Dorsey’s extensive health care practice and client base has produced a strong parallel practice in health care privacy issues, including especially HIPAA and HITECH . Our HIPAA privacy experts counsel hospitals, physician groups, health systems, specialty boards, health care clearinghouses and health care system networks. The majority of our work in the HIPAA/HITECH area involves ensuring that our clients are in regulatory compliance and creating systems designed to prevent litigation.

Typically, we work with our clients to develop compliance programs along the following general guidelines:
  • analysis of what entities are covered under the HIPAA rule;
  • detailed survey and assessment of data practices to identify problem areas;
  • structuring an efficient HIPAA program through the use of organized health care arrangements and affiliated covered entities;
  • comprehensive reviews of business associate relationships and contracts;
  • development of applicable policies, authorizations, and written documentation required for a fully compliant HIPAA privacy program;
  • review and analysis of permitted uses and disclosures of protected information; and
  • state law HIPAA preemption analysis.

We provide HIPAA and privacy training for the workforce members of covered entities and business associates, and we work with covered entity and business associate clients routinely to assist in the investigation of breaches and preparing breach notifications.

Representative Experience

  • We handled the amendment of hundreds of business associate agreements for a large nationwide health plan client following the enactment of the HITECH Act
  • A nationwide health care client asked Dorsey to handle negotiation of the company’s business associate agreements with other law firms throughout the country.
  • Dorsey has represented healthcare providers and health plans in investigations under HIPAA conducted by the Department of Health and Human Services – Office of Civil Rights.
  • Dorsey regularly assists clients with drafting website policies that are HIPAA-compliant.

HIPAA/HITECH Attorney Articles

September 5, 2013 HIPAA Compliance Deadline is Rapidly Approaching
January 25, 2013 Final HIPAA Rule Will Regulate Business Associates, Change HIPAA Breach Notification Obligations
July 23, 2012  HIPAA Prvacy and Security Audits Underway 
January 26, 2012 Prepare for Health Plan Participant Fee
November 4, 2010 Adult Day Care: The Regulatory Framework and its Future as a Medicare Home Health Service
June 2009 Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package, Health Lawyers News, Vol. 13, Number 6
April 28, 2009 FTC and HHS Issue Important Guidance Applicable to Personal Health Record Vendors, Related Entities and Service Providers Pursuant to HITECH Act Provisions of the ARRA
April 14, 2009 HITECH Changes HIPAA Privacy and Security Rules for Group Health Plans
April 6, 2009 Reminder: HIPAA Privacy Notice Reminder Deadline On April 14, 2009
March 30, 2009 New Penalties of up to $50,000 per Violation for Noncompliance with Health Data Privacy and Security Rules
March 23, 2009 New HIPAA Special Enrollment Rights Effective April 1, 2009