Health care privacy and security issues arise every day in connection with normal business operations, simple contracting issues, corporate transactions, and domestic and international business operations. They can present significant risk management issues and, in the worst case, state and federal breach notification obligations. Running afoul of federal and state privacy and security laws, can lead to your company being subject to government investigation, criminal and civil liability, seven-figure fines, and incalculable reputation damage.
Our Health Law attorneys are deeply involved in this ever-changing area of law. We have extensive, cross-disciplinary experience in the growing range of health care privacy and security laws, including the HIPAA Privacy and Security Rules, the HITECH provisions of the American Recovery and Reinvestment Act of 2009 (ARRA), the privacy provisions of the Communications Act, the Gramm-Leach-Bliley Act, the European Union Data Directive, state privacy and state data breach laws, and the evolving body of privacy-related common law.
We counsel our clients on strategic and tactical responses to federal and state legislative and regulatory developments in health care privacy and security. Our clients include health care providers and suppliers, pharmaceutical and medical device manufacturers, investors, IT vendors and health IT companies, web hosting companies, Health Information Exchanges (HIEs), and a wide variety of companies that incur regulatory and compliance obligations by providing services to the health care industry. We defend our clients in civil and criminal HIPAA enforcement actions. We also regularly handle state and federal litigation involving the privacy and security of health information data, including class action lawsuits prompted by data breaches.
To ensure our clients receive up-to-the-minute privacy and security news and analysis, we maintain a blog known as Privacy & Security Matters. In addition, our Health Law & Policy Matters blog also regularly reports on privacy and security developments specific to the health care industry.