Medical conditions are among patients' most personal concerns. Hinshaw helps you maintain their trust and protect your organization's information assets.
In today's information age, data moves faster and in larger quantities than ever before. In many cases, this is to a patient's and a provider's advantage: complete, accurate data can lead to better diagnoses, more effective treatments and more efficient operations. Theft and exposure of personal and proprietary information, however, can expose individuals and organizations to significant risks.
At Hinshaw, we help health care companies, providers, insurers, and employers balance the rewards of the technology revolution with the financial, regulatory, and reputational risks that accompany cybersecurity threats, data losses, and other information privacy and security concerns. We work with a broad range of entities—from physician practices and clinics, to insurers, clearinghouses, and national health systems—to implement programs and policies that conform to and address conflicts and inconsistencies between state, federal and even international privacy and information security laws.
Our health care attorneys routinely counsel clients on compliance with the Health Insurance Portability and Accountability Act (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health (HITECH), the Omnibus Final Rule, and other laws and regulations. We also provide advice on the following, among other areas:
- Privacy and security policies and procedures
- Use and disclosure of protected health information
- Electronic Health Records (EHR) and meaningful-use
- Use of off-shore contractors
- Technology licensing and other arrangements
- Breaches and breach notification
- Forms development, including Notices of Privacy Practices
- Patients' rights
- Business associate agreements and subcontractor agreements
- Health information exchanges
- Information sharing across state lines
- Telemedicine, diagnostic tools, and other IT software and hardware
To help ensure ongoing compliance and mitigate potential exposure, we routinely conduct risk analyses, provide train-the-trainer program sessions, and evaluate, audit and revise applicable forms, policies, procedures, and agreements.