As reliance on electronic medical records (EMR) and other technologies continues to grow, healthcare organizations must ensure the proper handling of sensitive data in order to avoid liability. The provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act in February 2009, greatly expanded the reach of the Health Insurance Portability and Accountability Act (HIPAA) concerning data privacy and security requirements and other industry standards and regulations.
McGuireWoods represents clients in matters arising under both HIPAA and the HITECH Act, as well as regulations accompanying these and other state data privacy, data security and data breach laws. Our experience includes:
We advise clients on the full range of risk-mitigation options and requirements, including data encryption, data storage and data breach issues, as well as in the application of data encryption and data destruction standards set forth in the HITECH Act breach notification safe harbor. We regularly conduct internal investigations and audits involving computer intrusions and corporate security. Where data thefts, losses, breaches or unauthorized disclosures have occurred, McGuireWoods has worked with clients in providing required notices. We have developed comprehensive compliance programs that cover model form contract arrangements, employee data management transfers, and binding corporate rules for international organizations that handle personal data transfers.
We understand the complex business environment facing the healthcare industry as a whole, and focus on the unique objectives and requirements and of each of our clients. We regularly represent hospitals, physician practices, pharmacies, health plans, disease management providers, pharmaceutical and medical device companies, telecommunications companies, healthcare consultants, application service providers, software vendors and various other entities that service the healthcare industry. We partner with each of our clients to facilitate HIPAA compliance in harmony with the client’s business strategy.
McGuireWoods’ cross-departmental team of HIPAA lawyers meets regularly to monitor current developments and to plan and implement a range of related educational programs. In addition, our lawyers are frequent speakers at conferences and webinars and regularly publish articles regarding current issues arising under HIPAA, the HITECH Act and other federal and state data privacy and security laws.
Don’t Neglect Physical Safeguards as Part of HIPAA Security Compliance
May 31, 2018
HIPAA Enforcement — States Flex Their Muscles
April 11, 2018
HIPAA in Due Diligence (Part III): Risk Mitigation Strategies
April 4, 2018
HIPAA in Due Diligence (Part II): Cloud Server Data and HIPAA Compliance
April 2, 2018
HIPAA in Due Diligence (Part I): Four Key Diligence Questions
March 30, 2018