Health Information Technology, Privacy and Security
Practical, business-oriented counsel focused on allowing you to proactively address information technology, privacy and security issues
Capabilities at a glance
- Dedicated team providing sophisticated counsel in cutting-edge and evolving areas in information technology and privacy, with significant experience creating innovative programs and arrangements that allow you to collect, use, disclose and process data in ways that support your business needs.
- Significant market knowledge in the health and life sciences industry to support the development of complex data sharing and novel use cases, and provide ongoing strategic counsel.
- Practical, ultra-responsive counsel who move swiftly to address your fast-moving privacy and security issues, from incident response and regulatory investigation to vendor management and commercial contracting.
- Experienced in privacy, sensitive information and records management issues in all 50 states and the District of Columbia.
Strategic and proactive legal support in an ever-changing health care industry
As the laws and standards governing information privacy continue to evolve and the regulatory and business pressures on the health and life sciences industry mount, our Health Information Technology, Privacy and Security team remains at the cutting edge. We use our vantage point at the forefront of change to help clients better position themselves to meet their goals and stay abreast of trends. We routinely advise clients on the full gamut of information technology, privacy and security laws, best practices and evolving trends affecting the health care industry. Our deep-seated knowledge allows us to advise clients on a wide range of related regulatory and business matters, including developing privacy and security programs, HIPAA, federal and state laws and regulations governing personal information and sensitive information, electronic medical records management, big data, telehealth, IoT, AI/ML, technology contracting, incident response, regulator investigations and patient rights. Our clients appreciate that we are highly responsive and pragmatic in our approach.
We filter the noise and advise our clients about the privacy and security developments that really matter to their business
Our market knowledge in the health and life sciences industry better positions us to filter the constant noise in the field and proactively advise clients about the privacy issues that truly matter to their businesses. This approach has helped us attract a diverse client base ranging from Fortune 10 businesses to startups. We represent:
- Pharmacies, including long-term care (LTC), specialty, retail and mail order
- Specialty, acute and post‐acute care providers and clinically integrated networks
- Hospitals and vertically integrated health care systems
- Academic medical centers, higher education and research institutions
- Clinical research organizations
- Commercial and self‐funded payers
- Device and pharmaceutical manufacturers and distributors
- Pharmacy benefit managers (PBM) and third-party administrators (TPA)
- Direct-to-consumer companies
- App and mobile device companies
- AI/ML and IoT companies
- EHR and health technology solutions
- Telehealth platforms and providers
- Companies that support the health and life sciences industry
- Employers processing health care data with wellness programs and employer-sponsored clinics
Experience
Regulatory compliance and risk counseling: We provide comprehensive data privacy counsel, including structuring privacy and security compliance programs, facilitating risk management and developing innovative data use models. We also guide clients on interactions with federal and state regulators, e.g., the U.S. Department of Health and Human Services, the Federal Trade Commission and state attorneys general.
Among other topics, we routinely advise clients on compliance with federal (e.g., HIPAA, the FTC Act, TCPA) and comprehensive state laws governing personal information and sensitive information (e.g., mental health, HIV/AIDS, substance abuse, genetic and biometric information).
Data governance and management: We advise clients on data governance and management, including retention and disposition, access rights, patient/consumer rights, information blocking, de-identification and options to overcome data use restrictions for novel use cases, including clinical integration and business/product development.
Commercial transactions and contracting: We regularly advise on transactions, including drafting appropriate representations and warranties, performing diligence risk assessments, considerations related to obtaining representations and warranties insurance and post-close risk mitigation. Our team also drafts and negotiates complex data sharing agreements and other data/privacy-related agreements, including vendor, business associate, data-sharing and data-processing agreements.
Digital technology: We work closely with our IP data licensing team to help clients navigate issues related to digital technology like mobile devices, wearables and apps. These issues include privacy by design, de-identification and bias in AI. Our experience extends into drafting and negotiating a variety of technology agreements, including agreements related to SaaS, AI/ML, data and software licensing, telehealth technologies, electronic health records and web applications.
Incident response preparedness and mitigation: We handle all aspects of incident response, from developing proactive incident response plans to guiding clients through recovery and mitigation, including managing a response team and breach reporting, navigating government investigations and consumer complaints and coordinating with key stakeholders (e.g., forensics, mailing and insurers).
Successes
- Advised regarding implications of state and federal privacy laws for Fortune 10 business transforming data processing with disruptive data use models.
- Provided strategic counsel to company navigating an FTC investigation and settlement.
- Serve as strategic data privacy counsel for one of the top 15 not-for-profit health systems in the country to provide regulatory compliance, transaction support, data governance and contracting advice.
- Developed and assisted in implementation of enterprise-wide privacy programs for providers, payers, self-funded health plans, technology and app companies and other health care industry entities.
- Assisted in incident response for hundreds of clients, including electronic health records company, pharmacies, vertically integrated systems, AI/ML technology and higher education institutions. For example, we advised a national pharmacy on a ransomware incident response affecting more than 140,000 consumers across all 50 states, including notification, federal and state government investigations and post-incident mitigation