HIPAA Compliance & Health Privacy
The Health Insurance Portability and Accountability Act (HIPAA), along with the Health Information Technology for Economic and Clinical Health (HITECH) Act, impose stringent obligations and requirements on healthcare providers, health plans, healthcare clearinghouses, and their business associates to protect the privacy and security of protected health information (PHI) and provide civil, economic and potentially even criminal penalties for those who violate the law.
McAfee & Taft’s HIPAA Compliance & Health Privacy lawyers have an in-depth understanding of the complex federal and state laws regulating how PHI in its various forms – verbal, written and electronic – must be secured and handled, and they have extensive experience in providing comprehensive health information privacy and security solutions to covered entities and their business associates.
The firm’s dedicated HIPAA Privacy Compliance & Health Privacy team is comprised of lawyers with regulatory, transactional and litigation experience. Our lawyers regularly assist healthcare providers and health plans, as well as billing companies, banking institutions and other organizations that perform services on behalf of covered entities, with all aspects of HIPAA privacy, security, and breach notification implementation and compliance – from developing comprehensive, integrated compliance programs to taking swift, decisive action in the event of a potential or actual breach.
Our experience in providing HIPAA solutions to clients includes:
- Developing comprehensive HIPAA privacy, security and breach notification policies, procedures and relevant documents
- Advising clients on HIPAA security risk assessments and other security rule requirements
- Counseling clients on protecting and securing ePHI on mobile devices, such as laptops, flash drives and smartphones
- Drafting business associate agreements on behalf of covered entities and business associates and advising clients regarding the need for such agreements
- Conducting HIPAA training for employees of covered entities and business associates
- Evaluating the release of protected health information under state and federal law and conducting preemption analyses
- Advising health care providers on releasing protected health information under HIPAA, the HITECH Act, and state laws pursuant to administrative demands, discovery requests, court orders, subpoenas and authorizations
- Evaluating and responding to individuals’ complaints filed against covered entities and business associates
- Conducting investigations of alleged breaches, determining reporting obligations, and preparing notices
- Responding to Office for Civil Rights’ allegations of potential HIPAA violations, working directly with OCR investigators to resolve matters, and developing corrective action plans
The HIPAA Compliance & Health Privacy team also regularly provides HIPAA email alerts to clients and conducts webinars and seminars on timely issues.