Skip to main content

Sarah Beth S. Kuyers


[email protected]



Sarah Beth’s practice involves a variety of regulatory, transactional, and enforcement defense matters for clinical laboratories, hospitals, pharmacies, insurers, and other health care clients.

Sarah Beth routinely advises clients on a wide variety of federal and state health care regulatory issues, including anti-kickback and self-referral laws, licensure and scope of practice rules, telemedicine, certificate of need applications, food and drug law, and HIPAA compliance. She also handles licensure and regulatory filings for clinical laboratories and other health care providers.

On the transactional side, Sarah Beth provides regulatory counsel for mergers and acquisitions involving pharmacies, pharmacy benefit managers, and other health care providers. She has assisted clients with due diligence, licensing, change of ownership, and contract drafting and negotiation.

Sarah Beth’s enforcement defense experience includes representing health care clients in criminal and administrative actions brought by federal and state agencies for potential violations of the federal anti-kickback statute, the Stark Law, and the False Claims Act. She has also has experience in internal investigations and compliance programs.

Sarah Beth actively participates in Mintz’s pro bono program. Currently, Sarah Beth represents children seeking Special Immigrant Juvenile (SIJ) Status from the U.S. Citizenship and Immigration Services. The SIJ program is available for foreign children who have been abused, abandoned, and neglected and have come to the United States.

Prior to joining Mintz, Sarah Beth worked as a law clerk with the health staff of the US Senate Committee on Finance, where she researched policy, regulations, and legislation regarding commercial insurance reform, health IT, Medicare, Medicaid, and the Affordable Care Act. During law school, Sarah Beth interned with a large, nonprofit health care system and with the International Trade Administration of the US Department of Commerce.


  • American University (JD, cum laude)
  • University of North Carolina - Chapel Hill (BSPH, honors)


- French


Health Care Viewpoints Thumbnail
Last week, the Third Circuit joined several other appellate courts in finding that medical opinions related to medical necessity of hospice services can be subject to scrutiny and found to be “false” for purposes of proving a violation of the False Claims Act (FCA) in U.S. ex rel. Druding v. Care Alternatives. Our Health Care Enforcement Defense Group has been closely tracking recent qui tam cases brought under the FCA based on allegations that health care services or procedures lacked the requisite medical necessity, including the conclusion of the landmark AseraCare case last week.  As we’ve previously discussed on the blog, several district courts across the country have determined that differences of opinions between physicians and medical experts alone cannot be used to prove the FCA’s falsity requirement. However, some appellate courts have reached different conclusions. The Third Circuit’s decision last week in Care Alternatives joins those appellate courts in rejecting this argument and finding that “a difference of medical opinion is enough evidence to create a triable dispute of fact regarding FCA falsity.”
Read more
Health Care Viewpoints Thumbnail

Health Care Data Breaches Are Increasing Both in Number and Cost

February 20, 2020 | Blog | By Sarah Beth Kuyers

It feels like we’ve been seeing a lot more health care breaches caused by hackers and other IT security incidents recently, and there’s a good reason why: a recent report by cloud security company Bitglass confirms that both the number of breaches and individuals affected by breaches caused by hackers and IT incidents grew significantly last year.  Bitglass analyzed data from the breach portal, affectionately known as the “Wall of Shame,” published by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR).  Pursuant to the HITECH Act, HHS is required to post a list of all reported breaches that affect 500 or more individuals. OCR classifies the types of breaches reported on the Wall of Shame, and the "Hacking/IT Incident" category includes a variety of breaches, including malicious intrusion, malware, ransomware, phishing, and general IT security failures.
Read more
Practice Hero Artificial-Intelligence Mintz

Artificial Intelligence in Health Care

February 5, 2020 | Blog | By Rachel Irving Pitts

Artificial Intelligence is a growing part of our day-to-day life. And AI promises to improve our health care system. ML Strategies Vice President Christian Tomatsu Fjeld recently sat down with other experts for a panel discussion hosted by the San Francisco Business Times to discuss AI and some business and policy considerations across multiple industries. This viewpoint considers some of the impacts on health care specifically, and links out to the panel's discussion.
Read more
Health Care Viewpoints Thumbnail

A New Decade of HIPAA: What Can We Expect?

December 23, 2019 | Blog | By Sarah Beth Kuyers, Dianne Bourque, Ellen Janos

As the decade winds down, it’s hard to believe that the HIPAA Privacy and Security Rules are almost twenty years old.  It has been ten years since the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the first breach notification rule – the one based on the harm standard.   And the Omnibus Rule’s “low probability of compromise” standard is almost seven years old!   Regulators and regulated entities are heading into the new year and decade with a lot of momentum on some important issues.  As we prepare to welcome 2020, we’d like to indulge in a bit of hindsight – as well as speculation – about what the new decade might hold for HIPAA-regulated entities. 
Read more
Viewpoint Thumbnail

Key Takeaways from CMS’s Final Rule Requiring the Disclosure of Affiliates during Provider Enrollment

September 12, 2019 | Blog | By Daryl Berke, Sarah Beth Kuyers, Karen Lovitch

The Centers for Medicare & Medicare Services (CMS) recently published a final rule with comment period (the “Final Rule”) that is designed to increase CMS’s ability to identify and prevent bad actors from participating in Medicare, Medicaid, and CHIP. Providers and suppliers should take note because implementation will be costly and burdensome. Among other things, the Final Rule requires the disclosure of certain provider and supplier affiliations and permits CMS to revoke or deny enrollment where those affiliations pose an undue risk of fraud and abuse. The Final Rule also grants CMS several additional authorities to revoke or deny a provider’s Medicare enrollment and increases the duration of such revocations and denials. The Final Rule takes effect on November 4, 2019. Comments on the Final Rule are due by 5:00 p.m. on that same day.
Read more
Viewpoint Thumbnail

OIG Reports Focus on Hospice Quality of Care

July 25, 2019 | Blog | By Sarah Beth Kuyers

Earlier this month, the Office of Inspector General for the U.S. Department of Health and Human Services (OIG) released two reports regarding its concerns and recommendations related to quality of care at hospice facilities. These reports follow a portfolio report that the OIG released last summer regarding significant vulnerabilities in the Medicare hospice benefit. In these reports, the OIG outlines several quality of care issues and recommends several ways that CMS should strengthen safeguards, all of which may further increase enforcement in an already heavily scrutinized area.
Read more
Health Care Viewpoints Thumbnail
The HHS Office for Civil Rights (OCR) released a new guidance document regarding which HIPAA violations business associates (BAs) can and cannot be held directly liable for.  In the guidance, OCR states that BAs can be held directly liable for a list of 10 violations but notes that certain other violations, like the reasonable cost requirement for a patient’s access to their PHI, cannot be enforced directly by OCR against a BA.  The covered entity (CE) is still on the hook for violations of this type, however, so CEs should carefully review their BAAs to ensure that it covers requirements that don’t directly apply to BAs but are still enforceable against CEs.  Large data breaches also continue to dominate the press.
Read more
Viewpoint Thumbnail

Maryland Legislature Passes Bill Allowing Direct Advertising of Certain Laboratory Tests

April 12, 2019 | Blog | By Sarah Beth Kuyers, Karen Lovitch

The Maryland General Assembly recently passed a bill that permits any person to directly or indirectly advertise diagnostic laboratory tests in the state, with certain limitations.  The bill currently awaits the Governor’s signature and will go into effect on October 1, 2019. Maryland law currently prohibits any marketing of laboratory tests to consumers, as well as any direct-to-consumer (“DTC”) testing without a physician’s order. 
Read more
Viewpoint Thumbnail

Secretary Azar Addresses Drug Pricing and Care Coordination in AHLA Keynote

March 22, 2019 | Blog | By Lauren Moldawer, Sarah Beth Kuyers

Earlier this week, Alex Azar, Secretary of the Department of Health and Human Services (“HHS”), delivered keynote remarks at AHLA’s 2019 Institute on Medicare and Medicaid Payment Issues. 

Framing his remarks around two key initiatives of the Administration, regulatory reform and affordable healthcare, Secretary Azar promised a bold and swift approach to regulatory reform over the coming years. 

Secretary Azar discussed HHS’ initiative known as the “Regulatory Sprint to Coordinated Care,” which we’ve previously discussed on the blog. The agency is undergoing a “comprehensive reexamination of rules that may be impeding coordinated care.”  As a “sprint,” he noted the goal is to issue rulemaking to alleviate impediments “as soon as possible.”
Read more
Viewpoint Thumbnail
AltaMed Health Services (AltaMed) and California Physicians Services (doing business as Blue Shield of California (BSC)) recently received notice from their business associate, Sharecare Health Data Services (SHDS), of a hack of SHDS’s network that stores patients’ medical records.  The hacker was able to acquire and/or access patients’ protected health information (PHI) contained in the medical records kept by SHDS on behalf of AltaMed and BSC. The breach of AltaMed’s data was discovered on June 22, 2018, and the breach for BSC was discovered a few days later on June 26, 2018. Upon investigation, however, officials determined that both breaches went undetected for over a month and actually began on May 21, 2018.
Read more



Telehealth: What's Next?

Women Business Leaders of the U.S. Health Care Industry Foundation (WBL) Event

Online Event

Webinar Reference Image