Health care privacy and security issues arise every day in connection with normal business operations, simple contracting issues, corporate transactions, and domestic and international business operations. They can present significant risk management issues and, in the worst case, state and federal breach notification obligations. Running afoul of federal and state privacy and security laws, can lead to your company being subject to government investigation, criminal and civil liability, seven-figure fines, and incalculable reputation damage.

Our Health Law attorneys are deeply involved in this ever-changing area of law. We have extensive, cross-disciplinary experience in the growing range of health care privacy and security laws, including the HIPAA Privacy and Security Rules, the HITECH provisions of the American Recovery and Reinvestment Act of 2009 (ARRA), the privacy provisions of the Communications Act, the Gramm-Leach-Bliley Act, the European Union Data Directive, state privacy and state data breach laws, and the evolving body of privacy-related common law.

We counsel our clients on strategic and tactical responses to federal and state legislative and regulatory developments in health care privacy and security. Our clients include health care providers and suppliers, pharmaceutical and medical device manufacturers, investors, IT vendors and health IT companies, web hosting companies, Health Information Exchanges (HIEs), and a wide variety of companies that incur regulatory and compliance obligations by providing services to the health care industry. We defend our clients in civil and criminal HIPAA enforcement actions. We also regularly handle state and federal litigation involving the privacy and security of health information data, including class action lawsuits prompted by data breaches.

To ensure our clients receive up-to-the-minute privacy and security news and analysis, we maintain a blog known as Privacy & Security Matters. In addition, our Health Law & Policy Matters blog also regularly reports on privacy and security developments specific to the health care industry.

Sort by: Name Title Office

Dianne J. Bourque

Member

Boston

617.348.1614

e-mail
vCard

Kimberly J. Gold

Associate

New York

212.692.6706

e-mail
vCard

Thomas M. Greene

Member

Boston

617.348.1886

e-mail
vCard

Ellen L. Janos

Member

Boston

617.348.1662

e-mail
vCard

M. Daria Niewenhous

Member

Boston

617.348.4865

e-mail
vCard

Kate F. Stewart

Associate

Boston

617.348.4427

e-mail
vCard

Stephanie D. Willis

Associate

Washington, DC

202.434.7437

e-mail
vCard

Representative Experience

Advised multiple health information technology service providers on compliance with new regulatory obligations under the Health Information Technology for Economic and Clinical Health (HITECH) Act.
Designed, implemented, and delivered an employee privacy and security training program for a specialty physician practice under investigation by the Department of Justice.
Counseled a hospital following the loss of paper-based mental health records on mitigation of harm, reporting to patients and regulatory authorities, and negotiation with state authorities following disclosure of the incident.
Served as counsel to a health care provider on the investigation and mitigation of a data breach involving more than 20,000 patients of a large hospital.
Assisted a biotech company on the acquisition and use of national and international clinical data to build a data repository to support research and development activities.
Represented a US-based pharmaceutical company with the establishment of an international data registry to support clinical research

«
»

02.15.2013

Advisory The New HIPAA Omnibus Rule & Your Liability Alden J. Bianchi, Dianne J. Bourque, Kimberly J. Gold and Cynthia J. Larose
02.01.2013

Health Lawyers Weekly Finally! HHS Office for Civil Rights Releases HIPAA Omnibus Rule with Sweeping Changes to Compliance Requirements and Enforcement Dianne J. Bourque, Kimberly J. Gold and Stephanie D. Willis
01.18.2013

Privacy & Security HIPAA Compliance Alert Finally! HHS Office of Civil Rights Releases HIPAA Omnibus Rule With Sweeping Changes to Compliance Requirements and Enforcement Dianne J. Bourque and Stephanie D. Willis
12.01.2012

Compliance Today Utilizing the HIPAA Audit Protocols as a Compliance Tool Kimberly J. Gold
09.24.2012

HealthData Management Attorneys Detail BYOD Issues in Health Care Dianne J. Bourque discuss the use of employee-owned devices for business purposes—a concept known as "bring-your-own-device" or BYOD. Ms. Bourque and Mr. Bentfield analyze the risks associated with BYOD programs and offer suggestions for developing and implementing such programs.

«
»

04.16.2013

HealthITSecurity HIPAA Omnibus Rules Already Influencing Covered Entities Dianne J. Bourque discusses how the new rules have already begun impacting covered entities and BAs alike since they took effect in January.
04.15.2013

Law360 5 HIPAA Blunders to Avoid At All Costs Dianne J. Bourque
04.12.2013

Law360 11th Circ. Ruling Charts HIPAA Preemption Road Map Dianne J. Bourque
03.27.2013

Law360 7 Steps to Get HIPAA-Compliant Now Dianne J. Bourque
01.29.2013

Health IT Security Will HIPAA Omnibus Subcontractor Rules Reduce Data Breaches? Dianne J. Bourque is quoted discussing the implications of the new HIPAA Omnibus rule.
01.23.2013

InsideHealthPolicy.com Final HIPAA Final Rule Stricter than Interim Regulation on Data Protection Dianne J. Bourque is quoted discussing the recently released final HIPAA Omnibus rule.
01.23.2013

Law360 HIPPA Update will Shake up Marketing, Fundraising Efforts Dianne J. Bourque
01.23.2013

Associated Press Medical Privacy Rules Get an Update Dianne J. Bourque discusses the increased privacy protections under the new HIPAA Omnibus rule.
01.23.2013

AMN Healthcare What 2013 Holds for the Healthcare Workforce Dianne J. Bourque is quoted discussing the impact that the new HITECH provisions will have on the health care industry.
08.30.2012

PhysBizTech Concerns Raised about Stage 2 Measures beyond Physicians’ Control Dianne J. Bourque is quoted discussing the Stage 2 meaningful use final rule.
08.28.2012

Search HealthIT Impact of Stage 2 Meaningful Use Rules to be Big, But Surprises are Few Dianne J. Bourque is quoted discussing the finalized Stage 2 meaningful use rules. Ms. Bourque explains that the rule that extends the deadline for meeting the requirements of Stage 2 will be beneficial to the health care industry.
08.27.2012

Law360 Docs Face Tricky Task in Patient Access E-Records Goals Dianne J. Bourque
08.24.2012

Computerworld Feds Give Break in Electronic Health Records Dianne J. Bourque is quoted discussing the final electronic health records (EHR) certification criteria for Stage 2 of Meaningful Use.
11.11.2011

Mintz Levin Attorney Ellen Janos to Speak at ACI Life Sciences Compliance Boot Camp
09.20.2011

Mintz Levin Attorney Dianne J. Bourque to Present at National HIPAA Summit West

Upcoming

06.05.2013

The HIPAA Omnibus Rule: Best Practices for Compliance New York State Bar Association, New York, NY

Past

03.19.2013

Business Associate Agreements and the New HIPAA Rule Strafford Publications, Webinar
03.14.2013

HIPAA – What You Should Know about the Final Rules Boston Bar Association, Boston, MA
01.30.2013

The New HIPAA Omnibus Rule & Your Liability Mintz Levin, Webinar
01.29.2013

De-Identifying Protected Health Information Strafford Publications, Webinar
07.16.2012

CableLabs Cable Television Laboratories, Inc., Louisville, CO

Practices

Health Law

Privacy & Security – HIPAA Compliance

Dianne J. Bourque

Member

Kimberly J. Gold

Associate

Thomas M. Greene

Member

Ellen L. Janos

Member

M. Daria Niewenhous

Member

Kate F. Stewart

Associate

Stephanie D. Willis

Associate

Representative Experience

Upcoming

Past

Contact

Email This Page