Leading Data Privacy and Cybersecurity Attorney William J. Roberts Joins Day Pitney's Hartford Office
Day Pitney Press Release
Compliance with Health Insurance Portability and Accountability Act (HIPAA) requirements can be an onerous process for hospitals and other healthcare providers, health plans and the business entities that work with them. Day Pitney lawyers have extensive experience in guiding all types of covered entities and business associates through their obligations under the HIPAA Privacy, Security and Breach Notification Rules. Our lawyers can provide useful tools and practical advice to address the spectrum of privacy and security concerns in today's challenging regulatory environment.
HIPAA Compliance Planning and Readiness Assessment
Data breaches affecting the healthcare industry have reached epidemic proportions and are not likely to abate anytime soon, making risk assessments, training of personnel and breach response planning critical. Equally important is assessing vendors’ security measures and their HIPAA policies and procedures, and entering into appropriate business associate agreements.
Businesses that maintain or access “protected health information” are well advised to identify areas of vulnerability and follow best practices, both internally and in contracting with vendors and other third parties. Day Pitney lawyers prepare HIPAA Policies and Procedures Manuals and other compliance controls for healthcare entities, and business associate agreements to document their relationships with their outside contractors, to help facilitate HIPAA compliance, optimize risk allocation, and reduce the likelihood or potential severity of a federal penalty.
To help clients evaluate compliance with federal guidelines and readiness for a HIPAA audit by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR), Day Pitney has developed a cybersecurity toolkit, including a self-assessment protocol that is based on the published OCR HIPAA audit program protocol and a template incident response plan that incorporates best industry practices. Once an organization has completed development of policies and protocols, our lawyers can assist in training employees to facilitate compliance and preparedness at all levels.
Our lawyers also review vendor contracts to address loss allocation and other provisions that can impact the risks associated with vendor security incidents or breaches.
Data Breach and Litigation Response
In the event of a data breach, our cross-disciplinary legal team provides rapid and comprehensive incident response under the protection of the attorney-client privilege. By maintaining close relationships with the governmental agencies that investigate data protection and privacy matters, as well as a network of forensic and technical experts, the Day Pitney team can assist in effectively investigating data breach incidents and managing the activities of outside experts, law enforcement authorities, and state and federal regulators. We help healthcare institutions determine the source and scope of the breach, assess regulatory compliance requirements, manage notifications and call centers, and conduct after-action review.
Notwithstanding the best planning and response, data breaches may sometimes lead to litigation. The Day Pitney response team includes litigators who work together to respond quickly to both regulatory investigations and civil litigation that may follow a data breach.
Regulatory Assistance
When the OCR comes knocking to investigate a HIPAA complaint or potential violation, the Day Pitney team is prepared to support your response and will work with you to reduce the likelihood or potential severity of a federal penalty.
Day Pitney Healthcare Attorneys Shannon K. Cohall and Susan R. Huntington authored the article, "New Warning for Providers: U.S. Department of Health and Human Services Issue New Guidance on Data Risks Associated with Websites and Portals," for The Journal of Federal Agency Action.
Susan Huntington authored a chapter, "Enterprise Risk Approach to Successful Population Management," in the recently published third edition of the "Enterprise Risk Management Handbook for Health Care Entities."
On November 2, Susan Huntington and Eric Fader will be speaking at a webinar jointly sponsored by Day Pitney and Wolf & Co. "Business Associates Are Under a Microscope - Are You Prepared?"
Susan Huntington, James Bowers and Eric Fader wrote an article, "HIPAA Enforcement Gets Serious – Are You Ready?" for the Summer 2016 issue of MiraMed Focus. The article reviews recent data breaches in the healthcare industry and the heightened enforcement actions by the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services resulting from violations of the Health Insurance Portability and Accountability Act (HIPAA). The article also covers best practices for healthcare providers to satisfy the requirements of the upcoming OCR audits.
Day Pitney Press Release
Susan Huntington was interviewed by anchor Matt Maisel in the Fox-affiliate station WMPT Fox 43 segment "COVID-19 controversy at Pa. Capitol calls into question employer obligations and limitations in telling workers about positive test," discussing employers obligations in disclosing positive tests to employees.
Susan Huntington and George Mikhail were quoted in an article, "STRATEGIC PERSPECTIVES: U.S. Supreme Court Decides Allina and Analysis, Predictions Follow," published in Health Law Daily by Wolters Kluwer Legal & Regulatory U.S. Following the U.S. Supreme Court decision in Azar v. Allina Health Services, the article provides an overview of the court's decision and perspective on what it means for providers.
Susan Huntington, chair of the firm's Healthcare and Life Sciences practice group, was quoted in an article, "Attorneys React To High Court's HHS Rulemaking Decision," published by Law360.
Susan Huntington and Eric Fader were quoted in an article, "Growing HIPAA Focus Leads To Fresh Compliance Options," published in Law360.
Copyright © 2024 Day Pitney LLP, all rights reserved.