Our skilled privacy professionals help clients navigate federal healthcare data laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), and Federal Trade Commission (FTC) Health Breach Notification Rule. We also advise on rapidly evolving state laws relating to health privacy and advertising of health services, like the California Confidentiality of Medical Information Act (CMIA), Washington My Health My Data Act, state laws classifying health information as sensitive data, and other health privacy regimes.
Compliance Counseling and Assessments
Our attorneys structure comprehensive compliance programs to satisfy privacy and security requirements while enabling our clients to achieve their objectives. We strategically counsel healthcare providers, suppliers, payors, clinical researchers, manufacturers, clearinghouses, data aggregators—and the business associates and partners who service those entities. Our team is also adept at supporting advertising, analytics, and other data businesses that are not subject to HIPAA but may be captured by other privacy and security obligations relating to healthcare data. We have designed across-the-board compliance programs for entities of all sizes, including drafting and negotiating business associate agreements, HIPAA security risk assessments, privacy notices, and other documentation.
Incident Response
Our team counsels clients on HIPAA breach notification standards and state law obligations. We have helped companies prepare for and respond to security incidents—from small occurrences affecting a few records to large breaches with hundreds of thousands of affected individuals. These have involved both "protected health information" and other personal data governed by state data breach notification laws.
Should a breach become public, our attorneys have significant experience representing companies facing scrutiny or the prospect of class action litigation. We know how the Department of Health and Human Services (HHS) Office of Civil Rights (OCR), FTC, and state attorneys general approach security incidents, and we bring this knowledge to bear in vigorously defending clients in governmental inquiries.