HIPAA, Health Information Privacy & Security Compliance
At the Law Office of Kevin O’Mahony, we advise clients on the numerous privacy and security laws that physicians, healthcare providers and businesses working with healthcare providers must follow on a daily basis in their medical practices, healthcare entities or businesses. Implementing and following proper business and security practices that comply with state privacy laws on patient information, as well as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) privacy, security and transactions rules, is essential for physicians and healthcare entities to avoid lawsuits, fines, penalties and damage awards.
The HIPAA Privacy Rule protects most “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or medium — whether electronic, on paper or oral. The Privacy Rule calls this information protected health information (“PHI”). The HIPAA Privacy Rule requires that covered entities, their business associates and any subcontractors handling PHI apply appropriate administrative, technical and physical safeguards to protect the privacy of PHI in any form.
The Health Information Technology for Economic and Clinical Health Act (“HITECH”) (enacted in 2009) was created to motivate the implementation of electronic health records (“EHR”) and supporting technology in the United States. Because this legislation anticipated a massive expansion in the exchange of electronic protected health information (“ePHI”), the HITECH Act widens the scope of privacy and security protections available under HIPAA. It also increases the potential legal liability for non-compliance, and provides for more enforcement.
We advise and assist healthcare providers, mobile app developers and other health-related businesses with their implementation of measures necessary to comply with the complex requirements imposed on healthcare providers and their vendors by the HIPAA Privacy and Security and HITECH Act requirements, as well as state privacy laws and regulations. Our services include:
- Advice and legal assistance in connection with protecting the confidentiality of patients’ medical records and PHI.
- Drafting and negotiating Business Associate Agreements (“BAAs”) and Subcontractor BAAs from Covered Entities’, Business Associates’ and Subcontractors’ perspectives.
- Assisting both healthcare providers and healthcare vendors in integrating requirements of the security and privacy rules in their operational documents.
- Providing advice, guidance and assistance to clients as they conduct privacy and security assessments and audits, develop compliance plans, and implement policies, procedures and forms for compliance.
- Advising and assisting clients as they choose appropriate consultants to help them prepare, improve and implement necessary policies and procedures, and respond to audits.
- Assisting on incident response and breach reporting, including counseling on Office of Civil Rights (“OCR”) compliance reviews, HIPAA audits or other government investigations.
- Representing healthcare clients in legal actions alleging violations of federal or state privacy laws or regulations.
Our law firm is experienced in counseling and assisting healthcare clients regarding medical privacy and security matters in a cost-effective manner. We have broad experience counseling clients regarding how they can meet the requirements of the various federal and state privacy and security rules in their day-to-day business activities. And we can assist if a legal action is brought alleging a violation. Please call or email us if you wish to schedule a consultation.