• Krieg DeVault Recognized for Unparalleled Client Relationships
    in BTI Power Rankings 2017.

    BTI 2017 BTI 2017
  • A Sampling of our Recent Transactions with some
    of our many Successful Clients.

  • Learn more about how Krieg DeVault's ESOP team played a lead role in the
    formation of an ESOP for Forbes-recognized client Essential Ingredients.

    Essential Ingredients Essential Ingredients
  • Krieg DeVault Attorneys named to 2018 Best Lawyers in America© Listing;
    Attorneys Receive Lawyer of the Year Honors.

    2017 Best Lawyers Slider 2017 Best Lawyers Slider
  • Krieg DeVault is honored to be named to the 2017 Midwest Real Estate News
    “BEST OF THE BEST” “Top Law Firms” list for Real Estate Transactions Completed.


Health Information Privacy/HIPAA


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) protects the privacy and security of individually identifiable health information, known as Protected Health Information (PHI), and established certain rights of individuals with respect to that information.

Generally, the Privacy Rule under HIPAA addresses how Covered Entities and their Business Associates may properly use and disclose PHI while allowing the exchange of information necessary to promote quality patient care.  The HIPAA Security Rule established a national set of administrative, physical and technical standards to protect PHI held by Covered Entities in electronic form.  In addition, HIPAA includes a Breach Notification Rule outlining the steps Covered Entities and Business Associates must take in the event of a breach of unsecured PHI. The scope of the privacy and security protections available under HIPAA were expanded through enactment of the Health Information Technology for Economic and Clinical Health Act (HITECH).  In addition to imposing the Breach Notification Rule, HITECH increased the penalties for HIPAA violations and increased the liability of Business Associates by making them directly responsible for compliance with certain HIPAA provisions.  

Krieg DeVault has extensive experience assisting Covered Entities and Business Associates in the application of HIPAA and other Federal and State law requirements governing the privacy and security of PHI and other personal information.  Areas of expertise include the following: 

  • Identification, mitigation, investigation and correction of breach incidents
  • Breach risk assessments and notification to individuals and Federal and State authorities
  • HIPAA/HITECH compliance and training programs
  • Representation in connection with audits, investigations, subpoenas and enforcement actions by Federal and State authorities
  • Drafting and negotiating Business Associate Agreements
  • Adoption and meaningful use of electronic health records (EHR)
  • Health information exchange (HIE) arrangements
  • Structuring and advising affiliated covered entities (ACE) and organized health care arrangements (OCHA)

Stephanie T. Eckerle

Stacy Walton Long

Maggie C. Little

Stephen A. Studer


Andrew C. Walker



Susan E. Ziel
Integrity Health
Strategies Consultant


Sarah Stites Millspaugh
Integrity Health
Strategies Consultant