HIPAA/Data Privacy and Security
Within the Life Sciences Health Industry Group, Reed Smith has a well-established, sophisticated team of data privacy and security lawyers dedicated to counseling clients on health information privacy and security issues. This team - our HIPAA Compliance Group - is comprised of numerous attorneys with a unique combination of privacy, security and health care industry experience. The HIPAA Compliance Group focuses exclusively on counseling entities doing business in the health care field, including providers ("covered entities") and "business associates," on data privacy and security matters, and, in particular, regularly advises clients on a wide range of privacy and security issues under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and under related state authorities as well.
HIPAA Experience
Reed Smith attorneys have been following and advising clients on the Administrative Simplification provisions of HIPAA from the time it was first proposed in Congress. Since HIPAA's enactment in 1996, numerous implementing regulations have been issued, including: (1) standards for the privacy of individually identifiable health information (the "Privacy Rule"), (2) security standards (the "Security Rule"), (3) standards for electronic transactions (the "Transactions Rule"), (4) standard unique employer identifier, and (5) standard unique national provider identifier. The Centers for Medicare & Medicaid Services ("CMS") has also issued regulations governing the enforcement of the HIPAA Administrative Simplification regulations. Attorneys in the HIPAA Compliance Group have deep experience in each of these Rules. In addition, they have closely followed amendments to HIPAA in the stimulus legislation (American Recovery and Reimbursement Act), and are well-versed in the Health Information Technology for Economic and Clinical Health ("HITECH") Act and its implementing regulations - including the Breach Notification Rule and the final HITECH rule issued in January 2013.
HIPAA Compliance Group Members
The members of our HIPAA Compliance Group are health care compliance attorneys with a specialization in information privacy and security, specifically under HIPAA. As such, attorneys in the HIPAA Compliance Group are uniquely suited to assist clients with a full range of privacy and security matters, such as those outlined above. Attorneys in the HIPAA Compliance Group regularly speak, publish and teach on a wide range of privacy and security issues. In addition to our legal staff, the HIPAA Compliance Group includes experienced health policy analysts.
To keep clients informed, we provide pertinent regulatory updates through our Health Industry Washington Watch and Life Sciences Legal Update blogs, and Client Memoranda and Alerts.
Broad Range of Clients
We advise numerous types of "covered entities," including:
- Ambulatory surgical centers ("ASCs")
- DMEPOS suppliers
- Hospitals/health systems/academic medical centers
- Hospices
- Nursing homes/SNFs
- Physician/physician groups
- Pharmacies (retail, institutional, mail order)
We also represent a wide range of business associates:
- Billing companies
- Consultants
- Electronic medical record companies
- IT companies
- Pharmacy Benefit Managers ("PMBs")
- Third-Party Administrators ("TPAs")
Further, we advise a host of health care entities that may be indirectly impacted by HIPAA, such as:
- Device manufacturers
- Group Purchasing Organizations ("GPOs")
- Pharmaceutical manufacturers
Confronting Other Privacy and Security Issues
In addition to our HIPAA Compliance Group, Reed Smith has a Data Privacy, Security & Management Group, members of which have experience with a wide range of other privacy and security laws, such as with the Gramm-Leach-Bliley Financial Modernization Act ("GLBA"), the European Union Privacy Directives, the Children's Online Privacy Protection Act ("COPPA"), and state laws and regulations regarding data security breaches.