. There seems to be a misconception that data security is something not easily understood or practiced, and so should be left to the skills of a limited few who work in isolation to “fix” the problem.
OCR Launches Phase 2 HIPAA Audits via Email Destined for Your Spam Folder
Privacy & Data Security - April 23, 2015
Presentation by Liz Thompson, Ian Ramsey and Sarah Spurlock.
Data Breaches: Is Your Attitude about Data Security Putting You and Your Company at Risk?
Stites & Harbison attorneys Ian Ramsey and Sarah Spurlock earn Global Privacy & Data Protection
Are your employees putting your organization at risk for a cyber-attack?
Target Data Breach Opens Potential Recovery Path for Financial Institutions
HIPAA Wants You
Presentation to Stites & Harbison's Thirsty Thursday networking event on the effects of the new HIPAA rules to health care providers.
Final Rule Amending HIPAA Regulations
Stolen laptop leads to $1.5 million HIPAA settlement