HIPAA, HITECH & Omnibus Rule
HIPAA, HITECH & OMNIBUS RULE
Our unique combination of health industry smarts and deep regulatory understanding allows us to build and implement compliance solutions that are both realistic and resource-sensitive.
Stay connected to legal developments in digital health care and other health care law topics and events by signing up for our Health Law Alert.
HIPAA and state laws present the health care industry with stringent standards for patient privacy, data security, transactions and code sets. Compliance can require rethinking old procedures and systems and training employees to work and think differently. We help our clients rise to the challenge efficiently and affordably—whether they’re health care providers or entities that come into contact with protected health information.
We draw on extensive industry and regulatory know how to evaluate your current risk and find resource-sensitive compliance solutions. We also work with our clients to structure their transactions strategically, build compliant business associate programs that protect their interests and manage their litigation risk. And in the event of theft or loss of sensitive information, we’ll help you respond quickly and efficiently, take needed steps to avoid future incidents and guide you through any ensuing litigation or government investigation.
Who we work with
- Health care providers, pharmacies, laboratories and others who collect, transmit, store or have access to protected health information
- Business associates, including data storage companies, cloud vendors, EMR providers, software vendors, collection agencies and billing services (and their subcontractors)
- Companies with self-insured health plans
- Health information exchange organizations (HIEs), regional health information organizations (RHIOs), e-prescribing gateways and personal health record (PHR) vendors
- Patient safety organizations
- Law firms, law enforcement agencies, accounting firms and other professional advisors working with sensitive client information
- Companies at any stage of responding to privacy complaints or the theft or loss of data, whether intentional or accidental, including victims of hacking, disgruntled or negligent employees and natural disasters
- Recognized by Chambers USA as a nationwide leader in the Field of Privacy Law
- The Rhode Island Department of Health Founder’s Award, the Rhode Island Attorney General Justice Award and the Rhode Island Department of Health Award for Excellence in Public Health Promotion
- Serving as general counsel to the Rhode Island Quality Institute (RIQI), the first RHIO to implement a stringent privacy and security legal framework for its HIE and implement an opt-in consent for HIE participation. RIQI is the only entity in the country that received all three federal grants from the Office of the National Coordinator related to the implementation of health information technology, including the Regional Extension Center grant, the Health Information Exchange grant and the Beacon Communities grant.
- Developed and implemented HIPAA compliance programs for:
- Large hybrid entities
- Multiple physician groups and hospital systems
- Several RHIOs and HIEs
- Cloud vendors
- Software and EMR providers
- Patient portal products
- Worked with the Massachusetts Center for Health Information and Analysis to develop privacy and security policies related to the statewide All-Payer Claims Database and providing them with ongoing privacy and data security counsel
- Assisted multiple clients in developing patient portals, including practices and procedures, website policies, terms and conditions of use and patient participant agreements
- Participated in the Health Information Security and Privacy Collaboration (HISPC), a project funded by the National Governor's Association to develop best practices for the implementation of statewide health information exchanges
- Helped multiple health care entities navigate investigations conducted by the HHS Office for Civil Rights and state attorneys general
- Revised the policies, procedures and business associate agreements of several national health care providers and other large companies
- Built corporate privacy and security framework for several startup companies in the health care industry
- Counseled a pharmaceuticals company in corporate privacy and security issues and HIPAA compliance needs and provided worldwide employee privacy training
- Represented an electronic health records provider with software license issues and support agreements
- Provided emergency response and strategy for clients following the theft or loss of large amounts of sensitive information. Recent examples include:
- A lost laptop containing the protected health information of over 11,000 individuals from 31 different states
- Stolen paper medical records of 500 individuals
- Theft of 1.7 million patient records
- Misdirected e-mails containing personally identifiable and insurance information of over 3,000 employees
- Conducting extensive employee training initiatives in identifying and protecting high-risk data
- 6 Ways to Be a Go-To Firm for HIPAA Compliance
Law360 | April 29, 2016
Chicago health care partner Valerie Breslin Montague is included in this piece that looks at how attorneys are dealing with increasing Health Insurance Portability and Accountability Act (HIPAA) penalties and audits.
- OCR now focusing on business associate agreements
Health Data Management | March 22, 2016
Albany health care partner Laurie Cohen and Chicago health care partner Valerie Breslin Montague are quoted throughout this feature article discussing the HHS Office for Civil Rights’ increased efforts sanctioning healthcare covered entities with corrective action plans and financial fines for major violations of the HIPAA privacy and security rules.
- Preparing for HIPAA Compliance Audits: An Interview with Valerie Breslin Montague
Fertility Bridge | March 9, 2016
Chicago Health Care partner Valerie Breslin Montague is featured in this Q&A discussing Health Insurance Portability and Accountability Act (HIPAA) as it relates to digital media.