Matthew R. Fisher
Practice Areas

Legal Administrative Assistant Cindy A. McCarthy


Matt is a partner, the chair of the firm's Health Law Group, and a member of the firm's Business Group. Matt focuses his practice on healthcare regulatory and corporate matters.

Matt's health law practice is wide-ranging and includes advising clients with regulatory, privacy, security, fraud, abuse, and compliance issues. Matt helps guide clients through the regulatory maze that challenges all participants in the healthcare industry. Matt aids in structuring contracts, affiliations, agreements, and other business arrangements meet both federal and state statutory and regulatory requirements. Matt’s regulatory advice focuses on complying with the requirements of HIPAA, the Stark Law, Anti-Kickback Statute, fraud and abuse regulations, licensing requirements, the Medicare and Medicaid programs, and the Sunshine Act. Matt also advises clients on compliance policies to develop appropriate monitoring and oversight of operations. Matt works with all types of clinicians within the healthcare system, including hospitals, physician groups, skilled nursing facilities, home health agencies and any other type of provider. Matt also advises digital health and health information technology companies from start-ups to mature companies.

Matt is a Council Member-at-Large of the American Bar Association’s Health Law Section, co-chair of the EMI Planning Committee, chair of the Marketing Committee, and a vice-chair of the Programs Executive Committee. Matt is also actively involved with task forces at the Health Information Management Systems Society and chairs the Advocacy Committee of the New England Chapter of HIMSS. Matt also helps digital health startups as a mentor with MassChallenge HealthTech.

In addition to this healthcare practice, Matt represents clients in all stages of business transactions, from formation, contract review and preparation, mergers and acquisitions. Matt assists clients of all sizes from small closely held companies to large multinational companies.

Matt has been named a Massachusetts “Super Lawyer” by Boston magazine and Law & Politics every year since 2013. In 2011 and 2012, Matt was named a Massachusetts "Rising Star" by Boston magazine and Law & Politics.

Matt Fisher has been selected as an honoree for the 2020 Medigy HITMC Awards in the Individual - Health IT Advocate of the Year category. In 2014, Matt was selected as one of the Worcester Business Journal’s 40 Under Forty. Matt was selected by his peers for inclusion in The Best Lawyers in America© 2021 in the field of Health Care Law.

Bar & Court Admissions

  • Massachusetts
  • U.S. District Court for Massachusetts
  • U.S. Court of Appeals for the First Circuit
  • Suffolk University Law School JD, magna cum laude (2008)
  • Haverford College BA, cum laude (2004)
  • Represented digital health companies in startup and mature phases entering healthcare field to understand regulatory requirements, specifically HIPAA privacy and security obligations and limitations, and provided general operational support.
  • Represented multiple healthcare practices to prepare for investment from or sale to private equity and/or venture capital firms, including formation of management entities and attention to preserving independence of professional practice entity.
  • Represented client in merger of healthcare practices, including negotiations of merger agreement and navigation of Health Policy Commission Notice of Material Change process
  • Represented several physician practices in sale to other physician groups.
  • Represented applied behavioral services companies with operational issues including responding to payor audits and sale to investor backed systems.
  • Represented client in acquisition of several lithotripsy practices in both equity and asset transactions.
  • Assisted numerous clients in developing, implementing, and maintaining HIPAA policies and procedures, including responding to Office for Civil Rights investigations.
  • Advised client on formation and structure of concierge medical practice.
  • Represented clinic and ambulatory surgery centers in obtaining operational licenses and Determination of Need certificates from the Department of Public Health.
  • Analyzed billing practices of clinic to determine whether federal billing guidelines met and advised on response.
  • Advised clients on how to report and return potential overpayments received from billings submitted to federal healthcare programs.
  • Performed general Stark Law and Anti-Kickback Statute reviews of policies and agreements for physician practice groups and clinics.
  • Advised physician practice groups in structuring ownership, inclusion of non-physician owners, and restructuring.


  • Matt hosts the online radio show, "Healthcare de Jure" for HealthcareNOW Radio
  • Matt is the editor of Mirick O’Connell’s Health Law Blog, "The Pulse"
  • Matt is a regular contributor to the website, "HITECH Answers"
  • “How Do HIPAA Laws Impact Employers (and HIPAA Compliance Checklist)?,”, December 18, 2020 (quoted)
  • “HIPAA Changes Shift Mindset From Protecting to Sharing Health Information,” Modern Healthcare, December 18, 2020 (quoted)
  • “COVID-19 Contact-Tracing Scams: 4 Signs that Call, Email or Text is a Fake,” HuffPost, August 28, 2020 (quoted)
  • “Managing Cyber Security Vulnerabilities in these Turbulent Times,” Answers Media Network, August 2020 (Moderator)
  • “Innovating Through COVID-19: A New Normal in Digital Health Solutions,” HIMSS Webinar, July 2020 (Panelist)
  • “Healthcare during a Pandemic: Accelerated Adoption of Digital Health (A North American Perspective)”, GGI Webinar, June 2020 (Speaker)
  • “COVID-19 Regulatory Modification: Potential Gamechanger for the Healthcare Community?,” Virtual HIMSS20, May 2020 (Panelist)
  • “HIPAA Compliance a Concern as Working from Home Becomes Norm,” Hospital Access Management Regulatory Alert, September 1, 2020 (quoted)
  • “Health IRL: Policy & Regulatory Changes,“ Carium Webinar, April 9, 2020
  • “Health Law and COVID-19,” Mirick O’Connell On Air Legal Podcast, March 27, 2020
  • “More HIPAA and Telehealth,” Mirick O’Connell Client Alert, March 2020
  • “HIPAA and COVID-19: Restrictions Loosened, But Experts Preach Caution,” healthcare innovation, March 19, 2020 (quoted)
  • “Trump administration opens up access to telehealth services during coronavirus outbreak,” Fierce Healthcare, March 17, 2020 (quoted)
  • “HIPAA and Privacy Update,” HIMSS Security Forum, December 2019 (Panelist)
  • “4th Annual Current and Future State of Interoperability Panel,” Answers Media Network, December 2019 (Moderator)
  • “Industry Thought Leader Panel Discussion on Telemedicine,” Answers Media Network, October 2019 (Moderator)
  • “Leadership and Alignment”, Avant-garde Value Improvement Summit, October 2019 (Panelist)
  • “Artificial Intelligence and “Big Data” as Privacy Tools, Rather Than Privacy Threats”, Privacy & Security Forum, October 2019 (Co-Speaker)
  • “Search for Money: HIPAA Enforcement Trends,” Massachusetts Health Information Management Association Fall Meeting, September 2019 (presenter)
  • "Legal Considerations for Healthcare Data Archiving," White Paper with Galen Healthcare, September 2019 (co-author)
  • "Reducing Third-Party Risk of Vendor-Privileged Access," HeathData Management Webinar, June 2019 (panelist)
  • “Using Connected Health to Advance Patient Engagement,” 3rd Annual Value-Based Care Summit, October 2018 (panelist)
  • “HIPAA Basics for Non-Healthcare Lawyers,” American Bar Association Webinar, October 2018 (co-presenter)
  • “Setting up for Success: Avoid Common Contractual Issues by Asking Questions and Negotiating,” Boston Health IT Summit, August 2018 (presenter)
  • “HIPAA in a Digital World: Taking the Paper Out of Healthcare,” ABA Physician Legal Issues Conference, June 2018 (panelist)
  • “I Can Say That?: Aligning Marketing and Legal,” Healthcare IT Marketing and PR Conference, April 2018 (presenter)
  • “Walking the Path of a Healthcare Private Equity Transaction,” ABA Health Law Section Emerging Issues in Health Law Conference, February 2018 (presenter)
  • “Protect Yourself from HIPAA Violations When Using Messaging,” OnPage Webinar, November 2017 (presenter)
  • “Don’t Hit Send Yet: Considering Compliance When Using Texting and Email Communications,” Physicians Practice Webinar, November 2017 (presenter)
  • "From the Healthcare Attorney's Desk - Avoid These Landmines," HIMSS Healthcare Security Forum, September 2017 (presenter)
  • "Networking with Speakers," HIMSS Healthcare Security Forum, September 2017 (presenter)
  • “Security and Compliance and What Do All These Acronyms Mean? An Expert Look at Security and Compliance in Healthcare Payments,” InstaMed Webinar, April 2017 (panelist)
  • "Handling the Hot Potato: What to do with Marijuana and Other Contraband," Massachusetts Society for Health Care Risk Management, June 2017 (presenter)
  • "Taking a Ride on the Fraud and Abuse Rollercoaster: A Master Class on the Anti-Kickback Statute," American Bar Association Webinar, June 2017 (panelist)
  • "Evaluating Compliance Programs," Healthcare Financial Managmenet Association Annual ANI 2017, June 2017 (panelist)
  • “The Government is Watching: Update on Fraud and Abuse Issues,” Harrington Hospital Medical Staff Meeting, April 2017 (presenter)
  • "Ghost in the Machine: HIPAA and Ransomware," HIMSS Privacy and Security Forum, December 2016 (presentor)
  • "Ask a Healthcare Attorney: Cybersecurity Insurance, BAAs, and Other Hot Topics," HIMSS Privacy and Security Forum, December 2016 (presenter)
  • “Interoperability for the Common Good,” VITL Summit, October 2016 (presenter)
  • How HIPAA Enables Progress in Healthcare Innovation,” Health Data Management, October 18, 2016 (author)
  • "The Power of Empowering Patients Through Mobile Technology," New England HIMSS Spring Conference, May 2016 (panelist)
  • “Why the Feds are Upping the Ante by Looking at Small Breaches,” Health Data Management, August 24, 2016 (author)
  • “The Government is Watching: Update on Fraud and Abuse Issues,” Connecticut Pediatric Medical Association Annual Symposium, April 2016 (presenter)
  • “The Government is Watching: Update on Fraud and Abuse Issues,” Connecticut ENT Society Annual Educational Meeting, April 2016 (presenter)
  • "Structuring Indemnification Provisions in Business Associate Agreements: Allocating and Transferring Risk in Healthcare Contracting," Strafford Publications, February 2016 (panelist)
  • HIPAA Chat, Healthcare NOW Radio, May 2015, August 2015 and February 2016 (guest)
  • "HIMSS16 Social Media Ambassador Matthew Fisher: HIPAA Audits Will Reveal Mass Noncompliance," Healthcare IT News, February 2016
  • "Cybersecurity and Healthcare: A Panel Discussion with Industry Thought Leaders, HITECH Answers Webinar, January 2016 (moderator)
  • "Evolving HIPAA and Privacy Issues for Medical Device Industry," Medical Device Law: Compliance Issues, Best Practices and Trends Conference, October 2015 (panelist)
  • "What's FDA Approval and HIPAA Got to do With It?" VITL Summit, October 2015 (speaker)
  • "Hot Topics in Meaningful Use: The Legal Perspective," VITL Summit, September 2015 (speaker)
  • "ICD-10 Conversion: What Should Providers Be Doing?" Mayo Clinic Center for Innovation, September 2015
  • “HIPAA Myths,” Franciscan Hospital for Children, April 2015 (presenter)
  • "Healthcare Compliance in 2015," Massachusetts Health Data Consortium, March 2015 (co-presenter)
  • "It's Midnight, Do You Know Where Your Data Are?: Trends in Security Risks and How to Implement Protections," ABA Health Law Section Emerging Issues in Healthcare Conference, March 2015 (co-presenter)
  • "Structuring Indemnification Provisions in Business Associate Agreements," Strafford Publications, February 2015 (co-presenter)
  • "Meaningful Use:  Attestation, Assignments and Appeals - A Legal Perspective," HITECH Answers Webinar, January 2015 (co-presenter)
  • “HIPAA Myths: How Much Do You Know? Common Myths Debunked & Explained,” The Compliancy Group, September 2014 (presenter)
  • “Marketing Yourself as a Healthcare Attorney,” American Health Lawyers Association Annual Meeting, July 2014 (co-presenter)
  • "HIPAA Myths: How Much Do You Know?," Massachusetts Bar Association Central MA Health Care Conference, April 2014 (speaker)
  • “Where Everybody Knows Your Name: Guest Chair’s Column,” American Bar Association Health eSource, Volume 10, Number 8, April 2014 (author)
  • “Key Reviews from 2014 OIG Work Plan,” American Bar Association Health eSource, Volume 10, Number 8, April 2014 (author)
  • “The Real World: Health Law – An Introduction to the Fundamentals of Health Law,” American Bar Association Health Law Section Emerging Issues Conference, February 2014 (panelist)
  • "What is... Stark Law?," American Bar Association 2014 (contributing author)
  • "HIPAA: An Update - What did the Omnibus Rule Do and Why is Compliance So Important," Mirick O'Connell Health Law Seminar, November 6, 2013 (presenter)
  • "The Business of Healthcare Reform - The Affordable Care Act," Worcester Regional Chamber of Commerce Business Expo, October 2, 2013 (presenter)
  • "National Health Care Reform," Loman Educational Services, August 23, 2013 (panelist)
  • "For Providers of Care, Edge Will Got To Swiftest," Worcester Business Journal, August 19, 2013 (author)
  • "Identifying Potential Billing and Coding Issues," Monitor Mondays Webinar, June 10, 2013 (speaker)
  • "Regulators Now Driving Mass. Health Reform," Worcester Business Journal, March 4, 2013 (author)
  • "3 Ways Stark Law Impacts Your Practice," Medical Office Today, March, 2013 (quoted)
  • "Health Costs in Massachusetts are Heading Upward," The Boston Globe, March 2013 (quoted)
  • "So You're a Healthcare Attorney, Now What?: The Practical Realities for New Healthcare Attorneys Taught Through Case Studies on Everyday Scenarios," American Bar Association Health Law Section Emerging Issues Conference, February 2013 (co-presenter)
  • "Guest Chair's Column on Social Media," American Bar Association Health eSource, Volume 9, Number 5, January 2013 (author)
  • "Twitter School," American Health Lawyers Association, October 2012 (presenter)
  • "Tables Being Turned on Auditors, HHS' Inspector General Wants to Investigate Audit Contractors,", October 2012 (quoted)
  • "Specifics of Health Care Reform Still Being Worked Out," Southcoast Business Bulletin, October 2012 (quoted)
  • "Healthcare Fraud and Abuse Bootcamp Part V:  Compliance and Transactions,"  American Health Lawyers Association, May 2012 (moderator)
  • "Social Media Bootcamp Webinar Series, Level II, Part III: How to Practice Safe and Ethical Social Networking: Be Careful While Friending, Linking and Tweeting Your Way to Success," American Health Lawyers Association, April 2012 (moderator)
  • "How to Succeed and Impress in a Health Law Summer Internship and Beyond," American Bar Association Health Law Section, April 2012 (presenter)
  • "How Court Ruling on Health Care Might Affect Massachusetts Firms," Worcester Business Journal, April 2012 (author)
  • "HEAT Actions Since the Beginning of FY2012," ABA Health eSource, Volume 8, Number 8, April 2012 (author)
  • "Social Media Bootcamp Webinar Series, Level I, Part II: How to Use Social Media and Social Networking: Focus on Facebook and LinkedIn," American Health Lawyers Association, January 2012 (presenter)
  • "Strategic Planning for Physician Groups," National CPA Health Care Advisors Association, October 2011 (co-presenter)
  • "Primer on Federal Fraud and Abuse Laws for Physicians," Massachusetts Medical Society, October 2011 (co-presenter)
  • "Navigating the Federal Fraud and Abuse Laws: A Primer on the Stark Law and Anti-kickback Statute," Teleconference, ABA Young Lawyers Division Health Law Committee, May 2011, (moderator)
  • "New Health Law Compliance Requirements from the Federal Health Reform Law," American Bar Association Criminal Litigation Journal, Volume 11, Number 1 (2010)
  • "Medical Malpractice 101," Teleconference, ABA Young Lawyers Division Health Law Committee, November 2010, (moderator)
  • "How to Increase a Judgment with Minimal Work: Use Pre-Judgment Interest," Massachusetts Bar Association Young Lawyers Journal, Issue 10, (2010) (author)

Professional / Community Affiliations

  • American Bar Association, Council, member-at-large; Health Law Section; EMI Planning Committee, co-chair; Marketing Committee, chair; Programs Executive Committee, vice chair; Standing Committee for the Law Library of Congress, observer
  • International Association of Privacy Professionals
  • Milford Regional Healthcare Foundation, Board of Trustees
  • Boston Bar Association
  • Family Services of Central Massachusetts, former Board member
  • Tufts University, Institutional Animal Care and Use Committee
  • Worcester Young Businessmen's Association, former member
  • Worcester Institute for Senior Education, former class coordinator
  • Worcester Academy, Worcester Alumni Committee
  • Health Information Management Systems Society, 2020 Digital Influencer; Task Force, member
  • Northeastern University, Institutional Animal Care and Use Committee
  • New England HIMSS, Advocacy Committee, chair
  • MassChallenge HealthTech, mentor

Reminder, Provide Access to Data

Another Settlement The Office for Civil Rights started 2021 off with another settlement of alleged non-compliance with the HIPAA right of access. The settlement, as noted by OCR, is the 14th right of access settlement since OCR began its targeted …

[ load webpage to read more ]

Looking Ahead: Promise After a Tumultuous Year

Every year brings its own successes and trials, but 2020 brought more than its fair share of trials. The biggest issue that dominated healthcare throughout the year (and will continue to do so into 2021) was COVID-19. The unexpected, swift, …

[ load webpage to read more ]

HIPAA Progress: Incremental or By a Leap?

After a bit longer of a delay than was initially expected, the Department of Health and Human Services released a proposed rule to change pieces of HIPAA. The proposed rule is the outcome from a request for information that closed …

[ load webpage to read more ]

Step By Step: Incremental Telehealth Change

Building on years of hype and promise, telehealth began to get its moment in early 2020 when COVID-19 brought much of the healthcare system to a halt as a means of enabling care to be focused on the growing pandemic. …

[ load webpage to read more ]

Too Many Threats, Too Often

It used to be that almost a day could not go by without the report of a phishing attack. Now seemingly a day cannot go by without a ransomware attack being reported. While phishing may be a route in, it …

[ load webpage to read more ]

Access Management: Who Can be on the System

Who can be on a healthcare organization’s system and who can access patient information? HIPAA establishes very clear guidelines and expectations on that front. The baseline expectation is that only individuals who are actually part of an organization’s workforce can …

[ load webpage to read more ]

National or Local: How Should Privacy be Determined

The debate around privacy that had been forefront of mind for many prior to COVID-19 disrupting everything has not gone away. Instead, privacy has been simmering in the background, every so often be thrust into the spotlight during the course …

[ load webpage to read more ]

Protect the House: Focus on Security on All Fronts

Not a day can go by without the importance of security being underscored as the means by which privacy can be maintained. Data breaches continue to be disclosed daily, if not more frequently, HIPAA settlements are coming fast and furious …

[ load webpage to read more ]

Head In the Sand Leads to HIPAA Fine

Continuing a hot streak in the fall of 2020, the Office for Civil Rights announced another HIPAA settlement with a business associate on September 23, 2020. The $2,300,000 fine was imposed on a business associate following a months long cyberattack …

[ load webpage to read more ]

Deny Patient Access at Own Risk

The Office for Civil Rights (“OCR”) continues its recent attention to enforcing an individual’s right of access under HIPAA. The latest step is the concurrent announcement of five settlements with various entities for alleged failures to provide records upon request. …

[ load webpage to read more ]