Related Practice Areas

Related Industries

Health Care

Medical Records Privacy and Security (HIPAA)

Overview

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) imposes strict requirements on HIPAA Covered Entities, consisting of health care providers, health plans and health care clearinghouses, with respect to the privacy and security of protected health information (PHI), including electronic PHI (ePHI).

The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted in 2009, extended these requirements to apply directly to Business Associates of these entities, i.e. any vendors or service providers that create, maintain, receive, use or disclose health information on behalf of health care providers, health plans and health care clearinghouses.

The HITECH Act also strengthened the enforcement of HIPAA, including increasing potential penalties that can be levied if a violation occurs.

Bowles Rice has significant experience advising Covered Entities and Business Associates regarding their HIPAA obligations, helping them avoid the significant penalties and liabilities that can accrue from violations of these laws.

Presentations & Events

Presentation: Everything You Ever Wanted to Know About HIPAA... But Were Afraid to Ask by Brock Malcolm
FamilyCare Health Centers
Charleston, West Virginia, October 2, 2019
Presentation: Responding to Healthcare Data Breaches, by Julie R. Shank
Charleston, West Virginia, May 21, 2019

Articles & Alerts

HIPAA Violations Lead to Millions in Penalties by Jennifer B. Hagedorn
Bowles Rice e-Alert, November 8, 2019
How Does HIPAA Apply to Employers?
2019 Defense Trial Counsel West Virginia Notebook of Articles, 2019

Views & Visions

Searching for Affordability in the Affordable Care Act
Fall 2017
The State of Obamacare: Efforts to Repeal and Replace Leaving Employers in Limbo
Fall 2017
Bioethics: An Introduction and a Preview
Fall 2017

Blog Posts

How Does HIPAA Apply to Employers?
West Virginia Health Care Law, November 6, 2019
HIPAA and Cybersecurity - Part Two / Breach Response
West Virginia Health Care Law, May 23, 2019
What Providers are Supposed to Do When Subpoenaed
West Virginia Health Care Law, April 5, 2019

Bowles Rice represents clients with regard to health information privacy, including:

Advising health care providers with respect to the day-to-day HIPAA questions that arise regarding patient access to health information, use and disclosure of health information, and electronic security of patient record systems;
Preparing the HIPAA Privacy, Security and Breach Notification Policies and Procedures HIPAA requires all health care providers and health plans to maintain, establishing that the entity has evaluated its HIPAA risks and obligations, and adopted to minimize the risk of information privacy and security breaches;
Assisting HIPAA Covered Entities to comply with Breach Notification requirements imposed by the HITECH Act;
Advising employers sponsoring group health plans regarding their obligations under HIPAA with respect to plan participants’ health information;
Preparing and reviewing Business Associate Agreements (BAAs) and Subcontractor Business Associate Agreements (Subcontractor BAAs);
Representing HIPAA Covered Entities and Business Associates in investigations by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) into HIPAA compliance and allegations of HIPAA violations;
Assisting litigators to ensure the disclosure of medical records in discovery complies with HIPAA requirements, when applicable; and
Providing required training sessions to employees of HIPAA Covered Entities and Business Associates

View Expanded