skip to main content

Health Care Data Privacy and Security

Our Health Law practice group counsels health care providers and facilities on all aspects of data privacy and security and protecting patient information. Working in conjunction with the firm’s Data Privacy and Security Client Team, we advise clients on securing data, the proper use and disclosure of data, and during breaches and other security incidents.

We counsel healthcare providers on complying with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the Health Information Technology for Clinical and Economic Health Act (“HITECH”), state laws protecting the privacy of medical information (i.e. HIV, behavioral health, medical records), state personal information laws, federal substance abuse privacy regulations (42 C.F.R. Part 2) and ethical concerns with the use and disclosure of health information.

Compliance. We work with clients to establish compliance programs to protect the confidentiality of data and draft policies on a variety of privacy and security matters. We are regularly asked by clients to provide staff and employee trainings and to educate privacy and security officers.

Safeguarding Data. We counsel clients on the appropriate safeguarding of patient and corporate data, including on workstations, on mobile devices and during transmission. We also counsel clients on the proper maintenance and disposal of data.

Breach Response. We advise clients on all aspects of breaches and other security incidents. We work with clients to investigate an incident, mitigate any potential harm from the incident and assist them with issuing any required notifications to patients, the media or government agencies. We have significant experience representing clients before state attorneys general and the U.S. Department of Health and Human Services Office for Civil Rights.


January 3, 2019  Physician Practice Liable for Violating its Duty of Confidentiality to a Patient
October 2018  New Compliance Training Requirements for Medicare Advantage
January 17, 2018  Connecticut Supreme Court Recognizes New Cause of Action for Patient Privacy Breach
February 15, 2017  SAMHSA Modernizes Regulations Governing the Confidentiality of Substance Use Disorder Records
October 3, 2016  Family Policy Compliance Office Issues FERPA Privacy Guidelines
April 2016  Communicating Protected Health Information Via Text Messaging
January 27, 2016  If You Provide Behavioral Health Services, Do the New HIPAA Reporting Rules Apply to You?
June 22, 2015  Conn. Seeks To Tighten Data Privacy Requirements
February 9, 2015  Key Issues in Negotiating a Health Information Technology Agreement
January 2015  Going Live with a Patient Portal—Legal Risks and Operating Documents
December 12, 2014  Recent Data Breach Demonstrates the Importance of Attention to Software and IT Systems
November 11, 2014  Health and Human Services Addresses Ebola and Other Public Health Emergencies
July 9, 2014  Connecticut Health Law 2014 Legislative Update
May 12, 2014  Health Law: HIPAA Breaches: Getting It Right
August 26, 2013  Recent OCR Enforcement Action Demonstrates the Importance of a Thorough Risk Analysis
June 25, 2013  FDA Releases Draft Cybersecurity Guidance for Medical Devices
February 12, 2013  HIPAA Final Rule
January 3, 2013  HHS Announces Mobile Device Security Initiative
November 2012  Connecticut's HIE: A Look at the Nutmeg State's Approach to Sharing Patient Information
August 2, 2012  Breaches of Personal Information Must Now Be Reported to the Attorney General
June 28, 2012  Health Law Practice Group Discusses Supreme Court's Ruling on the Patient Protection and Affordable Care Act
November 17, 2011  OCR Begins Pilot Phase of HIPAA Privacy and Security Audit Program
July 11, 2011  OCR Proposes Significant Revisions to HIPAA Rules on Accounting of Disclosures
February 28, 2011  First-Ever Civil Monetary Penalties Imposed for Violation of the HIPAA Privacy Rule
August 10, 2010  HHS Announces Proposed HIPAA Rules


May 22, 2019  HFMA Region 1 Eighteenth Annual Healthcare Conference
February 12, 2019  Telemedicine Symposium
September 14, 2018  2018 Community Health Summit: Working Together for a Healthier Connecticut
May 22, 2018  Model Agreements & Guidelines International (MAGI) Clinical Research Conference
January 25, 2018  Digital Health - InsurTech With Benefits
July 18, 2017  Health Care Compliance Association Web Conference
March 26-29, 2017  Health Care Compliance Association's 21st Annual Compliance Institute
February 23, 2017  Recent Privacy and Security Developments in Human Subjects Research
November 30 - December 2, 2016  OCR Audits Phase 2 With Real Life Experience - How to Navigate?
October 23-26, 2016  MAGI's Clinical Research Conference - 2016 West
October 20, 2016  CT Technology Council 2016 IT Summit
July 19, 2016  Vendor Privacy: Due Diligence and Contracting Solutions
June 15, 2016  Webinar: Managing HIPAA Data Breaches
May 2, 2016  HR's New Challenge: Cyber Security
March 23, 2016   Webinar: Telemedicine & eConsults - Where We Are Today and Where We're Going
February 23, 2016  CT HFMA: 2016 Legal Playbook: Best Practices to Keep Your Healthcare Operations on the Winning Side
December 2, 2015  Webinar: Business Associates: How to Differentiate Your Organization Using HIPAA Compliance
November 18, 2015  CT Technology Council 2015 IT Summit
November 9, 2015  Capitol Region Education Council - Technology Conference
September 29, 2015  IAPP: The Intersection of Information Governance and Privacy
September 24, 2015  Webinar: How to Effectively Negotiate a Business Associate Agreement: What's Important/What's Not
September 24, 2015  Data Security and Privacy Risk Management in a New World of Big Data Collection and Sharing
September 18, 2015  American Bar Association Business Law Section Annual Meeting
July 14, 2015  Webinar: HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Practices
March 13, 2015  Right to Privacy & HIPAA
February 19, 2015  Webinar: How to Effectively Negotiate a Business Associate Agreement: What's Important/What's Not
January 20, 2015  HCBA: Business Associate Compliance - Keeping Your Own House in Order
May 30, 2014   LERA: Is it HIPAA or is it not?
May 22, 2014  CT CHAND: College Health Symposium
March 27, 2014  Guest Lecturer at Quinnipiac University School of Law: HIPAA
March 15, 2013  Complying With the New HIPAA Regulations - Part II
March 1, 2013  Complying With the New HIPAA Regulations - Part I
May 10, 2012  Catching the Social Media Bug: The Risks and Rewards of Social Media For Health Care Providers
January 11, 2012  Social Media Bootcamp Webinar Series, Level I, Part II: How to Use Social Media and Social Networking: Focus on Facebook and LinkedIn
September 20, 2011  Review of New Connecticut Legislation Affecting Health Lawyers
October 19, 2010  Subpoenas: What You Need To Know To Respond
June 2, 2009  The Federal Stimulus Package and Expanding HIPAA Requirements
May 23, 2007  E-Discovery for Health Care Providers
January 21, 2003  Uses and Disclosures Under the Health Insurance Portability and Accountability Act (HIPAA)
© Shipman & Goodwin LLP, 2019. All Rights Reserved.