Coppersmith Brockelman has a nationally recognized data privacy and security practice. We serve a wide range of clients in the health care industry, including universities and academic medical centers, health systems and hospitals, other institutional providers, physician groups, health plans (including self-insured employer plans), health IT vendors, and other companies that provide services to the health care industry. We also provide data privacy and security advice to clients outside the health care industry, in both the nonprofit and for-profit sectors. We can help with the following areas:
Health care organizations and their business associates take information privacy and security very seriously. We share the same concern and authored the “HIPAA Privacy Tool Kit,” an extensive compliance manual and policies/forms for HIPAA compliance.
Over the past twenty years, we have guided hundreds of clients through complex HIPAA and other health information privacy and security compliance:
We advise a wide range of clients on a broad variety of “Big Data” issues, including:
We work with a wide range of clients on how to manage behavioral health information in compliance with 42 C.F.R. Part 2 (the federal Confidentiality of Substance Use Disorder Patient Record regulations) and state behavioral health privacy laws, including:
We routinely work with clients on issues related to privacy and security in clinical and health-services research, including:
We assist clients in preventing, assessing, and responding to security incidents and data breaches, some involving millions of individuals. Our lawyers have dealt with an incredibly wide range of incidents, from sophisticated hacking incidents to lost laptop computers to misdirected emails to the improper disposal of protected information. We regularly:
We work with many health information organizations (HIOs), health systems, health plans, and health care providers to create and manage health information exchanges (HIEs) and health information networks (HINs), including:
We help clients comply with the ever-expanding number of state privacy laws. That includes breach-reporting laws, laws protecting sensitive data, and comprehensive privacy laws like the California Consumer Privacy Act (CCPA). Our work in this area includes:
We advise on the data privacy and security issues involved in artificial intelligence (AI) deals, including the structure of AI development deals as research/R&D projects, data governance over who has access to what data during the development and implementation of AI in clinical environments, recommended data safeguards, and contractual restrictions on data use and downstream data disclosure.
We advise health IT companies developing digital health products, including mobile apps, and health systems and academic medical centers on the following issues:
We advise clients in the United States about when the GDPR applies to their organizations, and guide clients through necessary compliance activities, including:
We assist with telemedicine program development and implementation, including providing guidance regarding physician licensure issues, remote prescribing, privacy and security, fraud and abuse in the context of telemedicine arrangements, and navigating complex reimbursement rules for telemedicine encounters. We also have expertise with the unique state law issues that arise with a multi-state telemedicine practice.
FERPA protects certain educational records. We advise our clients on how to use and disclose educational records in compliance with FERPA for public service projects and big data arrangements. We also advise on how FERPA interacts with other state and federal privacy laws, like HIPAA and 42 C.F.R. Part 2.
We work with our health care clients on determining whether the TCPA applies to their activities, how to structure these activities in compliance with the TCPA and Federal Communications Commission (FCC) regulatory guidance, including the exemption for health care communications. Our litigation group also has extensive experience defending health care clients against TCPA claims.