Health Information Privacy & Security

Our team offers unparalleled insight and experience in the healthcare sector, helping clients navigate state and federal privacy and data security laws that govern the use, disclosure, receipt, transmission and/or maintenance of individually identifiable health information.

We assist a wide variety of clients who handle health information, ranging from physician groups and hospital systems to medical device manufacturers, app developers and other companies that service the healthcare industry.

Our services include counseling with respect to the following:

• Health information privacy and/or security compliance under the Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH) and 42 C.F.R. Part 2 (governing substance use disorder treatment records);
• HIPAA/HITECH applicability (for instance, determining whether a vendor is a HIPAA “business associate”) and how to avoid HIPAA applicability, where possible;
• Business Associate Agreements;
• Electronic medical record-related vendor agreements;
• Responding to subpoenas and other requests for disclosure of individually identifiable health information;
• Developing and improving health information-related privacy and security policies and procedures;
• HIPAA/HITECH and 42 CFR Part 2 employee/staff training;
• Breach analysis and response; and
• Office of Civil Rights HIPAA-related audits, investigations, and reporting.

For information regarding our wider range of services to the healthcare industry, click here.