Health care providers, clearinghouses, health plans and their business associates face stringent requirements under federal and state laws to protect health information. These laws include the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Genetic Information Nondiscrimination Act (GINA) and the Health Information Technology for Economic and Clinical Health Act (HITECH Act)—and such state laws as California’s Confidentiality of Medical Information Act (CMIA). The U.S. Department of Health and Human Services (HHS) has adopted Privacy, Security, Breach Notification and Enforcement Rules, which:
- require protection of the privacy, security and confidentiality of protected health information (PHI), including electronic PHI;
- limit uses and disclosures of PHI;
- give individuals certain rights with respect to their PHI;
- require notification of individuals, HHS and the media of certain breaches of PHI; and
- permit HHS to conduct investigations and audits, and impose sanctions.
Alston & Bird sits at the forefront of national law firms advising clients on health information privacy, security and breach notification issues under federal and state law. We provide clients with practical advice on how to manage the compliance, risk management and litigation issues involved in the cutting-edge world of PHI.