Industries & Practices
HIPAA & Health Information Technology

We address the legal and technological factors of maintaining the privacy and security of all patient records.
In what have become dominating topics in health care law, the protection of patient privacy and the security of patient records are more important than ever before. Especially with the proliferation of technology-based electronic health records, health care facilities have been well-publicized victims of data breach and identity theft with costly consequences involving patient lawsuits and noncompliance penalties.
Since HIPAA’s enactment in 1996, Bricker & Eckler has been a nationwide leader in providing comprehensive legal services related to the statute. And when the HITECH Act, containing major changes to HIPAA, was signed into law in 2009 and revised through 2013, we stood at the forefront of addressing health information issues whose regulations were evolving.
For years, our attorneys have counseled our clients through the implementation of electronic health record (EHR) technology and the protection of their patients’ data. While these systems present health care entities with significant operational and financial benefits, they also pose a number of unique legal challenges. Whether obtaining incentive payments for the “meaningful use” of health records, complying with all applicable statutes and regulations, maintaining the confidentiality of health information or developing health information exchanges, we have experienced attorneys and nationally recognized resources to help our clients achieve their privacy and security goals.
HIPAA policy review
Reviewed the HIPAA policies of two regional health plans to ensure continued compliance with relative state laws. These regional health plans were part of a national health plan’s portfolio a...
MoreHIPAA compliance program overhaul
Conducted an assessment of a large physician practice’s existing HIPAA policies and procedures, later making recommendations for and drafting revisions and additional policies. Trained the or...
MoreHealth system GDPR compliance
Analyzed the applicability of the European Union’s General Data Protection Regulation (GDPR) to a health system’s research operations. Developed a GDPR-compliant standard operating proc...
MoreHealth care information database
Assisted in the development of a state-wide database for health care information reports, including the creation of policies and agreements and compliance with regulatory requirements (including HI...
MoreSystem-wide electronic medical record system
Assisted a large health system with the system-wide implementation of an electronic health records (EHR) system, ensuring legal and regulatory compliance, HIPAA security and continuity of patient c...
MoreCMS meaningful use audits
Advised hospitals responding to meaningful use audits of the Centers for Medicare & Medicaid Services (CMS) electronic health record incentive payment program, which required analyzing complian...
MoreElectronic health records
Serve as counsel to the Ohio Health Information Partnership and assist with all aspects of its operation of a health information exchange (CliniSync).
MoreHIPAA lawsuit
Obtained a defense verdict for a hospital in a lawsuit alleging invasion of privacy and violation of the Health Insurance Portability and Accountability Act (HIPAA) for alleged unlawful d...
More