Share Print Page

Contacts

HIPAA, HITECH & Omnibus Rule

Related Practices

Brochures

Rankings & Honors

  • U.S. News/Best Lawyers has named Nixon Peabody “Law Firm of the Year” in Health Care Law in 2016
  • “Deal of the Year” for Health Care Financing by The Bond Buyer for Presence Health Network 2016 bond offering
  • Ranked nationally in U.S. News/Best Lawyers “Best Law Firms” in Health Care Law and received metropolitan rankings in Health Care Law in Albany, Boston, Chicago, Los Angeles, New York City and Rhode Island
  • Ranked in Illinois, Massachusetts and New York for Healthcare in Chambers USA: America’s Leading Lawyers for Business
  • Ranked nationally by Modern Healthcare—Largest Healthcare Law Firm
  • Recognized lawyers by Best Lawyers in America in the field of Health Care law
  • Recognized lawyers by Super Lawyers in the area of Health Care law
  • Recognized by the American Bar Association’s Health Law Section in its Annual Regional Law Firm Recognition Program
  • Recommended in The Legal 500 United States 2016
NP Privacy Partner

NP Privacy Partner
Staying ahead in a data-driven world

 

HIPAA, HITECH & OMNIBUS RULE

Our unique combination of health industry smarts and deep regulatory understanding allows us to build and implement compliance solutions that are both realistic and resource-sensitive.

Stay connected to legal developments in digital health care and other health care law topics and events by signing up for our Health Law Alert.

Our approach

HIPAA and state laws present the health care industry with stringent standards for patient privacy, data security, transactions and code sets. Compliance can require rethinking old procedures and systems and training employees to work and think differently. We help our clients rise to the challenge efficiently and affordably—whether they’re health care providers or entities that come into contact with protected health information.

We draw on extensive industry and regulatory know how to evaluate your current risk and find resource-sensitive compliance solutions. We also work with our clients to structure their transactions strategically, build compliant business associate programs that protect their interests and manage their litigation risk. And in the event of theft or loss of sensitive information, we’ll help you respond quickly and efficiently, take needed steps to avoid future incidents and guide you through any ensuing litigation or government investigation.

Who we work with

  • Health care providers, pharmacies, laboratories and others who collect, transmit, store or have access to protected health information
  • Business associates, including data storage companies, cloud vendors, EMR providers, software vendors, collection agencies and billing services (and their subcontractors)
  • Companies with self-insured health plans
  • Health information exchange organizations (HIEs), regional health information organizations (RHIOs), e-prescribing gateways and personal health record (PHR) vendors
  • Patient safety organizations
  • Law firms, law enforcement agencies, accounting firms and other professional advisors working with sensitive client information
  • Companies at any stage of responding to privacy complaints or the theft or loss of data, whether intentional or accidental, including victims of hacking, disgruntled or negligent employees and natural disasters

Recognition

  • Recognized by Chambers USA as a nationwide leader in the Field of Privacy Law
  • The Rhode Island Department of Health Founder’s Award, the Rhode Island Attorney General Justice Award and the Rhode Island Department of Health Award for Excellence in Public Health Promotion

Recent experience

  • Serving as general counsel to the Rhode Island Quality Institute (RIQI), the first RHIO to implement a stringent privacy and security legal framework for its HIE and implement an opt-in consent for HIE participation. RIQI is the only entity in the country that received all three federal grants from the Office of the National Coordinator related to the implementation of health information technology, including the Regional Extension Center grant, the Health Information Exchange grant and the Beacon Communities grant.
  • Developed and implemented HIPAA compliance programs for:
    • Large hybrid entities
    • Multiple physician groups and hospital systems
    • Several RHIOs and HIEs
    • Cloud vendors
    • Software and EMR providers
    • Patient portal products
  • Worked with the Massachusetts Center for Health Information and Analysis to develop privacy and security policies related to the statewide All-Payer Claims Database and providing them with ongoing privacy and data security counsel
  • Assisted multiple clients in developing patient portals, including practices and procedures, website policies, terms and conditions of use and patient participant agreements
  • Participated in the Health Information Security and Privacy Collaboration (HISPC), a project funded by the National Governor's Association to develop best practices for the implementation of statewide health information exchanges
  • Helped multiple health care entities navigate investigations conducted by the HHS Office for Civil Rights and state attorneys general
  • Revised the policies, procedures and business associate agreements of several national health care providers and other large companies
  • Built corporate privacy and security framework for several startup companies in the health care industry
  • Counseled a pharmaceuticals company in corporate privacy and security issues and HIPAA compliance needs and provided worldwide employee privacy training
  • Represented an electronic health records provider with software license issues and support agreements
  • Provided emergency response and strategy for clients following the theft or loss of large amounts of sensitive information. Recent examples include:
    • A lost laptop containing the protected health information of over 11,000 individuals from 31 different states
    • Stolen paper medical records of 500 individuals
    • Theft of 1.7 million patient records
    • Misdirected e-mails containing personally identifiable and insurance information of over 3,000 employees
  • Conducting extensive employee training initiatives in identifying and protecting high-risk data

Media Clips

  • 6 Ways to Be a Go-To Firm for HIPAA Compliance
    Law360 | April 29, 2016
    Chicago health care partner Valerie Breslin Montague is included in this piece that looks at how attorneys are dealing with increasing Health Insurance Portability and Accountability Act (HIPAA) penalties and audits.
  • OCR now focusing on business associate agreements
    Health Data Management | March 22, 2016
    Albany health care partner Laurie Cohen and Chicago health care partner Valerie Breslin Montague are quoted throughout this feature article discussing the HHS Office for Civil Rights’ increased efforts sanctioning healthcare covered entities with corrective action plans and financial fines for major violations of the HIPAA privacy and security rules.
  • Preparing for HIPAA Compliance Audits: An Interview with Valerie Breslin Montague
    Fertility Bridge | March 9, 2016
    Chicago Health Care partner Valerie Breslin Montague is featured in this Q&A discussing Health Insurance Portability and Accountability Act (HIPAA) as it relates to digital media.
  • . . . View all . . .
  • Walgreen Case Opens Door for State Law HIPAA Claims
    Law360 | November 25, 2014
    Providence partner and leader of the firm’s Privacy & Data Protection group Linn Freedman authored this piece discussing new openings for state law claims of Health Insurance Portability and Accountability Act violations against covered entities and business associates.
  • Wearable Wellness
    HR Executive | October 1, 2014
    San Francisco Labor & Employment associate Alexandra Devendra is quoted in this feature story on personal health information confidentiality and HIPAA’s nondiscrimination provision concerning employee use of wearable devices.

Ideas

What's trending on NP Privacy Partner
NP Privacy Partner | December 16, 2016

Regulators warn of FTC Act implications for deceptive HIPAA authorizations
Health Care Alert | October 31, 2016

. . . View all . . .

What's trending on NP Privacy Partner
NP Privacy Partner | October 28, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | October 14, 2016

OCR issues new guidance on HIPAA and cloud computing
Health Care Alert | October 12, 2016

OCR issues new FAQ addressing business associate conduct
Health Care Alert | October 4, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | September 30, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | September 16, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | August 26, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | August 19, 2016

OCR issues additional HIPAA audit guidance
Health Care Alert | August 3, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | July 29, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | July 15, 2016

OCR Releases HIPAA Guidance on Ransomware
Health Care Alert | July 15, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | July 8, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | June 24, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | June 17, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | June 10, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | May 27, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | May 20, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | May 13, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | May 6, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | April 29, 2016

Fourth Circuit: insurer has obligation to provide defense under CGL policy to data breach claim
Health Care Litigation Alert | April 25, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | April 22, 2016

Webinar Recording: Best Practices for HIPAA Compliance in 2016: Navigating the Landscape of Audits, Breaches, and Enforcement
Originally recorded on April 19, 2016 | April 21, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | April 8, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | April 1, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | March 25, 2016

OCR announces start of Phase 2 HIPAA Audit Program
HIPAA Alert | March 22, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | March 18, 2016

OCR uses latest resolution agreement to emphasize requirement to enter into business associate agreements prior to providing access to PHI
Health Care Alert | March 17, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | March 11, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | March 4, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | February 12, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | January 29, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | January 22, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | January 15, 2016

What's trending on NP Privacy Partner
NP Privacy Partner | December 11, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | November 25, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | November 20, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | November 13, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | October 23, 2015

What's trending on NP Privacy Partner
NP Private Partner | October 16, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | October 9, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | October 2, 2015

What's trending on NP Privacy Partner
September 18, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | September 11, 2015

Stolen ePHI results in $750,000 penalty for physician practice found to be in "widespread non-compliance" with HIPAA
Health Care Alert | September 3, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | August 28, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | August 7, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | July 31, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | July 24, 2015

Breach of ePHI results in fine and corrective action plan for Massachusetts hospital
Health Care Alert | July 24, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | July 17, 2015

ERISA plan fiduciaries respond to health plan data breaches in 2015
ERISA Alert | June 30, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | June 12, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | May 22, 2015

CDC issues data brief showing enhanced EHR adoption in hospital emergency and outpatient departments
February 27, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | February 6, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | January 30, 2015

President Obama's proposals for a safe, secure cyberspace
Privacy Alert | January 20, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | January 8, 2015

What's trending on NP Privacy Partner
NP Privacy Partner | December 19, 2014

What's trending on NP Privacy Partner
NP Privacy Partner | December 12, 2014

Newest OCR settlement: Health center agrees to $150,000 payment for Security Rule violations
HIPAA Alert | December 10, 2014

What's trending on NP Privacy Partner
NP Privacy Partner | November 21, 2014

Appeals Court affirms $1.4M jury verdict against Walgreen Company
HIPAA Alert | November 19, 2014

What's trending on NP Privacy Partner
NP Privacy Partner | November 14, 2014

OCR provides guidance on HIPAA in public health emergencies
Health Care Alert | November 12, 2014

What's trending on NP Privacy Partner
NP Privacy Partner | October 31, 2014

What's trending on NP Privacy Partner
NP Privacy Partner | October 17, 2014

Webinar Recording: Tech Talk 101: are you fluent in the language of data security?
Originally recorded October 8, 2014 | October 14, 2014

What's trending on NP Privacy Partner
NP Privacy Partner | October 3, 2014

What's trending on NP Privacy Partner
NP Privacy Partner | September 26, 2014

What's trending in data privacy & security
Privacy Alert | June 27, 2014

Wearables in the workplace: three traps for unsuspecting employers
Employment Law Alert | May 6, 2014

What's trending in data privacy & security
Privacy Alert | April 25, 2014

"Encryption is your best defense": covered entities agree to pay over $2 million for stolen unencrypted laptops
HIPAA Alert | April 24, 2014

The Microsoft Windows XP security update expired on April 8—our recommendations to identify your risk and avoid pitfalls
HIPAA Alert | April 11, 2014

New OCR Security Risk Assessment Tool offers help for small and medium practices to comply with the Security Rule
HIPAA Alert | April 2, 2014

What's trending this week in privacy & data security
Privacy Alert | March 28, 2014

ONC issues proposed 2015 Edition Electronic Health Record Certification Criteria
Health Information Technology Alert | March 20, 2014

First HIPAA settlement with county government: Skagit County, Washington Public Health Department settles with HHS for $215,000
HIPAA Law Alert | March 12, 2014

Providers beware: HHS guidance for release of mental health information may be preempted by more protective state laws
HIPAA Alert | February 28, 2014

Final Rule for amendment to HIPAA and CLIA regulations allow patients to request lab reports directly from laboratories
HIPAA Alert | February 7, 2014

Decision that HIPAA regulated entities are subject to FTC enforcement forces medical laboratory company to ‘wind down'
Privacy Alert | January 31, 2014

. . . Hide Thought Leadership. . .

Press

Events

HITECH & Omnibus Rule,HIPAA