HIPPA and Patient Privacy & Confidentiality

We assist clients with the complex patient information privacy issues and technical security-related issues involved with the Health Insurance Portability and Accountability Act (HIPAA).

Protecting patient data and deterring unauthorized access, use or disclosure of personal health information (“PHI”) is critical to prevent yourself from running afoul of the regulations.

We can help you prepare a Manual HIPAA Privacy and HIPAA Security Policies and Procedures, as well as Business Associate Agreements to ensure compliance. The HIPAA Manual will include forms as well for your office, and on-site HIPAA education, training to boards of trustees, management, medical staffs and other personnel, policy and procedure assessment and development, business associate audits, minimum necessary assessments and HIPAA security audits. From analysis, to creation of policies and procedures, to implementation, to monitoring, to enforcement, to revision, we handle the many aspects of HIPAA compliance for you and with you.

We can also analyze whether your physician practice or other health care system falls outside HIPAA and if so, create state “mirror-HIPAA” forms to comply with local requirements. In some states, state law is more stringent than HIPAA and must also be complied with even where HIPAA applies; in others, state law will apply even if HIPAA does not.

For example, New York Public Health Law Sections 17-18 regulate patient privacy and confidentiality and the New York State Department of Health advises on which sections of these laws apply as an overlay on HIPAA. California has the Confidentiality of Medical Information Act which also addresses patient privacy requirements and handling of medical records.

Our health care law attorneys counsel clients to determine their compliance obligations under both HIPAA and state law and helps meet these requirements by putting together appropriate compliance plans.