Health Information - Privacy, Security, and Data Sharing

Overview

The exchange of health information is governed by many state and federal laws, including HIPAA, 42 CFR Part 2, and the FTC’s Health Breach Notification Rule. These laws have led to regulations that impose stringent standards for patient privacy, data security, and breach response. For organizations, complying with these regulations is complex, with requirements and evolving technology establishing the need to overhaul policies and procedures, update risk management plans, and provide enhanced training for employees. Our team has the experience necessary to ensure you are in compliance. From hospitals, health plans, and providers to statewide health information exchanges (HIEs), regional health information organizations (RHIOs), and personal health record (PHR) vendors, we strive to ensure that our clients can maintain a standard of integrity and efficiency, protect their assets, and are prepared to address unexpected challenges.

Representative experience

• Assisted a large social services organization operating a mental health clinic in investigating a breach involving its EMR system, including responding to a subsequent OCR investigation triggered by the breach notification
• Counsel to privacy and security officers at multiple hospital systems, Federally Qualified Health Centers (FQHCs), and physician practices to assess privacy and security incidents, develop and update internal policies and procedures, assess business associate risks, address information block regulations, and advise on employee disciplinary matters
• Advise healthcare providers, including those focused on healthcare IT solutions, with issues relating to a patient’s right to access health information and integrating its pharmaceutical technology products with certain EHR vendors
• Assist hospital clients with OCR and state attorney general investigations, including a probe initiated in response to a patient complaint that the hospital had improperly disclosed patient information to a state agency, and another following employee postings of patient information
• Advise for-profit and not-for-profit healthcare vendors with data privacy and security compliance, including negotiating agreements involving the disclosure of protected health information and the secondary use of regulated health data and providing privacy and security compliance reviews
• Assist a national laboratory company in federal and state privacy issues related to its venture with a major pharmaceutical manufacturer to purchase and conduct rapid tests for COVID-19 via telehealth platform
• Advise higher education organizations on data privacy compliance related to COVID-19 testing and vaccination programs, disclosures of patient information by the student health service, and the privacy implications of arrangements with athletic trainers and ambulance providers for athletics programs
• Advises healthcare technology companies on compliance with HIPAA and HITECH including implementation of relevant policies and procedures, negotiating terms with the client’s customers, and assessing potential breaches

Recognition

• Named as a leading firm in Healthcare by Chambers USA in 2021; 31 healthcare lawyers ranked
• Ranked Tier 1 nationally for Healthcare Law by U.S. News—Best Lawyers “Best Law Firms” in 2021 and in consecutive years prior; named “Law Firm of the Year” in Healthcare Law by U.S. News—Best Lawyers “Best Law Firms” in 2016; 31 healthcare lawyers ranked 
• Recognized as a top law firm in Healthcare by the American Bar Association’s Health Law Section
• Ranked nationally as one of the largest healthcare firms by Modern Healthcare