The firm's HIPAA Compliance practice is comprised of attorneys from the firm's Health Care, Labor and Employment, and Business groups. Attorneys in the group counsel health care providers, health plans, employers, and health care clearinghouses on general HIPAA compliance. While the group is familiar with all aspects of HIPAA's Administrative Simplification provisions, they focus on compliance with the Standards for Privacy of Individually Identifiable Health Information (the "Privacy Rule").
From a health care provider standpoint, our attorneys counsel clients on all aspects of compliance with the Privacy Rule. We provide advice on the appointment of a Privacy Officer, training of workforce, policy and procedure reviews and revisions, and contract analysis, including the identification of Business Associates. Additionally, the HIPAA Compliance attorneys can counsel a provider as it integrates the Privacy Rule into an existing compliance plan, or can assist the provider in the formation of a compliance plan. Finally, we have developed numerous model forms and auditing tools that may be modified for use in a health care provider organization.
From an employer standpoint, the group will assist employers and their health plans with compliance issues such as review of health plans for needed revisions, identification of Business Associates, and the logistics of setting firewalls between the benefits personnel and others such as the Human Resource Department. Our attorneys prepare model authorization forms to assist employers in obtaining medical information that will be needed to make employment decisions. For those employers with onsite medical providers, we assist in preparing necessary consents and in counseling on the logistics involved in setting the necessary firewalls in the workplace.
Health care clients receive periodic email updates from the HIPAA Compliance group concerning developments in interpretation and enforcement of the Privacy Rule, as well as newsletters discussing common issues that arise as covered entities implement and refine their privacy practices.