HIPAA and HITECH

As reliance on electronic medical records (EMR) and other technologies continues to grow, healthcare organizations must ensure the proper handling of sensitive data in order to avoid liability. The provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act in February 2009, greatly expanded the reach of the Health Insurance Portability and Accountability Act (HIPAA) concerning data privacy and security requirements and other industry standards and regulations.

McGuireWoods represents clients in matters arising under both HIPAA and the HITECH Act, as well as regulations accompanying these and other state data privacy, data security and data breach laws. Our experience includes:

  • HIPAA compliance counseling
  • Policy development and implementation
  • Employee training
  • Drafting and negotiation of HIPAA-compliant business associate agreements and subcontracts
  • Assistance with internal investigations, breach reporting and responding to government investigations, including investigations by the Office of Civil Rights (OCR)
  • Compliance with federal and state mental health and substance abuse laws and regulations, as well as in related litigation, including discovery requests involving health records and HIPAA-qualified protective orders

We advise clients on the full range of risk-mitigation options and requirements, including data encryption, data storage and data breach issues, as well as in the application of data encryption and data destruction standards set forth in the HITECH Act breach notification safe harbor. We regularly conduct internal investigations and audits involving computer intrusions and corporate security. Where data thefts, losses, breaches or unauthorized disclosures have occurred, McGuireWoods has worked with clients in providing required notices. We have developed comprehensive compliance programs that cover model form contract arrangements, employee data management transfers, and binding corporate rules for international organizations that handle personal data transfers.

We understand the complex business environment facing the healthcare industry as a whole, and focus on the unique objectives and requirements and of each of our clients. We regularly represent hospitals, physician practices, pharmacies, health plans, disease management providers, pharmaceutical and medical device companies, telecommunications companies, healthcare consultants, application service providers, software vendors and various other entities that service the healthcare industry. We partner with each of our clients to facilitate HIPAA compliance in harmony with the client’s business strategy.

McGuireWoods’ cross-departmental team of HIPAA lawyers meets regularly to monitor current developments and to plan and implement a range of related educational programs. In addition, our lawyers are frequent speakers at conferences and webinars and regularly publish articles regarding current issues arising under HIPAA, the HITECH Act and other federal and state data privacy and security laws.

HIPAA and HITECH 147662434

CONTACTS

Nathan A. Kottkamp Senior Counsel T: +1 804 775 1092
Results 1-6 of 6
Representative Matter

Various clients

Assisted various clients in assessing the HIPAA and HITECH issues raised by the provision of mHealth services and in developing contractual and operational approaches to compliance.
Representative Matter

Client

Regularly counsel clients regarding Medicare and Medicaid Anti-Kickback issues, Medicare coverage and payment issues, and HIPAA issues raised by the storage, receipt or transmission of patient health information.
Representative Matter

Healthcare providers, health plans, business associates and business associate subcontractors

Prepare and negotiate business associate agreements and business associate subcontracts for healthcare providers, health plans, business associates and business associate subcontractors.
Representative Matter

Client

Assist clients with the implementation of HIPAA compliance programs, including preparing compliance plan documents, conducting training and assisting in the establishment of an infrastructure for monitoring and reporting.
Representative Matter

Client

Assess the application of HIPAA, the HITECH Act and the FTC breach notification rule to various telephony based products and services, including remote disease management, telephone answering services, medical paging services and personal emergency response services.
Representative Matter

Telecommunications company

Counseled on HIPAA security compliance, and drafted and revised security policies.
Results 1-6 of 6
Holly Buckley Holly Buckley
Partner
77 West Wacker Drive
Suite 4100
Chicago, IL 60601-1818

T: +1 312 849 3687
F: +1 312 698 4504
vCard
Robyn Carlson Robyn S. T. Carlson
Attorney
Gateway Plaza
800 East Canal Street
Richmond, VA 23219-3916

T: +1 804 775 4353
F: +1 804 698 2234
vCard
Felicia L Mitchell Felicia M. Gardner
Associate
201 North Tryon Street
Suite 3000
Charlotte, NC 28202-2146

T: +1 704 373 8995
F: +1 704 353 6193
vCard
Kimberly J Kannensohn Kimberly J. Kannensohn
Partner
77 West Wacker Drive
Suite 4100
Chicago, IL 60601-1818

T: +1 312 750 8649
F: +1 312 920 3683
vCard
Sally Doubet King Sally Doubet King
Partner
77 West Wacker Drive
Suite 4100
Chicago, IL 60601-1818

T: +1 312 849 3684
F: +1 312 849 3050
vCard
Clay Landa William Clayton Landa
Associate
Gateway Plaza
800 East Canal Street
Richmond, VA 23219-3916

T: +1 804 775 7750
F: +1 804 698 2093
vCard
Colin McCarthy Colin P. McCarthy
Associate
Gateway Plaza
800 East Canal Street
Richmond, VA 23219-3916

T: +1 804 775 7819
F: +1 804 698 2094
vCard
Sarah Mick Sarah E. Mick
Associate
77 West Wacker Drive
Suite 4100
Chicago, IL 60601-1818

T: +1 312 849 8228
F: +1 312 698 4565
vCard
Larissa Sneathern Larissa LPC Sneathern
Associate
Court Square Building
310 Fourth Street, N.E.
Suite 300
Charlottesville, VA 22902-1288

T: +1 434 977 2593
F: +1 434 980 2255
vCard
Gretchen Heinze Townshend Gretchen Heinze Townshend
Partner
77 West Wacker Drive
Suite 4100
Chicago, IL 60601-1818

T: +1 312 849 8237
F: +1 312 698 4524
vCard
Carolyn M Trenda Carolyn M. Trenda
Counsel
77 West Wacker Drive
Suite 4100
Chicago, IL 60601-1818

T: +1 312 849 8130
F: +1 312 849 8131
vCard
Results 1-20 of 33
Show All
Event

HIPAA Hot Topics

Recent Developments and Enforcement Actions

September 14, 2017
Complimentary Webinar
Speaking Engagement

Institute on Medicare and Medicaid Payment Issues

March 29-31, 2017
Baltimore, MD
Speaking Engagement

FireEye Cyber Defense Summit 2016

November 28-30, 2016
Washington, DC
Event

HIPAA Hot Topics

August 11, 2016
Complimentary Webinar
Speaking Engagement

Dental Practice Mergers, Acquisitions, Divestitures and Affiliations

March 31, 2016
Live Webinar
Event

HIPAA Webinar Series

March 30 & April 6, 2016
Complimentary Healthcare Webinars
Speaking Engagement

ABA Techshow 2016

March 16-19, 2016
Chicago, IL
Speaking Engagement

HIPAA Compliance During Litigation and Discovery

March 2015
Clear Law Institute, OnDemand Webinar
Event

10 Key Points Providers Should Know for 2014 HIPAA Compliance

January 16, 2014
Complimentary Webinar
Speaking Engagement

Focus on HIPAA Compliance

July 31, 2013
Thomson Reuters Webcast
Event

Are You Still HIPAA Compliant?

March 27, 2013
HIPAA and the HITECH Final Rule Webinar Series
Results 1-20 of 33
Results 1-20 of 83
Show All
Legal Alert

HIPAA Guidance Issued on Man-In-The-Middle Attacks

Password Protected
April 11, 2017
Legal Alert

Cybersecurity Threats May Impact Your Digital Health

Password Protected
November 17, 2016
Legal Alert

LabMD Successfully Delays FTC’s Data Security Enforcement During Appeal

Password Protected
November 16, 2016
Legal Alert

OCR Makes It Official: Ransomware Attacks Are HIPAA Breaches

Password Protected
July 26, 2016
Legal Alert

HIPAA Breach Reporting Deadline: February 29

February 18, 2016
Legal Alert

OCR Enforcement of HIPAA Affects Entities of all Sizes

Small Pharmacy Enters into Latest Settlement

May 4, 2015
Results 1-20 of 83