Even before the adoption of the Health Insurance Portability and Accountability Act (“HIPAA”) and the initial regulations, HDJN attorneys have been advising clients on standards for privacy and security of medical records. In addition to extensive experience in advising clients about the basic privacy standards under HIPAA, HDJN attorneys regularly help clients to navigate state law standards relating to medical records and patient information and standards for alcohol and drug treatment programs under 42 C.F.R. Part 2. HDJN’s services include responding to day-to-day questions regarding use and disclosure of protected health information, preparation of HIPAA-mandated policies and procedures, assistance in responding to complaints filed with the Office for Civil Rights, HIPAA audit responses and assistance in reporting and management of breaches under HIPAA. Further, unlike some firms with experience only in providing compliance guidance, HDJN’s attorneys also have experience in defending providers in malpractice and other claims filed directly by patients alleging violations of privacy rights. Having both compliance attorneys and litigators in a single firm can avoid circumstances where a healthcare provider has to deal with one firm for policy updates and compliance advice, and a different firm for defense of patient claims.
In addition to helping clients address privacy standards, HDJN regularly assists clients on compliance with the HIPAA security standards as well. HDJN’s experience relating to information technology can be valuable in completing gap/risk assessments, as well as the development of security policies and procedures. While healthcare providers cannot adequately manage compliance with the HIPAA security standards without involvement of IT personnel, HIPAA security is not just “an IT issue” and HDJN has worked with providers, IT departments, central business office personnel, and other administrative and clinical personnel in establishment, implementation and management of security protocols. Analysts indicate that healthcare providers are among the most vulnerable and potentially lucrative targets for cyberattacks and efforts to steal credit information and other valuable information, and while these attacks can be difficult to prevent entirely, it is imperative for providers to use appropriate efforts to avoid breaches and to be in a position to show that the provider has been diligent in preventing compromises of information, where unavoidable problems do arise.
HIPAA/Privacy & Security Services:
- Preparing and Updating Policies and Procedures
- Management of HIPAA Breach Reporting
- Preparing and Updating Business Associate Agreements
- Notices of Privacy Practices
- Compliance with 42 CFR Part 2 Regulations for Drug and Alcohol Treatment/Abuse Information
- Responding to Complaints
- Responding to Requests for Information from the Office for Civil Rights (OCR)
- Management of Requests for Accountings/Access Reports
- Management of Requests for Restrictions on Disclosures
- Responding to Authorization Forms
- Compliance with State Confidentiality Requirements
- Responding to Security Audits
- Management of Inappropriate Access to Electronic Health Records by Medical Staff and Other Individuals
- Permissibility of Uses and Disclosures of Protected Health Information
From hospitals and health systems, to physician practices, to post-acute care providers, HDJN can help.