Health industry companies are subject to extensive regulation under state and federal health information privacy laws, including most prominently the federal Health Insurance Portability and Accountability Act of 1996, as amended in 2009 by the Health Information Technology for Economic and Clinical Health (HITECH) Act and regulations promulgated thereunder (collectively, HIPAA). King & Spalding represents a wide range of healthcare providers, health plans, and healthcare products and services companies in the full range of HIPAA and other health information privacy and security compliance issues, including those applicable to HIPAA covered entities, business associates, research organizations, research sponsors, and vendors of health informatics products. We also advise clients on state privacy laws, including not only specialized health information privacy laws, but also identity theft laws that often apply to patient demographic and financial information in the possession of health industry companies.
As enforcement authorities and the media increasingly have focused on electronic data security and mass breaches of PHI stored in electronic formats, we have developed considerable experience assisting covered entity and business associate clients in connection with their implementation of HIPAA electronic security rule compliance. We strive to help clients focus on the implementation of privacy and security policies and procedures and other compliance measures that not only are HIPAA-compliant, but also are realistic, practical and achievable.
Our health information privacy and security practice is part of the firm’s broader Privacy and Information Security Practice. With more than 30 Privacy & Information Security lawyers in offices across the United States, Europe and the Middle East, King & Spalding is able to provide substantive expertise and collaborative support to clients across a wide spectrum of industries and jurisdictions facing privacy-based legal concerns in areas such as regulatory compliance advice, security incident response, credit card processors and card brands, complex civil litigation such as class actions, state and federal government investigations and enforcement actions, and policy advocacy before the highest levels of state and federal government. Click here for a more detailed description of the firm’s Data, Privacy & Security Practice.