Alston & Bird has expertise in advising clients on HIPAA health information privacy, as well as security and breach issues, and in developing HIPAA compliance plans for our clients. We have significant experience under the HIPAA/HITECH Act and state health privacy laws, advising and representing clients in HHS Office for Civil Rights (OCR) investigations, civil and criminal enforcement actions, and private health information litigation. We help clients navigate these difficult issues, including identifying real strategies to achieve compliance and helping them manage a breach crisis if one occurs.
The HIPAA Rules (and their state-level equivalents) are complicated, and the potential penalties for mistakes can be steep. Alston & Bird’s expertise in the area enables clients to successfully navigate these complexities.
Alston & Bird lawyers routinely advise clients on HIPAA privacy, security and breach issues, whether the client is a HIPAA-covered entity, a business associate or a research or other organization that seeks to obtain health information from a covered entity. Our attorneys regularly deal with HHS/OCR.
We are experienced in developing HIPAA privacy and security compliance plans for clients and work with client personnel in the legal, compliance and IT/technical capacities to educate on HIPAA requirements and ensure that such compliance plans are consistent with our client’s culture and fully integrated into their existing information security program.
We have expertise in devising comprehensive HIPAA training programs, as well as programs narrowly tailored to meet the training needs of specific employees with limited health care-related functions—and various iterations in between.
Alston & Bird advises clients in the event of an inadvertent or malicious breach of health information, including identifying immediate, proactive steps to mitigate potential harm. From small hospital providers to large for-profit companies, and from covered entities to business associates, we have navigated companies through the various federal and state laws relating to privacy and security breaches of health and financial data. If the breach is reportable under federal or state law, Alston & Bird can assist clients with notifying government agencies and individuals as required.
Transaction Due Diligence
Alston & Bird’s corporate transactions lawyers routinely draw on the expertise of our health information privacy and security lawyers to conduct HIPAA/HITECH Act due diligence and support client transactions involving health care entities or service providers. Working in tandem with our health information privacy and security lawyers, we are able to assess and contain risk associated with transactions involving HIPAA covered entities, business associates, technology companies and other entities that hold private and secure health information.
Government Investigations & Litigation
Alston & Bird has decades of experience supporting national and international clients on health information technology and privacy litigation, including significant data breach investigations. Our health information privacy and security lawyers advise and represent clients in responding to OCR investigations and administrative enforcement proceedings involving the Privacy, Security and Breach Notification Rules. Our government and investigations lawyers regularly advise health information technology companies, hospitals, physicians, payers and other HIPAA-covered entities in protecting the health information privacy of patients and customers, including in response to subpoenas, requests for production, search warrants and motions to compel. In doing so, we utilize Alston & Bird’s expertise in HIPAA, the federal alcohol and drug regulations and the various state laws that protect certain diagnoses (e.g., HIV, AIDS, mental health, alcohol/drug treatment, developmental disabilities), as well as state laws that protect certain communications (e.g., privileges for psychiatrists, psychologists, social workers and therapists). Our lawyers also represent clients in criminal investigations conducted by the U.S. Department of Justice (DOJ) concerning alleged HIPAA violations.
Alston & Bird’s health information privacy and security team is part of its Privacy & Security Group, which has been nationally ranked by Chambers USA: America’s Leading Lawyers for Business for four straight years. Our attorneys are recognized leaders and bring a unique and practical results-oriented perspective to client issues. These Alston & Bird attorneys include:
- a former deputy general counsel and acting general counsel of HHS;
- a former senior counsel to the assistant attorney general for the Civil Division, and in 2003 as the senior counsel to the associate attorney general;
- an attorney who authored a HIPAA article cited by the Georgia Supreme Court on ex parte interviews and qualified protective orders under the HIPAA Privacy Rule;
- one of “America's Leading Lawyers” for information technology matters; and
- one of the “Best Lawyers in America” regarding health plans, HIPAA privacy and health benefit issues.
Bringing Value to Our Clients
Alston & Bird communicates with clients on the front end regarding how best to staff a matter, including ranging from a single attorney to a multidisciplinary team when necessary and appropriate, depending on the issues involved. Our expertise means we are already familiar with the laws and issues, and that expertise translates into value for the clients across the board, whether they are large or small, for-profit or nonprofit.