Edward G. Zacharias

Edward (Ed) G. Zacharias focuses his practice on complex transactions and regulatory compliance matters. He represents hospitals and health systems, academic medical centers, physician group practices, post-acute care providers, health information technology vendors, biotech companies, insurers, pharmaceutical companies and a variety of other health care entities. Read Edward Zacharias' full bio.

Firm/Organization: McDermott Will & Emery

Blogs: Employee Benefits Blog, FCA Update, Of Digital Interest

Latest Articles

Employee Benefits Blog

HIPAA Boss Sees ‘Low-Hanging Fruit’ Ripe For Enforcement

By Edward G. Zacharias

February 18, 2020

Healthcare providers and insurers are still making tons of rookie mistakes on patient privacy, turning themselves into easy enforcement targets, according to Roger Severino, director of the US Department of Health and Human Services. Severino made headlines in 2017 for expressing interest in punishing a “big, juicy, egregious” privacy breach, and seemingly followed through with a $16 million settlement stemming from Anthem Inc.’s megabreach involving 79 million patients. But, an emphasis on smaller violations makes…

FCA Update

Healthcare Enforcement Quarterly Roundup – Q2 2019

By David Quinn Gacioch, Tony Maida, Laura McLane, Amandeep S. Sidhu, Paul M. Thompson, Edward G. Zacharias, Theodore Alexander, Jennifer Aronoff, Lauren Evans, Irene A. Firippis, Marshall E. Jackson, Jr., Sophia A. Luby, Drew Elizabeth McCormick, Katrina Rogachevsky & Jennifer B. Routh

August 27, 2019

In this second installment of the Healthcare Enforcement Quarterly Roundup for 2019, we cover several topics that have persisted over the past few years and identify new issues that will shape the scope of enforcement efforts for the remainder of this year and beyond. In this Quarterly Roundup, we discuss DOJ’s guidance on compliance programs and cooperation credit, new US Department of Health and Human Services (HHS) rules and enforcement activity on provider religious/conscience opt-out rights, enforcement activity…

Of Digital Interest

The Continuing Disconnect between the Health Care Industry and OCR on HIPAA’s Risk Analysis Requirement

By David Quinn Gacioch, Edward G. Zacharias & Amy C. Pimentel

May 6, 2018

Lack of a sufficient risk analysis continues to be one of the most commonly alleged violations in Office for Civil Rights (OCR) HIPAA enforcement actions, appearing in half of all OCR settlements announced in the last 12 months and in almost all of the $1 million-plus settlements during that time period. Significant confusion remains across the health care industry as to what actually constitutes a compliant risk analysis for purposes of the HIPAA Security Rule.…

Of Digital Interest

OCR Explains How Information Blocking Violates HIPAA

By Amanda Enyeart, Edward G. Zacharias, Daniel F. Gottlieb & Ryan S. Higgins

October 27, 2016

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently posted guidance (OCR guidance) clarifying that a business associate such as an information technology vendor generally may not block or terminate access by a covered entity customer to protected health information (PHI) maintained by the vendor on behalf of the customer. Such “information blocking” could occur, for example, during a contract dispute in which a vendor terminates customer access or…

Employee Benefits Blog

HHS Office of Inspector General Calls for Increased Oversight and Enforcement of HIPAA

By Daniel F. Gottlieb, Edward G. Zacharias & Amy C. Pimentel

November 19, 2015

On September 29, 2015, the U.S. Department of Health and Human Services Office of the Inspector General (OIG), Office of Evaluation and Inspections, released two studies calling on the HHS Office for Civil Rights (OCR) to strengthen its efforts in both general enforcement of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Standards and enforcement of security breach reporting requirements. OIG commissioned both studies out of concern for the increased risk of an invasion…

Employee Benefits Blog

OCR Launches Phase 2 HIPAA Audit Program with Pre-Audit Screening Surveys

By Ryan S. Higgins, Daniel F. Gottlieb & Edward G. Zacharias

May 26, 2015

HIPAA covered entities have reported that the HHS Office for Civil Rights recently sent pre-audit screening surveys to a pool of covered entities that may be selected for the previously delayed second phase of HIPAA compliance audits. This On the Subject describes the phase two audit program and identifies steps that covered entities and business associates should take to prepare for these audits. Read the full article.…

Of Digital Interest

OCR Transmits Pre-Audit Screening Surveys to Covered Entities for Phase 2 HIPAA Compliance Audits

By Ryan S. Higgins, Daniel F. Gottlieb & Edward G. Zacharias

May 7, 2015

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently transmitted HIPAA pre-audit screening surveys to covered entities that may be selected for a second phase of HIPAA compliance audits (Phase 2 Audits). OCR is required to conduct compliance audits of covered entities and business associates under the 2009 Health Information Technology for Economic and Clinical Health Act. Unlike the pilot audits conducted in 2011 and 2012 (Phase 1 Audits), which…

Of Digital Interest

Just in Time for the Holidays: Another HIPAA Settlement

By Edward G. Zacharias

December 12, 2014

Following an Office for Civil Rights investigation, Anchorage Community Mental Health Services, Inc., agreed to pay $150,000 and comply with a two-year Corrective Action Plan to settle allegations that it violated the HIPAA Security Rule. This settlement is another reminder that covered entities and business associates should take the necessary steps to ensure compliance with HIPAA and to reasonably and appropriately safeguard the electronic protected health information in their possession. Read the full article.…

Employee Benefits Blog

OCR to Begin Phase 2 of HIPAA Audit Program

By Edward G. Zacharias & Daniel F. Gottlieb

August 26, 2014

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) will soon begin a second phase of audits (Phase 2 Audits) of compliance with Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy, security and breach notification standards (HIPAA Standards) as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act. Unlike the pilot audits during 2011 and 2012 (Phase 1 Audits), which focused on covered entities, OCR…

Of Digital Interest

Incorporating Risk Analysis Into Your HIPAA Strategy

By Edward G. Zacharias

May 14, 2014

In building a stout privacy and security compliance program that would stand up well to federal HIPAA audits, proactive healthcare organizations are generally rewarded when it comes to data breach avoidance and remediation. But an important piece of that equation is performing consistent risk analyses. McDermott partner, Edward Zacharias, was interviewed by HealthITSecurity to discuss these topics and more. Read the full interview.…

Edward G. Zacharias

HIPAA Boss Sees ‘Low-Hanging Fruit’ Ripe For Enforcement

Healthcare Enforcement Quarterly Roundup – Q2 2019

The Continuing Disconnect between the Health Care Industry and OCR on HIPAA’s Risk Analysis Requirement

OCR Explains How Information Blocking Violates HIPAA

HHS Office of Inspector General Calls for Increased Oversight and Enforcement of HIPAA

OCR Launches Phase 2 HIPAA Audit Program with Pre-Audit Screening Surveys

OCR Transmits Pre-Audit Screening Surveys to Covered Entities for Phase 2 HIPAA Compliance Audits

Just in Time for the Holidays: Another HIPAA Settlement

OCR to Begin Phase 2 of HIPAA Audit Program

Incorporating Risk Analysis Into Your HIPAA Strategy

Stay Connected

Company

Support

New to the Network