Healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates, are required to implement extensive measures to comply with federal laws. We assist clients on a daily basis with their compliance planning and implementation, mitigation of risks, and audit responses occasioned by HIPAA and the HITECH Act. We also assist clients with navigating the frequently conflicting or broader state privacy laws and with keeping up with this evolving and complex area of government regulation.
Our services in the arena of healthcare privacy and security laws include:
- Assisting companies with comprehensive implementation plans for HIPAA/HITECH compliance.
- Preparing educational and training materials appropriate to a client’s unique organization.
- Assisting in responses to and the reporting of security breaches.
- Advising clients on response to Office of Civil Rights and state attorneys general audits and investigations of privacy and security law violations or denials of rights of access to medical records.
- Updating HIPAA policies to meet new requirements under the American Recovery and Reinvestment Act.
- Applying privacy and security laws to innovative models of information connectivity, such as Health Information Exchanges and cloud computing arrangements.
- Conducting state law preemption analyses.
- Preparing and negotiating business associate agreements, including for “downstream” business associates.
- Drafting risk allocation clauses in service agreements involving the transfer of large amounts of sensitive data.
- Due diligence of Covered Entities’ and Business Associates’ levels of HIPAA/HITECH compliance.