Healthcare Privacy and Data Security
We routinely help our clients address privacy, cybersecurity, and electronic transaction issues, including under the U.S. Health Insurance Portability and Accountability Act (HIPAA). These clients include both HIPAA covered entities (health care providers and health plans) and HIPAA business associates (such as information technology firms and other service providers), as well as others indirectly affected by the privacy-related legal requirements. We have extensive experience assisting clients in sensitive and complex privacy matters ranging from novel digital health solutions requiring transfer of patient data, to government investigations of privacy breaches, to subject data issues in global clinical trials. We counsel clients on the basics of HIPAA compliance and on the complexities of compliance in challenging circumstances. We work with clients in the event of data security breaches, assisting them on each step of the process of responding to, mitigating, and attempting to allocate responsibility for the occurrence and consequences of those breaches.
In addition, we advise on privacy and data protection matters for life science and medical device companies, including upon the framework under the General Data Protection Regulation (GDPR) and the interpretation of its requirements by EU Member States. This includes but is not limited to the collection and processing of patients' personal health data and genetic data, transfer of personal health data outside the EU and the territorial scope of the GDPR.