Compliance with Health Insurance Portability and Accountability Act (HIPAA) requirements can be an onerous process for hospitals and other healthcare providers, health plans and the business entities that work with them. Day Pitney lawyers have extensive experience in guiding all types of covered entities and business associates through their obligations under the HIPAA Privacy, Security and Breach Notification Rules. Our lawyers can provide useful tools and practical advice to address the spectrum of privacy and security concerns in today’s challenging regulatory environment.
HIPAA Compliance Planning and Readiness Assessment
Data breaches affecting the healthcare industry have reached epidemic proportions and are not likely to abate anytime soon, making risk assessments, training of personnel and breach response planning critical. Equally important is assessing vendors’ security measures and their HIPAA policies and procedures, and entering into appropriate business associate agreements.
Businesses that maintain or access “protected health information” are well advised to identify areas of vulnerability and follow best practices, both internally and in contracting with vendors and other third parties. Day Pitney lawyers prepare HIPAA Policies and Procedures Manuals and other compliance controls for healthcare entities, and business associate agreements to document their relationships with their outside contractors, to help facilitate HIPAA compliance, optimize risk allocation, and reduce the likelihood or potential severity of a federal penalty.To help clients evaluate compliance with federal guidelines and readiness for a HIPAA audit by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR), Day Pitney has developed a cybersecurity toolkit, including a self-assessment protocol that is based on the published OCR HIPAA audit program protocol and a template incident response plan that incorporates best industry practices. Once an organization has completed development of policies and protocols, our lawyers can assist in training employees to facilitate compliance and preparedness at all levels.
Our lawyers also review vendor contracts to address loss allocation and other provisions that can impact the risks associated with vendor security incidents or breaches.Data Breach and Litigation Response