Sarah Cronan Spurlock
Sarah Cronan Spurlock is a member of the firm’s Health Care Service Group and is Co-Chair of the firm’s Privacy & Data Security Group. Sarah regularly advises clients on a wide range of health care and privacy matters, including fraud and abuse laws, physician and hospital contracting, information privacy and security laws, and data breach prevention and response. Her practice includes regulatory and transactional matters and health care litigation. Sarah is a Certified Information Privacy Professional (CIPP/US) and serves as the firm’s Chief Privacy Officer.
Liberating Patient Data – Is Your Hospital Ready for the Information Blocking Rule?
Webinar, Kentucky Hospital Association, January 26, 2021
Not Your Grandma’s Quilt: Exploring the Current ‘Patchwork’ and Recent Trends in U.S. Data Privacy and Security Laws
Kentucky Bar Association Corporate House Counsel Webinar, November 18, 2020
Medical Liability Considerations for Physicians
Kentucky Medical Association Virtual Town Hall, September 24, 2020
Eliminating Kickbacks in Recovery Act
Kentucky Health Law Institute, UK CLE, September 2, 2020
The Future of Medicine for the Emerging Physician post COVID-19
Kentucky Medical Association Virtual Annual Meeting, August 22, 2020
Is Telehealth Here to Stay?
Medical News, June 30, 2020
Privacy 2020 – California’s Seismic Shift
Discussion of the California Consumer Privacy Act (CCPA), Southern Law Network, April 16, 2020
Shifting Sands of U.S. Privacy Laws
International Association of Defense Counsel Webinar, December 11, 2019
Cybersecurity and Data Breach Response for Lawyers: Threats, Prevention Tips, and Mitigation Strategies for Lessening the Risks of a Cyberattack
Kentucky Bar Association Annual Convention, June 12, 2019
The Race to Privacy
Stites & Harbsion Thirsty Thursday Speaker Series, April 25, 2019
Cyber Security for Rural and Critical Access Hospitals: Tips for Improving Data Security and Mitigating the Impact of a Cyber Attack
Alliant Management Services Management Meeting, April 10, 2019
Introduction to Health Law
Panel member, Health Enterprise Network Healthcare Fellows, University of Louisville Louis D. Brandies School of Law, March 19, 2019
Pings That Go Bump in the Night: A Discussion of Health Care, Cybersecurity Threats, Prevention Tips and Mitigation Tactics
Residents in Business
Employment Contracting Seminar
Kentucky Supreme Court Declines to Recognize New Tort of "Negligent Credentialing"
Leadership in Action: Take the Lead in Solving the Opioid Epidemic
Cyber Threats & Ransomware
Digital Fortress
Residents in Business
Cybersecurity for business: Improving data security and mitigating the impact of a cyber-attack
Be Cyberwise: Protect & Position Your Business for Growth
The Interplay Between Social Media and Healthcare Privacy
Improving Data Security and Mitigating the Impact of a Cyber-Attack
Under Attack: Cyber Threats Against the Health Care Industry
Passwords, Revisited
Residents in Business
Stop. Think. Connect.
Law Firm Data Security: It's the End of the World As We Know It (And I Don't Feel Fine)
Don't Bet on Longshots - Practical Advice on Data Security for Financial Institutions
Identifying and Protecting Your Core Data
Data Breaching Now Its Own Industry
Data Breaches: Is Your Attitude about Data Security Putting You and Your Company at Risk?
Employee Attitudes Fuel Your Data Security Plan
Are you ready for a HIPAA Audit?
Technology Highlights for the Restructuring Professional: Privacy, Data Security & Electronic Discovery
co-presenter, International Women's Insolvency & Restructuring Confederation (IWIRC) Day at Keeneland, October 9, 2015
Data breaches: Is your attitude about data security putting you and your company at risk?
Data breaches: Is your attitude about data security putting you and your company at risk?
Prevention and Response: Is Your Business Prepared for a Data Security Breach?
Is your attitude about data security putting you and your company at risk?
Hot Topics in the Area of Health Law Privacy
Physician Employment Contracting Symposium
Turning up the heat on HIPAA compliance: What to expect from increase enforcement and Office for Civil Rights audits
HIPAA Update for Physician Office Managers
HIPAA and HITECH's Impact on Certified Public Accountants
Keeping up with technology demands: Delayed deadlines for Meaningful Use and ICD-10 reflect overburdened healthcare providers
HIPAA Audits and Investigations - What to expect when the Office for Civil Rights comes knocking
Make Way for Medicaid Managed Care: What to expect as Kentucky departs from traditional fee-for-service reimbursement in favor of managed care for Medicaid recipients across the Commonwealth
HITECH Challenges for Physicians: Keeping Up with Changes to Health Information Privacy and Security Rules in an Expanding Electronic Environment
HIPAA and Social Media Issues for Employers, Hot Topics and Critical Issues Pertinent to Employers and Health Care Providers
HITECH's Amendments to HIPAA: Recent Changes to Health Information Privacy and Security Rules and their Impact on State Regulatory Investigations
HIPAA Update for Employers
How will the HITECH Act affect your law firm?
EMTALA
Current Trend: Employment of Physicians by Hospitals
Grounding Cyberspeech: Public Schools' Authority to Discipline Students for Internet Activity
Successfully obtained summary judgment for a healthcare provider in Jefferson Circuit Court in a putative class action asserting claims for negligence, negligence per se, and invasion of privacy stemming from an alleged data breach disclosing patient information. Judgment was obtained prior to any class being certified.
Chief Privacy Officer
Privacy & Data Security Practice Group, Co-Chair
Yew Dell Botanical Gardens, Board of Directors (2018-present)
Louisville Legal Aid Society, Volunteer (2009-16)
Sisters of Charity of Nazareth, Inc., Board of Directors (2011-16)
Focus Louisville, February 2016 Class
magna cum laude
University of Kentucky College of Law
-
Order of the Coif
-
Kentucky Law Journal, Notes Editor and Outstanding 2L Source and Cite Editor
-
Robert G. Schwemm Scholarship; Dorothy Salmon Memorial Scholarship
-
Marshall Writing Club, best appellant brief and best appellant oral argument
-
University of Kentucky Equine Law Society
-
Golden Key International Honour Society
Indiana University
-
Double minor, Philosophy & Psychology
Sarah joined Stites & Harbison in September of 2009 after participating in the firm's summer associate program in 2008. In the summer of 2007, she worked in the legal department at Brown-Forman Corporation in Louisville. Before law school, Sarah lived in New York City where she worked at Friedman, Wang & Bleiberg, P.C. as a paralegal, and Lehman Brothers, Inc. in human resources supporting the information technology division.
Sarah is an accomplished equestrian and enjoys riding American Saddlebred horses in her free time.
Best Lawyers in America®, Health Care Law (2019-21)
Business First of Louisville, 20 People to Know in Law (2018)
Business First of Louisville, Partners in Health Care People to Watch (2014)

