From the privacy and security rules promulgated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to the privacy and security provisions of the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH), a body of law is emerging that governs the privacy and security of health information held by health care providers, insurers, employer-sponsored group health plans and their business partners. Further, through HITECH's expanded enforcement provisions high profile resolution agreements with CVS Pharmacy, Providence Health and Services, and Mass General and the assessment of a $4.3 million civil monetary penalty against Cignet Health of Prince Georgia's County, the federal government has signaled a renewed interest in health information privacy and security law enforcement. Our cross-disciplinary team of attorneys assists a wide range of clients as they navigate this complex and evolving body of law.
From the privacy and security rules promulgated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to the privacy and security provisions of the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH), a body of law is emerging that governs the privacy and security of health information held by health care providers, insurers, employer-sponsored group health plans and their business partners. Further, through HITECH's expanded enforcement provisions high profile resolution agreements with CVS Pharmacy, Providence Health and Services, and Mass General and the assessment of a $4.3 million civil monetary penalty against Cignet Health of Prince Georgia's County, the federal government has signaled a renewed interest in health information privacy and security law enforcement. Our cross-disciplinary team of attorneys assists a wide range of clients as they navigate this complex and evolving body of law.
Our team counsels clients on transactional, regulatory and operational matters related to health information privacy and security, including the following:
- providing advice and guidance on compliance with HIPAA, HITECH and other federal and state health information privacy and security law
- developing policies and procedures
- developing documents, including authorizations, notices of privacy policies, business associate contracts, health plan certifications and group health plan document amendments
- providing on-site education
- providing advice and guidance on reporting and responding to violations of health information privacy and security policies and procedures
- providing advice and guidance on notifying patients, group health plan participants and others of health information privacy breaches
- preemption analyses
Among our clients are large hospital systems, national health care companies, diagnostic facilities, ambulatory surgery centers, small and large physician practices, behavioral and mental health services providers, billing services providers, medical practice management companies, physician-hospital organizations, group health plans and third-party administrators.