Current Employment Position(s)

Partner

Lawyer Overview

Kevin Lyles practices in the areas of health care transactions, privacy and data security, and outsourcing. He co-chairs the Firm's Health Care practice and oversees the Firm's Privacy & Data Security practice.

Kevin's health care practice focuses on significant transactions, with an emphasis on hospital change-in-control transactions. Kevin also has considerable experience in structuring physician relationships with hospitals, academic medical center relationships, and fraud and abuse and Stark Law compliance. He has represented hospital systems, academic medical centers, physician organizations, health insurers, and pharmaceutical and medical device companies.

Kevin is experienced in privacy and data security matters, including cross-border data transfers, responding to data security breaches, privacy policies, identity theft prevention programs, and compliance with regulatory requirements, including the CAN-SPAM Act, the EU Data Protection Directive, HIPAA, FACTA, and the Gramm-Leach-Bliley Act.

Kevin also is an experienced outsourcing lawyer, concentrating in customer side transactions. His practice includes business process and information technology outsourcing, with significant offshoring experience. His recent experience includes the outsourcing of HR, information technology, revenue cycle, finance and accounting, and benefit plan administration services.

Kevin is a member of the American Health Lawyers Association and serves as co-leader of its Electronic Health Records Affinity Group. He has served on the advisory boards for the Healthcare Outsourcing Congress, the Privacy2000 conference series, and MD Net Guide. He is profiled in The Best Lawyers in America, The Legal 500, and Who's Who in American Law and has been recognized in Ohio Super Lawyers.

Areas of Practice

• Health Care
• Business Transactions/Health Care
• e-Health & Technology
• Outsourcing/Health Care
• Privacy/Health Care
• Intellectual Property
• Licensing & Technology Transactions
• Outsourcing
• Privacy & Data Security

Representative Cases

• Acquisition of Franciscan Health Partnership
• Acquisition of Georgetown University Medical Center
• Acquisition of Pharmacia
• Advice on Electronic Commerce and Electronic Signature Issues
• Advice on Global Privacy Risks and Compliance
• Advice on Privacy Issues
• Affiliation with Johns Hopkins University Health System
• Application Service Provider Agreement with Siemens Medical Solutions
• Company Counsel
• Creation of Cardiothoracic Surgery Program
• Data Security Breach
• Experian.net
• General Corporate Advice
• Global Privacy Program
• Google Health Affiliation
• Health and Health Management Plan Administration Services Agreement
• Health Care Technology Alliance
• Health Plan Data Collections and Analysis
• Hospital Acquisition
• Hospital Acquisition
• HR Outsourcing , (2009)
• Human Resources Outsourcing Agreement with IBM
• Information Technology Outsourcing Agreement with First Consulting Management Services and Affiliated Computer Services
• Issuance of Shares by Lanx, Inc. , (2009)
• Issuance of Shares by Renal CarePartners, Inc. , (2008)
• Launch of MyDocOnline Web Site
• Long-Term Information Technology Outsourcing Agreement with Siemens Medical Solutions
• Marshall Fields
• Metris Acquisition
• Multiple Master Agreements for the Provision of Onshore and Offshore Outsourcing Services
• Outsourcing
• Outsourcing , (2009)
• Outsourcing Contract with IBM
• Outsourcing Services Agreement with Cerner Corporation for a Wireless Network
• Privacy Advice
• Privacy Advice
• Privacy Project
• Restructuring of Academic Medical Center , (2009)
• Software Licensing and Services
• StepUp Commerce (Project Jumpstart)

West Practice Categories

Business Organizations, Copyrights, Disability, Elder Law, Food & Drug Administration, Health & Health Care Law, Hospital Law, Intellectual Property Law, International Intellectual Property, Internet -- Cyberspace, Medicare & Medicaid, Mental Health, Mergers, Acquisitions & Divestitures, Nursing Home, Patents, Reorganizations, Social Security -- Disability, Technology Licensing, Trade Dress, Trade Secrets, Trademarks

Bar Admissions

• Ohio

Education

• Ohio State University

Published Works

• Identity Theft Red Flag and Address Discrepancy Requirements, Health Care Compliance Professional's Manual, CCH, 2009
• A Privacy Primer for Corporate Counsel, coauthor, Thomson Reuters/Aspatore, 2009
• Red Flag Rules Require Companies to Take Identity Theft Seriously, reprinted in Pennsylvania Bar Association, Business Law Section Newsletter, 2009
• Stimulus Bill Substantially Revises HIPAA's Privacy and Security Rules, 2009
• California Expands Medical Privacy Laws with New Standards, Oversight, and Administrative Penalties, 2008
• Red Flag Rules Require Companies to Take Identity Theft Seriously, 2008
• California Expands Security Breach Notification Law to Include Medical and Health Insurance Information, 2008
• Stark Phase III Guidance Collection, American Health Lawyers Association, 2008
• Responding To Data Security Breaches, Privacy & Information Law Report, Vol. 8, Iss. 11, 2007
• Responding to Data Security Breaches, HCCA Compliance Today, Vol. 9, No. 11, 2007
• Treat Security Breaches With Caution, HIT News (an American Health Lawyers Association publication), Vol. 10, Iss. 3, 2007
• Stark on the Fast Track: Separate Rulemaking Threatens Many Common Deals, 2007
• Fed Encourages Use of Electronic Health Records and E-prescriptions, Columbus Business First, 2007
• Use of Electronic Health Records and E-Prescribing Growing—Albeit Slowly, Health Law Reporter, BNA, 2007
• Health Care Law Update chapter, coauthor, Aspen Publishers 2007 Health Law and Compliance Update, 2007
• Welcome to the Electronic Jungle: E-Prescribing, Medicare Part D, and HIPAA, AHLA Newsletter, 2006
• Hospitals Should Exercise Caution: Public Policy May Invalidate Economic Credentialing Policies, 2006
• Ohio Enacts Security Breach Notification Law, 2006
• Welcome to the Electronic Jungle: E-Prescribing, Medicare Part D, and HIPAA, 2005
• HIPAA Security: How compliant are you? Compliance Today, Health Care Compliance Association, 2005
• New HIPAA Rules for Group Health Plans and Health Insurers, 2005
• CAN-SPAM Act: 'How Nonspamming Business Can Survive Federal Spam Restrictions', 2004
• New Rules for Physician-Hospital Joint Ventures, coauthor, Business First, 2004
• Appeals Court Clarifies Rules for Hospital Joint Ventures, 2004
• The Federal CAN-SPAM Act -- New Requirements for Commercial E-Mail, 2004
• The ABCs of Information Technology Outsourcing, 2004
• OIG to Scrutinize "Suspect Contractual Joint Ventures", 2003
• Is Outsourcing a Cure for the IT Blues?, 2003
• Proposed Modifications to HIPAA’s Privacy Rule, 2002

Address

P.O. Box 165017
Columbus, OH 43216-5017

Phones

1.614.281.3821 (Business Phone)

Faxes

1.614.461.4198 (Business Fax)

Emails

Contact Us (Business Email)

Websites

http://www.jonesday.com