HIPAA and HITECH

Our business and healthcare law firm represents physicians, elder care entities, federally qualified health centers, ambulance services, and other healthcare providers and businesses in connection with HIPAA and HITECH compliance issues. All healthcare providers are “covered entities” subject to HIPAA and HITECH.

HIPAA and HITECH Compliance Law Firm

Our services involving regulatory compliance include:

HIPAA Compliance
  • risk assessments
  • business succession plans
  • written HIPAA policies
  • business associate agreements
  • HIPAA audit defense
  • personnel training
  • privacy manuals
  • security manuals

We offer very competitive flat rates and service packages for many HIPAA compliance matters. Kevin Little and Lee Hamil Little have extensive experience as lawyers and hold Martindale Hubbell's AV rating, its highest rating. To schedule a consultation with one of our attorneys, email us at info@hamillittle.com or contact us at our office nearest you.

HIPAA and Protected Health Information

Healthcare providers and other healthcare businesses are subject to a highly regulated business environment. HIPAA is a strong example. “HIPAA” refers to the Health Insurance Portability & Accountability Act of 1996. HIPAA applies to “covered entities” (generally speaking, healthcare providers) and their “business associates.” Broadly speaking, HIPAA regulates how healthcare providers and others who deal with protected health information (PHI) must secure and protect private information of patients. The goal of HIPAA is to secure and protect PHI. The need for this protection has increased dramatically in the digital age. HIPAA is complex and creates many levels of serious business risk for healthcare providers and their business associates. HIPAA intends to limit use of PHI to what is minimally necessary to perform a necessary task. PHI includes information that is not “medical,” such as such as name, birthdate, Social Security number, and address.

Among other things, HIPAA sets federal, national standards for accessing and handling PHI, requires particular notice of privacy practices, mandates an accounting of PHI disclosures and date breaches, requires particular staff training and appointment of a privacy officer, requires updated and executed business associate agreements with vendors and business partners (and, now, their subcontractors) who touch PHI, and numerous safeguards. While all healthcare providers know of HIPAA, many (if not most) fail to realize the extent of the business risks created by business practices and protocol that is not compliant with HIPAA. The consequences for noncompliance with HIPAA can be very large fines (up to $1.5 million) and even criminal prosecution. It is easy to violate HIPAA, even without a disclosure of PHI.

Augusta, Georgia Healthcare Business Lawyers

We represent physicians, physician groups, medical practices, ambulance services, healthcare centers, medical practice consultants, medical associations, and other healthcare business in Augusta, Atlanta, and often throughout the Southeast.

“Kevin Little [of Hamil Little] represented the Medical Association of Georgia and individual physicians in a matter addressing the abuses of the health insurance industry. Kevin was a pleasure to work with and brought forth legal theories to hold the health insurance industry accountable to physicians and patients. We received outstanding representation from Kevin.” *

Donald Palmisano, CEO and General Counsel, Medical Association of Georgia.

Changes to HIPAA

The United States Department of Health and Human Services (HHS) published a change to HIPAA known as the HIPAA final omnibus rule (Final Rule) on January 25, 2013. The Final Rule requires many changes to HIPAA compliance protocol that will likely strongly impact most medical practices and healthcare businesses and their business associates. Compliance with the Final Rule is required by September 23, 2013. See the March 9, 2013 and March 31, 2013 posts to our firm’s Healthcare Law Blog. Minimally necessary HIPAA compliance protocol will include, among other things:

  • a risk assessment
  • a business succession plan
  • updated and signed business associate agreements with every business associate
  • updated and signed business associate agreements with every business associate subcontractor involved in PHI
  • appropriate encryption of PHI
  • written policies and procedures for employees regarding protecting PHI
  • written policies and procedures with regard to the removal of PHI from the medical practice site
  • ritten policies and procedures for ascertaining and reporting a security breach
  • practices that are consistent with written HIPAA policies
Regulatory Compliance Law Firm

If you have questions concerning HIPAA, we will be happy to schedule a convenient time for you to meet with one of our attorneys at our Atlanta or Augusta office or by telephone consultation. To schedule a consultation, email us at info@hamillittle.com or contact us at the office nearest you.

* DISCLAIMER: Any result this law firm or any lawyer of this law firm may achieve on behalf of one client in one matter does not necessarily indicate similar results can be obtained for other clients.