HIPAA Privacy And Security

Health care data breaches continue to be front page news and result in significant financial penalties, making compliance with HIPAA an ongoing necessity.  We have in-depth knowledge of the HIPAA Privacy and Security Rules and have advised both Covered Entities and Business Associates on a wide variety of complex topics including:

  • Security breach reporting and possible safe harbors and exceptions
  • Structuring multi-party databases and use agreements
  • Indemnification under Business Associate Agreements
  • Cyber risk insurance
  • Initial due diligence and ongoing review of Business Associates
  • Advice on RFPs (requests for proposals)
  • Engaging consultants to perform HIPAA security risk assessments to maximize confidentiality
  • Limited data set use agreements
  • De-identification of PHI
  • HIPAA issues for Accountable Care Organizations (ACOs)
  • Destruction of PHI in accordance with HIPAA and NIST standards
  • Comprehensive HIPAA policies

In addition to HIPAA, we advise clients on state and federal confidentiality laws that apply to records of highly confidential data such as mental health records, HIV/AIDS information, genetic information and records of alcohol and substance abuse treatment centers subject to 42 CFR Part 2.  We also provide advice regarding the legal requirements for reporting security breaches under Illinois law.

Contact Marilyn Lamar directly at (630) 571-1643 to schedule a consultation.