John Mulhollan

John Mulhollan has actively served a variety of business and healthcare clients in Ohio and California, with a particular emphasis on the healthcare industry, for nearly ten years.

Mr. Mulhollan has experience counseling clients in a variety of substantive areas, including healthcare transactions and contractual negotiations involving Medicare and Medicaid fraud and abuse compliance, physician referral compliance under the Stark law and professional and facility licensing. He has assisted both nonprofit and for-profit clients with legal analysis and documentation of healthcare private offerings, joint venture agreements, leases and corporate governance matters in connection with complex transactions. Focused on providing sound, yet practical, advice, Mr. Mulhollan strives to understand and promote each client’s healthcare mission by providing legally compliant solutions to the challenges of today’s complex healthcare environment.

Mr. Mulhollan has represented large and small healthcare providers such as healthcare systems, individual hospitals and clinics, as well as physicians and ancillary healthcare businesses. The complex transactions he has handled range from single contractual services arrangements to large healthcare mergers and acquisitions. Examples include the acquisition of a county-owned community hospital by a nonprofit health system, shareholder relations and combinations with respect to private physician practices, and compliance and documentation support for a variety of healthcare ventures involving ambulatory surgery, diagnostic imaging and laboratory services. In addition to providing thorough legal analysis of business issues, Mr. Mulhollan is able to guide clients through complex issues ranging from Medicare/Medicaid certification, change of ownership and reimbursement implications of such transactions to detailed analysis and preparation of professional and vendor services agreements. He also provides guidance and support in the areas of operational restructuring of provider, supplier and medical group operations, including the expansion or contraction of services, outsourcing, marketing and development compliance and complex facility and vendor relationships.

Mr. Mulhollan has advised clients on a variety of organizational compliance efforts, including fraud and abuse and Stark law compliance and corporate policy development. He advises clients on physician professional services and on-call arrangements, medical director agreements, physician recruitment, graduate medical education and medical office leasing. Mr. Mulhollan has advised both healthcare and business clients on implementing the many requirements and compliance issues arising under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as compliance with state medical privacy and professional licensing laws.

In addition, Mr. Mulhollan’s business practice includes general business advice to healthcare and non-healthcare clients, including mergers and acquisitions, governance, shareholder transactions, professional entity formation and compliance with government regulations.

Mr. Mulhollan is a member of the American, Ohio and Cleveland Metropolitan (Health Law Section) Bar Associations, as well as the American Health Lawyers Association.

Subscribe to all posts by John Mulhollan

OIG Advisory Opinion Approves Referral Payments Under Electronic Health Record (EHR) System

In a significant development impacting the wider electronic health record (EHR) community, the HHS Office of Inspector General (OIG) on December 7 issued an Advisory Opinion (AO 11-18) approving an EHR vendor’s proposed transaction fee structure for charging customers that use the vendor’s new patient referral ordering system. Although the Advisory Opinion applies only to … Continue Reading

Minnesota A.G. Files Lawsuit Against “Infused” Business Associate for Loss of Patient Data Stored on Laptop; Use of Patient Data Without Full Disclosure

In perhaps the first widely publicized action taken against a “business associate” (as defined under the Health Insurance Portability and Accountability Act (HIPAA) and privacy and security regulations thereunder), the Minnesota Attorney General (AG) on January 19 filed a civil lawsuit in federal court against Accretive Health, Inc., for alleged violations of HIPAA, as well … Continue Reading

Ohio Appeals Court Rejects Claim of Wrongful Disclosure of Medical Information Under Biddle v. Warren General Hospital – Upholds Lack of Private Cause of Action Under HIPAA

In an opinion announced on January 10, 2012, the Ohio Tenth District Court of Appeals, in Columbus, Ohio, held that a hospital’s use of a patient’s individually identifiable health information (PHI) for obtaining payment of a patient’s account was a valid use of PHI for payment purposes under the Health Insurance Portability and Accountability Act … Continue Reading

Update: Final HITECH Act Regulations Amending HIPAA Privacy And Security Will Be Published In 2012

During 2011, informal indications were given by the HHS Office of Civil Rights (OCR) and various industry experts that the final HITECH Act regulations amending the HIPAA privacy and security regulations would be published by the end of 2011. However, as of January 6, 2012, the regulations continue to be delayed, due to the numerous … Continue Reading

HIPAA Audits ARRA Coming! Is your PHI Secure?

In the growing world of RAC audits, Voluntary Disclosure Protocols, IRS Form 990 disclosures, “Never Events” and HIPAA breach notifications, there is a new kid on the block in the area of federal audit and oversight for health care providers, health plans and their business associates under the health information privacy and security provisions of … Continue Reading

Proposed Rule Would Change HIPAA Accounting of Disclosures – Covered Entities Will Continue to Face Significant Technical Challenges

On May 31, 2011, the U.S. Department of Health and Human Services (HHS) published a proposed rule adopting sweeping changes to the “accounting of disclosures” requirement under 45 C.F.R. § 164.528 that likely are to have a significant impact on the health information technology (HIT) systems being implemented by many healthcare providers, health plans (including … Continue Reading

HHS Inspector General Reports Highlight IT Security Gaps in Health Care

On May 16, the Office of Inspector General (OIG) of the Department of Health and Human Services (HHS) issued two reports critical of the government’s efforts to build and enforce a federal information security framework for protecting individuals’ electronic protected health information (ePHI).  Of particular interest to health care providers and health plans, these reports … Continue Reading

Medicare and Medicaid HER Incentive Programs–Early Results Show Strong Interest in HITECH and Meaningful Use

On February 23,  The Centers for Medicare & Medicaid Services (“CMS”) announced that more than 21,000 providers initiated registration for the Medicare and Medicaid EHR Incentive Programs in January and four states reported initial Medicaid incentive payments totaling $20,425,550.   The Medicare and Medicaid EHR Incentive Programs were enacted by Congress under the Health Information Technology … Continue Reading

HIPAA Bombshells — Major Civil Monetary Penalties Imposed Against Covered Entities for Privacy Violations

The last week of February 2011 will likely be remembered as a noteworthy milestone in the history of HIPAA privacy enforcement by the Department of Health and Human Services (“HHS”).  Showing that HHS intends to vigorously exercise the expanded civil monetary penalty enforcement provisions enacted in 2009 under the Health Information Technology for Economic and … Continue Reading

White House Forms New Subcommittee to Review Online Privacy Issues

In a statement released October 24, the Obama Administration has launched a new interagency “subcommittee” of the National Science and Technology Council to review privacy and Internet policy, which may include review of health care privacy issues.  The working group will focus primarily on individual privacy issues associated with the Internet and related online systems, … Continue Reading

Is Your EHR System Private Enough?

News accounts and criminal convictions involving unauthorized access or theft of electronic health records by health care facility or medical practice employees are raising renewed concerns about the privacy and security implications associated with the surging development and use of electronic health records systems (EHR). While providers who implement EHR systems often feel confident in … Continue Reading

HITECH’s Federal Health IT Coordinator Completes Nationwide System to Assist Doctors and Hospitals in Switching to Electronic Health Records

On September 28, 2010, David Blumenthal, M.D., National Coordinator for health information technology, announced selection of the final Regional Extension Centers (RECs), completing a national system of 62 organizations that will help physicians, clinics and hospitals to move from paper-based medical records to electronic health records (EHR). “The selection of these final awardees means that … Continue Reading

HHS Withdraws Draft Of Final HIPAA Breach Nofitifcation Rule

On July 28, 2010, the Office of Civil Rights (OCR) of the Department of Health and Human Services (HHS) announced that it withdrew the draft of the final rule for HIPAA breach notification that it had submitted in May to the Office of Management and Budget (OMB) for review. The possible reasons for such withdrawal will be discussed below, but covered entities should note that the obligation to report breaches of unsecured protected health information (PHI), which took effect on September 23, 2009, following the publication of an Interim Final Rule promulgated under the Health Information Technology for Economic and Clinical Health Act (HITECH Act), remains in effect. All covered entities, and their business associates, should have in place and/or adhere to an effective Breach Notification Policy containing appropriate procedures to investigate, report and mitigate breaches of privacy or security of PHI.… Continue Reading