The privacy and security of personal healthcare and other sensitive information is essential to the successful operation of every healthcare provider and health plan, as well as the businesses that support them, including billing companies, data analysts, technology service providers, suppliers, consultants, lawyers and many others. The Health Insurance Portability and Accountability Act (HIPAA) is the industry standard for the privacy and security of personal health information, and along with state and other breach laws, it provides the rules for breach response. Responding to a breach of personal healthcare information can cost a business millions of dollars in response costs, fines and penalties, reputational harm and lawsuits. Any breach—a limited one or one involving non-personal data such as reimbursement information—can expose an organization to significant breach response costs and damages.
Duane Morris attorneys offer a full range of privacy and security services for healthcare providers and their vendors, including:
- Developing healthcare privacy and security compliance programs;
- Preparing for an incident, including tabletop exercises;
- Analyzing breaches and developing response plans;
- Negotiating with contractors who handle sensitive information; and
- Helping clients secure the right cybersecurity insurance policy.
We understand the complexity of the electronic ecosystem and how to safely use, store and transmit data within it. We are available to assist clients who suspect they have had a breach of any size, including going on-site to help investigate and dealing with government agencies and law enforcement when an inappropriate disclosure or theft may have occurred.
Our thorough understanding of privacy and security laws and how they apply to clients extends beyond HIPAA to the many other federal and state laws that govern healthcare data, including state data breach reporting laws, the Federal Trade Commission Act and other consumer rights’ laws. Our goal is to help clients proactively minimize the risk of data breaches, so they can focus on their core business goals.
For More Information