hipaa compliance

Since enactment of the Health Insurance Portability and Accountability Act (HIPAA) in 1996, numerous regulations and guidance documents have been issued to attempt to clarify its provisions. Despite these efforts, the regulations are anything but simple. HIPAA has a significant effect on the way business is conducted in the United States. Organizations regulated by HIPAA, either as covered entities or as business associates, will want informed legal counsel to advise on the challenges. The HITECH Act of 2009, federal substance use disorder regulations (42 C.F.R. Part 2), the Telephone Consumer Protection Act (TCPA) and the Federal Trade Commission's (FTC) Health Breach Notification Rule for personal health records (PHRs), as well as state privacy laws, also impact how health information and other patient data may be used and disclosed.

At Hurley Law Group, we conduct, develop, and provide:

  • Customized privacy, security and incident-response policies

  • Day-to-day compliance counseling

  • Privacy compliance audits and security risk assessments

  • Compliance training

  • Privacy and security incident response guidance

  • Data and health information technology license agreements

 FAQs

  • HIPAA (Health Insurance Portability and Accountability Act) mandates the protection of patient health information (PHI) and sets standards for its privacy and security. Compliance with HIPAA includes:

    • Implementing policies and procedures for safeguarding PHI

    • Conducting regular risk assessments to identify vulnerabilities

    • Training employees on data privacy practices

    • Establishing breach notification protocols

    We assist healthcare providers in ensuring their practices meet HIPAA’s privacy and security requirements, helping protect patient data and avoid costly violations.

  • A HIPAA risk assessment is a process that evaluates the potential risks to the confidentiality, integrity, and availability of PHI within your organization. This assessment is required by HIPAA regulations and helps you:

    • Identify potential security vulnerabilities

    • Evaluate the effectiveness of existing security measures

    • Implement safeguards to prevent unauthorized access to PHI

    • Demonstrate to regulators that your organization is proactive in maintaining HIPAA compliance

    A thorough risk assessment is a vital part of a healthcare organization’s ongoing compliance efforts.

  • A HIPAA breach occurs when PHI is accessed, disclosed, or used without authorization, compromising the privacy or security of the information. Examples of breaches include:

    • Unauthorized access to patient records

    • Loss or theft of devices containing PHI

    • Accidental disclosure of PHI to unauthorized individuals

    If a breach occurs, HIPAA requires covered entities to:

    • Notify affected individuals within 60 days of discovering the breach

    • Notify the Department of Health and Human Services (HHS)

    • Notify the media if the breach affects 500 or more individuals

  • If your organization works with third-party vendors or contractors who have access to PHI (e.g., IT providers, consultants, billing companies), you must have a Business Associate Agreement (BAA) in place. A BAA outlines the responsibilities of the third party regarding the protection of PHI and ensures they are also HIPAA compliant.

    We can help you draft, review, and manage your BAAs to ensure they meet HIPAA requirements.

schedule a free consultation

Don’t navigate legal challenges alone—schedule a free consultation today and get personalized advice that fits your needs and budget.