Two surgeons in dimly lit OR reviewing patient scan

Health Privacy, Security & HIPAA

As illustrated by news of breaches that come to light almost weekly, health care providers are facing unprecedented cybersecurity and data protection issues. Our data privacy and security team continually monitors the ever-changing landscape of risks and threats as well as state and federal legislation and regulatory enforcement. We assist health care providers and their business associates in both preventing breaches and handling compliance issues when they arise.

Our Focus

As technology continues to develop, myriad avenues for security and privacy breaches expanded to include medical devices, telehealth, electronic health records, payment systems, and connections with patients’ outside vendors. Given our depth of knowledge of experience in dealing with health privacy and security issues as well as emerging technologies, we are able to help clients navigate these difficult issues.

ArentFox Schiff’s experienced team of health privacy and security attorneys counsel health care clients on all aspects of the European Union General Data Protection Regulation (GDPR), HIPAA, and similar state laws governing health privacy and security concerns.

Our experience and work for clients include:

  • Development of compliance programs consistent with HIPAA standards and best practices.
  • Negotiation and organization of arrangements for the disclosure and exchange of health information including business associate, data use, and electronic data interchange agreements.
  • HIPAA and health information privacy training.
  • Investigation and analysis of breaches and other security incidents and assistance with meeting applicable notification requirements.
  • Response to audit requests and investigations conducted by HHS’s Office of Civil Rights and state agencies as well as representation of clients in enforcement actions.
  • Advising clinical trial sponsors and managers with respect to the collection and disclosure of health data as part of clinical research studies. 

Our Approach

Given our knowledge of privacy and security laws along with the depth of our HIPAA experience, we are uniquely positioned to provide clients with comprehensive, cost-effective, and practical solutions to incorporate new HIPAA, HITECH, and state law requirements into existing compliance programs, assess their obligations under the new data breach notification requirements, and unravel the complex HIPAA issues. Clients facing a HIPAA enforcement action can turn to ArentFox Schiff with confidence, as our team was involved in the successful resolution of one of the largest HIPAA enforcement cases to date.

How We Help

  • Covered Entity and Business Associate analyses.
  • Cyber audits, privacy, and post-breach counseling.
  • Government relations intelligence, advice, and advocacy.
  • Investigations and enforcement actions.
  • Technology agreements and cross-border transfer issues.
  • Strategic planning and internal protocols.
  • Compliance and best practices, including incorporation of new HIPAA, HITECH, and state requirements.

Key Contacts