Health Privacy and Security

HIPAA Privacy and Security: We have extensive experience in advising clients regarding HIPAA, HITECH, and their implementing regulations, including the Privacy, Breach Notification, Enforcement, and Security rules. Through counseling and troubleshooting on day-to-day issues, we have gained the unparalleled depth and breadth of experience to guide you through the implementation of your privacy and security programs.

Our attorneys counsel large and small entities — from health plans to integrated delivery systems to hospitals, physicians, and other providers — in achieving and maintaining compliance with the ever-changing privacy, security, and other regulations imposed by HIPAA and HITECH, as well as other federal and state privacy laws such as the Genetic Information Nondiscrimination Act and state breach notification laws. We are adept at helping you achieve your operational goals while complying with these challenging laws.

The passage of HITECH dramatically changed the federal government’s approach to HIPAA by escalating enforcement and increasing penalties for non-compliance, while establishing burdensome new requirements for breach notification. This has increased the risks to both covered entities and their business associates. We routinely advise clients regarding breach notification issues and how to avoid enforcement action. When necessary, we provide assistance in responding to the Office for Civil Rights (OCR) and in negotiating resolution agreements with that agency. We also work with the firm’s Privacy, Security & Information Management Practice in responding to parallel enforcement actions brought by the Federal Trade Commission.

HITECH also expands the substantive requirements under HIPAA in a number of areas, including the use of protected health information in marketing, research, and for other purposes. We closely track these evolving changes and have worked with trade associations and nationals providers in filing comments to the rules proposed by OCR to implement these changes. We also have developed template policies, procedures, training programs, and other guidance documents to help you comply with the new HITECH requirements.