In Brief: A Digest of Healthcare Data Security Projects

Client Success

Represented a specialty physician group practice whose computer system was compromised by the download of patient records. Our representation led to the return of patient records and ensured compliance with HIPAA and HITECH. Our client recouped all costs relating to this matter.
Counseled large pharmaceutical client that manages a significant amount of protected health information in analyzing its de-identification practices to ensure compliance with HIPAA while continuing its practice of transmitting de-identified information to third parties without individual authorization. We partnered with statistical consultants to develop a unique approach to utilize the protected health information while maintaining compliance with HIPAA. We also worked with our client to develop sophisticated guidelines to help them make use of the de-identified information.
Validated records retention schedules for hospitals and health systems, pharmaceutical and biotechnology companies, pharmacy benefit management companies and medical equipment manufacturers.
Represented clients in data breaches involving thousands of patients’ medical records. Advised on appropriate response, investigation, notifications and program adjustments to safeguard protected information.
Counseled clients on data security program requirements and breach response readiness.
Defended numerous healthcare clients in HIPAA investigations, including breaches involving 500 or more individuals. Additionally, the attorney provided essential testimony in court cases regarding privacy and security requirements under state and federal law.
Obtained summary judgment for a national benefits manager in an action filed by a member of one of its former health plan clients, alleging HIPAA violations. After our client was dismissed, we successfully sued the former health plan client for failure to defend and indemnify the benefit manager, as mandated in the plan contract.
Reviewed cyberliability insurance coverage and managed breach incident response. Advised a health service provider that suspected a data breach and sought advice regarding the immediate steps it should take to confirm whether a breach had occurred and, if so, how to proceed. We quickly gathered and assessed the facts, determining that no reportable breach had occurred, and identified process improvements to help ensure continuing security.
Assisted a regional health services provider in updating its HIPAA Security Rule risk assessment to comply with the recently finalized Omnibus Rule. We developed a cost-effective and efficient sampling approach to conducting the risk assessment across the provider’s various locations.
Worked with hospitals, surgery centers, hospital districts, ACOs, health information exchanges and physician groups to develop health information privacy and security policies, agreements, procedures and compliance plans.
Analyzed and counseled healthcare clients on health information privacy and security risk-sharing and risk-transfer issues.
Advised eligible hospitals and eligible healthcare professionals on the development of health information technology and compliance with meaningful use standards.