Our Health Law practice group counsels health care providers and facilities on all aspects of data privacy and security and protecting patient information. Working in conjunction with the firm’s Data Privacy and Security Client Team, we advise clients on securing data, the proper use and disclosure of data, and during breaches and other security incidents.
We counsel healthcare providers on complying with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the Health Information Technology for Clinical and Economic Health Act (“HITECH”), state laws protecting the privacy of medical information (i.e. HIV, behavioral health, medical records), state personal information laws, federal substance abuse privacy regulations (42 C.F.R. Part 2) and ethical concerns with the use and disclosure of health information.
Compliance. We work with clients to establish compliance programs to protect the confidentiality of data and draft policies on a variety of privacy and security matters. We are regularly asked by clients to provide staff and employee trainings and to educate privacy and security officers.
Safeguarding Data. We counsel clients on the appropriate safeguarding of patient and corporate data, including on workstations, on mobile devices and during transmission. We also counsel clients on the proper maintenance and disposal of data.
Breach Response. We advise clients on all aspects of breaches and other security incidents. We work with clients to investigate an incident, mitigate any potential harm from the incident and assist them with issuing any required notifications to patients, the media or government agencies. We have significant experience representing clients before state attorneys general and the U.S. Department of Health and Human Services Office for Civil Rights.