Health Care Data Privacy, Security and HIPAA

Within our Health Law Group, we have a developed a sophisticated team that combines our privacy, security, employee benefits, and health care industry experience to help hospitals, health systems, health plans, senior living and long-term care, and physician practices create programs, policies, procedures, and notices in compliance with the Health Insurance Portability and Accountability Act (HIPAA). 

This team helps our health care industry clients manage privacy and cyber security risks associated with the collection, use, and disclosure of patient and employee information. Our primary objective is to help our clients be compliant, and avoid costly penalties while maximizing health information delivery, particularly in light of the anticipated rise in audits conducted by the U.S. Department of Health and Human Services (HHS).

HIPAA Proactive Compliance

We help health care providers and health plans conduct the required risk assessments and develop HIPAA privacy and security policies and  procedures on how to protect, use and disclose protected health information. Our attorneys work with clients to identify compliance issues through internal audits before they become a problem, help them establish systems for thorough record-keeping, minimize disruptions to human resources and benefits, and provide practical advice and guidance. We also provide leader-led training on HIPAA compliance, as well as e-learning. Along the way, we help our clients adjust their policies and practices in accordance with changes in the laws.

HIPAA Investigations and Audits

We have extensive experience working with clients in investigating patient and participant complaints as well as responding to investigations and audits by HHS. Conducting a thorough investigation into an alleged violation and keeping accurate and complete records are vitally important to surviving an investigation or audit by HHS. Sometimes an investigation or audit will reveal steps that needs to be taken to modify procedures or mitigate a security concern.

State Laws

Many states have expanded on the protections offered by HIPAA, and we are very familiar with state specific privacy laws. We counsel clients on a daily, ongoing basis in complying with the myriad of state privacy laws, including state database security breach laws, state health privacy laws and state social security number laws.

Data Security Violations & Breaches

We have extensive experience in responding to security breaches involving protected health information. We have worked with many clients to supervise and conduct incident responses, including interviewing employees, working with IT staff or external forensics investigators to determine the nature and extent of a particular breach, developing a response plan, preparing required notices to affected individuals and state and federal government agencies, and revising policies and procedures to prevent similar incidents in the future.