HIPAA and Privacy

We know the challenges involved in maintaining the confidentiality of patient information and ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA). In addition to advising clients on HIPAA’s Privacy, Security and Breach Notification rules, as well as the establishment of health information exchanges, electronic health record systems and donation programs, we provide counsel on related federal regulations, including matters involving substance abuse treatment (42 CFR Part 2) and related state privacy laws. When a breach occurs, we help clients mount an effective response, mitigate risk, conduct internal investigations, and respond to inquiries and investigations from law enforcement authorities and the media.

Among other areas, we advise on:

• Safeguarding protected health information (PHI) without compromising access under HIPAA and the HITECH Act
• Responding to privacy breaches, including state and federal breach investigations, pursued by the HHS Office of Civil Rights (OCR) or other state or federal agencies
• Employing electronic health records (EHR) systems to satisfy meaningful use and respond to audits
• eHealth programs, including telehealth, telemedicine, econsults and mobile health delivery models
• Business associate agreements

In an era in which technology advances by the day, we help clients develop and implement data security systems and processes and negotiate vendor agreements that minimize the risk of data theft, piracy, hacking and ransomware attacks. Our attorneys also work with clients and public relations professionals to manage public relations issues that can arise in the context of highly publicized patient information security and breach incidents.