sarah@hkhealthlaw.com

(608 395-9130)

Sarah Bimber

Sarah Bimber is a healthcare regulatory attorney who combines deep industry knowledge with practical business acumen to help healthcare providers, technology companies, payors, and investors navigate complex regulatory challenges. With significant experience in both private practice and as in-house counsel, Sarah provides strategic guidance on data privacy and security compliance, fraud and abuse laws, healthcare transactions, and operational matters. She integrates seamlessly with executive teams and provides pragmatic business solutions balanced with regulatory compliance requirements.

Before joining Hatfield Knivila, Sarah served as Chief Administrative Officer, Chief Privacy Officer, and Corporate Secretary of Amino Health, a healthcare technology company. There, Sarah led legal, compliance, privacy/security, IT, and HR functions and gained deep operational experience through the company's start-up, growth, and reorganization phases. Prior to her in-house role, Sarah practiced at Stoel Rives alongside several of her current Hatfield Knivila colleagues. Her unique perspective is further informed by her experience at the University of Wisconsin Hospital & Clinics, the Wisconsin Department of Justice's Medicaid Fraud Control Unit, and Epic Systems.

Sarah also serves as fractional general counsel and product counsel for emerging healthcare companies, providing ongoing strategic guidance on regulatory, commercial, and operational legal issues. She proactively identifies emerging regulatory risks and develops preventive compliance strategies to avoid costly violations and operational disruptions.

Outside the office, Sarah enjoys spending time with her two children and black lab, reading, and exploring new destinations.

Experience

  • Healthcare Privacy, Security & Technology

    Led cross-functional teams including privacy/security, IT, and compliance functions for healthcare technology company through start-up, growth, and reorganization phases.

    Regularly advise on HIPAA, Part 2, and related state law compliance, develop and implement operational policies and procedures, conduct HIPAA Security Rule risk assessments, advise on third-party risk management, 

    Regularly advise clients on incident response planning, data breach response and navigation of OCR audit and information response

    Led healthcare technology company through successful completion of SOC 2 and HITRUST audit/certification processes.

    Regularly advise on data licensing, EHR implementation, AI integration, and emerging AI governance frameworks.

    Routinely draft and negotiate business associate agreements, qualified service organization agreements, data use agreements, privacy addendums to vendor contracts, and other healthcare technology arrangements.

  • Healthcare Transactions & Financing

    Managed capital fundraising exceeding $100M for healthcare technology company and developed scalable legal infrastructure that grows with organizational needs.

    Regularly drafts and negotiates sales and vendor commercial contracts including SaaS agreements, payor agreements, provider network agreements, channel partnerships, and vendor/supplier agreements. 

    Provided subject matter expert support for M&A transactions on data privacy and security matters.

    Serves as product counsel for healthcare technology companies on a fractional basis.

  • Healthcare Operations & Corporate Counsel

    Served as Corporate Secretary for healthcare technology company, providing legal advice to board and management on general corporate matters and governance issues.

    Led cross-functional teams including legal, compliance, and HR functions for healthcare technology company.

    Guided healthcare technology through growth and operational scaling and complex reorganization phases.

    Provide factional GC services to emerging healthcare technology companies.

  • Regulatory Compliance

    Regularly advise clients on compliance with fraud and abuse laws (Anti-Kickback Statute, Stark Law) and corporate practice of medicine laws, including updated Oregon statutes.

    Represent payers and providers in Medicare/Medicaid billing fraud investigations and government actions

Credentials

  • Chief Administrative Officer, Chief Privacy Officer, and Corporate Secretary, Amino Health

    Attorney, Stoel Rives, LLP

    Legal Intern, University of Wisconsin Hospital & Clinics, Compliance Department

    Legal Intern, Wisconsin Department of Justice's Medicaid Fraud Control Unit

    Application Manager – Inpatient Clinical Documentation, Epic Systems

  • Member, American Health Law Association

    Member, Oregon State Bar Health Law Section (served in several leadership roles on Executive Committee)

  • J.D./M.P.H., University of Wisconsin Law School and School of Medicine and Public Health (cum laude); co-founded the university's JD-MPH Dual Degree Program; Note & Comment Editor, Wisconsin International Law Journal

    B.A., Health Sciences with minor in Business and Economics, Kalamazoo College (cum laude)

  • Licensed in Oregon and California

    Certified Information Privacy Professional (CIPP/US), IAPP