Health Privacy

The Health Privacy Practice Group is dedicated to helping health care clients navigate the tricky regulatory framework and requirement of state and federal privacy laws. Our areas of experience include advising clients on: 

• HIPAA and California’s Confidentiality of Medical Information Act (CMIA)
• Confidentiality of Psychiatric Information under the California Lanterman-Petris-Short Act
• Confidentiality of HIV Testing Information under California law
• Confidentiality of Substance Use Disorder Patient Records (Part 2)
• State consumer privacy laws (California Consumer Privacy Act, California Privacy Rights Act) 
• General Data Protection Regulation (GDPR)
• 21st Century CURES Act 
• California Data Exchange Framework (DxF)
• Family Educational Rights and Privacy Act (FERPA) intersection with special education students and health/therapy records
• Security incident response, including privacy/security investigations; breach analysis; and working with breach counsel, investigators, and consultants
• Data breach notifications, including to patients and state/federal agencies and AG offices
• Protecting electronic communications (faxing, emailing, and texting PHI)
• Social media and privacy issues
• Privacy implications of new developments such as telehealth and use of smart devices when providing care and services
• Special knowledge of consumer data breach class actions, including tactics of plaintiff attorneys in building liability cases emanating from health information security breaches

Past client projects include: 

• Drafting:
  • Federal and state HIPAA Privacy and Security Policies & Procedures
  • Privacy and Security Policies & Procedures for non-HIPAA covered entities 
  • 21st Century CURES Act Protocol
  • Substance Use Disorders (Part 2) Policies & Procedures
• Preparing and negotiating HIPAA Business Associate Agreements
• Implementing compliance plans for CCPA and CPRA 
• Protecting PHI in electronic and hard copy patient records during litigation (e.g., drafting discovery stipulations for protective orders governing health information)
• Protecting health information in electronic communications with government and non-government entities (e.g., government agencies; Medical Board of California)

Related Areas of Focus