Industries: Healthcare

HIPAA & HITECH Act Compliance

Latest News:

Nathan Kottkamp Presents at Strafford Webinar on HIPAA Compliance (10/18/2011)

HHS Announces Proposed Rule for Direct Patient Access to Clinical Lab Results (9/27/2011)

view more HIPAA related updates and articles

McGuireWoods LLP represents a range of clients in matters arising under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the regulations accompanying these laws, and state data privacy, data security and data breach laws. Our experience includes:

• HIPAA compliance counseling
• Policy development and implementation
• Employee training
• Drafting and negotiation of HIPAA-compliant business associate agreements and subcontracts
• Assistance with internal investigations, breach reporting and responding to government investigations, including investigations by the Office of Civil Rights

We also have significant experience addressing the interplay between HIPAA and state privacy and security laws and regulations, state mental health laws and regulations, and federal substance abuse laws and regulations, as well as facilitating our clients’ compliance with these complementary laws. We have extensive experience navigating the impact of HIPAA on litigation, particularly with respect to drafting and responding to discovery requests involving health records and HIPAA-qualified protective orders.

McGuireWoods’ data privacy and security practice includes addressing data encryption, data storage and data breach issues. We have assisted numerous clients in understanding and applying the data encryption and data destruction standards set forth in the HITECH Act breach notification safe harbor. We have conducted internal investigations involving computer intrusions as well as corporate security audits. McGuireWoods has assisted clients in mitigating risks and providing required notices following the theft, loss or other unauthorized disclosure of personal information, including health records. We have developed comprehensive compliance programs for international organizations that handle personal data transfers. Such compliance programs have included model form contract arrangements, employee data management transfers and binding corporate rules.

Our clients include hospitals, physician practices, pharmacies, health plans, disease management providers, pharmaceutical and medical device companies, telecommunications companies, healthcare consultants, application service providers, software vendors and various other entities that service the healthcare industry. Since the promulgation of the HITECH Act, the number of clients and the number of industries for which we provide privacy and security counseling have steadily expanded. McGuireWoods understands the unique business environment of each of our clients. Based on our substantial healthcare expertise, McGuireWoods is able to partner with each of our clients to facilitate HIPAA compliance in harmony with the client’s business strategy.

McGuireWoods’ cross-departmental team of HIPAA attorneys meets regularly to monitor current developments and to plan and implement educational programs for clients. In addition, our attorneys are frequent speakers at conferences and webinars and regularly publish articles regarding current issues arising under HIPAA, the HITECH Act and other federal and state data privacy and security laws.