HIPAA (Health Insurance Portability & Accountability Act)

Healthcare providers, billing companies, as well as software and technology companies that serve the healthcare industry—even Healthcare attorneys and accountants—are all subject to privacy and security requirements. The regulations under federal laws such as HIPAA and HITECH are complex and constantly evolving, as are the industry standards for what counts as a “reasonable” safeguard. Failure to comply can result in large fines, lawsuits, and business reputation damage that can be catastrophic.

HIPAA protects the privacy of individually identifiable health information about a patient that is transferred to or maintained by a healthcare provider. HIPAA rules protect the information itself, regardless of what form it takes. Voicemails, telephone conversations, emails, faxes, even oral conversations that can be overheard are protected under HIPAA. Oversights in office design, employee training, and software choices can all lead to HIPAA violations. Of particular concern in this age of ransomware attacks and computer hacking is protecting information stored digitally.

Jackson Walker assists healthcare providers, employers, insurers, vendors, and managed care plans in ensuring compliance with HIPAA, HITECH, and other state and federal privacy laws and regulations. Our attorneys have extensive knowledge of the systems, software, and security necessary to control how electronic health and benefit information is coded, stored, retained, and communicated. This knowledge is essential to helping clients avoid costly legal sanctions.

Our attorneys are nationally recognized for their experience with HIPAA matters, and are frequently called on to speak at conferences and seminars. We combine our deep knowledge of HIPAA and other privacy laws with broader experience in our Healthcare, Cybersecurity, Employee Benefits, and Litigation practices, to deliver tailor-made, cost-effective solutions to health information privacy and security issues.

Practice Highlights

• Represented a hospital in responding to a cyber-attack involving deployment of ransomware.
• Represented a medical school in responding to HIPAA breach involving a stolen notebook containing medical information.
• Represented multiple hospitals and medical practices in addressing data breach investigations by HHS’ Office for Civil Rights.
• Represented multiple clients in investigating and responding to potential and actual data breaches and security incidents.
• Drafted form HIPAA documents, including Policies and Procedures, Notices of Privacy Practices, Business Associate Agreements, and Authorizations, for physician members of the Texas Medical Association.

Attorneys

Jeffery P. Drummond

Partner, Dallas
214.953.5781

Phil Kim

Partner, Dallas
214.953.6081

News & Insights

Jackson Walker Expands Health Care Team With Sheppard Mullin Partner in Dallas | Texas Lawyer

Jackson Walker expanded its health care team by hiring Phil Kim, who handles transactional and regulatory matters for a wide range of health care clients. Phil joined Jackson Walker as a partner in the health care and life sciences group in Dallas.

Attorney News • October 10, 2025

Phil Kim Joins Jackson Walker’s Healthcare & Life Sciences Group as Partner

Jackson Walker is pleased to announce that Phil Kim has joined the firm as a partner in the Healthcare & Life Sciences group in our Dallas office. Phil is an accomplished Chambers-ranked healthcare attorney with extensive experience advising a broad range of healthcare industry stakeholders and providers on complex transactional and regulatory matters across the country.

Attorney News • October 8, 2025

Jeffrey Frost Presents “Medical Staff Counsel Unplugged”

On December 13, 2023, Jackson Walker partner Jeffrey H. Frost led a webinar for the Texas Society for Medical Service Specialists (TSMSS), where he shared insights from his 15 years of experience as in-house counsel overseeing a medical staff program for a health system comprising 25 hospitals, medical staffs, 5,000 aligned physicians, and numerous surgery centers.

Speaking Engagements • December 14, 2023

Jeffrey Frost to Discuss Preparing for the End of the Public Health Emergency

Jackson Walker partner Jeffrey H. Frost will join a panel discussion covering the end of the public health emergency (PHE) and the associated waivers. Jeff will be joined by fellow panelists Rick L. Hindmand (McDonald Hopkins) and Matthew K. Loughran (Reed Smith).

Speaking Engagements • April 4, 2023

Patient Blocks Exam Elements? Work With Them Before Turning Them Away | Part B News (Subscription Required)

Providers are usually obliged by contract and allowed by HIPAA to communicate an insured patient’s medical information to insurers. But, Jeff Drummond says, such patients may avail an exception in the HITECH Act that he calls the “hide rule,” by which “a patient may request that a health care provider not provide information relating to a particular service or treatment to an insurer for payment or health care operations purposes, so long as the patient has paid for the service or treatment in full, out of pocket, prior to making the request,” he says.

Mentions • January 17, 2022

Still Missing a New Leader, Former OCR Directors, Experts Offer Advice, Task List | Report on Patient Privacy

Issue a final rule revising the privacy regulation and write guidance on the information blocking rule. Formalize the fledgling audit program required by Congress more than 10 years ago. Engage with providers and other HIPAA-regulated entities. And by all means, get cracking.

Mentions • August 13, 2021

Is It Legal for Businesses to Require Customers to Be Vaccinated? | Daily Caller

On June 20, 2021, Foo Fighters will perform at Madison Square Garden with only vaccinated people allowed to attend the full-capacity concert. In a Daily Caller article discussing the legality of private businesses refusing services to customers based on their vaccination status, Jeff Drummond noted: “HIPAA isn’t an issue. HIPAA only applies to health plans, health care data translation companies (called “health care clearinghouses”), and most (but not all) health care providers. Airlines, restaurants, landlords, and non-health care business owners are not subject to HIPAA.”

Mentions • June 10, 2021

Jeff Drummond Discusses Vaccine Passports and Whether They Violate HIPAA Laws

Healthcare partner Jeff Drummond discusses COVID-19 vaccine passports and the protections provided to an individual.

Mentions • April 7, 2021

OCR Seeking Ways to Improve HIPAA, Respond to Value Concerns | Healthcare Risk Management

The Office for Civil Rights (OCR) is asking the public for ways to modify HIPAA regulations, specifically to drive cost savings and value, notes Jeff Drummond. The changes are intended to help HIPAA mesh better with coordinated care platforms and improve care coordination, he says.

Mentions • January 1, 2021

HIPAA Compliance a Concern as Working from Home Becomes Norm | Relias Media

Covered entities should ensure HIPAA compliance the same way they did pre-pandemic: by analyzing the risks and adopting safeguards that minimize those risks, Jeff Drummond mentioned in this article.

Mentions • July 30, 2020

More HIPAA (Health Insurance Portability & Accountability Act) News

Areas of Service

• Identification and resolution of HIPAA compliance violations
• Advice regarding maintenance of required HIPAA documentation
• Preparation and implementation of privacy and security policies and procedures to ensure that Protected Health Information (PHI) is kept private and secure
• Preparation of Notices of Privacy Practices
• Preparation of compliant consents, authorizations, and patient/beneficiary documentation
• Preparation and negotiation of Business Associate Agreements
• Initial and ongoing risk analysis and reviews
• Defense against HIPAA, HITECH, and other privacy claims
• Data breach and incident response, investigation, analysis, and litigation
• Cyber-insurance analysis, selection, and representation
• Employee and provider HIPAA training
• Updating agreements to comply with HIPAA and HITECH