Sarah Cronan Spurlock is a member of the firm’s Health Care Service Group and is Co-Chair of the firm’s Privacy & Data Security Group. Sarah regularly advises clients on a wide range of health care and privacy matters, including fraud and abuse laws, physician and hospital contracting, information privacy and security laws, and data breach prevention and response. Her practice includes regulatory and transactional matters and health care litigation. Sarah is a Certified Information Privacy Professional (CIPP/US) and serves as the firm’s Chief Privacy Officer.
Shifting Sands of U.S. Privacy Laws
International Association of Defense Counsel Webinar, December 11, 2019
Cyber Security for Rural and Critical Access Hospitals: Tips for Improving Data Security and Mitigating the Impact of a Cyber Attack
Alliant Management Services Management Meeting, April 10, 2019
Introduction to Health Law
Panel member, Health Enterprise Network Healthcare Fellows, University of Louisville Louis D. Brandies School of Law, March 19, 2019
Pings That Go Bump in the Night: A Discussion of Health Care, Cybersecurity Threats, Prevention Tips and Mitigation Tactics
Residents in Business
Employment Contracting Seminar
Leadership in Action: Take the Lead in Solving the Opioid Epidemic
Cyber Threats & Ransomware
Residents in Business
Cybersecurity for business: Improving data security and mitigating the impact of a cyber-attack
Be Cyberwise: Protect & Position Your Business for Growth
The Interplay Between Social Media and Healthcare Privacy
Improving Data Security and Mitigating the Impact of a Cyber-Attack
Under Attack: Cyber Threats Against the Health Care Industry
Residents in Business
Stop. Think. Connect.
Law Firm Data Security: It's the End of the World As We Know It (And I Don't Feel Fine)
Don't Bet on Longshots - Practical Advice on Data Security for Financial Institutions
Identifying and Protecting Your Core Data
Employee Attitudes Fuel Your Data Security Plan
Are you ready for a HIPAA Audit?
Technology Highlights for the Restructuring Professional: Privacy, Data Security & Electronic Discovery
co-presenter, International Women's Insolvency & Restructuring Confederation (IWIRC) Day at Keeneland, October 9, 2015
Prevention and Response: Is Your Business Prepared for a Data Security Breach?
Is your attitude about data security putting you and your company at risk?
Hot Topics in the Area of Health Law Privacy
Physician Employment Contracting Symposium
Turning up the heat on HIPAA compliance: What to expect from increase enforcement and Office for Civil Rights audits
HIPAA Update for Physician Office Managers
HIPAA and HITECH's Impact on Certified Public Accountants
Keeping up with technology demands: Delayed deadlines for Meaningful Use and ICD-10 reflect overburdened healthcare providers
HIPAA Audits and Investigations - What to expect when the Office for Civil Rights comes knocking
Make Way for Medicaid Managed Care: What to expect as Kentucky departs from traditional fee-for-service reimbursement in favor of managed care for Medicaid recipients across the Commonwealth
HITECH Challenges for Physicians: Keeping Up with Changes to Health Information Privacy and Security Rules in an Expanding Electronic Environment
HIPAA and Social Media Issues for Employers, Hot Topics and Critical Issues Pertinent to Employers and Health Care Providers
HITECH's Amendments to HIPAA: Recent Changes to Health Information Privacy and Security Rules and their Impact on State Regulatory Investigations
HIPAA Update for Employers
How will the HITECH Act affect your law firm?
Current Trend: Employment of Physicians by Hospitals
Grounding Cyberspeech: Public Schools' Authority to Discipline Students for Internet Activity
Chief Privacy Officer
Privacy & Data Security Practice Group, Co-Chair
Yew Dell Botanical Gardens, Board of Directors (2018-present)
Louisville Legal Aid Society, Volunteer (2009-16)
Sisters of Charity of Nazareth, Inc., Board of Directors (2011-16)
Focus Louisville, February 2016 Class
Sarah joined Stites & Harbison in September of 2009 after participating in the firm's summer associate program in 2008. In the summer of 2007, she worked in the legal department at Brown-Forman Corporation in Louisville. Before law school, Sarah lived in New York City where she worked at Friedman, Wang & Bleiberg, P.C. as a paralegal, and Lehman Brothers, Inc. in human resources supporting the information technology division.
Sarah is an accomplished equestrian and enjoys riding American Saddlebred horses in her free time.
Best Lawyers in America®, Health Care Law (2019-20)
Business First of Louisville, 20 People to Know in Law (2018)
Business First of Louisville, Partners in Health Care People to Watch (2014)
Stites & Harbison has assembled a Coronavirus Response Team which consists of a cross-disciplinary task force of attorneys and critical staff members to ensure our firm remains “On the Job” for you. Updated 04/07/20
In response to the unprecedented public health emergency presented by COVID-19, the Department of Health and Human Services, Office for Civil Rights (OCR), responsible for enforcing the HIPAA Privacy, Security, and Breach Notification Rules, issued a notification of enforcement discretion for telehealth remote communications effective immediately.
Time: 8:00 a.m. - 5:00 p.m.
University of Louisville ShelbyHurst Campus, Founders Union Building, 450 N. Whittington Parkway, Louisville, KY 40222
Joshua Barnette, Michael Denbow, Sarah Spurlock, Demetrius Holloway and Rebecca Weis will be presenters at this CLE presented by the Kentucky Bar Association on April 16, 2020
House Bill 151, “An Act Relating to Insurance Fraud,” was signed by the Kentucky Governor on March 26, 2019 and went into effect on June 27, 2019.
Time: 4:30 p.m. - 6:00 p.m.
Stites & Harbison, 401 Commerce Street, Suite 800, Nashville, Tennessee 37219
IP attorneys Alex MacKay, Mari-Elise Paul and Sarah Spurlock will discuss the latest information on data privacy.
In what finally may prove to be the effective death knell for most efforts to pursue class-wide arbitration, a closely-divided United States Supreme Court has now held that a party cannot be required to arbitrate claims on a class-wide basis unless the arbitration agreement clearly contemplates such a possibility.
Did you decide that 2019 will be the year you tackle those cybersecurity threats to your organization that keep you up at night? It’s February, and a good time to take stock of whether your organization is following through on its cybersecurity goals. Some estimate that 80% of resolutions fail by the second week of February.
Griffin Gate Marriott Resort, 1800 Newtown Pike, Lexington, KY40511
Presented by UK Law Continuing Legal Education in partnership with the Kentucky Bar Association Health Law Section and Kentucky Academy of Hospital Attorneys
Buffalo Trace Distillery, 113 Great Buffalo Trace, Frankfort, KY 40601
The 2018 MCM Financial Institutions Summit will feature discussions with regional and national experts on the topics of risk management, bill payment, information technology, cybersecurity, and alternatives with insurance management.
Technology advancements have had a significant impact on the way healthcare is delivered, particularly to patients in rural areas and to those with restricted access to medical care.
Louisville Marriott East, 1903 Embassy Square Boulevard, Louisville, KY 40299
This event is designed to educate physicians on employment contracts.
We have read countless articles on data security, but not one about having a good relationship with the people you entrust with your data security. There seems to be a misconception that data security is something not easily understood or practiced, and so should be left to the skills of a limited few who work in isolation to “fix” the problem.
Presentation by Liz Thompson, Ian Ramsey and Sarah Spurlock.
Presentation to Stites & Harbison's Thirsty Thursday networking event on the effects of the new HIPAA rules to health care providers.