Privacy & Security of Health Information

Complex and ever-changing federal and state health information privacy and security laws affect many participants in the healthcare industry. Understanding these laws can be complicated, and failing to comply with them carries stiff penalties.

Dickinson Wright’s interdisciplinary healthcare privacy and security team helps clients understand and comply with laws addressing the privacy and security of healthcare information, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the regulations promulgated thereunder such as, the Privacy, Security and Breach Notification Rules. Dickinson Wright’s privacy and security team remains up to date on revisions and new guidance under privacy and security laws including, for example, the Health Information Technology for Economic and Clinical Health Act (HITECH) and the HIPAA Omnibus Final Rule.

Our attorneys regularly counsel clients on minimizing privacy and security risks and offer strategic guidance on the many day-to-day issues associated with assuring the privacy and security of health information.

Among our areas of privacy and security expertise are:

Business Associate Agreements. Business associate agreements for all types of healthcare industry participants, including healthcare providers and suppliers, billing companies, software companies involved in the healthcare industry, case management, and billing software vendors.
Policies and Procedures. Developing HIPAA privacy and security policies and procedures for “Covered Entities” under HIPAA.
Breach Notification. Risk assessments under the Breach Notification Rule, and counseling clients regarding breaches, remediation, crisis management, and reporting and notification obligations.
Employee Training. Providing annual or more regular HIPAA compliance training to our clients’ workforce members.
Government Investigations. Assisting clients with government investigations, reviews, litigation and transaction-related issues when privacy or data security is compromised or at risk.
HIPAA Forms. Developing, reviewing and updating Notices of Privacy Practices and other forms required by HIPAA in the patient intake process.
Electronic Medical Record Systems. Advising on privacy and security issues associated with transitioning to electronic medical record systems.
Health Information Exchanges. Addressing privacy and security concerns when developing or participating in health information exchanges.

We also advise clients regarding a wide array of healthcare IT-related issues including:

• “Meaningful use” requirements
• IT asset acquisitions (including licensing)
• Risk insurance (e.g., cyber risk, data breach, among others)
• Healthcare-related data storage, including outsourcing and cloud computing
• E-billing requirements

HIPAA Insights and Developments

HIPAA Basics 
HIPAA Update – Significant Omnibus Rule Changes 
Responding to Requests for Information 
HIPAA Enforcement Past, Present and Future