HIPAA and HITECH compliance

Our attorneys prepare HIPAA business associate agreements for clients, assist with HIPAA policy development and compliance audits, and amend business associate agreements to address HITECH issues. We counsel clients regarding compliance with notification requirements when there is a breach of unsecured protected health information under HITECH. We help clients comply with regulations issued under HITECH by the Department of Health and Human Services, which apply to health care providers, health plans, business associates and other entities regulated by HIPAA, as well with regulations issued by the Federal Trade Commission requiring certain non-HIPAA entities, such as vendors of personal health records, to notify consumers when the security of their unsecured personal health records are compromised. We also counsel regarding other aspects of HITECH, including encryption standards and electronic health records.

We prepare HIPAA business associate agreements and HIPAA-compliant group health plan documents and assist with HIPAA policy development and compliance audits. We take a comprehensive and integrated approach to this statute. When HIPAA complaints are lodged, we defend client interests wherever they are challenged, including in the Office for Civil Rights.

Our experience includes:

  • We regularly counsel clients regarding HIPAA compliance as it relates to their covered group health plans and on-site health clinics and EAP services.
  • We help clients develop written policies and procedures to address compliance with the HIPAA Privacy and Security Rules.
  • We assist health care provider networks in amending business associate agreements to address the additional liabilities imposed by HITECH.
  • We regularly provide HIPAA training for clients and their employees.
  • We assist clients in investigating and responding to data breaches affecting their patient's or health plan participants' protected health information.