Leeann Habte


Tel: (213) 787-2572


At a Glance

Leeann advises clients on information privacy and security, health care regulatory compliance, and Medicare and Medicaid reimbursement issues.
Leeann has practical experience, having served as an associate director at the UCLA Center for Health Policy Research and research director at the Minnesota Department of Health.

Leeann is a recognized leader in health data privacy and security and health information technology legal issues.

Leeann Habte counsels clients on information privacy and security programs, health care regulatory compliance, and Medicare and Medicaid reimbursement issues. She represents health plans, hospitals, physicians, pharmacies, medical device companies, health information exchanges, digital health companies, and other public and private organizations on a broad range of legal issues.
Leeann applies her practical and legal experience to help clients find real-world business solutions to complex legal and regulatory issues.

Privacy and Security
A Certified Information Privacy Professional, Leeann advises organizations that handle health care, personal or educational data on security incident response, security breach notification, security risk assessments, privacy and security policies and procedures, vendor management practices, business associate agreements, website privacy policies, training, and related issues. She is highly experienced in counseling clients on the interaction of state and federal law, including the Health Insurance Portability and Accountability Act, the Confidentiality of Alcohol and Drug Abuse Treatment Records (42 CFR Part 2), the Federal Trade Commission Act, the Family Educational Rights and Privacy Act, employer-focused laws, and state laws regarding sensitive information (Lanterman-Petris-Short Act, Board of Pharmacy rules). She has advised on complex data-sharing arrangements related to clinical integration, clinical research, telemedicine, health information exchange, electronic health records systems, medical/mobile devices, and on emerging privacy and security risks.
Health Care Compliance
Leeann counsels clients on fraud and abuse compliance; licensing, certification and change of ownership; provider enrollment; credentialing; Knox-Keene Act and Medi-Cal managed care compliance; governance; medical staff issues and informed consent policies.
Leeann advises clients on Medicaid and Medicare reimbursement issues, including Medi-Cal rate appeals and audits, Medicaid waiver issues, reimbursement rules, medical necessity determinations, billing issues, utilization review and bankruptcy issues. She is extensively involved in Medicaid waiver program implementation and Electronic Health Records incentives and audits.
Digital Health
Leeann provides strategic counseling to emerging medical device and digital health companies on privacy and security, fraud and abuse, and regulatory issues (including Food and Drug Administration clearance). She handles clinical research agreements and supply chain contracting, and coordinates health regulatory, business and intellectual property advice.
Prior Experience
Prior to joining Best Best & Krieger LLP as a partner, Leeann was a senior counsel at Foley & Lardner LLP, a law firm with a nationally recognized health care practice. She also has years of practical experience, having served as an associate director at the UCLA Center for Health Policy Research and research director at the Minnesota Department of Health prior to becoming an attorney. In those positions, she was responsible for HIPAA and data security, data-sharing and compliance issues. She also led initiatives and developed regulations on health quality, administrative simplification, charity care, rural hospital and primary care center issues.
A native of Minnesota, Leeann obtained her master’s degree in communications from the University of Minnesota. She has worked in the health care field for more than 20 years, having begun in public relations, transitioned to health policy, and then to a legal career. She attended and ranked highly in Loyola Law School’s evening program for professionals while working full-time at UCLA. She is a devoted mother, a world traveler, and a Tai Chi  practitioner.

  • Loyola Law School, Los Angeles
  • University of Minnesota, Minneapolis, MN, M.S.
  • St. Cloud State University, St. Cloud, MN, B.S.


  • American Health Lawyers Association
  • California Society for Health Care Attorneys
  • Health Care Compliance Association
  • International Association of Privacy Professionals
  • Los Angeles County Bar Association


Privacy and Security

  • Advised California hospitals on Office for Civil Rights investigations regarding large breaches and on security risk assessments.
  • Counseled California hospitals and national health care system on health information exchange participation strategy, developed participation agreements, and privacy/security policies and negotiated  agreements.
  • Conducted numerous 50-state surveys for a national pharmacy company on state minor consent laws, state law restrictions on disclosure of sensitive information, pharmacy-specific privacy requirements and related issues.
  • Assisted state hospital system to disaffiliate data systems and information, considering data ownership, contractual arrangements and compliance.
  • Advised on Whole Person Care data sharing arrangements and approaches, in compliance with California and federal law.

Regulatory Compliance

  • Drafted and revised health plan Medicare/Medi-Cal compliance policies and developed and delivered Fraud, Waste, and Abuse and HIPAA training for a California health plan.
  • Drafted and revised compliance policies, including hospital medical staff bylaws, hospital consent to treatment and credentialing/peer review.
  • Drafted Institutional Review Board Policies for creation of new IRB, advised on clinical research agreements.
  • Assisted in internal investigations on fraud and abuse issues.
  • Advised counties and public hospitals on implementation of Medicaid Bridge to Reform Waiver programs.
  • Advised on development and updates to hospital utilization review policies and procedures.


  • Counseled a health plan on litigation appealing Medi-Cal managed care rates, represented various counties in Medi-Cal administrative appeals of mental health administrative expenses, Federally Qualified Health Center payments and related issues.
  • Assisted a public hospital association in development of claiming protocols for low income health program, including administrative claiming protocol.
  • Advised clients on medical necessity determinations in appeals of overpayment charges from Office of Inspector General, Centers for Medicare and Medicare Services, or Department of Health Care Services.
  • Advised hospitals and physician groups on specific coding and billing issues, in particular billing for substance abuse and mental health services.
  • Develop protocol for Medicaid State Plan for IT, including reimbursement for electronic health record implementation, advise on hospitals on EHR audits and appeals.
  • Advised clients on medical necessity issues, including special considerations for homeless persons and other special populations.

Digital Health

  • Counseled emerging medical device and telemedicine companies on health care regulatory strategy; provided oversight of intellectual property, general, and corporate matters.
  • Developed privacy statements, consents and consulted on data security and data sharing arrangements.
  • Provide analysis of fraud and abuse and corporate practice of medicine issues.
  • Negotiated supplier, clinical research and other agreements.

Public Agencies and GDPR Compliance
Legal Alerts Aug 13, 2018

Public Agencies and GDPR Compliance

Government Entities Should Evaluate Data Collection and Use Practices

Final Rule Issued on Confidentiality of Substance Use Disorder Patient Records
Legal Alerts Jan 24, 2017

Final Rule Issued on Confidentiality of Substance Use Disorder Patient Records

Trump Rule Freeze May Put it on Hold

  • "Artificial Intelligence in Health Care: Welcome to the Machine,"  AHLA Connections, June 2018
  • “Federal and State Data Privacy Laws and Their Implications for the Creation and Use of Health Information Databases,” Big Data: A Business and Legal Guide, CRC Press, 2015
  • “What is the Meaning of Meaningful Use? How to Decode the Opportunities and Risks in Health Information Technology,” Business Law News, July 13, 2015
  • “The Big Data Dilemma: Compliance for the Health Professional in an Increasingly Data-Driven World,” Journal of Healthcare Compliance, June 2015
  • “Deconstructing Cyberinsurance Coverage: Lessons From the Travelers Case,” AHLA HIT Practice Group E-alert, June 15, 2015
  • “Medicare Penalties and Bonuses for Meaningful Use of EHRs Revamped as Part of the ‘Doc Fix’ Bill,” AHLA HIT Practice Group E-alert, June 8, 2015
  • “Privacy Laws Impose Key Restrictions,” Executive Insight, April 20, 2015
  • “Tapping Into the Big Value of Health Care Big Data,” Foley White Paper, Feb. 27, 2015
  • “OIG 2015 Work Plan, Part 2: Do Fewer Projects Mean a Sharper Focus?” Compliance Today, Feb. 2, 2015.
  • “Genetic Information Privacy: A Complex Regulatory Framework,” Bloomberg BNA: Medical Research Law & Policy Report, Jan. 7, 2015
  • “Federal and State Privacy Laws: Strategies for Analysis of Big Data in Healthcare,” Healthcare Informatics, Dec.5, 2014
  • “Privacy Issues in the Sharing of Genetic Information,” Foley White Paper, Sept.18, 2014
  • “A Proactive Approach to Cloud Computing in the Health Care Industry,” AHLA Connections, June 1, 2013
  • “Minnesota AG Reaches First Settlement With Business Associate Under HITECH Act,” Bloomberg BNA's Health IT Law & Industry Report, Aug. 20, 2012
  • “HHS Imposes First Civil Penalty and Resolution Agreement Resulting from HITECH Breach Notification Rule,” Managed Care Outlook, April 15, 2012
  • “DMEPOS Supplier Marketing Arrangements and HIPAA Compliance,” Compliance Today, Sept. 1, 2011
Event Jun 15, 2018

Behavioral Health Privacy Compliance in a Changing Health Care Environment

Health Care Compliance Association

Event Feb 6, 2018

When Ransomware Attacks – Dancing with the Devil

Physicians and Hospitals Law Institute

Event Sep 15, 2017

Legal and Policy Considerations of Automated Vehicles: Balancing Innovation and Regulation

The Seminar Group

Health Care Legal Veteran Leeann Habte Joins BB&K
Press Releases Dec 22, 2016

Health Care Legal Veteran Leeann Habte Joins BB&K

Habte Joins the Firm’s Los Angeles Office

  • “In the Trenches: OCR Audits, Data Breaches, and Cybersecurity Threats & Mitigations,” Southern California Health Care Compliance Association Conference, June 16, 2017
  • Strategies for Managing Business Associate Relations,” Southern California Health Care Compliance Association Conference, June 17, 2016
  • “How to Navigate Proposed Changes to Substance Abuse Confidentiality Regulations,” Foley Web Conf., March 29, 2016
  • “Best Practices in HIPAA Security Risk Analysis,” Health Information and Management Systems Society Privacy and Security Forum, Dec. 2, 2015
  • “EHR Technology: Where Meaningful Use, Compliance, and Clinical IT Intersect,” Foley Compliance Immersion Program, Nov. 18, 2015
  • “Telehealth Data Privacy and Security: Strategies and Solutions for Providers,” Foley Web Conf., Sept.16, 2015
  • “HIPAA and Beyond: Compliance with Federal and State Privacy Laws,” Health Care Compliance Association Southern California Regional Conf., June 19, 2015
  • “How Digital Health will Enable BioPharma to be More Patient-Centered,” CalBIO Conf., March 3, 2015
  • “Data Breach Prevention and Response – Managing the Risk,” Foley Web Conf., Oct. 7, 2014
  • “Protecting Patient Rights in Your ASC: What’s New in Compliance with Privacy Laws,” Ambulatory Surgical Centers Association National Conf., April 19, 2013
  • “Preparing to Comply With the HITECH Final Rule,” Foley Web Conf., March 19, 2013
  • “Health Care Data in the Cloud: Strategies for Contracting With Cloud Providers,” Foley Web Conf., Jan. 16, 2013
  • “Cloud Computing in Healthcare: HIPAA and State Law Challenges,” Foley Web Conf., June 7, 2012
  • “Privacy and Security in the HITECH Era,” Foley Web Conf., Dec. 16, 2011