HIPAA and Healthcare Privacy
- Our team of dedicated healthcare, compliance, cybersecurity and technology lawyers have practical know-how for handling your health information privacy and security matters.
- Our Healthcare & Life Sciences Industry Sector Group not only knows the HIPAA laws and rules, but we know how to design a practical and useful compliance program that we can harmonize with state privacy laws. Members of our team are frequently called upon to speak and write on these topics.
- Our lawyers have experience drafting comments to the U.S. Department of Health and Human Services (HHS) on the HIPAA privacy laws and regulations – working on behalf of industry associations, multinational corporations and other clients.
Since enactment of the Health Insurance Portability and Accountability Act (HIPAA) in 1996, numerous regulations and guidance documents have been issued to attempt to clarify its provisions. Despite these efforts, the regulations are anything but simple. HIPAA has a significant effect on the way business is conducted in the United States. Organizations regulated by HIPAA, either as covered entities or as business associates, will want informed legal counsel to advise on the challenges. The HITECH Act of 2009, federal substance use disorder regulations (42 C.F.R. Part 2), the Telephone Consumer Protection Act (TCPA) and the Federal Trade Commission's (FTC) Health Breach Notification Rule for personal health records (PHRs), as well as state privacy laws, also impact how health information and other patient data may be used and disclosed.
The complex provisions of HIPAA and state privacy and security laws govern a vast spectrum of U.S. businesses. We have advised clients in the following industry sectors:
- pharmaceutical and device manufacturers
- medical app developers
- pharmacies and pharmaceutical benefit managers
- self-insured employee benefit plans
- health plans, health insurers and third-party administrators
- vendors, contractors and other business associates
- physician groups
- hospitals and nursing homes
Holland & Knight has extensive experience in HIPAA and HITECH Act legal and security issues, with a national team of dedicated healthcare and privacy lawyers as well as a multidisciplinary approach that complements our healthcare knowledge with subject-matter leadership from across the firm.
In-Depth Insight for a Range of Legal Needs
Whether your matter involves privacy compliance assessments, breach response, training or HIPAA compliance documentation, data monetization, assessing risks related to pixels and other website tracking tools, or defending against plaintiff class actions alleging privacy violations, our team has the substantive understanding of HIPAA and other data privacy laws necessary to guide you through the maze.
Customized Client Training to Help You Navigate Change
HIPAA's shifting policy landscape is a critical factor that drives the need for continuous training. Our lawyers provide customized and comprehensive training programs that cover individual client policies, procedures, practices and business relationships, as well as the general HIPAA privacy and security standards. Our attorneys are also available to conduct in-person training seminars on privacy compliance matters.
Savvy Technology Support
Addressing the complex IT-related issues that have emerged from HIPAA and other data security laws requires specialized resources that may not be available inside your organization. Holland & Knight's experienced technology attorneys can assist you through the changes, advising you in areas such as the following:
- assisting in the development of clinical data repositories and data lakes
- counseling on your administrative requirements, including implementing appropriate IT security processes and recognized security practices, to ensure administrative safeguards
- coordinating security risk analyses and risk assessments with experienced IT vendors
Ongoing Strategic Counsel for Protecting Your Interests
Holland & Knight's Data Strategy, Security & Privacy Team provides the strategic legal counsel you need to respond proactively to continuously evolving requirements and to protect your business from unintended violations. Specific services include:
- full-scale privacy and operational compliance assessments and remediation programs
- advice and counsel regarding responding to data breaches and security incidents, including state law reporting requirements and the FTC's PHR reporting rules
- counseling on HIPAA and related state law issues, such as gap analyses and the impact of HIPAA on state litigation
- developing comprehensive analysis, assessment and operational compliance of self-insured employee health plans
- reviewing existing business arrangements with third parties that permit access to health information – including those with vendors, agents and independent contractors
Documenting Your Compliance
Ensuring compliance with HIPAA and the HITECH Act requires painstaking tracking and documentation. Our Cybersecurity and Privacy Team brings the right combination of legal resources to the task. We can help you:
- develop HIPAA compliance documents – including notices of privacy practices, business associate agreements, breach notices, plan document amendments, protective orders and authorization forms
- produce the policy and procedure manuals and related contractual provisions needed to protect the confidentiality of patient information
- create employee training materials covering HIPAA laws and other privacy and security standards