HIPAA (Health Insurance Portability & Accountability Act)

Healthcare providers, billing companies, as well as software and technology companies that serve the healthcare industry—even Healthcare attorneys and accountants—are all subject to privacy and security requirements. The regulations under federal laws such as HIPAA and HITECH are complex and constantly evolving, as are the industry standards for what counts as a “reasonable” safeguard. Failure to comply can result in large fines, lawsuits, and business reputation damage that can be catastrophic.

HIPAA protects the privacy of individually identifiable health information about a patient that is transferred to or maintained by a healthcare provider. HIPAA rules protect the information itself, regardless of what form it takes. Voicemails, telephone conversations, emails, faxes, even oral conversations that can be overheard are protected under HIPAA. Oversights in office design, employee training, and software choices can all lead to HIPAA violations. Of particular concern in this age of ransomware attacks and computer hacking is protecting information stored digitally.

Jackson Walker assists healthcare providers, employers, insurers, vendors, and managed care plans in ensuring compliance with HIPAA, HITECH, and other state and federal privacy laws and regulations. Our attorneys have extensive knowledge of the systems, software, and security necessary to control how electronic health and benefit information is coded, stored, retained, and communicated. This knowledge is essential to helping clients avoid costly legal sanctions.

Our attorneys are nationally recognized for their experience with HIPAA matters, and are frequently called on to speak at conferences and seminars. We combine our deep knowledge of HIPAA and other privacy laws with broader experience in our Healthcare, Cybersecurity, Employee Benefits, and Litigation practices, to deliver tailor-made, cost-effective solutions to health information privacy and security issues.

Practice Category

  • Represented a hospital in responding to a cyber-attack involving deployment of ransomware.
  • Represented a medical school in responding to HIPAA breach involving a stolen notebook containing medical information.
  • Represented multiple hospitals and medical practices in addressing data breach investigations by HHS’ Office for Civil Rights.
  • Represented multiple clients in investigating and responding to potential and actual data breaches and security incidents.
  • Drafted form HIPAA documents, including Policies and Procedures, Notices of Privacy Practices, Business Associate Agreements, and Authorizations, for physician members of the Texas Medical Association.
Vaccination medical syringe with Jackson Walker logo

June 10, 2021
Mentions

Is It Legal for Businesses to Require Customers to Be Vaccinated? | Daily Caller

On June 20, 2021, Foo Fighters will perform at Madison Square Garden with only vaccinated people allowed to attend the full-capacity concert. In a Daily Caller article discussing the legality of private businesses refusing services to customers based on their vaccination status, Jeff Drummond noted: “HIPAA isn’t an issue. HIPAA only applies to health plans, health care data translation companies (called “health care clearinghouses”), and most (but not all) health care providers. Airlines, restaurants, landlords, and non-health care business owners are not subject to HIPAA.”

Jeff Drummond with Jackson Walker logo

April 7, 2021
Mentions

Jeff Drummond Discusses Vaccine Passports and Whether They Violate HIPAA Laws

Healthcare partner Jeff Drummond discusses COVID-19 vaccine passports and the protections provided to an individual.

July 30, 2020
Mentions

HIPAA Compliance a Concern as Working from Home Becomes Norm | Relias Media

Covered entities should ensure HIPAA compliance the same way they did pre-pandemic: by analyzing the risks and adopting safeguards that minimize those risks, Jeff Drummond mentioned in this article.

July 2, 2020
Mentions

Prepare for Closer HIPAA Scrutiny of Telehealth as States and Practices Cautiously Reopen | Part B News

As states and medical practices slowly reopen and return to normal, the HHS Office for Civil Rights (OCR) will likely end its COVID-19 public health emergency telehealth waivers that were instituted in March.

Fast Takes - Jeff Drummond

April 15, 2020
Podcasts

The Flexibility of Privacy Rules During COVID-19

Jeff Drummond discusses how the government is clarifying its flexible guidelines on how industries may apply privacy rules during this pandemic, and how once the emergency goes away, the rules will most likely return to their more rigid application.

April 9, 2020
Mentions

OCR: CEs May Offer COVID-19 Patient ‘List’ to First Responders | Report on Patient Privacy

Dallas partner Jeff Drummond was quoted in the Health Care Compliance Association’s Report on Patient Privacy about concerns related to providing lists of COVID-19-positive patients to first responders.

Jeff Drummond

March 18, 2020
Insights

HIPAA Enforcement Authorities Allow Skype, Facetime for Provider-Patient Telehealth Services

OCR has issued a Notice of Enforcement Discretion relating to the use of telehealth remote communications by healthcare providers.

April 11, 2018
Mentions

Healthcare Partner Jeff Drummond Speaks on HIPAA Criminal Prosecutions and Liability for Employers

Criminal prosecutions for violations of patient privacy under the Health Insurance Portability and Accountability Act (HIPAA) have been relatively rare since its enactment in 1996.

March 15, 2017
Mentions

New Jersey HIPAA Settlement Signals Upsurge in State Enforcement

A $1.1 million settlement between Horizon Healthcare, Inc. and the state of New Jersey has raised the stakes for HIPAA-covered entities throughout the country, according to Jackson Walker healthcare attorney Jeff Drummond.

More HIPAA (Health Insurance Portability & Accountability Act) News

  • Identification and resolution of HIPAA compliance violations
  • Advice regarding maintenance of required HIPAA documentation
  • Preparation and implementation of privacy and security policies and procedures to ensure that Protected Health Information (PHI) is kept private and secure
  • Preparation of Notices of Privacy Practices
  • Preparation of compliant consents, authorizations, and patient/beneficiary documentation
  • Preparation and negotiation of Business Associate Agreements
  • Initial and ongoing risk analysis and reviews
  • Defense against HIPAA, HITECH, and other privacy claims
  • Data breach and incident response, investigation, analysis, and litigation
  • Cyber-insurance analysis, selection, and representation
  • Employee and provider HIPAA training
  • Updating agreements to comply with HIPAA and HITECH

Practice Category