HIPAA and Healthcare Privacy

  • Our team of dedicated healthcare, compliance, cybersecurity and technology lawyers have practical know-how for handling your health information privacy and security matters.
  • Our Healthcare & Life Sciences Team not only knows the HIPAA laws and rules, but we know how to design a practical and useful compliance program that we can harmonize with state privacy laws. Members of our Cybersecurity and Privacy Team are frequently called upon to speak and write on these topics.
  • Our lawyers have experience drafting comments to the U.S. Department of Health and Human Services (HHS) on the HIPAA privacy laws and regulations – working on behalf of industry associations, multinational corporations and other clients.

Since enactment of the Health Insurance Portability and Accountability Act (HIPAA) in 1996, numerous regulations and guidance documents have been issued to attempt to clarify its provisions. Despite these efforts, the law is anything but simple. HIPAA has a significant effect on the way business is conducted in the United States. If your organization is regulated by HIPAA, you will want informed legal counsel to advise you on the challenges. The HITECH Act of 2009, federal substance use disorder regulations (42 C.F.R. Part 2), the Telephone Consumer Protection Act (TCPA), the Federal Trade Commission's (FTC) Health Breach Notification Rule for personal health records (PHRs), as well as state privacy laws, also impact how health information and other patient data may be used and disclosed.

The complex provisions of HIPAA and state privacy and security laws govern a vast spectrum of U.S. businesses. We have advised clientele in the following industry sectors:

  • pharmaceutical and device manufacturers
  • medical app developers
  • pharmacies and pharmaceutical benefit managers
  • self-insured employee benefit plans
  • health plans, health insurers and third-party administrators
  • vendors, contractors and other business associates
  • physician groups
  • hospitals and nursing homes

Experienced Counsel

Holland & Knight's Cybersecurity and Privacy Team has extensive experience in HIPAA and HITECH Act legal and security issues, with a national team of dedicated healthcare and privacy lawyers as well as a multidisciplinary approach that complements our healthcare knowledge with subject-matter leadership from across the firm.

In-Depth Insight for a Range of Legal Needs 

Whether your matter involves privacy compliance assessments, breach response, training or HIPAA compliance documentation, our team has the substantive understanding of HIPAA law and other data privacy laws necessary to guide you through the maze.

Customized Client Training to Help You Navigate Change

HIPAA's shifting policy landscape is a critical factor that drives the need for continuous training. Our lawyers provide customized and comprehensive training programs that cover individual client policies, procedures, practices and business relationships, as well as the general HIPAA privacy and security standards. Our attorneys are also available to conduct in-person training seminars on privacy compliance matters.

Savvy Technology Support

Addressing the complex IT-related issues that have emerged from HIPAA and other data security laws requires specialized resources that may not be available inside your organization. Holland & Knight's experienced technology attorneys can assist you through the changes, advising you in areas such as the following:

  • advising on privacy design for medical apps, devices and websites, including privacy policies, terms of use and patient authorizations
  • assisting in the development of clinical data repositories and data lakes
  • counseling on your administrative requirements, including implementing appropriate IT security processes, to ensure administrative safeguards
  • coordinating security analyses with experienced IT vendors

Ongoing Strategic Counsel for Protecting Your Interests

Holland & Knight's Cybersecurity and Privacy Team provides the strategic legal counsel you need to respond proactively to continuously evolving requirements and to protect your business from unintended violations. Specific services include:

  • full-scale privacy and operational compliance assessments and remediation programs
  • advice and counsel regarding responding to data breaches and security incidents, including state law reporting requirements and the FTC's PHR reporting rules
  • counseling on HIPAA and related state law issues, such as gap analyses and the impact of HIPAA on state litigation
  • developing comprehensive analysis, assessment and operational compliance of self-insured employee health plans
  • reviewing existing business arrangements with third parties that permit access to health information – including those with vendors, agents and independent contractors

Documenting Your Compliance

Ensuring compliance with HIPAA and the HITECH Act requires painstaking tracking and documentation. Our Cybersecurity and Privacy Team brings the right combination of legal resources to the task. We can help you:

  • develop HIPAA compliance documents – including notices of privacy practices, business associate agreements, breach notices, plan document amendments, protective orders and authorization forms
  • produce the policy and procedure manuals and related contractual provisions needed to protect the confidentiality of patient information
  • create employee training materials covering HIPAA laws and other privacy and security standards