Patricia A. Markus, JD, CIPP/US
Partner
Suite 1400
Raleigh, NC 27603
Trish currently serves as the Chair of Nelson Mullins’ Healthcare Practice Group, and she is a Past President of the American Health Law Association (2023-2024). Trish represents healthcare providers and health technology companies across the country on wide-ranging regulatory compliance, reimbursement, licensure, and operational matters. She has particularly deep expertise in health information privacy, security,...
Trish currently serves as the Chair of Nelson Mullins’ Healthcare Practice Group, and she is a Past President of the American Health Law Association (2023-2024). Trish represents healthcare providers and health technology companies across the country on wide-ranging regulatory compliance, reimbursement, licensure, and operational matters. She has particularly deep expertise in health information privacy, security, and technology issues, enabling her to provide strategic and practical advice to clients on using technology to improve health care access and outcomes while complying with HIPAA, 42 CFR Part 2, state data privacy and security laws, the FTC’s Health Breach Notification Rule, and the 21st Century Cure’s Act’s interoperability and information blocking requirements.
Trish regularly counsels clients on the implications of using artificial intelligence tools within the health care ecosystem; telehealth initiatives, including multi-state MSO business models, direct-to-consumer and membership models, remote monitoring arrangements, reimbursement options, prescribing limitations, corporate practice of medicine and fee-splitting limitations, and requirements for patient consent and preconditions for recording telehealth interactions; electronic health record system adoption and extensions of EHR system access to community providers; participation in health information exchange initiatives, including TEFCA and Carequality; cybersecurity risks and data breach prevention and response; and compliance and fraud and abuse matters. She also works with physicians, hospitals, population health management companies and accountable care organizations, post-acute care facilities, and behavioral health and substance use disorder facilities on licensure and reimbursement matters, acquisitions, and divestitures. She writes frequently and speaks nationally on healthcare and data privacy topics.
Trish is a Chicago-area native and lifelong Cubs fan whose first aspiration was to become a Chicago Cub. When the inherent improbability of that dream became apparent, she determined she would become the Cubs' team physician. After struggling with college biochemistry and realizing that she had inherited her journalist parents' writing skills, she decided to attend law school instead. She relocated to Raleigh in 1995, in part to escape Chicago winters, although during North Carolina summers she sometimes questions the wisdom of that decision.
When not practicing law, Trish enjoys jogging, gardening, playing Wordle and Mahjong, traveling, attending and watching baseball games, reading, learning about and tasting wine, and spending time with her husband and their three rabbits.
and technology issues, enabling her to provide strategic and practical advice to clients on using technology to improve health care access and outcomes while complying with HIPAA, 42 CFR Part 2, state data privacy and security laws, the FTC’s Health Breach Notification Rule, and the 21st Century Cure’s Act’s interoperability and information blocking requirements.
Trish regularly counsels clients on the implications of using artificial intelligence tools within the health care ecosystem; telehealth initiatives, including multi-state MSO business models, direct-to-consumer and membership models, remote monitoring arrangements, reimbursement options, prescribing limitations, corporate practice of medicine and fee-splitting limitations, and requirements for patient consent and preconditions for recording telehealth interactions; electronic health record system adoption and extensions of EHR system access to community providers; participation in health information exchange initiatives, including TEFCA and Carequality; cybersecurity risks and data breach prevention and response; and compliance and fraud and abuse matters. She also works with physicians, hospitals, population health management companies and accountable care organizations, post-acute care facilities, and behavioral health and substance use disorder facilities on licensure and reimbursement matters, acquisitions, and divestitures. She writes frequently and speaks nationally on healthcare and data privacy topics.
Trish is a Chicago-area native and lifelong Cubs fan whose first aspiration was to become a Chicago Cub. When the inherent improbability of that dream became apparent, she determined she would become the Cubs' team physician. After struggling with college biochemistry and realizing that she had inherited her journalist parents' writing skills, she decided to attend law school instead. She relocated to Raleigh in 1995, in part to escape Chicago winters, although during North Carolina summers she sometimes questions the wisdom of that decision.
When not practicing law, Trish enjoys jogging, gardening, playing Wordle and Mahjong, traveling, attending and watching baseball games, reading, learning about and tasting wine, and spending time with her husband and their three rabbits.
Experience
HIPAA and Health Information Technology
- Represented clients in development of regional and enterprise-wide health information exchange organizations (HIEs), including establishment of governance structures, data use and sharing agreements, technology licensing agreements, privacy and security policies and procedures, advice on operational matters, and contracts with other regional and national HIEs
- Assisted health systems, medical practices, and substance use disorder providers in responding to subpoenas for substance use disorder records and in updating release of information forms and policies to conform to updated requirements of 42 CFR Part 2
- Advised health care providers and technology companies on permitted uses and disclosures of identifiable health information under HIPAA, FTC Act and Health Breach Notification Act, and 42 CFR Part 2, for purpose of training generative artificial intelligence tools and modules
- Assisted hospital systems and physician practices in negotiating and licensing agreements for electronic health record software systems and telehealth solutions, in preparing contracts for hospitals’ provision of subsidized EHR technology and services to community medical practices, and in extending hospitals systems’ EHR licenses to managed hospitals within systems
- Assisted hospitals and physician practices in operational aspects of implementing EHR systems, including preparing privacy and security policies and processes, crafting patient portal and remote access agreements, and preparing policies and processes for BYOD and secure texting
- Reviewed and negotiated wide variety of health IT agreements, including electronic health record software, cloud storage, data supplier, value-added reseller, data analytics, and clinical data registry agreements
- Assisted statewide industry association in structuring and preparing various data analytics and data exchange agreements to assist association members in various population health management, quality improvement, and patient support programs
- Represented telemedicine mobile application start-up and company seeking to offer second opinion consultations by nationally-recognized experts in assessing possible corporate structures, business models, and payment options and understanding resulting fraud and abuse, corporate practice of medicine, fee-splitting, reimbursement, data privacy and security, and operational limitations and requirements
- Assisted clients in preparing multistate analyses of corporate practice of medicine and fee splitting laws, physician and other practitioner licensure and scope of practice requirements, and available payment for health care and wellness services provided through telemedicine technologies
- Counseled wide variety of provider clients and business associates on whether specific data breach circumstances require breach notification under HIPAA and applicable state data breach laws, identified mitigation strategies, and assisted with reporting obligations
- Represented hospitals, physicians, and business associates in responding to data breaches and Office for Civil Rights investigations
Healthcare Corporate, Regulatory, and Licensure Matters
- Assisted providers in addressing questions about Paycheck Protection Program, Medicare Provider Relief Fund, and various state and federal regulatory waivers and flexibilities issued during COVID–19 emergency
- Represented dozens of providers in responding to Medicare, Medicaid, and other insurer audits and appeals of recoupment and repayment demands, including Administrative Law Judge hearings
- Represented substance use disorder providers in acquisitions and divestitures and licensure, reimbursement, regulatory compliance, and operational matters
- Assisted national outpatient services provider with Medicaid enrollment issues and matters before pharmacy board
- Assisted physician practices and hospitals in all aspects of medical practice start-ups, divestitures, joint arrangements, and disputes
- Performed compliance review of policies and operational practices of accountable care organization and provided report outlining suggested remediation measures
- Served as local counsel to publicly traded post-acute care companies in acquisitions, refinancings, and state Medicaid enrollments and licensure issues
- Structured management services arrangements for physicians, dentists, chiropractors, and other practitioners to avoid corporate practice of medicine and fee-splitting concerns
Education
- Boston College Law School, JD
- Haverford College, BA, English, with honors
Admissions
- North Carolina
- Illinois
Clerkships
- Law Clerk, the Honorable Robert W. Cook, Illinois Court of Appeals, Fourth Circuit
- Law Clerk, the Honorable Willis P. Whichard, North Carolina Supreme Court
Certifications
- Certified Information Privacy Professional (CIPP/US), International Association of Privacy Professionals
HIPAA and Health Information Technology
- Represented clients in development of regional and enterprise-wide health information exchange organizations (HIEs), including establishment of governance structures, data use and sharing agreements, technology licensing agreements, privacy and security policies and procedures, advice on operational matters, and contracts with other regional and national HIEs
- Assisted health systems, medical practices, and substance use disorder providers in responding to subpoenas for substance use disorder records and in updating release of information forms and policies to conform to updated requirements of 42 CFR Part 2
- Advised health care providers and technology companies on permitted uses and disclosures of identifiable health information under HIPAA, FTC Act and Health Breach Notification Act, and 42 CFR Part 2, for purpose of training generative artificial intelligence tools and modules
- Assisted hospital systems and physician practices in negotiating and licensing agreements for electronic health record software systems and telehealth solutions, in preparing contracts for hospitals’ provision of subsidized EHR technology and services to community medical practices, and in extending hospitals systems’ EHR licenses to managed hospitals within systems
- Assisted hospitals and physician practices in operational aspects of implementing EHR systems, including preparing privacy and security policies and processes, crafting patient portal and remote access agreements, and preparing policies and processes for BYOD and secure texting
- Reviewed and negotiated wide variety of health IT agreements, including electronic health record software, cloud storage, data supplier, value-added reseller, data analytics, and clinical data registry agreements
- Assisted statewide industry association in structuring and preparing various data analytics and data exchange agreements to assist association members in various population health management, quality improvement, and patient support programs
- Represented telemedicine mobile application start-up and company seeking to offer second opinion consultations by nationally-recognized experts in assessing possible corporate structures, business models, and payment options and understanding resulting fraud and abuse, corporate practice of medicine, fee-splitting, reimbursement, data privacy and security, and operational limitations and requirements
- Assisted clients in preparing multistate analyses of corporate practice of medicine and fee splitting laws, physician and other practitioner licensure and scope of practice requirements, and available payment for health care and wellness services provided through telemedicine technologies
- Counseled wide variety of provider clients and business associates on whether specific data breach circumstances require breach notification under HIPAA and applicable state data breach laws, identified mitigation strategies, and assisted with reporting obligations
- Represented hospitals, physicians, and business associates in responding to data breaches and Office for Civil Rights investigations
Healthcare Corporate, Regulatory, and Licensure Matters
- Assisted providers in addressing questions about Paycheck Protection Program, Medicare Provider Relief Fund, and various state and federal regulatory waivers and flexibilities issued during COVID–19 emergency
- Represented dozens of providers in responding to Medicare, Medicaid, and other insurer audits and appeals of recoupment and repayment demands, including Administrative Law Judge hearings
- Represented substance use disorder providers in acquisitions and divestitures and licensure, reimbursement, regulatory compliance, and operational matters
- Assisted national outpatient services provider with Medicaid enrollment issues and matters before pharmacy board
- Assisted physician practices and hospitals in all aspects of medical practice start-ups, divestitures, joint arrangements, and disputes
- Performed compliance review of policies and operational practices of accountable care organization and provided report outlining suggested remediation measures
- Served as local counsel to publicly traded post-acute care companies in acquisitions, refinancings, and state Medicaid enrollments and licensure issues
- Structured management services arrangements for physicians, dentists, chiropractors, and other practitioners to avoid corporate practice of medicine and fee-splitting concerns
Media
Recognitions
- The Best Lawyers in America®, Lawyer of the Year, Raleigh, NC, Health Care Law (2020, 2026)
- The Best Lawyers in America®, Health Care Law (2009–2026)
- N.C. Lawyers Weekly, Leaders in the Law List (2024)
- Legal 500 United States, Industry Focus: Healthcare: service providers (2023)
- Life Fellow, American Bar Foundation
- Chambers USA: America's Leading Lawyers for Business, Healthcare – North Carolina (2016–2025)
- North Carolina Super Lawyers, Health Care (2014–2026), and as one of the “Top 50 Women” attorneys in North Carolina (2015)
- Triangle Business Journal’s Women in Business Award (2012)
Professional Activities
- North Carolina Institute of Medicine
- Secretary, Board of Directors, 2026 - present
- Board of Directors, 2024 – present
- Member, 2018 – present
- American Health Law Association:
- President (July 2023–June 2024)
- President Elect (July 2022–June 2023)
- President–Elect Designate (July 2021–June 2022)
- Board of Directors (July 2015–June 2025)
- Chair, HIT Practice Group (July 2012–June 2015); Vice Chair (July 2008–June 2012)
- Co–leader, Privacy and Security Compliance and Enforcement Affinity Group, HIT Practice Group (2006–2008)
- North Carolina Bar Association:
- Chair, Health Law Section (2012–2013)
- Health Law Section Council (2006–2009)
- Communications Committee (2002–present)
- Member, Health Information Management Systems Society
- North Carolina Healthcare Information and Communications Alliance, Legal Work Group (2006 – 2012)
- American Health Information Management Association:
- Health Information Exchange Council (2008)
- e–HIM Workgroup on HIM in Health Information Exchange (2007)
- North Carolina Society of Healthcare Attorneys:
- President (2003–2004)
- Board of Directors (2000–2007)
- Member, NC Health Information Exchange Legal and Policy Work Group (2010–2011)
- Co–Chair, Legal Work Group and Implementation Plan Work Group, North Carolina Health Information Security and Privacy Collaboration (HISPC) Project (2006–2009)
Community
- Young Executive Committee, American Heart Association Greater Raleigh Heart Gala (2003)
Trish currently serves as the Chair of Nelson Mullins’ Healthcare Practice Group, and she is a Past President of the American Health Law Association (2023-2024). Trish represents healthcare providers and health technology companies across the country on wide-ranging regulatory compliance, reimbursement, licensure, and operational matters. She has particularly deep expertise in health information privacy, security,... and technology issues, enabling her to provide strategic and practical advice to clients on using technology to improve health care access and outcomes while complying with HIPAA, 42 CFR Part 2, state data privacy and security laws, the FTC’s Health Breach Notification Rule, and the 21st Century Cure’s Act’s interoperability and information blocking requirements.
Trish regularly counsels clients on the implications of using artificial intelligence tools within the health care ecosystem; telehealth initiatives, including multi-state MSO business models, direct-to-consumer and membership models, remote monitoring arrangements, reimbursement options, prescribing limitations, corporate practice of medicine and fee-splitting limitations, and requirements for patient consent and preconditions for recording telehealth interactions; electronic health record system adoption and extensions of EHR system access to community providers; participation in health information exchange initiatives, including TEFCA and Carequality; cybersecurity risks and data breach prevention and response; and compliance and fraud and abuse matters. She also works with physicians, hospitals, population health management companies and accountable care organizations, post-acute care facilities, and behavioral health and substance use disorder facilities on licensure and reimbursement matters, acquisitions, and divestitures. She writes frequently and speaks nationally on healthcare and data privacy topics.
Trish is a Chicago-area native and lifelong Cubs fan whose first aspiration was to become a Chicago Cub. When the inherent improbability of that dream became apparent, she determined she would become the Cubs' team physician. After struggling with college biochemistry and realizing that she had inherited her journalist parents' writing skills, she decided to attend law school instead. She relocated to Raleigh in 1995, in part to escape Chicago winters, although during North Carolina summers she sometimes questions the wisdom of that decision.
When not practicing law, Trish enjoys jogging, gardening, playing Wordle and Mahjong, traveling, attending and watching baseball games, reading, learning about and tasting wine, and spending time with her husband and their three rabbits.
Experience
The following is a selected sampling of matters and is provided for informational purposes only. Past success does not indicate the likelihood of success in any future matter.HIPAA and Health Information Technology
- Represented clients in development of regional and enterprise-wide health information exchange organizations (HIEs), including establishment of governance structures, data use and sharing agreements, technology licensing agreements, privacy and security policies and procedures, advice on operational matters, and contracts with other regional and national HIEs
- Assisted health systems, medical practices, and substance use disorder providers in responding to subpoenas for substance use disorder records and in updating release of information forms and policies to conform to updated requirements of 42 CFR Part 2
- Advised health care providers and technology companies on permitted uses and disclosures of identifiable health information under HIPAA, FTC Act and Health Breach Notification Act, and 42 CFR Part 2, for purpose of training generative artificial intelligence tools and modules
- Assisted hospital systems and physician practices in negotiating and licensing agreements for electronic health record software systems and telehealth solutions, in preparing contracts for hospitals’ provision of subsidized EHR technology and services to community medical practices, and in extending hospitals systems’ EHR licenses to managed hospitals within systems
- Assisted hospitals and physician practices in operational aspects of implementing EHR systems, including preparing privacy and security policies and processes, crafting patient portal and remote access agreements, and preparing policies and processes for BYOD and secure texting
- Reviewed and negotiated wide variety of health IT agreements, including electronic health record software, cloud storage, data supplier, value-added reseller, data analytics, and clinical data registry agreements
- Assisted statewide industry association in structuring and preparing various data analytics and data exchange agreements to assist association members in various population health management, quality improvement, and patient support programs
- Represented telemedicine mobile application start-up and company seeking to offer second opinion consultations by nationally-recognized experts in assessing possible corporate structures, business models, and payment options and understanding resulting fraud and abuse, corporate practice of medicine, fee-splitting, reimbursement, data privacy and security, and operational limitations and requirements
- Assisted clients in preparing multistate analyses of corporate practice of medicine and fee splitting laws, physician and other practitioner licensure and scope of practice requirements, and available payment for health care and wellness services provided through telemedicine technologies
- Counseled wide variety of provider clients and business associates on whether specific data breach circumstances require breach notification under HIPAA and applicable state data breach laws, identified mitigation strategies, and assisted with reporting obligations
- Represented hospitals, physicians, and business associates in responding to data breaches and Office for Civil Rights investigations
Healthcare Corporate, Regulatory, and Licensure Matters
- Assisted providers in addressing questions about Paycheck Protection Program, Medicare Provider Relief Fund, and various state and federal regulatory waivers and flexibilities issued during COVID–19 emergency
- Represented dozens of providers in responding to Medicare, Medicaid, and other insurer audits and appeals of recoupment and repayment demands, including Administrative Law Judge hearings
- Represented substance use disorder providers in acquisitions and divestitures and licensure, reimbursement, regulatory compliance, and operational matters
- Assisted national outpatient services provider with Medicaid enrollment issues and matters before pharmacy board
- Assisted physician practices and hospitals in all aspects of medical practice start-ups, divestitures, joint arrangements, and disputes
- Performed compliance review of policies and operational practices of accountable care organization and provided report outlining suggested remediation measures
- Served as local counsel to publicly traded post-acute care companies in acquisitions, refinancings, and state Medicaid enrollments and licensure issues
- Structured management services arrangements for physicians, dentists, chiropractors, and other practitioners to avoid corporate practice of medicine and fee-splitting concerns
Education
- Boston College Law School, JD
- Haverford College, BA, English, with honors
Admissions
- North Carolina
- Illinois
Clerkships
- Law Clerk, The Honorable Robert W. Cook, Illinois Court of Appeals, Fourth Circuit
- Law Clerk, The Honorable Willis P. Whichard, North Carolina Supreme Court
Practice Areas
- The Best Lawyers in America®, Lawyer of the Year, Raleigh, NC, Health Care Law (2020, 2026)
- The Best Lawyers in America®, Health Care Law (2009–2026)
- N.C. Lawyers Weekly, Leaders in the Law List (2024)
- Legal 500 United States, Industry Focus: Healthcare: service providers (2023)
- Life Fellow, American Bar Foundation
- Chambers USA: America's Leading Lawyers for Business, Healthcare – North Carolina (2016–2025)
- North Carolina Super Lawyers, Health Care (2014–2026), and as one of the “Top 50 Women” attorneys in North Carolina (2015)
- Triangle Business Journal’s Women in Business Award (2012)
- North Carolina Institute of Medicine
- Secretary, Board of Directors, 2026 - present
- Board of Directors, 2024 – present
- Member, 2018 – present
- American Health Law Association:
- President (July 2023–June 2024)
- President Elect (July 2022–June 2023)
- President–Elect Designate (July 2021–June 2022)
- Board of Directors (July 2015–June 2025)
- Chair, HIT Practice Group (July 2012–June 2015); Vice Chair (July 2008–June 2012)
- Co–leader, Privacy and Security Compliance and Enforcement Affinity Group, HIT Practice Group (2006–2008)
- North Carolina Bar Association:
- Chair, Health Law Section (2012–2013)
- Health Law Section Council (2006–2009)
- Communications Committee (2002–present)
- Member, Health Information Management Systems Society
- North Carolina Healthcare Information and Communications Alliance, Legal Work Group (2006 – 2012)
- American Health Information Management Association:
- Health Information Exchange Council (2008)
- e–HIM Workgroup on HIM in Health Information Exchange (2007)
- North Carolina Society of Healthcare Attorneys:
- President (2003–2004)
- Board of Directors (2000–2007)
- Member, NC Health Information Exchange Legal and Policy Work Group (2010–2011)
- Co–Chair, Legal Work Group and Implementation Plan Work Group, North Carolina Health Information Security and Privacy Collaboration (HISPC) Project (2006–2009)
- Young Executive Committee, American Heart Association Greater Raleigh Heart Gala (2003)
Highlights from the Firm’s Insights
