HIPAA and HITECH
Our health law firm represents medical practices, physicians, and healthcare businesses with HIPAA and HITECH compliance issues. All healthcare providers are “covered entities” subject to HIPAA and HITECH.
HIPAA and HITECH Compliance Law Firm
Our services involving regulatory compliance include:
- risk assessments
- business succession plans
- written HIPAA policies
- business associate agreements
- HIPAA audit defense
- personnel training
- privacy manuals
- security manuals
We offer flat rates and service packages for many HIPAA compliance matters. Our firm holds Martindale Hubbell's AV rating, its highest rating. To schedule a consultation with one of our experienced health law attorneys, contact us today.
HIPAA and Protected Health Information
Healthcare providers and other healthcare businesses are subject to a highly regulated business environment. HIPAA is a strong example. “HIPAA” refers to the Health Insurance Portability & Accountability Act of 1996. HIPAA applies to “covered entities” (generally speaking, healthcare providers) and their “business associates.” Broadly speaking, HIPAA regulates how healthcare providers and others who deal with protected health information (PHI) must secure and protect private information of patients. The goal of HIPAA is to secure and protect PHI. The need for this protection has increased dramatically in the digital age. HIPAA is complex and creates many levels of serious business risk for healthcare providers and their business associates. HIPAA intends to limit use of PHI to what is minimally necessary to perform a necessary task. PHI includes information that is not “medical,” such as such as name, birthdate, Social Security number, and address.
Among other things, HIPAA sets federal, national standards for accessing and handling PHI, requires particular notice of privacy practices, mandates an accounting of PHI disclosures and date breaches, requires particular staff training and appointment of a privacy officer, requires updated and executed business associate agreements with vendors and business partners (and, now, their subcontractors) who touch PHI, and numerous safeguards. While all healthcare providers know of HIPAA, many (if not most) fail to realize the extent of the business risks created by business practices and protocol that is not compliant with HIPAA. The consequences for noncompliance with HIPAA can be very large fines (up to $1.5 million) and even criminal prosecution. It is easy to violate HIPAA, even without a disclosure of PHI.
Health Law Compliance Lawyers
We represent physicians, medical practices, and healthcare business throughout the United States.
“Kevin Little [of Hamil Little] represented the Medical Association of Georgia and individual physicians in a matter addressing the abuses of the health insurance industry. Kevin was a pleasure to work with and brought forth legal theories to hold the health insurance industry accountable to physicians and patients. We received outstanding representation from Kevin.” *
Donald Palmisano, CEO and General Counsel, Medical Association of Georgia.
Minimally necessary HIPAA compliance protocol will include, among other things:
- a risk assessment
- a business succession plan
- updated and signed business associate agreements with every business associate
- updated and signed business associate agreements with every business associate subcontractor involved in PHI
- appropriate encryption of PHI
- written policies and procedures for employees regarding protecting PHI
- written policies and procedures with regard to the removal of PHI from the medical practice site
- written policies and procedures for ascertaining and reporting a security breach
- practices that are consistent with written HIPAA policies
Regulatory Compliance Law Firm
If you have questions concerning HIPAA, we will be happy to schedule a convenient time for you to speak with one of our experienced health attorneys. Contact us today.
DISCLAIMER: Any result this law firm or any lawyer of this law firm may achieve on behalf of one client in one matter does not necessarily indicate similar results can be obtained for other clients.