Privacy and Security

The proliferation of new telehealth and digital health solutions is creating new paradigms for the use and exchange of data among health care organizations and health care adjacent technology platforms (e.g., for artificial intelligence, predictive analytics, risk modeling, care management, clinical decision support, and research). In this environment, compliance with the patchwork of state and federal privacy laws is often challenging and small oversights can expose business to substantial liability and reputational risk. We advise businesses on all aspects of health care privacy and security compliance.

  • Illustration of Privacy and Security Services

Our work in this area includes:

Privacy and Security
Advising organizations of their responsibilities under HIPAA and state law relating to privacy, security, and breach notification; developing privacy policies and procedures; drafting and negotiating business associate agreements; preparing privacy consents and authorizations; negotiating data-use agreements; and providing guidance and support on privacy and security compliance activities.
Privacy and Security
Providing strategic advice and counseling on data and data privacy, including product and platform design, data-use and exchange practices, marketing activities, data analytics, data ownership, and data-relationships with third parties.
Privacy and Security
Crafting multi-state, transparent, and enforceable authorizations and informed consents to enable flexible, legal harvesting and use of data.
Privacy and Security
Teaming with information security consultants, including former digital health CSOs, to provide comprehensive support relating to HIPAA Security, SOC II, and HITRUST.