Client Services / Health / HIPAA

HIPAA

McDermott Will & Emery is an international law firm with over 1,000 lawyers, including one of the largest health law practices in the United States. Our health lawyers have substantial experience in addressing the unique business and legal needs of health industry clients who operate in an extremely challenging regulatory and financial environment.

The Privacy and Security Rules adopted under the Health Insurance Portability and Accountability Act (HIPAA) create a variety of obligations, responsibilities and challenges that need to be met by those entities covered by HIPAA and the individuals and companies that do business with such entities. The HIPAA Rules present significant challenges by requiring entities to balance cost, prompt access to information for patient care and the need for confidentiality and integrity of health information.

For example, the Privacy Rule sets forth complex limitations on the use of an individual’s identifiable health information significantly affecting the way health care information—written, electronic and oral—is handled. The Privacy Rule affects the use and disclosure of health information by almost all health care providers, health plans, clearinghouses and business associates. Implementation has required organization-wide changes in managing health information, as well as the negotiation of safeguards with business associates.

The Security Rule is equally complex, requiring an overall risk assessment, followed by implementation of required and addressable standards that will often entail careful analysis and documentation of the reasons for numerous decisions. The importance of secure access to health information continues to increase as a critical component of patient safety initiatives, clinical research and cost control.

Our lawyers have assisted hundreds of clients across the country with implementation of HIPAA requirements. A cornerstone of our HIPAA services was development of a comprehensive set of policies, procedures and related materials tailored to different segments of the health care industry for Privacy Rule compliance; a coordinated set of materials will be available for Security Rule compliance. These unique materials enabled us to provide cost effective services to clients with widely varying levels of knowledge and resources.

HIPAA Security Rule advice is provided by McDermott Will & Emery information technology lawyers with substantial experience in HIPAA compliance security issues. This combination of expertise enables the HIPAA Practice Group to work with clients to address difficult security issues in a pragmatic manner while building a record to support their decisions and coordinate with Privacy Rule compliance. Services may be provided on a stand alone basis or with technical consultants, frequently through engagements structured to maximize the benefit of applicable attorney-client privilege.

The HIPAA Practice Group is currently assisting clients in a variety of Security Rule engagements, including the following:

  • Assisting providers in integrating requirements of the Security and Privacy Rules.

  • Advising several national health insurers regarding documentation and interpretation of addressable requirements.

  • Working with a security consulting firm to develop an expedited risk assessment tool for a Fortune 100 pharmaceutical distribution company.

  • Developing integrated Security and Privacy policies and procedures.

  • Assisting electronic service providers in addressing their business associate obligations in a uniform manner.

Our HIPAA Privacy Rule services have included:

  • Lobbying Congress and the Department of Health and Human Services (DHHS) on the policies and language of the privacy regulations, including meetings with members of Congress, members of the DHHS drafting team and other major industry representatives and coalitions

  • Preparing and filing comments on the proposed privacy regulations with the Secretary of Health and Human Services for national clients, including an alliance of over 1,000 hospitals and health systems

  • Gap analysis for the implementation of the privacy regulations for health providers

  • Analyzing provider agreements to identify business associate amendments that will be required by the privacy and proposed security regulationsAssisting a major teaching hospital's chief information officer in analyzing the proposed security, transaction and code sets, electronic signature and privacy regulations in order to estimate their impact on the hospital's budget and operations

  • Authoring an opinion letter for customers of a disease management and health data company on the ability of hospitals to continue to transmit patient data after the privacy regulations become final

  • Advising a health research organization on the ownership of patient tissue samples and consent requirements in light of proposed privacy regulations

  • Advising a major health insurance company on the development of its software and website for the sale of online health insurance in regard to security and privacy regulation compliance

  • Providing on-site educational and HIPAA training sessions to a large health care system and provider associations

In addition, our lawyers have presented several seminars on privacy and security and have authored numerous articles in industry publications and in McDermott, Will & Emery’s Health Law Update. Our lawyers sit on a variety of boards and advisory groups on privacy and security, including the Board of Directors of the nonprofit Privacy Officers Association, of which McDermott Will & Emery is a founding member.

Contacts

Health Client Services

McDermott Will & Emery

McDermott Will and Emery