Skip to main content

Kristen A. Marotta


[email protected]



Kristen focuses her practice on health care transactions, regulatory matters, and general contracting. Her experience includes counseling clients on both investing in and exiting from the health care space, drafting compliance plans and policies, facilitating deals and conducting due diligence to assess risk, addressing employment issues for health care entities, and assisting companies with formation and reorganization.


Prior to joining Mintz, Kristen was an associate in the health law group in the New York office of a Philadelphia-based national law firm. In that role, she handled a wide variety of compliance inquiries, servicing numerous types of health care providers, including local hospitals and physician practices. Earlier, she was an associate in the health care practice group and a summer associate in the Long Island, New York office of an international law firm, where she was engaged in the health care industry but also represented companies outside of health care in mergers and acquisitions and on general corporate, operational matters.


While attending law school, Kristen externed at William & Mary’s Athletic Compliance Office and a Virginia-based national law firm. She also served as a judicial intern to the Hon. Joseph F. Bianco of the US District Court for the Eastern District of New York. Her law school activities included serving as both a member of the William & Mary Business Law Review and a Marshall-Brennan Constitutional Literacy Project fellow.



  • William and Mary Law School (JD)
  • University of Michigan (BA, with high distinction)

Recognition & Awards

  • Phi Delta Phi Legal Honor Society
  • James B. Angell Scholar, University of Michigan



Greater Access to Mental Health Care is on the Horizon

September 18, 2019 | Blog | By Kristen Marotta

Employers and retail giants alike are increasingly inserting mental health into the broader, public conversation around individual healthcare and employee benefits. Various U.S. employers are rolling out employee-based benefit programs to improve employees’ mental health and overall well-being.
Viewpoint General
On June 26, 2019, the Office of Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) released Frequently Asked Questions (FAQs) on how HIPAA allows health plans to share protected health information (PHI). The FAQs pose two questions: (1) whether HIPAA permits one health plan to share PHI about individuals in common with a second health plan for care coordination purposes; and (2) whether HIPAA permits health plans to use and disclose PHI to inform individuals about other health plans that it offers, without the individuals’ authorization, if the health plan received the PHI for a different purpose. The former answer is an affirmative “yes,” and the latter is a qualified answer of “yes, in certain circumstances.”

EMR Company Suffers Double Whammy After HIPAA Breach

June 5, 2019 | Blog | By Kristen Marotta

Medical Informatics Engineering, Inc. (Medical Informatics) and its wholly-owned subsidiary, NoMoreClipboard, LLC, an electronic medical record and software services provider is now liable for a combined total of $1 million to both the federal and state governments after hackers accessed approximately 3.5 million patients’ health records in 2015. The breach, reported to OCR on July 23, 2015, occurred through a compromised user ID and password. Compromised patient information included social security numbers, names, email addresses, health insurance policy information, addresses, dates of birth, and clinical information.
Viewpoint General
On June 28, 2018, California passed the California Consumer Privacy Act (CCPA) and then further amended it on September 23, 2018. CCPA breaks new state law privacy ground, and this post addresses some of the confusion surrounding the exemptions for health information.
Viewpoint General

Latest HIPAA Breach Involves Medical Records Hack of Business Associate

March 6, 2019 | Blog | By Kristen Marotta, Sarah Beth Kuyers

AltaMed Health Services (AltaMed) and California Physicians Services (doing business as Blue Shield of California (BSC)) recently received notice from their business associate, Sharecare Health Data Services (SHDS), of a hack of SHDS’s network that stores patients’ medical records.  The hacker was able to acquire and/or access patients’ protected health information (PHI) contained in the medical records kept by SHDS on behalf of AltaMed and BSC. The breach of AltaMed’s data was discovered on June 22, 2018, and the breach for BSC was discovered a few days later on June 26, 2018. Upon investigation, however, officials determined that both breaches went undetected for over a month and actually began on May 21, 2018.
Viewpoint General

HIPAA and Health Care Data Privacy - 2018 Year-in-Review

January 4, 2019 | Blog | By Sarah Beth Kuyers, Kristen Marotta

Today, we’re looking back at HIPAA and other privacy and security developments in 2018.  This past year saw continued HIPAA enforcement (including the largest ever fine for a HIPAA breach), reminders from the OCR on best practices for HIPAA compliance, and updates to state and international privacy and security laws.  We’ll also look ahead to 2019, which could bring several significant changes to HIPAA, such as reducing the burdens for sharing patient information in order to promote care coordination and better patient outcomes.
Viewpoint General

HIPAA Penalties For Failure to Cut Off Access To Former Employee

December 12, 2018 | Blog | By Kristen Marotta

It has been a busy few weeks for HIPAA enforcement. On Tuesday, the Office for Civil Rights announced its third resolution of a HIPAA breach in as many weeks. In this latest matter, OCR announced that Pagosa Springs Medical Center (PSMC), a critical access hospital in Colorado, has agreed to both pay $111,400 to the Office for Civil Rights (OCR) as well as adopt a comprehensive, two-year corrective action plan (CAP) to address and settle potential HIPAA violations.