Healthcare: Privacy, Data Security, and HIPAA/HITECH

Healthcare providers and their vendors face unique compliance challenges when collecting and using data. We draw on a depth of experience from our Privacy and Data Security Group and healthcare regulatory attorneys to counsel clients on the complex issues involved in the privacy and security of healthcare data.

Our skilled privacy professionals help clients navigate federal healthcare data laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), and Federal Trade Commission (FTC) Health Breach Notification Rule. We also advise on rapidly evolving state laws relating to health privacy and advertising of health services, like the California Confidentiality of Medical Information Act (CMIA), Washington My Health My Data Act, state laws classifying health information as sensitive data, and other health privacy regimes.

Compliance Counseling and Assessments

Our attorneys structure comprehensive compliance programs to satisfy privacy and security requirements while enabling our clients to achieve their objectives. We strategically counsel healthcare providers, suppliers, payors, clinical researchers, manufacturers, clearinghouses, data aggregators—and the business associates and partners who service those entities. Our team is also adept at supporting advertising, analytics, and other data businesses that are not subject to HIPAA but may be captured by other privacy and security obligations relating to healthcare data. We have designed across-the-board compliance programs for entities of all sizes, including drafting and negotiating business associate agreements, HIPAA security risk assessments, privacy notices, and other documentation.

Incident Response

Our team counsels clients on HIPAA breach notification standards and state law obligations. We have helped companies prepare for and respond to security incidents—from small occurrences affecting a few records to large breaches with hundreds of thousands of affected individuals. These have involved both "protected health information" and other personal data governed by state data breach notification laws.

Should a breach become public, our attorneys have significant experience representing companies facing scrutiny or the prospect of class action litigation. We know how the Department of Health and Human Services (HHS) Office of Civil Rights (OCR), FTC, and state attorneys general approach security incidents, and we bring this knowledge to bear in vigorously defending clients in governmental inquiries.

Recognition
+

  • Chambers USA
    • Law Firm of the Year, Privacy and Data Security, 2009, 2021
    • Privacy and Data Security, National, 2008 – 2023
    • Award for Excellence Shortlist, 2017