Let’s Talk Compliance | HIPAA Breach & Penalties

10 May 2021 Health Care Law Today Blog
Author(s): Jana L. Kolarik Jennifer L. Urban

Foley & Lardner, together with PYA, hosted a Let’s Talk Compliance informal discussion and Q&A on HIPAA Breach & Penalties on Friday, April 30. The panel of presenters included Foley Partner Jennifer Urban, PYA Principal Barry Mathis, and Mayo Clinic’s Legal Counsel Betty H. Khin who moderated the discussion.

Below are some major takeaways from the day’s discussion. 

Key Takeaways

  1. Familiarize yourself with and take advantage of, the HIPAA Safe Harbor Bill by implementing recognized security practices.
  2. Watch for updates from HHS/OCR on new HIPAA enforcement rules.
  3. Make sure you have access procedures that are compliant with HIPAA’s right of access requirements, conduct a security risk analysis, and use its findings to develop and implement risk management plans.
  4. If you are thinking about the HIPAA Safe Harbor Rules as a future response strategy, consider creating and maintaining a documentation library that demonstrates your compliance. Practice desk audit scenarios within your organization where the story must be told through only a paper trail.
  5. The Fifth Circuit Court of Appeals ruling and comments on the M.D. Anderson case should be reviewed by your compliance and IT risk management teams as an example of how a small infraction can lead to a large investigation. Had M.D. Anderson not been managing their risks, the court may have denied the appeal.
  6. Compliance is no longer a standalone report. It is a program with a strategy, action plan, and measurable activity producing documentation to demonstrate mitigation and compliance maturity.

Please reach out to us if you have any questions.

You can listen to this program in its entirety, at no cost, and download slides from the session by clicking here. Be sure to check out this additional Let’s Talk Compliance resource:

We are working on developing future Let’s Talk Compliance events—the next one scheduled for July—so stay tuned for dates and details!

Foley | PYA


Foley & Lardner has been providing Health Care Law and business consultative services for more than 45 years. Our team of more than 150 attorneys regularly provides innovative, leading edge counsel to the entire spectrum of the healthcare industry. With offices throughout the United States, Foley’s Health Care Industry Team is consistently ranked as one of the top healthcare law firms nationally and regionally by Chambers USA and U.S. News. Foley remains at the forefront of health policy and law, advocating the interests of our health care clients in legislatures, administrative agencies, courts and boardrooms across the country.

PYA is a professional services firm with specialized expertise in healthcare consulting and certified public accounting. PYA’s multi-disciplinary Healthcare division serves hospitals, health systems, clinically integrated networks, physician groups, and specialty practices. Our healthcare services are structured around three main pillars: Strategy & Integration, Valuation (business, compensation, machinery and equipment, and litigation support), and Compliance. PYA consistently ranks as a Top 20 healthcare consulting firm and a Top 100 accounting firm in the U.S. Drawing upon the expansive depth of knowledge and breadth of experience of more than 300 professionals across offices in Atlanta, Kansas City, Knoxville, Nashville, and Tampa, and address the specific needs of a client base that spans 50 states.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.