Healthcare Compliance & Privacy · Attorney

Darren J. Del DottoJuris Doctor · CHC · Admitted in NY & MA

Building the compliance and privacy programs that let healthcare organizations be trusted with the data that matters most.

West Boylston, Massachusetts· 12+ years in healthcare compliance· Providers · Payers · Health Tech
Get in touch LinkedIn
0+
Years in healthcare compliance
0
State bar admissions - NY & MA
0
Healthcare organizations served
0+
Regulatory frameworks commanded
01

Profile

A healthcare compliance and privacy attorney who has spent more than a decade building and running the programs that keep providers, payers, and health-technology companies on the right side of an unforgiving regulatory landscape.

His command of the field is broad and operational: HIPAA and HITECH, the heightened protections of 42 CFR Part 2, Medicare and Medicaid, Corporate Integrity Agreements, and oversight of First Tier, Downstream, and Related entities. Across roles he has stood up compliance programs from the ground up, led breach investigations, chaired interdisciplinary committees, and reported to boards and regulators alike.

Now embedded in health technology, he is increasingly focused on AI regulatory compliance, the emerging question of how health systems adopt new tools without compromising the trust patients place in their data. He came to law from environmental science, earned his J.D. from Albany Law School, and is licensed to practice in New York and Massachusetts.

02

Areas of expertise

A practice built on the full lifecycle of healthcare compliance: program design and oversight, contracting and governance, privacy operations, and the questions raised by new technology.

A · Corporate Compliance

Programs that withstand scrutiny

  • Compliance program design
  • Corporate Integrity Agreements
  • Anti-Kickback Statute
  • FDR oversight
  • Medicare / Medicaid
  • OMIG · OCR · DOH · OMH · OASAS
B · Contracting & Governance

Operationalizing controls

  • Vendor contract management
  • Conflict-of-interest policy
  • Contract administration
  • GRC systems (Compliance360)
  • Regulatory reporting
C · Privacy & Data Protection

Safeguarding health information

  • HIPAA / HITECH
  • 42 CFR Part 2
  • Breach investigation & response
  • FERPA
  • MA ID Theft Law
  • HIE / Care Everywhere
  • Privacy monitoring
D · Emerging Technology

AI regulatory compliance

  • AI governance in healthcare
  • EMR / EHR systems
  • Board & workforce training
  • Audit & oversight
03

Experience

A decade-long climb through healthcare compliance and privacy: provider, payer, nonprofit, and now health technology.

Sep 2020 - Present · Remote

Senior Contract Administrator

eClinicalWorks / Health technology · EHR
  • Created and implemented a company-wide, multi-departmental vendor contract management program.
  • Developed the in-house contracting database for storing and documenting all vendor contracts, working with India-based software developers.
  • Drafted a company-wide contracting and conflict-of-interest policy.
  • Reviewed and approved internal and external marketing materials for company-hosted events and industry conferences.
  • Represented the compliance department at industry conferences, promoting the program and ensuring adherence to company Anti-Kickback Statute policies and procedures.
  • Prepared regulatory reports for Software Quality Oversight organizations as part of a Corporate Integrity Agreement.
  • Supports the compliance and legal departments with provider-side healthcare compliance expertise.
Promoted to Mentor · Oct 2022Promoted to Senior · Sep 2023
Jun 2019 - Apr 2020 · Greater Boston

Compliance Specialist - Education & Training

Commonwealth Care Alliance / Payer
  • Created the annual compliance and privacy training program for the Board of Directors and redesigned training for the entire workforce.
  • Rolled out the Compliance360 GRC system and ensured statutory and contractual training deadlines were met.
  • Served as cross-functional subject-matter expert across compliance, privacy, and labor law.
May 2017 - Jan 2019

Privacy Officer

UMass Memorial Medical Center / Provider
  • Led investigations into cybersecurity-related data breaches under HIPAA/HITECH and the MA Identity Theft Law.
  • Administered the FairWarning HIPAA privacy-monitoring program as systems administrator.
  • Chaired interdisciplinary committees implementing 42 CFR Part 2 lawful-holder requirements.
  • Enabled compliant information sharing across HIEs (Epic Care Everywhere) and between the medical center and medical school.
Aug 2014 - Jan 2017 · Albany, NY

Compliance Director

Equinox Inc / Nonprofit health & human services
  • Directed the Compliance and Quality Improvement departments as a standing member of senior leadership.
  • Project-managed an agency-wide electronic medical records implementation and the agency's DSRIP initiatives.
  • Oversaw compliance across OMIG, DOH, OMH, OASAS, OCFS, HHS, SAMHSA, and OCR requirements.
Jan 2014 - May 2014 · Albany, NY

Legal Intern

CDPHP / Payer
  • Supported the legal and compliance functions of a regional nonprofit health plan during law school.
04

Education & credentials

Education

Juris Doctor (J.D.)
Albany Law School of Union University · 2011–2014
B.S., Environmental Science
Union College · 2008–2012

Licenses & certifications

CHC
Certified in
Healthcare
Compliance
NY
New York
Bar
MA
Massachusetts
Bar
HCCA
Health Care
Compliance
Association
Selected competencies
Internal Compliance Contract Management Reporting Metrics Negotiation
Contact

Let's start a conversation.

Whether it's a question about healthcare compliance, a potential collaboration, or a program that needs to hold up under scrutiny, I'm always glad to connect.

Connect on LinkedIn