Kristi Kung

Her experience includes:

Digital Health

Kristi has an active digital health practice advising healthcare startups on the appropriate business structuring and strategy to navigate complex and multijurisdictional regulatory challenges. Her background in privacy and security, licensing, reimbursement, fraud and abuse, registration and FDA enforcement and corporate practice of medicine provide her with the unique skillset to effectively guide her clients through the various legal and business obstacles confronting companies looking to develop and implement telehealth, mobile health, artificial intelligence, virtual and augmented reality, and other innovative health technologies. She has assisted clients in the development of regional, national, and international telehealth and mobile health programs and has advised health systems on the implementation of a cohesive telehealth strategy. She has also advised private equity sponsors with respect to digital health ventures and health IT acquisitions.

Healthcare Compliance, Investigations and Regulatory Counseling

Kristi has developed comprehensive compliance programs for a variety of healthcare providers and suppliers, including hospitals, physician practices, laboratories, DMEPOS suppliers, IDTFs, medical device manufacturers and specialty pharmacies. She also advises on the day-to-day healthcare regulatory and compliance matters confronting providers and suppliers in the healthcare industry. Kristi has developed and provided specialized training to her client’s workforces and sales teams concerning fraud and abuse, privacy and security, and other client risk areas. In addition, she has served as an independent compliance reviewer for entities under Corporate Integrity Agreements.

She advises clients on fraud and abuse matters including Stark and Anti-Kickback as well as state law equivalents, HIPAA and other privacy laws, reimbursement and billing, licensing and corporate practice of medicine issues. She assists clients with respect to internal investigations and self-disclosure and refund obligations and has further represented clients under investigation by various federal and state agencies, including the Centers for Medicare and Medicaid Services, the Office of Inspector General for the US Health and Human Services, the Health and Human Service Office for Civil Rights, the Health Resources and Services Administration, the Virginia Department of Health, the North Carolina Department of Health, various Virginia professional licensing boards and the Washington, DC Board of Medicine.

Privacy and Security Compliance, Breach Reporting and Investigations

Kristi represents healthcare industry clients and stakeholders with respect to privacy and security matters, including the development of HIPAA compliance programs, website privacy policies and terms of use, breach investigation and reporting, government investigations and healthcare privacy and security matters arising during the due diligence process. She has extensive knowledge of state health information privacy and security laws and has assisted clients throughout the US in the investigation, remediation, and breach reporting, as required, of privacy and security incidents. She has also defended providers in investigations by the Health and Human Service Office for Civil Rights. She advises clients on privacy and security compliance issues related to big data, health information technology, business associate agreements data use agreements and the use of de-identified data.

Kristi has extensive experience advising hospitals, specialty pharmacies and other covered entities with respect to 340B Drug Discount Pricing Program compliance, audits and appeals. She assisted clients in this space with respect to the development of 340B compliance programs, internal audits and investigations, HRSA and drug manufacturer audits and inquiries and the submission of self-disclosures of 340B Program noncompliance to HRSA.

Healthcare Transactions

Kristi advises private equity sponsors in their healthcare acquisitions and divestitures, and the on-going representation of their healthcare portfolio companies, regarding healthcare regulatory issues identified in due diligence, including fraud and abuse matters (Stark, AKS, FCA), privacy and security, licensure matters, and Medicare and Medicaid billing issues. Her experience spans a wide range of specialty areas including health IT, specialty pharmacy, laboratory, hospitals, hospice, home health, ASCs, IDTFs, physician practice groups and specialty practices such as ophthalmology, oncology, urology, radiology, and dentistry.

Hospitals and health systems

Kristi represents hospitals and health systems in a wide array of healthcare regulatory and transactional matters with a particular focus on digital health, fraud and abuse counseling, and the development of innovative shared risk arrangements.

Medical groups and physicians

Kristi represents multispecialty physician groups on regulatory matters and acquisitions, including the development of super groups to capture ancillary revenues and working with clients to satisfy their physician compensation goals in a manner that is compliant with the Stark Law and other healthcare regulations. She also assists medical groups and physicians with employment agreements, professional service agreements, administrative service agreements, compliance program development, business associate agreements and a range of other transactional and regulatory matters.

• "How Will Telehealth Change After the Pandemic?," HealthTech, June 5, 2020
• "New York Settles EmblemHealth Breach for $575,000," Eye on Privacy Blog, March 2018
• "HHS-OCR Closes 2017 with Six Figure Settlement in PHI Data Breach," Eye on Privacy Blog, January 2018
• "Life in the Slow Lane? What Net Neutrality Repeal May Mean for Telehealth Services,"The National Law Review, January 2018
• "Telehealth in 2017: What's Changed and What's Ahead," Law360, December 2018
• "Texas Telemedicine Saga Finally Over?," SMRH Health Law Blog, November 2017
• "New York AG Takes Enforcement Action Against Heart Monitoring Apps: Murmurs of Concern are Heard in mHealth App World," SMRH Health Law Blog, April 2017
• "Is a Truce in the Battle over Telemedicine in Texas Upon Us?," SMRH Health Law Blog, February 2017
• "Recent Relaxation of State-Level Challenges to the Expansion of Telemedicine but Barriers Remain," SMRH Health Law Blog, July 2016
• "CMS Proposes to Limit Site Neutral Payment Exceptions Applicable to Certain Off-Campus Hospital Departments Following Relocation, Service Expansion, or Certain Ownership Changes," SMRH Health Law Blog, July 2016
• "Disclosing 340B Program Non-Compliance and Negotiating Manufacturer Refunds – An Overview and Case Study, American Health Lawyers Association," In-House Counsel Meeting, June 2016
• "Assessing the Legal Risk of Unregulated Yoga Therapy," Law360, January,5 2016
• "Health Care Fraud and Abuse Update," Health Law Handbook, 2014 – 2016 editions
• "340B Omnibus Guidance Would Significantly Narrow the Pool of Eligible Patients," Law360, September 3, 2015
• "FDA Draft Guidance Would Ease Regulatory Burdens for Certain mHealth Applications," Law360, August 1, 2014
• "OIG Releases Special Bulletin on the Effect of Exclusion from Federal Health Care Programs," E-Alert, AHLA Accreditation, Certification and Enrollment, Affinity Group, May 8, 2013
• "Impact of the American Taxpayer Relief Act of 2012 on Reimbursement for Health Care Services," E-Alert, AHLA Regulation, Accreditation and Payment Practice Group, January 4, 2013
• "Telemedicine Legal Hurdles - An Overview of Lesser Known Challenges," Healthcare IT News – A Publication of the American Health Lawyers Association, Vol. 15, Issue 3, Page. 7, November 2012
• "Qui Tam Counsel Sanctioned for Breaching Ethical Rules Relating to Review of Privileged Material – E-Alert on the Frazier v. IASIS case," AHLA Healthcare Liability & Litigation Practice Group, February 2012
• "CMS Issues Final Rule Updating Payment Policies Under ESRD PPS for CY 2012," E-Alert, AHLA Regulation, Accreditation and Payment Practice Group, November 7, 2011
• "Legal Practice in a HITECH Environment: An Overview of the HITECH Act and its Impact on Lawyers as Business Associates," Defensively Speaking, International Society of Primerus Law Firms, February 12, 2010
• "Annual Survey of Virginia Law: Health Care Law," 44 U. RICH. L. REV. 473, 2009

• Panelist, CTeL Telehealth Spring Summit – "Workshop: Telehealth Claims and Denials Management – Medicare, Medicaid, and Private Payors," The Washington Hilton, Washington, DC, June 13, 2019
• Panelist, Sensus Healthcare - American Academy of Dermatology Annual Meeting Dinner, The Willard Hotel, Washington, DC, March 1, 2019
• Faculty, TMCx Accelerator, Texas Medical Center, "Digital Health Regulation," February 25, 2019, with Danny Tobey
• Presenter, "Mitigating Legal Risks in Digital Health Adoption," with Danny Tobey, November 13, 2018
• "What the Net Neutrality Repeal May Mean for Telehealth," CTeL Executive Telehealth Spring Summit, June 14, 2018
• "Healthcare Disruptions," American University Washington College of Law Summer Health Law Institute Lunch and Learn Panel, June 6, 2018
• "Data Breach Simulation," Association of Corporate Counsel – San Diego Chapter, April 25, 2018
• "Hot Topics in Healthcare Compliance and Regulation," University of Minnesota Master of Business Administration – Healthcare Executive Track, March 2017
• Health Law Panel: "Where We Are and Where We Are Going," District of Columbia Bar Association, Health Law Section, March 2017
• "Hacking Health: Addressing mHealth Privacy and Security Risks," Lorman Webinar, September 2016
• "Specialty Pharmacy and the 340B Program," National Association of Specialty Pharmacy – Legal Day, Washington, DC, September 2016
• "Avoiding Fraud and Abuse Pitfalls Under Expanded Reimbursement for Telehealth Services," mHealth and Telehealth World Congress –, Boston, July 2016
• Co-Presenter, "HIPAA Compliance and the Use of De-Identified Data," June 25, 2016, with Lisa Shuman (Strategic Management Services)
• "Fraud and Abuse Issues in Telehealth," American Health Lawyers Association – Fraud and Compliance Forum, Baltimore, September 2015
• "Exploring the Current State of mHealth Privacy and Security," mHealth and Telehealth World Congress, Boston, July 2015
• "mHealth and Telehealth – Privacy and Security Issues," American University Washington College of Law, Washington, DC April 2015
• "Privacy and Security Issues," mHealth Applications Legal Issues Breakfast Series, Tysons Corner, Virginia, March 2015
• Federal and Virginia laws relating to pharmacy and prescribing; the Virginia State Board of Pharmacy structure, investigation and hearing procedures; risk management and documentation for preventing litigation, Medical College of Virginia, Pharmacy Residency Program, March 2011; April 2010; and March 2009
• "Electronic Health Records in Litigation," Martha Jefferson Hospital, September 2010
• "Moving Beyond HIPAA: Future Trends in Litigation in This New Electronic Age," American Bar Association National Teleconference, January 2010
• "Patients and Practitioners Beware: Mandatory Electronic (Medical) Records and What You Need to Know," American Bar Association - Young Lawyers Division Fall Conference, October 2009
• Moderator and Speaker, The American Recovery and Reinvestment Act, HITECH provisions, Electronic Medical Records and Health Information Exchanges, and the E-Discovery of Electronic Medical Records in Litigation, Lorman Education Services, July 2009
• Health Information Portability and Accountability Act (HIPAA) and Virginia Medical Records Law, Lorman Education Services, October 2008