HIPAA and Healthcare Privacy

Representative Experience

  • Assisted a national REIT in its minority investment in a portfolio of a variety of healthcare providers, including assisted living, memory care, hospice, and private-pay in-home care. The providers were located in multiple states, including Arizona, California, Illinois, Texas, Utah, Washington, and Wisconsin. AGG’s involvement included in-depth diligence, including a review of the providers’ licenses, permits, certifications, and accreditations, PEPPER reports, government investigations and surveys, hospice cap calculations, compliance program, background screening, HIPAA, medical directorships, admission agreements, commercial payor audits, and corporate practice of medicine. AGG also assisted with preparing the underlying investment agreement and related disclosure schedules.
  • Represented a national medical practice and management company in the evaluation and response to federal and multi-state HIPAA security and privacy matters, including review of the alleged breach, assembly of patient and business partner communications, notification of state and federal parties.
  • Represented a national medical practice and management company with regard to the negotiation of a new billing and collection agreement, including privacy and security matters and related indemnity obligations.
  • Represented a multi-state medical practice management company start-up in the acquisition of multiple additional medical practices, including all aspects of the transaction from letter of intent to due diligence to transaction documents.
  • Represented a multi-state medical practice management company start-up in the acquisition of multiple additional medical practices, including all aspects of the transaction from letter of intent to due diligence to transaction documents.
  • Advice to national hospice provider regarding compliance with breach reporting and notice requirements and indemnification rights where a potential breach was caused by an IT vendor Business Associate.
  • Advised private school re actions required by FERPA due to theft of records from Athletic Dept., and inapplicability of HIPAA.
  • Analyzed covered entity with Business Associate components of large academic medical center.
  • Represented a large hospital system in the development of a regional urgent care joint venture arrangement, including tax strategy, corporate structure and regulatory analysis.
  • Advised non-profit college on HIPAA vs. FERPA applicability to school's health clinic; prepared FERPA forms, policies and training materials.
  • Evaluated scope of cyber-security insurance coverage for investor.
  • Diligence of national healthcare consultant's compliance with Business Associate requirements.
  • Represented a national hospitalist services company address an alleged data breach by one of its national vendors; coordinated internal investigation and external response planning and corrective action plan.

  • Diligence of pharmacy automation product vendor's compliance with HIPAA's Business Associate requirements.
  • Advised multiple clients (both covered Entities and Business Associates) on updating of policies, forms and training materials in light of HITECH Act and breach reporting.
  • Advised a national hospitalist firm on federal and state breach notification obligations arising from a potential breach experienced by a subcontractor which may have exposed protected health information over the internet.
  • Conducted internal compliance investigation to determine whether data shared with a pharmaceutical company was appropriately de-identified.
  • Analyzed the interplay of the Family Educational Rights and Privacy Act (FERPA) and HIPAA for health system providing services in educational settings.
  • Assisted numerous clients in evaluating and responding to data breaches.
  • Advised skilled nursing facility company on compliance policies and training for multi-location operations.
  • Provided an analysis of Georgia laws impacting health system’s adoption of an electronic health record function.
  • Assisted academic medical center on HIPAA and state-level privacy issues applicable to its development of a Health Information Exchange.
  • Performed due diligence on HIPAA compliance for private equity investor considering investment in cloud services vendor.
  • Represented one of the 115 Covered Entities nationwide to be audited by KPMG on behalf of the Office for Civil Rights in 2012.
  • Provided legal and policy counsel, with particular focus on health information privacy and security issues, to the Department of Community Health related to Georgia’s Health Information Exchange.
  • Conducted internal compliance investigation in response to allegations by former employee of client that client had  terminated employee in retaliation for having reported 1) a significant HIPAA breach of Protected Health Information which was not fully de-identified before being provided to pharmacy companies; and 2)non-compliance with law related to the client’s implementation of its financial hardship policy.
  • Advised a client regarding the development of a HIPAA/HI-TECH Act compliance program covering its potential obligations as a business associate of HIPAA covered entities. Assisted the client in the conduct of a gap analysis to identify areas where further action may be necessary depending upon proposed changes to the HIPAA privacy, security, and breach notification regulations.
  • Advised data network services provider contracted with government agencies and providers of health care and human services, including homeless shelters, with respect to the sharing of TB information in compliance with applicable privacy laws, including HIPAA.
  • Advised long-term care provider, with facilities in multiple states, in revising HIPAA privacy policies and procedures, notice of privacy practices, and other HIPAA documentation for use company-wide following 2013 rule changes. Also worked with local counsel to include relevant state-law provisions in privacy policies and procedures.