HIPAA (Health Insurance Portability & Accountability Act)

Healthcare providers, billing companies, as well as software and technology companies that serve the healthcare industry—even Healthcare attorneys and accountants—are all subject to privacy and security requirements. The regulations under federal laws such as HIPAA and HITECH are complex and constantly evolving, as are the industry standards for what counts as a “reasonable” safeguard. Failure to comply can result in large fines, lawsuits, and business reputation damage that can be catastrophic.

HIPAA protects the privacy of individually identifiable health information about a patient that is transferred to or maintained by a healthcare provider. HIPAA rules protect the information itself, regardless of what form it takes. Voicemails, telephone conversations, emails, faxes, even oral conversations that can be overheard are protected under HIPAA. Oversights in office design, employee training, and software choices can all lead to HIPAA violations. Of particular concern in this age of ransomware attacks and computer hacking is protecting information stored digitally.

Jackson Walker assists healthcare providers, employers, insurers, vendors, and managed care plans in ensuring compliance with HIPAA, HITECH, and other state and federal privacy laws and regulations. Our attorneys have extensive knowledge of the systems, software, and security necessary to control how electronic health and benefit information is coded, stored, retained, and communicated. This knowledge is essential to helping clients avoid costly legal sanctions.

Our attorneys are nationally recognized for their experience with HIPAA matters, and are frequently called on to speak at conferences and seminars. We combine our deep knowledge of HIPAA and other privacy laws with broader experience in our Healthcare, Cybersecurity, Employee Benefits, and Litigation practices, to deliver tailor-made, cost-effective solutions to health information privacy and security issues.

Practice Category

  • Represented a hospital in responding to a cyber-attack involving deployment of ransomware.
  • Represented a medical school in responding to HIPAA breach involving a stolen notebook containing medical information.
  • Represented multiple hospitals and medical practices in addressing data breach investigations by HHS’ Office for Civil Rights.
  • Represented multiple clients in investigating and responding to potential and actual data breaches and security incidents.
  • Drafted form HIPAA documents, including Policies and Procedures, Notices of Privacy Practices, Business Associate Agreements, and Authorizations, for physician members of the Texas Medical Association.
  • Identification and resolution of HIPAA compliance violations
  • Advice regarding maintenance of required HIPAA documentation
  • Preparation and implementation of privacy and security policies and procedures to ensure that Protected Health Information (PHI) is kept private and secure
  • Preparation of Notices of Privacy Practices
  • Preparation of compliant consents, authorizations, and patient/beneficiary documentation
  • Preparation and negotiation of Business Associate Agreements
  • Initial and ongoing risk analysis and reviews
  • Defense against HIPAA, HITECH, and other privacy claims
  • Data breach and incident response, investigation, analysis, and litigation
  • Cyber-insurance analysis, selection, and representation
  • Employee and provider HIPAA training
  • Updating agreements to comply with HIPAA and HITECH