About Health Information Privacy and Security

The health information team counsels clients concerning all aspects of health information privacy and security.  We develop compliance policies, training programs, and materials personalized to the privacy and security practices of a variety of entities and organizations, including health care providers, health insurance issuers, health plans, accountable care networks, integrated delivery systems, professional membership organizations, municipalities with first responders and health care components, as well as contractors that serve the health care industry. We provide broad guidance regarding the use, disclosure, retention, exchange, de-identification, and destruction of health information. Our team also counsels clients on HIPAA, HITECH, information systems risk management, investigation, corrective action, and breach assessment and notification.   

The health information team is well versed on additional federal and state privacy and confidentiality laws that shape and complicate health information compliance issues and regularly advises clients on state law preemption issues. Understanding HIPAA and HITECH privacy and security regulations also requires knowledge of technology issues. In connection with the HIPAA and health information group, the firm’s technology section works with clients to handle and effectively implement policies and procedures, establishing “best practices” for maintaining the privacy and security of health information. 

Frequent counselors, speakers, and writers on HIPAA, HITECH, and other federal and state privacy and confidentiality laws, our team provides such guidance and services as:

  • Development and review of privacy and security policies and procedures under HIPAA and state law
  • Development and review of consent and authorization forms and privacy notices for use with patients and health plan members
  • Drafting and negotiating business associate agreements and subcontractor business associate agreements
  • Oversight and coordination of HIPAA risk assessments
  • Advise on the proper use and disclosure of health information, including to law enforcement or in response to a subpoena or court order
  • Advise on the use and disclosure of sensitive health records, such as those related to mental health
  • Conducting on-site, customized training on HIPAA and state confidentiality laws tailored for HIPAA covered entities, business associates, and subcontractors
  • Consulting on technology issues and compliance audits
  • Investigating and analyzing alleged breaches of HIPAA
  • Data privacy and security issues
  • Providing critical legal and strategic advice to promptly and efficiently respond to any HIPAA violation – including as part of the Breach Response Team
  • Providing legal counsel to entities and organizations newly subject to HIPAA requirements as business associates or subcontractors