HIPAA, Privacy & Security

Hall Render provides a variety of services and products to assist in compliance with the privacy, security and breach notification regulations promulgated under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the Health Information Technology for Economic and Clinical Health Act ("HITECH"), as well as other state, federal and international privacy and security authorities, including 42 CFR Part 2, California Consumer Privacy Act, California Privacy Rights Act, the European General Data Protection Regulation (“GDPR”) and Payment Card Industry Data Security Standards. Members of the firm's Privacy Service Line have experience assisting clients on matters including: HIPAA policy assessment and development; workforce and management training; privacy and security audits; risk assessments; drafting, reviewing and negotiating business associate agreements; privacy notice development; compliance with patient right of access rules, breach assessment and notification; corrective actions; OCR and Attorney General investigation response; advice regarding medical device and “Internet of Things” cybersecurity; compliance with information blocking rules; advice regarding compliance with GDPR and review of Data Processing Addenda; and general advice regarding the use, disclosure, exchange, retention and destruction of health information. Hall Render privacy and security attorneys regularly guide their clients through high stakes situations, including active ransomware attacks, negotiation of HIPAA Resolution Agreements, multi-jurisdictional investigations and privacy-related litigation.

Hall Render attorneys have advised health systems, hospitals, hospital associations, physician practices, ambulatory surgical centers, long-term care facilities, pharmacies, health plans, health care clearinghouses, business associates and health information exchanges. Hall Render attorneys regularly publish and speak nationally on matters relating to information privacy and security.