Hospitals and health systems rely on Krieg DeVault to help them manage the challenges of handling the privacy, portability, electronic transmission and security of patient protected health information (PHI) under HIPAA and state statues. Our informed guidance about best practices in the ways electronic health and benefit information is coded, stored, retained and communicated, can be crucial in helping clients avoid civil and monetary penalties, and comply with e-discovery rules in litigation. We also assist hospitals and health systems in making self-disclosures to the Office of Civil Rights (OCR) and in responding to OCR questions or other formal requests. Central to our approach is the conduct of compliance audits covering such issues as password protection, computer terminal access and data encryption. We ensure that vendor agreements contain appropriate safeguards to document requirements and responsibilities for proper handling of PHI, and make any needed recommendations for remedial protective action.