Search form

Frank J. Fanshawe


P 518-512-8700
F 518-242-7730


Frank J. Fanshawe is a Principal in the Albany, New York, office of Jackson Lewis P.C. His practice focuses on health care law and Privacy, Data and Cybersecurity. He has 25 years of experience, including significant real-world legal and executive-level experience with a nationally recognized health insurer in the northeastern United States.

Mr. Fanshawe previously served as a senior adviser to the New York State Senate Health Committee chair on legislative and public policy issues in connection with New York's deregulation of the hospital payment methodology system (Health Care Reform Act) and other major health care initiatives. He also practiced law with other national law firms, where he represented hospitals, medical groups, independent practice associations, physician organizations, home health agencies and other health care providers.

Privacy & Data Security

Mr. Fanshawe regularly counsels clients on a wide range of cybersecurity and data privacy scenarios, including those involving HIPAA/HITECH compliance. He has worked with the executive teams of his clients in the data privacy and cybersecurity context to assess their environments, identify strengths and deficiencies, and develop and implement compliant resolutions under federal and state laws. Mr. Fanshawe also has successfully resolved numerous data breach situations, where he has counseled and advised clients on their HIPAA/HITECH and other breach response obligations. In these situations, Mr. Fanshawe works with his clients to preserve information; identify the nature and scope of the breach; assess compliance obligations; develop notification communications; report to regulatory authorities, when required; and counsel clients on messaging, logistical support systems and other measures to help ensure minimal impact to affected individuals and the clients’ image. He also has successfully resolved numerous data breach investigations by the United States Department of Health and Human Services and state regulators.

Corporate Governance and Compliance

Mr. Fanshawe’s in-house experience as a chief compliance officer in the health insurance industry provides him with a distinctive business and operational perspective that leads to sound governance and compliance results that work in real business settings. He counsels boards of directors on governance issues and fiduciary duties. Mr. Fanshawe also works with clients to develop and implement corporate compliance plans, including drafting policies and procedures, directing workforce training, and auditing and monitoring programs.

Health Care Law Counsel

Mr. Fanshawe has served as a trusted adviser to practitioners, boards of directors, CEOs and other C-suite executives to help clients thrive in the complex health care delivery and reform environment. He works with them to develop and improve their regulatory operations in ways that align with their business objectives. Mr. Fanshawe counsels clients to successfully navigate the intricacies of fraud and abuse laws and regulations, helps them develop strategies to operate within the complexities of the HIPAA and HITECH regulatory framework, and works with them to obtain state licensure and certification.

Commercial Contracts and Joint Ventures

Mr. Fanshawe negotiates major contractual arrangements and joint ventures among providers and between providers and managed care entities, including integrated delivery systems and accountable care organizations. Mr. Fanshawe also assists clients with the regulatory and transactional aspects of joint ventures, mergers and acquisitions, and other strategic arrangements.

Professional Associations and Activities

  • American Health Lawyers Association
  • New York State Bar Association

Published Works

  • “Why Are You Being Sued?” The Journal of Urgent Care Medicine (June 2017) [Co-Author]
  • “Phase 2 HIPAA Audits Are Under Way: Are You Prepared?” Phase 2 HIPAA Audits Under Way (March 2016) [Co-Author] 
  • “Privacy and Security: Highlights from the HHS Inspector General’s 2016 Work Plan,” HHS Inspector General’s Work Plan for FY 2016 (November 2015) [Co-Author]
  • “Cloud Storage of Medical Records: HIPAA, HITECH and Other Compliance Issues,” The Risk Management Quarterly (October 2015) [Co-Author]
  • “HHS: No Sensational News Exception to HIPAA. Health Care Providers Should Plan Now for Dealing with Ebola Publicity,” Ebola: The Myth of the Sensational News Exception (November 2014) [Author]
  • “2014: The Affordable Care Act Is Alive and Well – Are You Ready?” Compliance with the Affordable Care Act, 2014–2015 (February 2014) [Author]
  • “As the “NY State of Health” Enters Its Third Week, a Look at the Role of Navigators,” Navigators in the “NY State of Health” Marketplace (October 2013) [Author]
  • “ACA Not Enough to Save Penn State’s Employee Wellness Program,” Penn State Employee Wellness Program Falls Short (October 2013) [Author]
  • “Evaluating Employer Insurance Coverages to Defend against Claimed Violations of the Affordable Care Act,” Defending against Claimed Violations of the ACA (October 2013) [Author]
  • “HHS Issues Privacy Rule Guidance for Law Enforcement Agencies,” “HIPAA Privacy Rule: A Guide for Law Enforcement” Released (October 2013) [Author]
  • “Administration Delays Launch of Federally Facilitated Small Business Health Insurance Exchanges,” 35 Small Business Health Insurance Exchanges Delayed (September 2013) [Author]
  • “OCR and ONC Release Model Notices of Privacy Practices,” OCR and ONC Release Model Notices of Privacy Practices (September 2013) [Author]
  • “Business Associate Definition Expanded and HHS Empowered to Impose New Civil Fines,” Compliance with Omnibus Rule Required by September 23, 2013 (September 2013) [Author]
  • “Affordable Care Act: Summary of Benefits and Coverage Required for Group Health Plans, Health Insurance Issuers and Third-Party Administrators” (September 2013) [Author]
  • “2014 Business Operations Determine How the Employer Mandate Applies in 2015” (September 2013) [Author]
  • “Omnibus HIPAA/HITECH Rules Require Changes to Notice of Privacy Practices Prior to September 23, 2013,” Must Comply with HIPAA/HITECH Rules by Sept. 23, 2013 (September 2013) [Author]
  • “Affordable Care Act: The Small Business Health Options Program Marketplace” (August 2013) [Author]
  • “U.S. Department of Health and Human Services Imposes $1.2 Million Penalty For Protected Health Information Breach Involving Leased Copiers,” HIPAA Breach Involving Leased Copiers leads to Fines for NYC Health Plan (August 2013) [Author]
  • “Affordable Care Act Prohibits Extra Health Insurance Benefits for Executives” (August 2013) [Author]
  • “New Notice Requirements under the Affordable Care Act” (August 2013) [Author]

Speeches and Presentations

  • “Cyber Security And Cyber Liability: Risk Management And Breach Response” HCA Bootcamp (New York, NY, July 2016) (presenter)
  • “Cybersecurity Incident Response Preparedness: Developing And Testing An Incident Response Plan” Wilson Elser-Albany Business Review (Albany, NY, May 2015) (presenter)
  • “Emerging Trends In Health Care Data Privacy, Enforcement, Privacy, Security and Breach Notification Rules” Mesirow Financial Webinar (Albany, NY, October 2015) (presenter)
  • “Updates to the FLSA White Collar Exemption” HCA Staying Ahead of Changes in Labor Law - Home Care Survival Bootcamp, (New York, NY, October 2015) (presenter)
  • “Successfully Navigating Cyber Breaches Nothing Less Thank Your Business At Stake, Risk Management and Breach Response” HCA's Corporate Compliance Symposium (Albany, NY, October 2015) (presenter)
  • “Complying With Executive Order 38, Limits on Executive Compensation and Administrative Costs” HCA (Albany, NY, June 2015) (presenter)
  • “Successfully Navigating Cyber Breaches Nothing Less Than Your Business At Stake, Risk Management and Breach Response” Wilson Elser-Albany Business Review (Albany, NY, April 2015) (presenter)
  • “Tips for Successful Relations with Managed Care Organizations” HCA CFO Forum (Albany, NY, March, 2015) (presenter)
  • “Navigating Executive Order 38, Limits on Executive Compensation and Administrative Costs” HCA Conference: Home Health Legal Updates (New York, NY, December 2014) (presenter)
  • “Dissecting the Affordable Care Act” Albany-Colonie Regional Chamber (Albany, NY, September 2014) (presenter)
  • “Deconstructing the ACA: What Small to Mid-Size Businesses Need to Know” Wilson Elser-Albany Business Review Seminar (Albany, NY, July 2014) (presenter)
  • “What Every Business Leader Should Know About the Affordable Care Act” Women Presidents' Organization Industry Conference (Albany, NY, June 2014) (presenter)
  • “Doing Business with Health Care Organizations: What you MUST know about the new HIPAA requirements” Wilson Elser-Albany Business Review Seminar (Troy, NY, November 2013) (presenter)
  • “Big Data, Risk Management And The Collaboration Continuum” 2013 Network Contracting Summit (Falls Church, VA, October 2013) (presenter)
  • “The ACA, What Employers Need To Know” NYS Broadcasters Webinar (Albany, NY, September 2013) (presenter)

See AllFrank J. Fanshawe in the News

June 2, 2017
The Journal of Urgent Care Medicine

Frank Fanshawe and Rosemary McKenna Author "Why are You Being Sued?"

June 2, 2017

Frank Fanshawe and Rosemary McKenna author "Why are You Being Sued?" published by The Journal of Urgent Care Medicine. Read More

See AllPublications

Advanced Filtering
Showing 1-3 of 5
Most Read
October 3, 2017

New York Court: Minimum Wage Due for All On-Premises Hours Required of Non-Resident Home Care Attendants

October 3, 2017

In a significant blow to the home health care industry in New York, non-resident home health care attendants must be paid minimum wage for all hours they are required to remain at the client’s home, including hours when they may be sleeping, eating, or performing other personal tasks, the Brooklyn-based Appellate Division, Second... Read More

May 14, 2017

Ransomware Attacks: Prevention and Preparedness

May 14, 2017

Several years ago, cyber criminals developed a profitable form of malware, now known as ransomware. A “ransomware” attack occurs when a hacker takes control of the victim’s information systems and encrypts its data, preventing the owner from accessing it unless the victim pays a sum of money, usually in the form of bitcoins. The FBI... Read More

February 21, 2017

Change on the Horizon for Decades-Old Home Health Agency Conditions of Participation

February 21, 2017

The Centers for Medicare & Medicaid Services (CMS) has issued final regulations (CMS-3819-F) that will make substantial changes to the Medicare home health agency Conditions of Participation (CoPs). These sweeping changes take effect July 13, 2017, and represent the most comprehensive changes to the CoPs since 1989. The final... Read More

Showing 1-3 of 5

See AllBlog Posts by Frank J. Fanshawe

NYS Education Department Proposes to Significantly Strengthen Data Security and Privacy Protocol
February 5, 2019

Co-Author: Gabrielle Bruno Government agencies, businesses, hospitals and universities are the frequent targets of staggering data breaches that can affect millions of individuals. Read More

New FTC Report Makes Security Recommendations to the Mobile Device Industry
April 10, 2018

Securing data held by mobile devices is largely reliant upon technology, and a recent report by the Federal Trade Commission (“FTC”) takes aim at how that technology can be both improved and better utilized. Read More

Industry Report calls for National Internet of Things Strategy
October 20, 2017

A coalition of the Information Technology Industry Council, the Semiconductor Industry Association, the U.S. Read More