Data, Privacy and Security

In 1996, Congress passed the Health Insurance Portability and Accountability Act (“HIPAA”). The U.S. Department of Health and Human Services subsequently issued privacy and security regulations, which have now been enhanced by the requirements of the Health Information Technology in Economic and Clinic Health Act of 2009 (“HITECH”). Today, privacy and security are a daily practice for health plans and health care providers as they work to maintain the confidentiality, integrity, and availability of health information in performing treatment, payment, and health care operations. Health plans, health care providers, and business associates can face significant administrative, civil and criminal penalties for non-compliance with HIPAA and HITECH requirements.

Health Care Team Services Antitrust Compliance and Regulatory Corporate Data, Privacy and Security Employee Benefits Fraud and Abuse Government Reimbursement Health Information Technology Labor and Employment Litigation Medical Staff and Peer Review Real Estate Stark Law Tax Health Care Team Home

Members of our Health Care team have extensive experience advising and working with health care providers and health plans on all aspects associated with HIPAA, as well as other state and federal privacy and security laws. Our attorneys have worked both in assisting clients in complying with HIPAA and HITECH and in responding to audits and enforcement investigations. We bring that experience to bear in finding effective and efficient solutions for our healthcare clients.

Representative projects include the following:

• Lead privacy counsel for incident response in data compromise and security breach matter involving records of nearly five million unique individuals.
• Lead privacy counsel for management and successful resolution of data compromise and security breach matter involving records of nearly one million unique individuals.
• Represented information technology companies and professional societies seeking changes to federal regulations regarding health care privacy, health-related research, and drug and device approval process.
• Assisted health care providers in responding to Office for Civil Rights' investigations of privacy complaints.
• Assisted regional pathology laboratory vendor with gap analysis and HIPAA Security Rule compliance for Laboratory Information Management System (LIMS) deployment.
• Reviewed and developed privacy and security policies and procedures for health care providers and health plans.
• Assisted health care providers and business associates in assessing and responding to breaches of health information under HIPAA and various state laws.
• Chief outside privacy counsel for technology and business process outsourcing contractor balancing information security requirements under federal Privacy Act, Department of Defense and agency rules, and federal and state rules governing identifiable health information, genetic information and security breach issues.
• Negotiated services contract with vendor of electronic media destruction or repurposing service.
• Negotiated requirements with overseas medical support contractor with respect to off-shoring of certain processing services to comply with US data protection requirements and those of foreign jurisdictions.
• Advised client in negotiations with data services vendor on unique vulnerabilities and appropriate safeguard requirements in contracting for cloud-based services.

Health Care Team Contacts

• Howard Bye-Torre
• Stephanie A. Cason
• Anthony R. Miles