Mar 25, 2021
As protecting data becomes increasingly challenging for businesses — and as the consequences for breaches of data become more severe — clients count on Parker Hudson's interdisciplinary team of experienced attorneys to advise on privacy issues, including how to protect their data, as well as how to navigate potential breaches under the applicable legal standards. Our team includes regulatory, transactional, and litigation attorneys who understand the need for strategic, practical advice, as well as the experience to respond appropriately in the event of a breach.
Our privacy and data security attorneys work with hospitals, physicians, institutional providers, clinics and other health systems, financial institutions, and other public and private companies in implementing policies and programs to protect their confidential data from improper intrusions, advising on data breach remediation efforts, providing pre-litigation counseling in response to potential breaches, and defending clients from resulting challenges. Whether the challenge comes from compliance, a regulatory or enforcement action, consumer claims, disputes with vendors involved in a breach, or insurance coverage matters, we understand the high stakes our clients face. Our attorneys combine decades of experience spanning from public and private sectors, including experienced litigators and corporate advisors with deep experience in all aspects of privacy and data security issues. The group advises on a broad range of issues including prevention and compliance, risk mitigation, data breach response, internal investigations, and litigation.
Our approach includes:
- Structuring and implementing enterprise-wide privacy and security policies and strategies for our clients
- Negotiating agreements that require vendors to protect your data appropriately, and if not, give you meaningful remedies
- Advising clients on compliance with the Health Insurance Portability and Privacy Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the EU General Data Protection Regulation (GDPR), and other privacy-adjacent legislation including other federal and state data privacy and security laws
- Advising clients on privacy and data-related interactions with the Federal Trade Commission, Consumer Financial Protection Bureau, the U.S. Department of Health and Human Services, and other regulatory agencies
- Creating, improving, and streamlining data breach response plans. Leading clients through simulations and exercises to test their in-place security plans
- Advising clients on breach response, including conducting investigations and providing the notice required by applicable state and federal laws
- Assisting clients in incident response management, assessing insurance coverage issues that could arise, and consulting on how and when to work with law enforcement officials in managing a potential criminal intrusion
- Anticipating potential downstream litigation, including potential class actions, to mitigate exposure and defending clients in the event of actual litigation
- Understanding and helping preserve the all-important relationships you have with your customers and clients
- Prepared policies and conducted training for covered entities across the country to comply with HIPAA Privacy Rule.
- Served as lead counsel representing a healthcare client in a putative class action following one of the largest reported healthcare-related cybersecurity events in Georgia.
- Advised hospitals, physicians, nursing homes, health plans and other covered entities regarding compliance issues.
- Counseled Business Associates and entities working with regulated providers on HIPAA Privacy, Transactions and Security Standards as well as HITECH implementation.
- Performed investigations and analysis of potential breaches of confidential information to advise regulated entities.
- Reviewed client policies and manuals to address privacy and data security concerns.
- Advised healthcare provider in connection with theft of vendor laptop computers containing unencrypted personal information.
- Represented a medical center in connection with significant identity theft data breach caused by an employee of an outside vendor. We assisted the client with the internal investigation and coordination with cyber insurance carrier and its counsel with respect to reporting credit monitoring and indemnification.
- Assist clients in connection with acquisitions and other related transactions with respect to due diligence related to HIPAA and other privacy and data security issues.
- Development of Business Associate Agreement forms and assistance with negotiation and evaluation of these agreements.
- Assisted a medical center with the development of their business associate audit guidelines and implementation of Data Privacy/Security Preparedness Assessment form in order to assess vendors.
- Advised a medical clinic in connection with the assessment and development of medical records policies with respect to access, access fees and authorization requirements.
- Represent the Georgia Health Information Network (GaHIN), a non-profit that gives healthcare providers and stakeholders across Georgia the ability to access patient information directly from their electronic health record systems. This allows providers to access critical patient information at the point of care. GaHIN is a state-designated entity for health information exchange in Georgia and is recognized nationally as a leading innovator by the Office of the National Coordination for Health Information Technology (ONC). We advise the client on privacy, regulatory and other operational matters.
news & insightsview all news
Mar 25, 2021