At Epstein Becker Green, we provide daily counsel to clients throughout the health care industry on compliance with health information privacy laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA) and its privacy, security, and breach notification rules and the Health Information Technology for Economic and Clinical Health Act (HITECH) and its regulations. We work with our clients to facilitate HIPAA compliance that complements their business strategy.
The members of our Privacy & Security Group are prolific authors and sought-after lecturers on health information privacy and security topics, and also serve on the advisory boards of such publications as Report on Patient Privacy, The Medical Information Technology Law Report, Thompson's Employer's Guide to HIPAA, and The Privacy Officers Advisor, the official newsletter of the Privacy Officers Association.
As part of their services to ensure that clients comply with HIPAA and other health privacy laws, members of our Privacy & Security Group:
- Advise on whether a client is a HIPAA-covered entity or business associate
- Provide advice on the use, disclosure, transfer, retention, and destruction of protected health information
- Advise clients on risk-mitigation options, such as data encryption and access controls
- Develop and implement recordkeeping, documentation, access, and complaint and disciplinary procedures
- Conduct HIPAA- and HITECH-related educational seminars and training programs
- Develop and implement a comprehensive privacy compliance program
- Update HIPAA policies and procedures to comply with new developments and requirements
- Advise on HIPAA compliance during recruitment and the conduct of clinical trials
- Draft, review, and negotiate business associate agreements and subcontracts
Since no compliance program is foolproof, if a HIPAA violation occurs, we undertake a breach assessment, create a corrective action plan, assist the client with remedial measures and security breach responses under the HIPAA Breach Notification Rule, and defend the client in any investigations and litigation concerning the violation.