Barry Herrin

CHPS, FAHIMA, FACHE

Founder

Barry S. Herrin, CHPS, FAHIMA, FACHE

404-459-2526

Barry Herrin’s practice is devoted primarily to health care and hospital law and policy, privacy law, and representation of tax-exempt healthcare organizations, with a particular emphasis in operational and governance issues, transactional matters, health information management and privacy issues, general compliance matters, and the establishment of physician-hospital collaboratives such as accountable care organizations, integrated delivery systems, joint ventured insurance entities, and jointly owned ambulatory surgery centers.

Barry has more than 25 years of experience, the majority of that time having been devoted to serving health care providers, from single physician practices to multi-provider systems. He has been ranked by Chambers and Partners as one of the leading individual attorneys in healthcare in Georgia since 2009. Barry is a committed volunteer in service to his community, state, and nation. He is a lifelong Scout and Scouter, earning the Eagle Scout rank in 1980, the Silver Beaver for dedicated service to the Atlanta Area Council in 1996, and the Robert E. Burt Award for Distinguished Service to Scouting from the National Society of the Sons of the American Revolution in 2016.

He retired from the U.S. Air Force Auxiliary in 2015 after a 25-year career, in which he served for six years as the National Legal Officer and attained the rank of Colonel. He currently helps out with Cub Scout Pack 457 and Boy Scout Troop 254 in Cumming, Georgia. For his volunteer service and good works, he has been commissioned both as a Kentucky Colonel and as a Lieutenant Colonel in the Georgia State Militia as an aide-de-camp to Governor Nathan Deal.

Barry is one of very few attorneys in the United States that is both a Fellow of the American College of Healthcare Executives and a Fellow of the American Health Information Management Association, recognitions of his professional qualifications beyond the law. He also holds a Certificate in Healthcare Privacy and Security from the American Health Information Management Association, a credential shared by many professional healthcare information managers, as well as a Certificate in Cyber Security from Georgia Tech in Atlanta. He is also a certified barbecue judge.

Speeches and Lectures
  • Panelist, “Business of Healthcare Symposium: Going from Good to Great in a Value-Based World,” Health Information Management Systems Society 2018 Annual Conference, March 2018 in Las Vegas, Nevada
  • “Cyber-Risk and Cyber Insurance,” Information Systems Security Association Metro Atlanta Chapter Conference, November 2017 in Atlanta, Georgia
  • Panel Discussion, “Secure and Protect Your High Value Asset – Information!”, American Health Information Management Association Annual Convention, October 2017 in Los Angeles, California
  • “42 CFR Part 2 and the Interoperability of Substance Abuse Treatment Records: A Primer for the Health Information Manager,” American Health Information Management Association Privacy & Security Institute, October 2017 in Los Angeles, California
  • “‘Holistic’ Security Framework: Supporting Business and Clinical Goals,” HIMSS Healthcare Security Forum, September 2017 in Boston, Massachusetts
  • “Cyber-Risk, Cyber-Insurance, and Human Resources Issues in Cyberspace: What You Need to Know,” Atlanta InfraGard Chapter Meeting, August 2017 in Atlanta, Georgia
  • “Clinical Documentation Improvement as a Response to Federal Recoupment Strategies,” American Health Information Management Association Clinical Documentation Improvement Summit, August 2017 in Washington, DC (Keynote)
  • “Cyber-Risk, Cyber-Insurance, and Human Resources Issues in Cyberspace: What You Need to Know,” American Health Information Management Association Privacy & Security Institute, October 2016 in Baltimore, Maryland
  • Moderator, “Accountable Care Organizations: Creation, Capitalization, Contracting,” Georgia Association of Healthcare Executives, September 2016 in Atlanta, Georgia
  • Moderator, “The Legal Implications of ‘The Internet of Things’,” Florida Bar Continuing Legal Education Conference, September 2016 in Orlando, Florida
  • Panel Discussion, “Cybersecurity,” 2016 Georgia HIMSS Annual Conference, September 2016 in Atlanta, Georgia
  • Panel Discussion, “The Life Cycle of an Accountable Care Organization: Creation, Compliance, Contracting,” American Health Lawyers Association Institute on Medicare and Medicaid Issues, April 2016 in Baltimore, Maryland
  • “Narrow Networks,” North Carolina Medical Society, March 2016 (teleconference)
  • Panel Discussion, “Accountable Care Organizations: Negotiating the Briar Patch,” 2016 HCCA Managed Care Compliance Institute, February 2016 in Las Vegas, Nevada
  • Panel Discussion, “Cybersecurity,” 2015 Georgia HIMSS Annual Conference, October 2015 in Atlanta, Georgia
  • “Physician-Hospital Integration in the 21st Century,” University of Alabama at Birmingham’s 35th National Symposium for Healthcare Executives, July 2015 in Sandestin, Florida.
  • “Privacy Breaches: Real Life Experiences and Lessons Learned,” Florida Health Information Management Association Annual Convention, July 2015 in Orlando, Florida
  • “When the OCR Comes Knocking: Here’s What to Expect and How to Respond,” Health Information Management Systems Society Privacy & Security Forum, June 2015 in Chicago, Illinois
  • “Anatomy of a Health Care Data Breach,” HealthITSecurity.com National Webinar, May 2015
  • “Breaches, Breaches, and More Breaches,” American Health Information Management Association Privacy and Security Institute, September 2014 in San Diego, California
  • “Regulatory Environment of the Healthcare Industry,” American Society of Appraisers Healthcare Special Interest Group, September 2014 in Savannah, Georgia
  • “The Search for the Lost ‘P’s: Patient Protection Provisions of the Affordable Care Act,” Georgia Hospital Association Compliance Officers Roundtable, September 2014 in Lake Oconee, Georgia
  • “Legal Issues in the Provision of Telemedicine Services,” Pacific Islands Chapter of the American Telemedicine Association, December 2013 (teleconference)
  • “Data Integrity and the Official Patient Record: Destination or Journey?”, California Health Information Association Annual Convention, June 2013 in Palm Desert, California
  • “Doctors/Providers On the Line: An Overview of Key Legal Topics Impacting Telehealth Programs and Business,” American Telemedicine Association Annual Meeting, May 2013 in Austin, Texas
  • “Complying with the Final HIPAA Rule,” Georgia Society of Clinical Oncology Annual Administrators Meeting, May 2013 in Lake Lanier Islands, Georgia
  • “Clinical Documentation Improvement As a Response to Federal Recoupment Strategies,” Association of Clinical Documentation Improvement Specialists Annual Meeting, May 2012 in San Diego, California
  • “Data Integrity and the Official Patient Record: Destination or Journey?”, American Health Information Management Association Legal EHR Symposium, August 2011 in Chicago, Illinois (keynote)
  • “Legal Issues in Implementation of an Electronic Health Record,” Arizona Health Information Management Association Annual Meeting, June 2011 in Phoenix, Arizona (keynote)
  • “The Path to EHR Implementation: Strategies for Success,” Northeast Florida Chapter of the American College of Healthcare Executives, May 2011 in Pensacola, Florida
  • “Walking the Social Media Tightrope: Understanding the Risks that Surround Social Media,” Association for Home and Hospice Care of North Carolina, May 2011 in Durham, North Carolina
  • “Investigating Breaches of Protected Health Information Under HITECH,” Georgia Hospital Association Compliance Officers Roundtable, March 2011 in Barnsley Gardens, Georgia
  • “Legal Issues in Healthcare,” Georgia Chapter of the American College of Healthcare Executives, December 2010 in Atlanta, Georgia
  • “Legal Issues,” Northeast Florida Chapter of the American College of Healthcare Executives, September 2010 at The Mayo Clinic, Jacksonville, Florida
  • “Federal and State Compliance Issues,” Georgia Chapter of the American Society of Clinical Oncology, September 2010 in Atlanta, Georgia
  • “Investigating Breaches of Protected Health Information Under HITECH,” Tennessee Health Information Management Association Annual Meeting, April 2010 in Chattanooga, Tennessee
  • “The Legal Electronic Health Record: Beyond Definition,” Metropolitan Chicago Healthcare Council, October 2009
  • “Managed Care Contracting: Maximizing Reimbursement and Contract Compliance,” Georgia Society of Managed Care Annual Meeting, October 2009 in Young Harris, Georgia
  • “HITECH: The Economic Stimulus Package and Its Impact on HIPAA,” The Florida Bar Health Law Section’s Fundamentals of Florida Healthcare Law, September 2009 in Orlando, Florida
  • “Going Out of Network: Pitfalls and Opportunities,” Multistate Hospital Managed Care Conference, April 2009 in Savannah, Georgia
  • “Legal Issues Regarding the Electronic Health Record,” Scottsdale Institute, October 2008
  • “E-Discovery Hot Topics,” American Health Information Management Association Annual Meeting, October 2008 in Seattle, Washington
  • “The Legal EHR: Beyond Definition,” American Health Information Management Association Legal EHR Conference, August 2008 in Chicago, Illinois
  • “Defining the Legal Electronic Health Record: Much Ado About Nothing?”, North Carolina Health Information Management Association Annual Meeting, May 2008 in Asheville, North Carolina
  • “Everything I Needed to Know About Leadership I Learned in the Boy Scouts,” American Health Information Management Association AOE Symposium, July 2007 in Chicago, Illinois
  • “Practical and Legal Considerations of the Interoperable Electronic Health Record,” Florida Health Information Management Association Annual Meeting, June 2007 in Orlando, Florida
  • “Issues Surrounding Defining the Legal EHR,” American Health Information Management Association Legal EHR Conference, June 2007 in Chicago, Illinois
  • “State and Federal Compliance Matters,” American Academy of Medical Management, April 2007 in Atlanta, Georgia
  • “Moving Health Information in an Emergency,” National Emergency Management Summit, March 2007 in New Orleans, Louisiana
  • “Disaster Response and Business Continuity: Lessons from Hurricane Katrina,” American Health Information Management Association Annual Meeting, October 2006 in Denver, Colorado
  • “HIPAA Privacy: A Three Year Look Back,” Thirteenth National HIPAA Summit, September 2006 in Washington DC
  • “Practical and Legal Considerations in Establishing a Personal Health Record,” California Health Information Association Annual Meeting, June 2006 in Rancho Mirage, California
  • “HIPAA Privacy: Tales from the Dark Side,” Arkansas Health Information Management Association Annual Meeting, May 2006 in Hot Springs, Arkansas
  • “Practical and Legal Considerations in Establishing an Electronic Health Record,” Twelfth National HIPAA Summit, April 2006 in Washington, DC
  • “Planning for Pandemonium: Preparing for Pandemic Flu and Other Disasters – Part V: Health Information Issues,” American Health Lawyers Association, National Audio Seminar, February 2006
  • “Practical and Legal Considerations of the Personal Health Record and the Role of the Personal Health Information Manager,” American Health Information Management Association Annual Meeting, October 2005 in San Diego, California
  • “Pay for Performance: Using Quality as Your Benchmarking Standard,” Professional Association of Health Care Office Managers Annual Meeting, September 2005 in Louisville, Kentucky
  • “Impacts of Pay for Performance in the Self-Funded Arena,” Georgia Chapter of the Healthcare Financial Management Association, Annual Summer Meeting, July 2005 in Hilton Head, South Carolina
  • “State and Federal Audits,” Medical Association of Georgia, Law and the Physician Symposium, July 2005 in Amelia Island, Florida
  • “HIPAA Security Risk Analysis: The Health Plan and Provider Perspective,” Workgroup for Electronic Data Interchange Fall 2004 Conference, November 2004 in Atlanta, Georgia
  • “Release of Information:  Cutting Through the Frustration,” Institute for Continuing Legal Education in Georgia, 20th Annual Medical Malpractice Institute, November 2004 in Amelia Island, Florida
  • “Corporate Compliance – Or Corporate Complacency?”, North Carolina Chapter of the American Society of Healthcare Risk Managers, November 2004 in Greensboro, North Carolina
  • “Pay for Performance: How Quality Can Help You Integrate with Physicians in Managed Care,” Dixon Hughes Healthcare Financial Strategies Conference, May 2004 in Charleston, South Carolina
  • “Privacy Nightmares and Practical Solutions,” American Health Lawyers Association Technology and Health Law Forum, October 2003 in San Francisco, California
  • “The New Georgia Hospital Licensure Rules,” Georgia Academy of Healthcare Attorneys Annual Meeting, May 2003 in Atlanta, Georgia
  • “Tales From the Dark Side: Real Privacy Nightmares from HIPAA Assessments,” Sixth National HIPAA Summit, March 2003 in Washington, DC
  • “Advance Directives and Physician Assisted Suicide,” Rockdale Hospital and Health System Medical Staff Grand Rounds, January 2003 in Conyers, Georgia
  • “HIPAA Compliance for Third Party Administrators and Self-Funded Health Plans,” North American Group Underwriters Association Winter Meeting, November 2002 in Denver, Colorado
  • “HIPAA Requirements for Hospital Chaplains and Volunteers,” Georgia Society of Healthcare Chaplains Annual Meeting, September 2002 in St. Simons Island, Georgia
  • “HIPAA: Is It Out of Control?” 24th Annual Health Law Forum, East Carolina University Brody School of Medicine, September 2002 in Greenville, North Carolina
  • “HIPAA Obligations of Insurers and Third-Party Administrators,” Southern Claims Conference, April 2002 in Orlando, Florida
  • “HIPAA for Insurers: An Overview,” Southern Claims Conference, April 2001 in Memphis, Tennessee
  • “Healthspeak: The New Vocabulary of Health Care Reform,” Southern Claims Conference, June 1998 in Panama City Beach, Florida
Publications
  • Author, I’m NOT There For You, Man: The Curmudgeon’s Self-Help Guide to Success in the Modern Workplace (2014)
  • Author and Co-Author, Georgia Hospital Law Manual, Consents and Advance Directives Section (1997, 2005, and 2011/2012 eds.)
  • Author and Co-Author, Georgia Health Information Management Association Legal Manual (2002, 2006, and 2011 rev. eds.)
  • Editor and Co-Author, South Carolina Health Information Management Association Legal Manual (2007 rev. ed.)
  • Co-Author, Georgia Jurisprudence, Insurance Law Volume (Lawyers Cooperative, 1995)
  • “Security Incidents and Breaches in the Healthcare Industry – A Case Study In the Lack of Federal and State Coordination,” February 2018 Information Systems Security Association Journal
  • “What can anti-phishing efforts learn from fall prevention strategies?”, October 2017 Healthcare IT News
  • “Cybersecurity Risk in Health Care,” September 2017 Information Systems Security Association Journal
  • “8 Ways Healthcare Organizations Can Reduce Cyber Risk,” September 2016 SIGNiX Healthcare News Blog
  • “Release of Information: When to Call a Healthcare Compliance Attorney,” September 2016 Journal of AHIMA
  • “The Law Firm Business Associate: New Liabilities Create Conflicts of Interest,” August 2015 Health Care Compliance Association Compliance Today
  • Co-Author, Practice Brief, “Rules for Handling and Maintaining Metadata in the EHR,” May 2013 Journal of AHIMA
  • “Long Distance Records: Requesting and Managing the Records of Foreign Nationals,” April 2012 Journal of AHIMA
  • “PHI Faux Pas,” March/April 2012 Journal of Medical Practice Management
  • “Communicating Through the EHR,” February 2012 Journal of AHIMA
  • “What’s That, You Say?”, January/February 2012 Journal of Medical Practice Management
  • “Best Practices in EMR System Acquisition,” Fall 2011 Journal of the Medical Association of Georgia
  • “Cybersecurity Insurance: Considering Coverage for Data Breaches,” January 2011 Journal of AHIMA
  • “Breaches of Unsecured PHI after HITECH: A Suggested Framework for Investigation,” July – September 2010 University of Florida Risk Rx, Vol. 7, No. 3
  • “PHI Faux Pas: Social Media and the Unauthorized Disclosure of PHI,” April 30, 2010 American Health Lawyers Association Health Lawyers Weekly, Vol. VIII, Issue 17
  • “Breaches of Unsecured PHI after HITECH: A Suggested Framework for Investigation,” March 12, 2010 Florida Society for Hospital Risk Management and Patient Safety Risk Review
  • “County Governments and the FCC’s ‘Red Flag’ Regulations,” July 2009 Georgia County Government
  • “Release of Information on Deceased Patients,” January 2009 Journal of AHIMA
  • “Professional Practice Solutions: Releasing Records from Other Providers,” November/December 2008 Journal of AHIMA
  • “Healthcare Leadership: Lessons from the Military,” November 2008 Atlanta Hospital News
  • “Outsourcing HIM Functions to Europe: A Perilous Atlantic Crossing,” September 2008 Journal of AHIMA
  •  “Identity Proofing – Just a Fancy Name for Verification?” May 2007 Journal of AHIMA
  • “Security Rule Blues” – May 2005 Physicians Practice Magazine
  • “Informed Consent: It’s Not Just a Piece of Paper,” April 2005 Physicians Practice Magazine
  • Co-Author, “Pay for Performance: The Case for Quality as an Integrating and Incentivizing Factor,” February 2004 American Health Lawyers Association Health Lawyers News
  • “Practical Considerations of HIPAA Privacy Rules: Dispelling the Myths, Raising Awareness,” January/February 2003 Clinician News Magazine
  • “Tales from the Dark Side: Real Privacy Nightmares from HIPAA Assessment Engagements,” American Health Lawyers Association Hospitals and Health Systems Rx, Vol. 4, Issue 2 (Winter 2002)
  • “Health Information Privacy: A New Burden for Self-Insured Employers,” December 2002/January 2003 Health Care Buyer Magazine
  • “Advance Directives: Who’s In Control?” November 25, 2002 North Carolina Lawyers Weekly
Awards and Recognition
  • Martindale-Hubbell® “AV Preeminent” Rating
  • Ranked by Chambers USA for Excellence in Healthcare Law (2009 – 2017)
  • Robert E. Burt Award for Service to Boy Scouting, National Society of the Sons of the American Revolution (2015)
  • American College of Healthcare Executives Exemplary Service Award (2015)
  • Fellow of the American Health Information Management Association (FAHIMA) (2014)
  • American College of Healthcare Executives Senior Executive Regent’s Award (2012)
  • Honorable Order of Kentucky Colonels (2012)
  • American College of Healthcare Executives Distinguished Service Award (2011)
  • U.S. Air Force Auxiliary (Civil Air Patrol) Distinguished Service Medal (2011, 2013, and 2014)
  • American Health Information Management Association – Certified in Healthcare Privacy and Security (CHPS) (2010)
  • North Carolina Health Information Management Association – Honorary Member (2010)
  • American College of Healthcare Executives Service Award (2008)
  • Fellow of the American College of Healthcare Executives (FACHE) (2007)
  • Smith Moore Leatherwood LLP “Good Egg” (2004)
  • Georgia Health Information Management Association Champion Award (2004)
  • James E. West Fellowship, Alapaha Area Council Boy Scouts of America (2002)
  • Claude M. Scarborough, Jr. Pro Bono Award (1999)
  • U.S. Air Force Auxiliary (Civil Air Patrol) Lifesaving Medal (1998)
  • Silver Beaver Award, Atlanta Area Council Boy Scouts of America (1996)
  • Georgia Defense Humanitarian Service Award (1994)

Barry’s Books

I’m NOT There For You, Man: The Curmudgeon’s Self-Help Guide to Success in the Modern Workplace

This entrant into the self-help genre showcases what is wrong with older and younger generations, and attempts to build a funny and sarcastic bridge between the two. And the reader will discover some nuggets of valuable information along the way — honest.

Order from Amazon.

Sermons and Devotionals

A collection of sermons and devotionals written over a span of years.

 Order from Amazon.

ADMISSIONS

  • The District of Columbia Bar
  • The Florida Bar
  • State Bar of Georgia 
  • The North Carolina State Bar 

EDUCATION

  • Georgia State University College of Law, Juris Doctorate (cum laude)
  • Georgia State University, Bachelor of Arts, History (summa cum laude)
  • Georgia Institute of Technology, Certificate in Cyber Security

MEMBERSHIPS

  • American College of Healthcare Executives
  • American Health Information Management Association 
  • American Health Lawyers Association
  • Atlanta Bar Association
  • The Bar Association of the District of Columbia
  • The Florida Bar
  • Georgia Academy of Healthcare Attorneys
  • Georgia Association of Healthcare Executives
  • Georgia Health Information Management Association
  • InfraGard – Atlanta Chapter; National Cyber Health Working Group
  • North Carolina Bar Association
  • North Carolina Society of Health Care Attorneys
  • State Bar of Georgia