skip to main content

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) protects the privacy and security of individually identifiable health information, known as Protected Health Information (PHI), and established certain rights of individuals with respect to that information.

Generally, the Privacy Rule under HIPAA addresses how Covered Entities and their Business Associates may properly use and disclose PHI while allowing the exchange of information necessary to promote quality patient care.  The HIPAA Security Rule established a national set of administrative, physical and technical standards to protect PHI held by Covered Entities in electronic form.  In addition, HIPAA includes a Breach Notification Rule outlining the steps Covered Entities and Business Associates must take in the event of a breach of unsecured PHI. The scope of the privacy and security protections available under HIPAA were expanded through enactment of the Health Information Technology for Economic and Clinical Health Act (HITECH).  In addition to imposing the Breach Notification Rule, HITECH increased the penalties for HIPAA violations and increased the liability of Business Associates by making them directly responsible for compliance with certain HIPAA provisions.  

Krieg DeVault has extensive experience assisting Covered Entities and Business Associates in the application of HIPAA and other Federal and State law requirements governing the privacy and security of PHI and other personal information.  Areas of expertise include the following: 

  • Identification, mitigation, investigation and correction of breach incidents
  • Breach risk assessments and notification to individuals and Federal and State authorities
  • HIPAA/HITECH compliance and training programs
  • Representation in connection with audits, investigations, subpoenas and enforcement actions by Federal and State authorities
  • Drafting and negotiating Business Associate Agreements
  • Adoption and meaningful use of electronic health records (EHR)
  • Health information exchange (HIE) arrangements
  • Structuring and advising affiliated covered entities (ACE) and organized health care arrangements (OCHA)