• Our team includes dedicated healthcare, corporate compliance and technology lawyers with practical know-how for handling your health information privacy and security matters.
  • Our Healthcare & Life Sciences Team is well-versed in HIPAA laws and rules, as well as state privacy laws and members of our Cybersecurity and Privacy Team are frequently called upon to speak and write on these topics.
  • Our lawyers have experience drafting comments to HHS on the HIPAA privacy laws and regulations – working on behalf of industry associations, multinational corporations and other clients.

Since enactment of the Health Insurance Portability and Accountability Act (HIPAA) in 1996, numerous regulations have been issued to attempt to clarify its provisions. Despite these efforts, the law is anything but simple. Since it appears that HIPAA will continue to affect the way business is conducted in the United States, if your organization is regulated by HIPAA, you will want informed legal counsel to advise you on the challenges. The HITECH Act of 2009, as well as state privacy laws, also impact how health information may be used and disclosed.

The complex provisions of HIPAA and state privacy and security laws govern a vast spectrum of U.S. businesses. We have advised clientele in the following industry sectors:

  • physician groups
  • hospitals and nursing homes
  • pharmaceutical, medical device and disease management companies
  • pharmaceutical benefit managers
  • self-insured employee benefit plans
  • health plans, health insurers and third-party administrators
  • vendors, contractors and other business associates

Experienced Counsel 

Holland & Knight’s Cybersecurity and Privacy Team has extensive experience in HIPAA and HITECH Act legal and security issues, with a team of over 45 dedicated healthcare lawyers and a multidisciplinary approach that complements our healthcare leadership with subject-matter leadership from across the firm.

In-Depth Insight for a Range of Legal Needs 

Whether your matter involves privacy compliance assessments, training or HIPAA compliance documentation, our team has the substantive understanding of HIPAA law and other data privacy laws necessary to guide you through the maze.

Customized Client Training to Help You Navigate Change 

HIPAA’s shifting policy landscape is a critical factor that drives the need for continuous training. Our lawyers provide customized and comprehensive training programs that cover individual client policies, procedures, practices and business relationships, as well as the general HIPAA privacy and security standards. Our attorneys are also available to conduct in-person training seminars on privacy compliance matters.

Savvy Technology Support 

Addressing the complex IT-related issues that have emerged from HIPAA and other data security laws requires specialized resources that may not be available inside your organization. Holland & Knight’s experienced technology attorneys can assist you through the changes, advising you in areas such as the following:

  • assisting in the development of clinical data repositories and master patient indices
  • counseling on your administrative requirements, including implementing appropriate IT security processes, to ensure administrative safeguards

Ongoing Strategic Counsel For Protecting Your Interests 

Holland & Knight’s Cybersecurity and Privacy Team provides the strategic legal counsel you need to respond proactively to continuously evolving requirements and to protect your business from unintended violations. Specific services include:

  • full-scale privacy and operational compliance assessments and remediation programs
  • advice and counsel regarding responding to data breaches 
  • counseling on HIPAA and related state law issues, such as gap analyses and the impact of HIPAA on state litigation
  • developing comprehensive analysis, assessment and operational compliance of self-insured employee health plans
  • reviewing existing business arrangements with third parties that permit access to health information – including those with vendors, agents and independent contractors

Documenting Your Compliance 

Ensuring compliance with HIPAA and the HITECH Act requires painstaking tracking and documentation. Our Cybersecurity and Privacy Team brings the right combination of legal resources to the task. We can help you:

  • develop HIPAA compliance documents – including notices of privacy practices, business associate agreements, plan document amendments, protective orders and authorization forms
  • produce the policy and procedure manuals and related contractual provisions needed to protect the confidentiality of patient information
  • create employee training materials covering HIPAA laws and other privacy and security standards