Health Information Privacy and Security

Mintz Levin attorneys counsel a variety of clients on a daily basis on all facets of health care privacy and security matters, and especially the complex legal and business issues relating to the use and disclosure of health information. We advise clients on privacy and security matters that arise in connection with corporate transactions, international business operations, risk management strategies, and data breach notification obligations. We also handle state and federal civil and criminal litigation matters involving the privacy and security of health information and assist clients in responding to inquiries from the Department of Health and Human Services Office of Civil Rights (OCR).

Our attorneys have extensive, cross-disciplinary expertise in the range of health care privacy and security laws, including the HIPAA Privacy and Security Rules, the HITECH provisions of the American Recovery and Reinvestment Act of 2009 (ARRA), the privacy provisions of the Communications Act, the Gramm-Leach-Bliley Act, the European Union Data Directive, state privacy laws, state data breach laws, and the developing body of privacy-related common law.

Our clients include health care providers and suppliers, pharmaceutical and medical device manufacturers, investors, IT vendors and health IT companies, web hosting companies, and Health Information Exchanges (HIEs). Our services for these clients include:

• developing and implementing privacy and security policies and procedures
• creating and conducting employee privacy and security training programs and seminars
• counseling organizations in government audits, and civil and criminal HIPAA enforcement actions brought by the OCR, the Department of Justice (DOJ), and various state Attorneys General
• representing clients in litigation arising out of private and security breaches
• analyzing Business Associate relationships, and preparing and reviewing Business Associate Agreements
• conducting privacy and security audits and providing internal policy development tools and advice
• counseling organizations on responses to and analyses of potential security incidents and breaches, including coordinating with technology specialists and forensics experts 
• advising clients on data use and disclosure requirements, including responding to subpoenas and third party requests for information
• providing strategic advice on federal and state legislative and regulatory developments related to health care privacy and security laws
• assisting researchers and research sponsors with data access, use, and disclosure issues, and HIPAA compliance in the context of clinical trials.

In addition to counseling our clients on privacy and security matters, Mintz Levin publishes a privacy law blog, www.privacyandsecuritymatters.com, which keeps our clients informed of the latest developments in information privacy laws and regulations. Mintz Levin attorneys write about an array of subjects, ranging from compliance with U.S. and international information security laws, to identity theft, to the latest developments in data security and data breach incident response.

Related Industries

News

1

1
1
1

1

Publications

1

1
1
1

1

Resources