As a law firm with one of the most experienced healthcare practice groups in the United States, Duane Morris attorneys are witnessing the increasing influence and complexity of information technology in the delivery of healthcare by direct care providers (such as hospitals, physicians, skilled nursing facilities, pharmacies, device makers and laboratories) as well as ancillary entities (such as billing companies, vendors, insurance companies and investment funds, that provide services or financing to healthcare providers). These entities face significant challenges in protecting their data and implementing, managing, maintaining and protecting the various components of the systems they employ to do business and remain up-to-date on the laws regarding the protection of protected health information (PHI), price data, quality data and other sensitive information. The successful integration and use of technology can streamline operational systems, increase efficiencies, reduce costs and improve care. To ensure successful outcomes, however, healthcare companies must be vigilant. Technology privacy and security problems can and will occur, and the most successful companies will be those that optimally minimize their risks.
Duane Morris offers clients the joint services of its attorneys knowledgeable in both the healthcare and IT industries. Duane Morris' cadre of experienced healthcare attorneys counsel leading organizations on regulatory, business transactions and litigation matters. Duane Morris' industry-specific IT attorneys are involved in the technology industry on a daily basis and have extensive, in-depth experience with information technology agreements and data protection issues. From crafting RFPs for software and conducting HIPAA privacy and security reviews, to drafting implementation strategies and identifying security vulnerabilities, the firm's team of healthcare and IT attorneys work together to provide clients with sound legal advice to address the far-reaching implications of technology in each of their businesses and to anticipate and minimize risks related to the health system's, or ancillary business', information technology and health information.
Our healthcare/IT counseling work includes the following:
- IT Systems and Procurement - Assisting clients in the procurement of IT systems and related vendor services. In advising clients in this area, we craft RFIs and RFPs, devise implementation strategies, identify risks and ensure that software development and implementation contracts are in sync with our clients' needs.
- Licensing and Negotiations - Advising clients on licensing agreements, joint ventures, contract negotiations and other business legal issues related to technology acquisition and implementation, including advising on contracts with software vendors, managed services providers, outsourcing and hosting companies, payers, healthcare clearinghouses, third-party administrators and pharmacy management companies. Our IT attorneys have reviewed or negotiated software license agreements and hardware procurement contracts with more than 300 different software and hardware vendors, including many of the top vendors in the healthcare industry.
- HIPAA/Privacy Compliance - Ensuring that electronic medical records (EMR), or electronic health records (EHR) systems and other IT systems (e.g., electronic prescribing, virtual medicine) comply with applicable privacy laws (e.g., HIPAA, Gramm-Leach-Bliley Act, Children's Online Privacy Act) and responding to potential broad-based and individual compliance concerns, particularly as HIPAA enforcement is intensified through corrective action plans, resolution agreements and financial penalties. We also counsel clients on e-records, data mining and analysis, records retention, maintenance and conversion.
- IT and Healthcare Fraud and Abuse and Self-Referral - Counseling clients regarding the provision of hardware, software or other information technology to physicians, other healthcare professionals, pharmacists and pharmacies to ensure compliance with the federal anti-kickback and physician self-referral statutes and regulations.
- Security Breaches and Compliance - Handling security breaches and inadvertent loss of data. Given the sensitivity of healthcare information, our attorneys conduct technology security audits as well as develop security policies and procedures and compliance programs.
- Foreign Privacy Laws - Advising on procurement, project development, licensing, risk management, compliance, privacy and other legal issues related to projects that are subject to the laws of foreign jurisdictions, such as Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).
- Corporate Structure and Finance - Advising on corporate structure and finance issues and identifying and negotiating joint venture arrangements with intellectual property issues for start-up companies or strategic alliances regarding new technology in the healthcare industry.
- Patient Safety Procedures and Reporting - Advising on establishing patient safety organizations and reporting procedures for providers under the Patient Safety and Quality Improvement Act.
- FTC Red Flags Rules on Identify Theft Protection Programs - Assisting hospitals and other providers with developing and implementing identity theft protection programs in compliance with the Federal Trade Commission's "Red Flags" rules.
Many healthcare providers are only beginning to understand the scope of their healthcare IT legal needs. To help gauge how Duane Morris can help, please consider the following:
- Are your IT personnel getting value out of the RFP process by being able to ask the right risk assessment questions to vendors that are participating in the process?
- After spending millions of dollars on a specific application, do the software application and maintenance agreements include contractual obligations on the part of the vendor for the vendor or a third party to support the purchased software for an adequate period of time without your organization having to incur additional costs for unexpected upgrade requirements?
- Do your agreements sufficiently hold the third-party vendor responsible for the type of damages your organization needs to recover should a software implementation fail or a security leak of personal or protected health information occur?
- Has your organization developed a clear policy for employee and third-party vendor use of technology so that privacy and security breaches and inadvertent loss of sensitive data do not occur?
Duane Morris can assist you with these and any other of your IT needs.