Alston & Bird sits at the forefront of national law firms advising clients on health information privacy, security, and breach notification issues under federal and state laws. We have decades of experience advising our clients on Health Insurance Portability and Accountability Act (HIPAA) health information privacy, as well as security and breach issues, and developed HIPAA compliance plans. We have significant experience under HIPAA, the Health Information Technology for Economic and Clinical Health (HITECH) Act, and state health privacy laws, advising and representing clients in U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) investigations and compliance reviews, civil and criminal enforcement actions, and private litigation involving health information. We help you navigate these difficult issues, including identifying real strategies to achieve compliance and helping manage and resolve a breach crisis if one occurs.
Alston & Bird is there when you face an inadvertent or malicious breach of health information, including identifying immediate, proactive steps to mitigate potential harm. We recognize that no breach is the same, and we tailor our advice to the size and scope of the incident and its potential impact on you. Not all incidents are reportable under federal and state laws, and legal expertise is crucial in making that determination. If the breach is reportable under federal or state law, Alston & Bird can assist you with notifying government agencies and individuals as required and notifying/interacting with the media.
The HIPAA rules (and their state-level equivalents) are complicated, and the potential penalties for mistakes can be steep. Alston & Bird’s strength in HIPAA compliance enables you to navigate these complexities. We have developed HIPAA privacy and security compliance plans and work with your personnel in legal, compliance, and IT/technical capacities to educate on HIPAA requirements and ensure that compliance plans are consistent with your culture and fully integrated into your existing information security program.
You need a firm with a command of the issues and the capability to guide you through a crisis and the labyrinth of laws you’ll face: the federal HIPAA, Genetic Information Nondiscrimination Act (GINA), and HITECH Act and state laws such as California’s Confidentiality of Medical Information Act (CMIA) and Consumer Privacy Act (CCPA). Our team brings a unique combination of skills—knowledge of the laws governing health information breaches and security incident/crisis management and response experience—to assist you in managing and responding to a health information breach. With Alston & Bird, you have the right partner by your side.