At Epstein Becker Green, we counsel group health plan sponsors and their business associates on a daily basis regarding federal and state laws related to health information privacy, including the requirements of the Health Insurance Portability and Accountability Act ("HIPAA"), as amended by the Health Information Technology for Economic and Clinical Health ("HITECH") Act. We provide advice that is proactive, rather than reactive, by helping our clients identify and address HIPAA compliance issues before they escalate to problems.
Our services in this area include:
- Developing privacy policies and procedures, notices, and other written materials that comply with the HIPAA privacy requirements concerning the use and disclosure of protected health information ("PHI"), as well as communications with plan participants, government agencies, and others
- Reviewing plan documents, service provider agreements, and operations to ensure their compliance with HIPAA requirements, and identifying gaps in compliance
- Amending plan documents and service provider agreements and revising operations to close gaps in compliance
- Training employees on HIPAA's privacy requirements, new HITECH rules, and the use and disclosure of PHI
- Monitoring ongoing compliance with HIPAA, HITECH, and other relevant privacy laws
- Advising clients on responding to HIPAA and HITECH breaches, preparing notices to regulators, and mitigating damages