Member

Sarah Cronan Spurlock

sspurlock@stites.com

Sarah Cronan Spurlock is a member of the firm’s Health Care Service Group and is Co-Chair of the firm’s Privacy & Data Security Group. Sarah regularly advises clients on a wide range of health care issues, including fraud and abuse laws, compliance guidance, physician self-referral, physician employment agreements, physician and hospital contracting, technology and general contracting, HIPAA privacy and security, and data breach prevention and response. Her practice includes regulatory and transactional matters and health care litigation. Sarah is a Certified Information Privacy Professional (CIPP/US) and serves as the firm’s Chief Privacy Officer.

Recent News, Articles & Speaking Engagements

Medical Cannabis Seminar

panel member, Kentucky Academy of Healthcare Attorneys Webinar, November 13, 2024

Tips for Defending Against Data Breach Litigation in the US and Abroad

co-speaker, International Association of Defense Counsel (IADC) 2024 Annual Meeting, July 6-11, 2024

The Cost of Third-Party Data Breaches: How to Avoid a Financial Disaster

co-speaker, The Knowledge Group Webinar, June 14, 2024

AI in Health Care: Navigating Growth, Risks and Implementation

Kentucky Hospital Association Annual Convention, May 20-22, 2024

Framework debate shows as Kentucky nears comprehensive privacy law

by Joseph Duball, International Association of Privacy Professionals (IAPP), The Privacy Advisor, March 12, 2024

Recent Assignments
Bar Admissions
Kentucky
Firm Leadership

Chief Privacy Officer

Privacy & Data Security Practice Group, Co-Chair

Office of General Counsel, as Chief Privacy Officer

Memberships
American Bar Association, Health Law Section
Kentucky Bar Association
Louisville Bar Association, Health Law Section, Chair (2011)
American Health Lawyers Association
International Association of Privacy Professionals
International Association of Defense Counsel, Cyber Security, Data Privacy and Technology Committee, Past Chair
Community Involvement

Yew Dell Botanical Gardens, Board of Directors (2018-present)

Louisville Legal Aid Society, Volunteer (2009-16)

Sisters of Charity of Nazareth, Inc., Board of Directors (2011-16)

Focus Louisville, February 2016 Class

Education
More Than Stites & Harbison

Sarah joined Stites & Harbison in September of 2009 after participating in the firm's summer associate program in 2008. In the summer of 2007, she worked in the legal department at Brown-Forman Corporation in Louisville. Before law school, Sarah lived in New York City where she worked at Friedman, Wang & Bleiberg, P.C. as a paralegal, and Lehman Brothers, Inc. in human resources supporting the information technology division.

Sarah is an accomplished equestrian and enjoys riding American Saddlebred horses in her free time.

Accolades

Best Lawyers in America®, Health Care Law (2019-25)

Business First of Louisville, 20 People to Know in Law (2018)

Business First of Louisville, Partners in Health Care People to Watch (2014)

Spurlock Best Lawyers 2025
Cipp Seal Hires Small
Iadc Member Logo Color Sm
See more related to Sarah Cronan Spurlock
Cannabis Container Web
Events

Kentucky Academy of Healthcare Attorneys Webinar: Medical Cannabis Seminar

Date: 11/13/24
Time: 9:00 a.m. - 12:00 p.m.

WEBINAR

Stites & Harbison attorneys Bailey Browning, Kelly White Bryant, Jennifer Cave, Jackson Hurst-Sanders, Robin McGuffin and Sarah Cronan Spurlock will be speakers at the Kentucky Academy of Healthcare Attorneys webinar, Medical Cannabis Seminar being held November 13, 2024.

Bailey M. Browning , K. Kelly White Bryant , Jennifer J. Cave , Jackson B. Hurst-Sanders , Robin E. McGuffin , and Sarah Cronan Spurlock November 05, 2024
Awards ariel besagar 497034 unsplash
Press Releases

Stites & Harbison, PLLC Lawyers Named to 2025 Best Lawyers® Publications

Stites & Harbison, PLLC is pleased to announce that 97 of its lawyers are included in the 2025 edition of The Best Lawyers in America®. Since it was first published in 1983, Best Lawyers® has become universally regarded as the definitive guide to legal excellence according to the publication. Additionally, 12 Stites & Harbison attorneys are named as “Lawyer of the Year” and 30 attorneys are recognized in Best Lawyers: Ones to Watch® in America, which recognizes attorneys early in their careers for outstanding professional excellence in private practice in the United States.

by Stites & Harbison, PLLC August 16, 2024
Spurlock Sarah Bio
Events

International Association of Defense Counsel (IADC) 2024 Annual Meeting

Date: 7/6/24 - 7/11/24

Fairmont Hotel Vancouver, 900 West Georgia Street, Vancouver, Canada

Privacy and Data Security attorney Sarah Cronan Spurlock will be a speaker at the 2024 Annual Meeting of the IADC July 6-11.

Sarah Cronan Spurlock May 29, 2024
Cybersecurity computer website
Events

The Cost of Third- Party Data Breaches: How to Avoid a Financial Disaster

Date: 6/14/24
Time: 12:00 p.m. - 1:30 p.m.

Webinar

Chad McTighe and Sarah Spurlock will be the speakers for The Knowledge Group's Webinar on June 14, 2024 discussing the costs associated with unforeseen security risks.

Chadwick A. McTighe and Sarah Cronan Spurlock May 28, 2024
Presentation Mikael Kristenson 242070 Unsplash
Events

Kentucky Hospital Association Annual Convention

Date: 5/20/24 - 5/22/24

Central Bank Center, 430 West Vine Street, Lexington, Kentucky 40507

Health care attorneys Shea Luna and Sarah Spurlock will be presenters at the Kentucky Hospital Association's Annual Convention in Lexington, KY being held May 20-22, 2024.

Stacy Shea Luna (Shea) and Sarah Cronan Spurlock April 22, 2024
Best Lawyers Firm WEB
Press Releases

Stites & Harbison, PLLC Lawyers Named to 2024 Best Lawyers® Publications

LOUISVILLE, Ky.—Stites & Harbison, PLLC is pleased to announce that 101 of its lawyers are included in the 2024 edition of The Best Lawyers in America®.

by Stites & Harbison, PLLC August 24, 2023
Cybersecurity computer website
Client Alerts

Health Care Providers and Business Associates Beware: Use of Online Tracking Technology May Violate HIPAA

Entities regulated by the Health Insurance Portability and Accountability Act (HIPAA) may be surprised to learn that use of certain online tracking technology may result in inadvertently sharing information protected under HIPAA with unauthorized third parties. On December 1, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services issued guidance with far-reaching implications for HIPAA regulated entities highlighting their HIPAA compliance obligations when using third-party online tracking technologies designed to collect and analyze information pertaining to a user’s interaction with the regulated entity’s webpages and mobile apps.

by Stacy Shea Luna (Shea) and Sarah Cronan Spurlock April 28, 2023
Medical Syringes ibrahim boran unsplash
Events

Kentucky Hospital Association 94th Annual Convention

Date: 5/15/23 - 5/17/23

Central Bank Center, 430 W Vine Street, Lexington, Kentucky 40507

Stites & Harbison attorneys Sarah Spurlock, Ameena Khan and Shea Luna will be speakers at this year's Kentucky Hospital Association Convention in Lexington, Ky.

Sarah Cronan Spurlock and Stacy Shea Luna (Shea) April 05, 2023