Health Information Technology - Data Privacy, Security, and Data Sharing

Overview

Healthcare data security and privacy remains a fundamental concern due to the intricate state and federal legal framework that governs the exchange of health information, including HIPAA and other federal patient data privacy laws and regulations, and the FTC’s Health Breach Notification Rule. These legal frameworks have established rigorous standards for healthcare privacy and security, encompassing patient privacy, data security, and breach response.

For organizations, adhering to these regulations represents a multifaceted challenge, necessitating frequent updates to policies and procedures, continual refinement of risk management strategies, and the implementation of comprehensive employee training programs to address evolving technological advancements and regulatory requirements. As technology evolves and regulatory requirements shift, healthcare organizations must remain vigilant and proactive in their efforts to meet these stringent standards and protect sensitive patient information.

Our team of data privacy attorneys has the extensive experience required to ensure your compliance with all relevant healthcare privacy and security regulations. We serve a diverse range of clients, from hospitals and other healthcare providers to health plans, healthcare platforms and health vendors of all types. Our comprehensive approach focuses on ensuring our clients are able to uses and disclose data to meet their operational needs and goals while safeguarding their regulated health data and positioning them to address unexpected data events.

Representative experience

• Assisted a large social services organization operating a mental health clinic in investigating a breach involving its EMR system, including responding to a subsequent OCR investigation triggered by the breach notification
• Counsel to privacy and security officers at multiple hospital systems, Federally Qualified Health Centers (FQHCs), and physician practices to assess privacy and security incidents, develop and update internal policies and procedures, assess business associate risks, address information block regulations, and advise on employee disciplinary matters
• Advise healthcare providers, including those focused on healthcare IT solutions, with issues relating to a patient’s right to access health information and integrating its pharmaceutical technology products with certain EHR vendors
• Assist hospital clients with OCR and state attorney general investigations, including a probe initiated in response to a patient complaint that the hospital had improperly disclosed patient information to a state agency, and another following employee postings of patient information
• Advise for-profit and not-for-profit healthcare vendors with healthcare data security and privacy compliance, including negotiating agreements involving the disclosure of protected health information and the secondary use of regulated health data and providing privacy and security compliance reviews
• Assist a national laboratory company in federal and state privacy issues related to its venture with a major pharmaceutical manufacturer to purchase and conduct rapid tests for COVID-19 via telehealth platform
• Advise higher education organizations on data privacy compliance related to COVID-19 testing and vaccination programs, disclosures of patient information by the student health service, and the privacy implications of arrangements with athletic trainers and ambulance providers for athletics programs
• Advises healthcare technology companies on compliance with HIPAA and HITECH including implementation of relevant policies and procedures, negotiating terms with the client’s customers, and assessing potential breaches

Recognition

• Named as a leading firm in Healthcare by Chambers USA in 2021; 31 healthcare lawyers ranked
• Nixon Peabody has been named a Tier 1 National firm for Health Care Law in the 2025 edition of Best Law Firms®.
• Recognized as a top law firm in Healthcare by the American Bar Association’s Health Law Section
• Ranked nationally as one of the largest healthcare firms by Modern Healthcare