HIPAA, HITECH & Omnibus Rule



Our unique combination of health industry smarts and deep regulatory understanding allows us to build and implement compliance solutions that are both realistic and resource-sensitive.

Stay connected to legal developments in a broad array of health care law topics and events by signing up for our Health Law Alert.

Subscribe

Our approach

HIPAA and state laws present the health care industry with stringent standards for patient privacy, data security, transactions and code sets. Compliance can require rethinking old procedures and systems and training employees to work and think differently. We help our clients rise to the challenge efficiently and affordably—whether they’re health care providers or entities that come into contact with protected health information.

We draw on extensive industry and regulatory know how to evaluate your current risk and find resource-sensitive compliance solutions. We also work with our clients to structure their transactions strategically, build compliant business associate programs that protect their interests and manage their litigation risk. And in the event of theft or loss of sensitive information, we’ll help you respond quickly and efficiently, take needed steps to avoid future incidents and guide you through any ensuing litigation or government investigation.

Who we work with

  • Health care providers, pharmacies, laboratories and others who collect, transmit, store or have access to protected health information
  • Business associates, including data storage companies, cloud vendors, EMR providers, software vendors, collection agencies and billing services (and their subcontractors)
  • Companies with self-insured health plans
  • Health information exchange organizations (HIEs), regional health information organizations (RHIOs), e-prescribing gateways and personal health record (PHR) vendors
  • Patient safety organizations
  • Law firms, law enforcement agencies, accounting firms and other professional advisors working with sensitive client information
  • Companies at any stage of responding to privacy complaints or the theft or loss of data, whether intentional or accidental, including victims of hacking, disgruntled or negligent employees and natural disasters

Recognition

  • Recognized by Chambers USA as a nationwide leader in the Field of Privacy Law
  • The Rhode Island Department of Health Founder’s Award, the Rhode Island Attorney General Justice Award and the Rhode Island Department of Health Award for Excellence in Public Health Promotion

Recent experience

  • Serving as general counsel to the Rhode Island Quality Institute (RIQI), the first RHIO to implement a stringent privacy and security legal framework for its HIE and implement an opt-in consent for HIE participation. RIQI is the only entity in the country that received all three federal grants from the Office of the National Coordinator related to the implementation of health information technology, including the Regional Extension Center grant, the Health Information Exchange grant and the Beacon Communities grant.
  • Developed and implemented HIPAA compliance programs for:
    • Large hybrid entities
    • Multiple physician groups and hospital systems
    • Several RHIOs and HIEs
    • Cloud vendors
    • Software and EMR providers
    • Patient portal products
  • Worked with the Massachusetts Center for Health Information and Analysis to develop privacy and security policies related to the statewide All-Payer Claims Database and providing them with ongoing privacy and data security counsel
  • Assisted multiple clients in developing patient portals, including practices and procedures, website policies, terms and conditions of use and patient participant agreements
  • Participated in the Health Information Security and Privacy Collaboration (HISPC), a project funded by the National Governor's Association to develop best practices for the implementation of statewide health information exchanges
  • Helped multiple health care entities navigate investigations conducted by the HHS Office for Civil Rights and state attorneys general
  • Revised the policies, procedures and business associate agreements of several national health care providers and other large companies
  • Built corporate privacy and security framework for several startup companies in the health care industry
  • Counseled a pharmaceuticals company in corporate privacy and security issues and HIPAA compliance needs and provided worldwide employee privacy training
  • Represented an electronic health records provider with software license issues and support agreements
  • Provided emergency response and strategy for clients following the theft or loss of large amounts of sensitive information. Recent examples include:
    • A lost laptop containing the protected health information of over 11,000 individuals from 31 different states
    • Stolen paper medical records of 500 individuals
    • Theft of 1.7 million patient records
    • Misdirected e-mails containing personally identifiable and insurance information of over 3,000 employees
  • Conducting extensive employee training initiatives in identifying and protecting high-risk data

HIPAA spotlight: key stats from a banner year

Law360 | January 17, 2017

This article recaps HIPAA stats and highlights from the past year. Chicago health care partner Valerie Montague is quoted throughout discussing privacy breaches and how health care organizations react.

6 Ways to Be a Go-To Firm for HIPAA Compliance

Law360 | April 29, 2016

Chicago health care partner Valerie Breslin Montague is included in this piece that looks at how attorneys are dealing with increasing Health Insurance Portability and Accountability Act (HIPAA) penalties and audits.

OCR now focusing on business associate agreements

Health Data Management | March 22, 2016

Albany health care partner Laurie Cohen and Chicago health care partner Valerie Breslin Montague are quoted throughout this feature article discussing the HHS Office for Civil Rights’ increased efforts sanctioning healthcare covered entities with corrective action plans and financial fines for major violations of the HIPAA privacy and security rules.

Preparing for HIPAA Compliance Audits: An Interview with Valerie Breslin Montague

Fertility Bridge | March 09, 2016

Chicago Health Care partner Valerie Breslin Montague is featured in this Q&A discussing Health Insurance Portability and Accountability Act (HIPAA) as it relates to digital media.

Walgreen Case Opens Door for State Law HIPAA Claims

Law360 | November 25, 2014

Providence partner and leader of the firm’s Privacy & Data Protection group Linn Freedman authored this piece discussing new openings for state law claims of Health Insurance Portability and Accountability Act violations against covered entities and business associates.

Wearable Wellness

HR Executive | October 01, 2014

San Francisco Labor & Employment associate Alexandra Devendra is quoted in this feature story on personal health information confidentiality and HIPAA’s nondiscrimination provision concerning employee use of wearable devices.

  • U.S. News/Best Lawyers has named Nixon Peabody “Law Firm of the Year” in Health Care Law in 2016
  • “Deal of the Year” for Health Care Financing by The Bond Buyer for Presence Health Network 2016 bond offering
  • Ranked nationally in U.S. News/Best Lawyers “Best Law Firms” in Health Care Law and received metropolitan rankings in Health Care Law in Albany, Boston, Chicago, Los Angeles, New York City and Rhode Island
  • Ranked in Illinois, Massachusetts and New York for Healthcare in Chambers USA: America’s Leading Lawyers for Business
  • Ranked nationally by Modern Healthcare—Largest Healthcare Law Firm
  • Recognized lawyers by Best Lawyers in America in the field of Health Care law
  • Recognized lawyers by Super Lawyers in the area of Health Care law
  • Recognized by the American Bar Association’s Health Law Section in its Annual Regional Law Firm Recognition Program
  • Recommended in The Legal 500 United States 2016

NP Privacy Partner Blog
Staying ahead in a data-driven world: insights from our Data Privacy & Security team

Back to top