The Health Insurance Portability and Accountability Act of 1996 (HIPAA) protects the privacy and security of individually identifiable health information, known as Protected Health Information (PHI), and established certain rights of individuals with respect to that information.
Generally, the Privacy Rule under HIPAA addresses how Covered Entities and their Business Associates may properly use and disclose PHI while allowing the exchange of information necessary to promote quality patient care. The HIPAA Security Rule established a national set of administrative, physical and technical standards to protect PHI held by Covered Entities in electronic form. In addition, HIPAA includes a Breach Notification Rule outlining the steps Covered Entities and Business Associates must take in the event of a breach of unsecured PHI. The scope of the privacy and security protections available under HIPAA were expanded through enactment of the Health Information Technology for Economic and Clinical Health Act (HITECH). In addition to imposing the Breach Notification Rule, HITECH increased the penalties for HIPAA violations and increased the liability of Business Associates by making them directly responsible for compliance with certain HIPAA provisions.
Krieg DeVault has extensive experience assisting Covered Entities and Business Associates in the application of HIPAA and other Federal and State law requirements governing the privacy and security of PHI and other personal information. Areas of expertise include the following:
- Identification, mitigation, investigation and correction of breach incidents
- Breach risk assessments and notification to individuals and Federal and State authorities
- HIPAA/HITECH compliance and training programs
- Representation in connection with audits, investigations, subpoenas and enforcement actions by Federal and State authorities
- Drafting and negotiating Business Associate Agreements
- Adoption and meaningful use of electronic health records (EHR)
- Health information exchange (HIE) arrangements
- Structuring and advising affiliated covered entities (ACE) and organized health care arrangements (OCHA)
Health Care
June 6, 2023
Business Associate Fined Under HIPAA For Maintaining PHI on Unsecured Server
Thought Leadership
December 17, 2018
Failure to Terminate Access to PHI Leads to HIPAA Violation
Thought Leadership
December 13, 2018
Protecting Patient Information: The Importance of a Business Associate Agreement Under HIPAA
Thought Leadership
October 25, 2018
Lights, Camera, Sanction
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) protects the privacy and security of individually identifiable health information, known as Protected Health Information (PHI), and established certain rights of individuals with respect to that information.
Generally, the Privacy Rule under HIPAA addresses how Covered Entities and their Business Associates may properly use and disclose PHI while allowing the exchange of information necessary to promote quality patient care. The HIPAA Security Rule established a national set of administrative, physical and technical standards to protect PHI held by Covered Entities in electronic form. In addition, HIPAA includes a Breach Notification Rule outlining the steps Covered Entities and Business Associates must take in the event of a breach of unsecured PHI. The scope of the privacy and security protections available under HIPAA were expanded through enactment of the Health Information Technology for Economic and Clinical Health Act (HITECH). In addition to imposing the Breach Notification Rule, HITECH increased the penalties for HIPAA violations and increased the liability of Business Associates by making them directly responsible for compliance with certain HIPAA provisions.
Krieg DeVault has extensive experience assisting Covered Entities and Business Associates in the application of HIPAA and other Federal and State law requirements governing the privacy and security of PHI and other personal information. Areas of expertise include the following:
- Identification, mitigation, investigation and correction of breach incidents
- Breach risk assessments and notification to individuals and Federal and State authorities
- HIPAA/HITECH compliance and training programs
- Representation in connection with audits, investigations, subpoenas and enforcement actions by Federal and State authorities
- Drafting and negotiating Business Associate Agreements
- Adoption and meaningful use of electronic health records (EHR)
- Health information exchange (HIE) arrangements
- Structuring and advising affiliated covered entities (ACE) and organized health care arrangements (OCHA)
