HIPAA and Privacy

We understand the diverse and complex issues that our clients face when it comes to the privacy and security of health data. Venable attorneys counsel healthcare providers, insurers, and employer group health plans, and the business associates who provide services to those covered entities.

We help structure comprehensive compliance programs to satisfy the privacy and security requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and state law. These programs include detailed policies, procedures, and training materials. Over the past several years, we have also drafted and negotiated hundreds of business associate agreements on behalf of covered entities and business associates.

Our attorneys have extensive experience in representing healthcare companies in contract negotiations with software vendors for the implementation of new compliant health information systems, as well as helping health systems implement e-health programs, including drafting licensing and other agreements with participating physician groups. Similarly, we have represented information technology companies and their business associates in their compliance efforts and in contract negotiations with healthcare companies.

We have counseled numerous clients on the HIPAA breach notification standards since these standards came into effect in 2009. We have guided companies in preparing for and responding to security incidents—from small incidents affecting a few records to large breaches with hundreds of thousands of affected individuals—involving both “protected health information” under HIPAA and other personally identifiable data governed by state data breach notification laws. Before or after a security incident, we will partner with information security consultants to assess companies’ compliance with applicable data security standards and recommend steps to mitigate any identified risks.

Should a breach become public, we are well versed in representing companies facing scrutiny from state enforcement authorities, federal regulators, and Congress, as well as the prospect of class action litigation. We know how the Department of Health and Human Services, Federal Trade Commission, and state attorneys general approach such incidents. Venable attorneys offer significant experience in navigating the interrelationships of multiple government inquiries into data security breaches.

In addition to its Chambers USA recognized health care practice, Venable has a well-established Privacy and Data Security practice, which received the Award of Excellence from Chambers USA: America’s Leading Lawyers for Business.

Practice Focus

  • Corporate transactions
  • Employee benefits and tax
  • Governance and regulatory
  • Healthcare public policy
  • Labor and employment
  • Litigation
  • Privacy

Client Focus

  • Hospitals and hospital networks
  • Long-term and life care
  • Insurers and managed care
  • Medical products and vendors
  • Employers
  • Medical staff organizations
  • Physicians groups
  • Population health management and wellness
  • Professional associations
  • Life sciences companies


  • Chambers USA, Privacy & Data Security, 2016 – 2023
  • The Best Lawyers in America, Privacy and Data Security, 2015 – 2021 (Venable attorneys selected for inclusion)
  • Nightingale’s, Outstanding Healthcare Antitrust Lawyers, 2010