Health care providers, clearinghouses, health plans, and their business associates face rigorous requirements under federal and state laws to protect health information. You need practical advice on how to manage the compliance, risk management, and litigation issues involved in the cutting-edge world of protected health information (PHI).
Alston & Bird sits at the forefront of national law firms advising clients on health information privacy, security, and breach notification issues under federal and state laws. We have advised our clients on Health Insurance Portability and Accountability Act (HIPAA) health information privacy, as well as security and breach issues, and developed HIPAA compliance plans. We have significant experience under HIPAA and Health Information Technology for Economic and Clinical Health Act (HITECH) and state health privacy laws, advising and representing clients in U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) investigations, civil and criminal enforcement actions, and private health information litigation. We help clients navigate these difficult issues, including identifying real strategies to achieve compliance and helping them manage a breach crisis if one occurs.
You need a firm with a command of the issues and the capability to guide you through a crisis and the labyrinth of laws you’ll face: the federal HIPAA, Genetic Information Nondiscrimination Act (GINA), and HITECH Act—and state laws such as California’s Confidentiality of Medical Information Act (CMIA). HHS has adopted Privacy, Security, Breach Notification, and Enforcement Rules that:
- Require protection of the privacy, security, and confidentiality of PHI, including electronic PHI.
- Limit uses and disclosures of PHI.
- Give individuals certain rights over their PHI.
- Require notification of individuals, HHS, and the media of certain breaches of PHI.
- Permit HHS to conduct investigations and audits, plus impose sanctions.