Skip to main content

Health Information Privacy & Security

Protecting Your Most Sensitive Information

​Is your business a health care provider or payor, or a company doing business with these entities? If so, you face a complex framework of overlapping, often conflicting privacy and data security laws and regulations. And when an issue arises in connection with everyday business, it can present significant compliance and risk management issues — in the worst case, state and federal breach notification obligations. Our team is immersed in this ever-changing area of the law.

Sign up for insights

Share Awards

Our Approach

There's no shortage of rules on how identifiable health information may be accessed, used, and disclosed. HIPAA and other federal privacy laws, state privacy and data security laws, and a developing body of privacy-related common law all apply. Mintz has deep experience advising health care industry clients on health information privacy. Our team addresses matters ranging from day-to-day privacy and security compliance to the structure of complex, multiparty data aggregation and data sharing programs.

We're adept at helping you find the simplest, most streamlined approach to permissible access, use, and transfer of health information. Because simplicity is more than just efficient and cost-effective — it's the approach that facilitates compliance by reducing workforce confusion and the risk of error.

Areas of Focus
  • Internal investigations of employee HIPAA violations
  • Large and complex data acquisition, aggregation and warehousing efforts
  • Management of Office for Civil Rights (OCR) investigations and complaints
  • Compliance with subpoenas and third-party requests for health information
  • Privacy and security compliance review and remediation
  • OCR and third-party audit assistance
  • Incident response, including investigation, mitigation, and resolution of privacy and security breaches
Extensive Experience in Key Areas
  • HIPAA Privacy, Security, and Breach Notification Rules
  • Data breach and security incident response
  • The developing body of privacy-related common law
  • State privacy and data breach laws

Meet Mintz

We have deep experience advising clients on health information privacy and security issues — addressing everything from day-to-day compliance matters to structuring complex, multiparty data acquisition and exchange programs.