New state laws and enhanced federal oversight and enforcement of existing laws and regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology in Economic and Clinical Health Act of 2009 (HITECH), significantly raise the stakes for failing to implement, update and maintain appropriate safeguards and controls to protect individually identifiable health information. Health care payers and providers, as well as SaaS vendors, data hosts, data processors and other vendors to the health industry, need a team of professionals experienced with implementing compliance programs at varying levels of complexity, responding to data incidents of all sizes, and facilitating data exchange with different networks, systems and enterprises. You’re looking for a team that is knowledgeable about the latest regulatory requirements and enforcement trends and creative enough to leverage its knowledge and experience into solutions for unique business needs and circumstances. Stoel Rives is that team. We help you minimize the likelihood of data breaches in the first place and, when incidents do occur, avoid civil and criminal penalties and survive the threat of litigation.
- Privacy and security protocols, policies and agreements
- HIPAA and HITECH compliance audit preparation
- Department of Defense Instruction compliance
- Privacy and security training
- Subcontractor and vendor compliance and monitoring programs
- Assistance with data use agreements, limited data sets, research protocols and waivers
- CLIA compliance
- Data incident response
- Breach notification assessment and coordination
- Complaint and enforcement action responses
- Risk assessments
- Pre- and post-acquisition compliance assessments
We work with you on all aspects of compliance with HIPAA and other state and federal privacy and security laws, including the federal Privacy Act and state medical records, data security, data disposal and breach notification acts. We assist with the development of compliant documentation, conduct comprehensive HIPAA training for employees, provide data incident and breach preparation and response, and assist in preparing for and responding to audits and enforcement investigations.