HIPAA and Healthcare Privacy

The Administrative Simplification provisions of the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the more recent HITECH Act component of the American Recovery and Reinvestment Act require that health care providers, health plans and health care clearinghouses, as well as their business associates, implement extensive measures to comply with such laws. The Healthcare Practice of Arnall Golden Gregory assists its clients on a daily basis with their compliance planning and implementation, mitigation of risks and audit responses occasioned by HIPAA and the HITECH Act. We also assist clients with navigating the frequently conflicting or broader state privacy laws and with keeping up with this evolving and complex area of government regulation.

Our services in the arena of healthcare privacy and security laws include:

  • Assisting companies with comprehensive implementation plans for HIPAA/HITECH compliance;
  • Preparing educational and training materials appropriate to a client’s unique organization;
  • Assisting in responses to and reporting  of security breaches;
  • Advising clients on response to Office of Civil Rights and state attorneys general audits and investigations of privacy and security law violations or denials of rights of access to medical records;
  • Updating HIPAA policies to meet new requirements under the American Recovery and reinvestment Act;
  • Applying privacy and security laws to innovative models of information connectivity, such as Health Information Exchanges and cloud computing arrangements;
  • Conducting state law preemption analyses;
  • Preparing and negotiating business associate agreements, including for “downstream” business associates;
  • Drafting risk allocation clauses in service agreements involving the transfer of large amounts of sensitive data; and
  • Due diligence of Covered Entities’ and Business Associates’ levels of HIPAA/HITECH compliance.