Privacy and Security
The proliferation of new telehealth and digital health solutions is creating new paradigms for the use and exchange of data among health care organizations and health care adjacent technology platforms (e.g., for artificial intelligence, predictive analytics, risk modeling, care management, clinical decision support, and research). In this environment, compliance with the patchwork of state and federal privacy laws is often challenging and small oversights can expose business to substantial liability and reputational risk. We advise businesses on all aspects of health care privacy and security compliance.
Our work in this area includes:

Advising organizations of their responsibilities under HIPAA and state law relating to privacy, security, and breach notification; developing privacy policies and procedures; drafting and negotiating business associate agreements; preparing privacy consents and authorizations; negotiating data-use agreements; and providing guidance and support on privacy and security compliance activities.

Providing strategic advice and counseling on data and data privacy, including product and platform design, data-use and exchange practices, marketing activities, data analytics, data ownership, and data-relationships with third parties.

Crafting multi-state, transparent, and enforceable authorizations and informed consents to enable flexible, legal harvesting and use of data.

Teaming with information security consultants, including former digital health CSOs, to provide comprehensive support relating to HIPAA Security, SOC II, and HITRUST.