Sarah Cronan Spurlock
Sarah Cronan Spurlock is a member of the firm’s Health Care Service Group and is Co-Chair of the firm’s Privacy & Data Security Group. Sarah regularly advises clients on a wide range of health care and privacy matters, including fraud and abuse laws, physician and hospital contracting, information privacy and security laws, and data breach prevention and response. Her practice includes regulatory and transactional matters and health care litigation. Sarah is a Certified Information Privacy Professional (CIPP/US) and serves as the firm’s Chief Privacy Officer.
Help! They've Hijacked Our Network and They Want Money - Now What? Strategies for Managing the Cyber-Attack
Moderator, IADC 2021 Annual Meeting, August 15-19, 2021
Liberating Patient Data – Is Your Hospital Ready for the Information Blocking Rule?
Webinar, Kentucky Hospital Association, January 26, 2021
Not Your Grandma’s Quilt: Exploring the Current ‘Patchwork’ and Recent Trends in U.S. Data Privacy and Security Laws
Kentucky Bar Association Corporate House Counsel Webinar, November 18, 2020
Medical Liability Considerations for Physicians
Kentucky Medical Association Virtual Town Hall, September 24, 2020
Eliminating Kickbacks in Recovery Act
Kentucky Health Law Institute, UK CLE, September 2, 2020
The Future of Medicine for the Emerging Physician post COVID-19
Kentucky Medical Association Virtual Annual Meeting, August 22, 2020
Is Telehealth Here to Stay?
Medical News, June 30, 2020
Privacy 2020 – California’s Seismic Shift
Discussion of the California Consumer Privacy Act (CCPA), Southern Law Network, April 16, 2020
Shifting Sands of U.S. Privacy Laws
International Association of Defense Counsel Webinar, December 11, 2019
Cybersecurity and Data Breach Response for Lawyers: Threats, Prevention Tips, and Mitigation Strategies for Lessening the Risks of a Cyberattack
Kentucky Bar Association Annual Convention, June 12, 2019
The Race to Privacy
Stites & Harbsion Thirsty Thursday Speaker Series, April 25, 2019
Cyber Security for Rural and Critical Access Hospitals: Tips for Improving Data Security and Mitigating the Impact of a Cyber Attack
Alliant Management Services Management Meeting, April 10, 2019
Introduction to Health Law
Panel member, Health Enterprise Network Healthcare Fellows, University of Louisville Louis D. Brandies School of Law, March 19, 2019
Pings That Go Bump in the Night: A Discussion of Health Care, Cybersecurity Threats, Prevention Tips and Mitigation Tactics
Residents in Business
Employment Contracting Seminar
Kentucky Supreme Court Declines to Recognize New Tort of "Negligent Credentialing"
Leadership in Action: Take the Lead in Solving the Opioid Epidemic
Cyber Threats & Ransomware
Digital Fortress
Residents in Business
Cybersecurity for business: Improving data security and mitigating the impact of a cyber-attack
Be Cyberwise: Protect & Position Your Business for Growth
The Interplay Between Social Media and Healthcare Privacy
Improving Data Security and Mitigating the Impact of a Cyber-Attack
Under Attack: Cyber Threats Against the Health Care Industry
Passwords, Revisited
Residents in Business
Stop. Think. Connect.
Law Firm Data Security: It's the End of the World As We Know It (And I Don't Feel Fine)
Don't Bet on Longshots - Practical Advice on Data Security for Financial Institutions
Identifying and Protecting Your Core Data
Data Breaching Now Its Own Industry
Data Breaches: Is Your Attitude about Data Security Putting You and Your Company at Risk?
Employee Attitudes Fuel Your Data Security Plan
Are you ready for a HIPAA Audit?
Technology Highlights for the Restructuring Professional: Privacy, Data Security & Electronic Discovery
co-presenter, International Women's Insolvency & Restructuring Confederation (IWIRC) Day at Keeneland, October 9, 2015
Data breaches: Is your attitude about data security putting you and your company at risk?
Data breaches: Is your attitude about data security putting you and your company at risk?
Prevention and Response: Is Your Business Prepared for a Data Security Breach?
Is your attitude about data security putting you and your company at risk?
Hot Topics in the Area of Health Law Privacy
Physician Employment Contracting Symposium
Turning up the heat on HIPAA compliance: What to expect from increase enforcement and Office for Civil Rights audits
HIPAA Update for Physician Office Managers
HIPAA and HITECH's Impact on Certified Public Accountants
Keeping up with technology demands: Delayed deadlines for Meaningful Use and ICD-10 reflect overburdened healthcare providers
HIPAA Audits and Investigations - What to expect when the Office for Civil Rights comes knocking
Make Way for Medicaid Managed Care: What to expect as Kentucky departs from traditional fee-for-service reimbursement in favor of managed care for Medicaid recipients across the Commonwealth
HITECH Challenges for Physicians: Keeping Up with Changes to Health Information Privacy and Security Rules in an Expanding Electronic Environment
HIPAA and Social Media Issues for Employers, Hot Topics and Critical Issues Pertinent to Employers and Health Care Providers
HITECH's Amendments to HIPAA: Recent Changes to Health Information Privacy and Security Rules and their Impact on State Regulatory Investigations
HIPAA Update for Employers
How will the HITECH Act affect your law firm?
EMTALA
Current Trend: Employment of Physicians by Hospitals
Grounding Cyberspeech: Public Schools' Authority to Discipline Students for Internet Activity
Successfully obtained summary judgment for a healthcare provider in Jefferson Circuit Court in a putative class action asserting claims for negligence, negligence per se, and invasion of privacy stemming from an alleged data breach disclosing patient information. Judgment was obtained prior to any class being certified.
Chief Privacy Officer
Privacy & Data Security Practice Group, Co-Chair
Office of General Counsel, as Chief Privacy Officer
Yew Dell Botanical Gardens, Board of Directors (2018-present)
Louisville Legal Aid Society, Volunteer (2009-16)
Sisters of Charity of Nazareth, Inc., Board of Directors (2011-16)
Focus Louisville, February 2016 Class
magna cum laude
University of Kentucky College of Law
-
Order of the Coif
-
Kentucky Law Journal, Notes Editor and Outstanding 2L Source and Cite Editor
-
Robert G. Schwemm Scholarship; Dorothy Salmon Memorial Scholarship
-
Marshall Writing Club, best appellant brief and best appellant oral argument
-
University of Kentucky Equine Law Society
-
Golden Key International Honour Society
Indiana University
-
Double minor, Philosophy & Psychology
Sarah joined Stites & Harbison in September of 2009 after participating in the firm's summer associate program in 2008. In the summer of 2007, she worked in the legal department at Brown-Forman Corporation in Louisville. Before law school, Sarah lived in New York City where she worked at Friedman, Wang & Bleiberg, P.C. as a paralegal, and Lehman Brothers, Inc. in human resources supporting the information technology division.
Sarah is an accomplished equestrian and enjoys riding American Saddlebred horses in her free time.
Best Lawyers in America®, Health Care Law (2019-22)
Business First of Louisville, 20 People to Know in Law (2018)
Business First of Louisville, Partners in Health Care People to Watch (2014)



Revenue Cycle and Compliance Summit
Time: 12:00 p.m. - 4:30 p.m.
Online Event
The Revenue Cycle and Compliance Summit is an online half-day workshop to provide convenient education with CEUs and CLE for professionals. Stites attorneys Sarah Spurlock and Michael Denbow will be presenters at this Summit on June. 23, 2022.
U.S. Privacy And Data Security Developments - Where Do We Go From Here?
Sara Spurlock and Mari-Elise Paul discuss U.S. Privacy Laws, FTC Enforcement and The COVID effect in this Mondaq Webinar.
Stites & Harbison, PLLC Lawyers Named to 2022 Best Lawyers® Publications
LOUISVILLE, Ky.—Stites & Harbison, PLLC is pleased to announce that 93 lawyers are included in the 2022 Edition of The Best Lawyers in America©. Since it was first published in 1983, Best Lawyers® has become universally regarded as the definitive guide to legal excellence. Additionally, 11 attorneys are named as “Lawyer of the Year” and 14 attorneys are recognized in “Best Lawyers: Ones to Watch,” which recognizes attorneys early in their careers for outstanding professional excellence in private practice in the United States.
IADC 2021 Annual Meeting
Fairmont Chicago, Chicago, Illinois
Please join the IADC in Chicago for it's first in-person meeting in 18 months! Louisville office Sarah Spurlock with be a speaker at the event on August 15, 2021.
“No Company is Safe” — White House Urges Private Sector to Act Now in Hardening Defenses Against Growing Ransomware Threats
Following the most recent slew of high-profile ransomware attacks, the White House deputy national security adviser for cyber and emerging technology, Anne Neuberger, issued an open letter to the private sector urging action to increase cyber defenses to match the nation’s increasing ransomware threat.
U.S. Privacy and Data Security Developments - Where Do We Go From Here?
Stites & Harbison attorneys Sarah Cronan Spurlock and Mari-Elise Paul discuss U.S. Privacy Laws, FTC Enforcement and The Covid Effect in this Webinar presented by Mondaq.
U.S. Privacy and Data Security Developments - Where Do We Go From Here?
Time: 10:00 a.m. - 11:00 a.m.
Webinar
On June 3, 2021 at 10:00 EST, Mondaq will be hosting a webinar featuring Stites & Harbison attorneys, Sarah Cronan Spurlock and Mari-Elise Paul discussing U.S. privacy and data security developments.
Data Privacy Day: Scanning Data Privacy Issues for 2021
Every January 28, the United States, Canada, and 27 countries of the European Union celebrate Data Privacy Day, which is an international effort to create awareness about the importance of safeguarding data and respecting privacy.