The Health Insurance Portability and Accountability Act (HIPAA) imposes numerous requirements on health care providers in the way they collect, store, share, and transmit protected health information. HIPAA essentially addresses the protection of privacy in four separate "rules." The "Privacy Rule" places requirements on health care providers to protect patient information in whatever medium it is stored. The "Electronic Transactions Rule" is designed to standardize the way that health care providers transmit information electronically, so that the information can be protected. The "Security Rule" requires health care providers to meet standards designed to physically safeguard patient information, and to ensure that the hardware/software technology used by the provider adequately protects that information. Finally, the "Breach Notification Rule" requires health care providers to provide notice in the event that there is a breach of an individual's unsecured protected health information.
We have assisted numerous health care providers in developing, implementing and revising HIPAA Compliance Plans which enable them to meet the rigorous HIPAA standards. In addition, we have assisted providers in conducting operational assessments designed to identify potential risk areas of HIPAA compliance. We have also have assisted providers with providing appropriate notices when breaches have occurred, and have prepared or reviewed business associate contracts. Our attorneys are well-versed in the complexities of the HIPAA standards, and are frequent lecturers on the subject to the various industry trade associations.