Kathie McDonald-McClure


P 502-562-7526

F 502-589-0309


400 West Market Street

Suite 2000

Louisville, KY 40202

Kathie McDonald-McClure leads the Firm's Data Privacy & Security Service Team and is a member of the Health Care Service Team. She regularly advises on compliance with laws prohibiting kickbacks and regulating provider referrals. She counsels clients on chronic care and population health management initiatives aimed at reducing health care costs. She often advices on HIPAA, GDPR and state data breach laws and on electronic data collection and tracking practices. Other areas of advice include clinical trials; Program Interoperability of electronic health records; concierge medicine; Medicare and Medicaid enrollment/revalidation; False Claims Act liability; Medicare and Medicaid liens.

Ms. McDonald-McClure also assists clients with responding to data privacy and security incidents.  She is the editor of the Wyatt HITECH Law Blog (, which focuses on legal developments related to the privacy and security of confidential consumer and business information.  She also assists clients with the data privacy and security policies, healthcare compliance programs and with risk and insurance issues.

Her healthcare clients include medical device manufacturers, hospitals, nursing homes, physicians, behavioral health, home health, physical and occupational therapy providers, pharmacies, healthcare billing companies and a non-profit managed care insurance entity. Her non-healthcare clients include community support agencies, public school districts, and colleges and universities.

  • Representative Matters 
    • Structuring chronic care and population health arrangements between vendors and group health plans.
    • Reviewing arrangements between providers for compliance under Stark Law and Anti-Kickback Statute, Civil Monetary Penalities Law
    • Advising on compliance with HIPAA, HITECH, FERPA, FTC, drug, alcohol and behavioral health privacy and security regulations and standards.
    • Preparing and updating website and mobile application privacy notices and vendor agreements for compliance with applicable consumer data privacy laws. 
    • Advising on data security incident response, forensics, breach notification and HHS OCR investigations
    • Advising hospitals and physicians on EHR Program Interoperability (formerly Meaningful Use) and information blocking compliance under the 21st Century Cures Act,  HITECH Act, MIPS and other Medicare quality initiatives
    • Advising on compliance with the FTC Red Flags Rule and Identity Theft policies
    • Advising concierge medicine practices including patient consent forms, space sharing arrangements, HIPAA and federal healthcare program requirements
    • Advising durable medical equipment (DME) suppliers on compliance with Medicare’s DME standards, billing and competitive bidding program rules
    • Assisting with Medicare and Medicaid audits and overpayment demands (ZPIC, RAC, OIG, DOJ)
    • Negotiating clinical trial research agreements between industry and health care providers, advising on regulatory compliance (e.g., FDA, IRB, False Claims Act, Anti-Kickback Statute, Stark Law), and developing research related policies
    • Advising on Medicare reimbursement rules and coverage decisions applicable to a variety of provider and supplier types (e.g., IPPS, OPPS, DRGs, RUGs, MIPS, Value-Based, APCs, HCPCS, NDC codes, etc.)
    • Advising on ACO and acute/post-acute arrangements
    • Structuring clinical integration arrangements for behavioral health, primary care, acute/post-acute and insurance
    • Assisting with state pharmacy board matters including licensure and complaints
    • Structuring compliant discount programs for sales of health care products and services
    • Preparing nursing home medical director, rehab and other ancillary services contracts
    • Structuring and advising on group purchasing organization member and vendor arrangements
    • Developing and auditing compliance programs and related education and training
    • Preparing enrollment, revalidation and change of information for Medicare and Medicaid programs, including disclosure of ownership and control and adverse actions
    • Advising plaintiff and defense counsel on, and assisting providers and self-insured entities with, compliance under the Medicare Secondary Payer law and mandatory insurance reporting requirements related to liability claims involving Medicare beneficiaries
    • Assisting with government surveys, citations, subpoenas, warrants, and civil investigative demands
    • Advising on DOJ and OIG settlements and exclusionary issues
    • Advising on compliance with the Deficit Reduction Act of 2005 applicable to Medicaid providers and their fraud, waste and abuse policies
    • Assisting with cyber liability insurance policy coverage considerations
    • Negotiating insurance and indemnity provisions
    • Representing health care professionals before licensing boards
  • Professional Experience 
    • Enjoyed 12-year tenure as in-house counsel with Kindred Healthcare, LLC, a national long-term care company operating nursing homes, hospitals and other healthcare services in over 40 states. Was responsible for day-to-day legal advice in the areas of healthcare, employment, liability and risk management culminating in a position as Vice President and Counsel of Liability Claims with responsibility for administration of general and professional liability claims and management of a staff of lawyers and legal professionals.
    • Prior to in-house counsel position with Kindred, was with Greenebaum Doll & McDonald for six years, representing local, regional and national corporations before state and federal courts in commercial, insurance, employment and copyright and trademark protection cases.
    • Before joining Wyatt, served as an independent healthcare liability consultant and claims mediator.
  • Honors 

    • Highest Professional AV Rating by Martindale-Hubbell Law Directory. Peer references stated that “her ability to navigate an extremely complicated area of the law and then communicate with clients in a plain-spoken, easy to understand manner is admirable. Kathie practices with high ethical standards and is always very responsive to client concerns and schedules.” “Kathie is an excellent attorney, a true advocate for her clients and a model for legal ethics."
    • Woodward/White’s The Best Lawyers in America® Lawyer of the Year Health Care Law, 2018
    • Woodward/White’s The Best Lawyers in America® Health Care Law, 2009-2020
    • Selected as a "Partner in Healthcare" by Business First, 2008-2016
  • Education 

    1985 - J.D., University of Louisville; Executive Editor of the Journal of Family Law, 1984-1985

    1982 - B.S.B.A. (Business Administration and Marketing), with highest honors, University of Louisville

  • Presentations 

    Ms. McDonald-McClure has given more than 70 presentations on a variety of healthcare and data privacy and security topics, including cyber-security insurance, HIPAA/HITECH and state data breach laws, Anti-Kickback Statute, False Claims Act, Affordable Care Act, ACOs and acute/post-acute collaborative arrangements, Physicians Payments Sunshine Act, the HITECH Act of 2009 (e.g., EHR Meaningful Use and Program Interoperability Rules, Security Rule Risk Assessments), Medicare reimbursement and payment methodologies, hospital in-patient 2-midnight rule, Medicare Secondary Payer law and the MMSEA Section 111 mandatory insurance reporting requirements, the Deficit Reduction Act of 2005’s false claims education requirements, behavioral health and more.  She also presents in-house seminars for legal, operations, sales, risk and insurance personnel of clients, either in person or through the use of the firm's webinar technology.

  • Professional Activities and Memberships 
    • Louisville, Kentucky and American Bar Associations' Healthcare, Litigation, Tort & Insurance Sections
    • Louisville Bar Association, 2005 Chair of Health Law Section, 1991 Chair Litigation Section Mock Trial Seminar, Past Member of Board of Directors, Past Member of Publications Committee
    • American Health Lawyers Association (AHLA), including membership in the following groups: Life Sciences; Fraud & Abuse; Hospitals and Health Systems; Payors, Plans, and Managed Care; and Post Acute and Long Term Care Services
    • Health Care Compliance Association (HCCA), Certification in Healthcare Compliance (CHC)
    • LTC Legal Risk Forum
    • Healthcare Financial Management Association (HFMA)
    • Kentucky and American Societies of Healthcare Risk Management (KSHRM and ASHRM)
    • American Society for Pharmacy Law (ASPL)
    • International Association of Privacy Professionals (IAPP)
    • Association for Conflict Resolution (ACR), Member 2003-2016
    • Chair of the Washington, D.C. based American Health Care Association's Medical Liability Subcommittee from December 2001 through July 2003
  • Admissions 


  • Civic Involvement 
    • Member of the Advisory Board for the Greater Louisville Inc. (GLI) Health Enterprises Network (HEN), 2007-present, and Executive Committee, 2008-present; Vice-Chair, HEN Nominating Committee, 2016-present, and Policy Forum, 2010-2014
    • Leadership Kentucky, Class of 2017 Graduate
    • Member, 2017 American Heart Association Executive Leadership Team, 25th Anniversary Heart Ball (fundraiser for heart and stroke research)  
    • Honorary Chair, ElderServe's 2012 Champion for the Aging Awards Luncheon
    • HEN Fellows Class of 2006
    • Co-Chair, Local Organizing Committee for the first ever US Figure Skating's Regional Championships in Louisville, KY, 2006-2007 
    • Member, Board of Directors, Louisville Skating Academy, 2007-2008
    • Member, Board of Directors, Court Appointed Special Advocates (CASA), 1994-1995
  • Publications 

    Ms McDonald-McClure has written or edited more than 100 articles for the Wyatt HITECH Law Blog, a blog that she created soon after passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 to track legal developments related to health information technology, privacy and security.  The blog's scope was expanded in 2015 to report legal developments and enforcement actions regarding the privacy and security of sensitive data of individuals, businesses and organizations in all industry sectors.

    Other publications include:

    • Risk Management in Health Care Institutions: Limiting Liability and Enhancing Care, Chapter 16, “Risk Management in Long Term Care Institutions and Services” (2014 3rd Ed.)
    • Valeo Communications: OCR Steps Up HIPAA Audits (July 2011)
    • HCCA Compliance Today, “Medicare’s New Mandatory Reporting Requirements for Liability Insurers, Including Self-Insured Entities” (July 2009)
    • LBA Bar Briefs, “Mandatory Reporting of Liability Settlements:  Law to Shine Spotlight on Attorney’s and Their Clients’ Pocketbooks” (June 2009)
    • “Enforcement Activities By Investigating Authorities and Responding to Investigations,” Chp. 5, Kentucky Health Law (2009 5th Ed.) (co-author with R. Benvenuti, III)
    • HCCA Compliance Today, “Outpatient Therapy Clinics and Their Referring Physicians: Fraud and Abuse Risks” (April 2008)
    • HFMA Kentucky Chapter Financial Scene, “Deficit Reduction Act Update” (January 2007)
    • HFMA Kentucky Chapter Financial Scene, “The DRA’s New False Claims Requirements” (June-July, 2006)
    • HFMA Kentucky Chapter Financial Scene, “US Supreme Court Limits Medicaid Recoveries in Personal Injuries Settlements” (June-July, 2006)
    • HCCA Compliance Today, “Compliance 101, Clinical Trials Primer” (June 2006)
  • Blog 

    Ms. McDonald-McClure is the creator and editor of the Wyatt HITECH Law Blog. The HITECH Law blog focuses on legal developments related to the privacy and security of confidential consumer and business information in today’s “high tech” world.  Since 2009, the year this blog was created, there has been an explosion in consumer and business electronic data privacy and security issues, beyond healthcare, HIPAA and the Health Information Technology for Economic and Clinical Health Act of 2009 (aka “The HITECH Act,” the original impetus for the blog).  This compelled us to expand the blog’s scope in late 2015 to cover legal developments regarding the creation, access, collection, maintenance or transmission of confidential information regarding an individual, business or organization in all industry sectors.