HIPAA & PRIVACY CONSULTING
For the Legal Profession For the Health Care Profession
For Small Business
Here at Solomon Law & Consulting, PLLC, we are aware of the oftentime burdensome and complicated laws that need to be followed, so as to prevent not just significant fines for failure to properly protect the information that is collected and used, but also the effect of a data loss that could potentially ruin not just your reputation but also your livelihood. We work hard to minimize the chance of something this catastophic from hapenning.
For the Legal Profession
On September 23, 2013 the Department of Health and Human Services (HHS) began enforcing HIPAA Privacy, Security, Beach Notification, and Enforcement rules under the authority of the Omnibus Final Rule.
Though the legislation had been in existence since 1996, it was officially expanded to include law firms and firm subcontractors that handle Protected Health Information (PHI) on behalf of their clients who are regulated by HIPAA.
The Omnibus Final Rule now requires that these firms and any subcontractor they do business with comply with the Security Rule, Significant Provisions of the Privacy Rule, and the Breach Notification rule.
One type of law firm that is now subject to these regulations is a Medical Malpractice defense firm. This is a firm who normally is representing a covered entity (ie. health care provider) and is obtaining the medical records (PHI) of the plaintiff. These records are normally then passed on for an "expert review" and also to the insurer so as to keep them updated.
The above type firm illustrates how they have become a Business Associate of the covered entity and then engaged subcontractors. These relationships need to be documented in a Business Associate Agreement (BAA) that lay out the Security and Privacy Rules required to be adhered to so as to be compliant with Federal Law. The awareness of State Law is also a must since most of the States have more stringent requirements that need to be followed.
It is not just HIPAA that needs to concern law firms but also the Ethical/Disciplinary Rules of the profession which require them to maintain confidentiality. Neglecting to address these laws, however, could potentially cost your firm millions of dollars. The omnibus final rule imposes penalties and fines up to $1.5 million per violation, not including defense and indemnity costs. A security breach that exposes multiple records could be financially devastating, which is why thoroughly knowing the law and how to protect your firm is paramount to hedging against potential catastrophic losses.
For the Health Care Profession
These Privacy Laws initially placed all of the burden of protecting PHI onto you. While some of this has changed, proper compliance not only protects you from financial ruin but has allowed additional income to be generated through "Meaningful Use"