HIPAA

Print Version

Baker Donelson's Health Law attorneys have carefully tracked and mastered HIPAA's intricacies to provide authoritative counsel to health care clients as they undertake the demanding compliance burdens of the Act and its rules.

Why Baker Donelson?

Nearly 200 attorneys and advisors serving the health care sector

Ranked as a top health law firm by Modern Healthcare, Best Law Firms^®, Chambers USA, ABA, and AHLA

Extensive experience working with HHS, CMS, DOJ, FEMA, and other federal government agencies

5 former American Health Law Association presidents who served while practicing at Baker Donelson

Featured Experience

Successfully defended hundreds of financial institutions, health systems, educational institutions, and other businesses in data security breaches and the corresponding federal and state law requirements and investigations; served as regulatory counsel in numerous privacy lawsuits.

Advised HIPAA Covered Entities and Business Associates in HIPAA Privacy, Security and Breach Notification compliance and state consumer privacy compliance.

Represented covered entities and business associates with regard to compliance with HIPAA and HITECH standards, including negotiating service and business associate agreements, preparing policies and procedures, and analyzing complex transactions and business relationships, including data supply and related arrangements.

Practice Overview

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) profoundly changed health care privacy requirements and patient privacy rights. A nearly four-year period of regulatory rulemaking culminated in the HIPAA transaction and code set regulations that mandate uniform formats and coding for electronic health care transactions, such as insurance eligibility determinations and claims presentments and payments. In the move to standardize electronic transactions, the privacy and security regulations were also federally mandated to regulate the privacy of patient health data and to require certain entities to implement physical, administrative and technical privacy and security policies and procedures in order to deter unauthorized access, use or disclosure of oral, written and electronic protected health information (PHI). With the enactment of the HITECH Act came an expansion of the HIPAA Privacy and Security requirements and an increase in the potential civil and criminal penalties that may be assessed. The Breach Notification Final Rules soon followed requiring certain entities to notify patients, the government and even the media of certain breaches of unsecured PHI.

Assessing and implementing HIPAA compliance plans, including form documents, on-site visits and training;
Providing legal services for covered entities, vendors and service providers (business associates), to defend patient complaints and mitigate the damage of costly breaches;
Providing counsel to assist clients in breaches of unsecured PHI notification, reporting and documentation processes; and
Defending entities in governmental investigations/actions and private causes of action for alleged state and federal privacy violations.

Successfully defended hundreds of financial institutions, health systems, educational institutions, and other businesses in data security breaches and the corresponding federal and state law requirements and investigations; served as regulatory counsel in numerous privacy lawsuits.
Co-authored thousands of pages of data security policies and procedures, presented lectures at statewide hospital training conferences and conducted daily help-line services for a hospital association's HIPAA Privacy and Security Compliance Program.
Implemented Corporate Compliance and Ethics Plans and HIPAA Compliance Plans for several nursing home chains.
Conducted audits and due diligence reviews for a broad array of clients with regard to compliance with Medicare standards, HIPAA, fraud and abuse, and 340B Drug Pricing Program compliance.
Represented clients before the Centers for Medicare & Medicaid Services in connection with regulatory and policy interpretation issues and billing revocation determinations; the Office for Civil Rights for HIPAA Privacy Rule investigations and data breach notifications; and the Health Resources and Services Administration, Office of Pharmacy Affairs, for 340B Drug Pricing Program compliance.
Advised HIPAA Covered Entities and Business Associates in HIPAA Privacy, Security and Breach Notification compliance and state consumer privacy compliance.
Represented providers in HIPAA, HITECH, privacy litigation, and related compliance advice.
Navigated client through HIPAA investigation conducted by the HHS Office of Civil Rights. Investigation was dismissed and no penalties assessed.
Represented covered entities and business associates with regard to compliance with HIPAA and HITECH standards, including negotiating service and business associate agreements, preparing policies and procedures, and analyzing complex transactions and business relationships, including data supply and related arrangements.
Represented a medical practice in connection with a HIPAA reportable data breach.

"HIPAA Updates: The Obligations Continue to Unfold" (February 2024)
"Bridging the Gap: Key Changes in the Part 2 Final Rule" (February 2024)
"Top Privacy and Cybersecurity Issues to Track In 2024," Republished February 5, 2024, in CPO Magazine (January 2024)
"OCR Enforcement Action Likely: Reminder of Steps to Take Now" (October 2023)
"Reproductive Privacy Rights: Changes Coming for Health Care Organizations" (April 2023)
"HHS Issues Post-Dobbs HIPAA Privacy Guidance for Employer Health Plans, Other Covered Entities" (July 2022)
"New Legislation Will Require Critical Sector Entities to Report Certain Cyber Incidents," republished April 7, 2022 in, CPO Magazine (March 2022)
"Imminent Deadline for Submitting Annual Notice of HIPAA Breach" (January 2022)
"OCR Issues Notice of Proposed Rulemaking Proposing Changes to HIPAA Privacy Rule" (December 2020)
"Coronavirus: Significant HIPAA Relief in Telehealth Context Due to COVID-19 Response" (March 23, 2020)
"Coronavirus: Health Care Provisions in The CARES Act" (March 20, 2020)
"Coronavirus: HHS Announces Limited Waivers of HIPAA Penalties and Sanctions" (March 17, 2020)
"CMS and ONC Publish Final Interoperability and Information Blocking Rules," republished in Westlaw Journal Healthcare (March 2020)
"District Court Ruling Impacts HIPAA Access Request Permissible Charges" (February 2020)
"Help with HIPAA!" (March 2016)
"Community Health System's HIPAA Breach: Significant Lessons for Health Care and Non-Health Care Companies" (August 2014)
"PODCAST: Preparing for a HIPAA Breach - Tips from the Trenches" (July 2014) [Ober|Kaler]
"HHS's New Security Risk Tool for HIPAA Compliance" (March 2014)
"New Health IT Privacy and Security Guide Issued" (May 2012)
"HHS Releases Proposed Changes To HIPAA Privacy, Security And Enforcement Rules" (August 24, 2010)
"Action Items For HITECH Act Compliance" (December 2009)

"The HIPAA in the Room: New Developments in HIPAA and Security Laws" (May 2013)
"Louisiana Nursing Home Association Annual Meeting" (September 2012)

An Overview of HIPAA Issues for Financial Institutions and Best Practices for Your Vendor Management Program (June 2021)
2021 Health Care Outlook (February 2021)

Baker Donelson Adds Renowned Biometric Privacy Thought Leader David J. Oberly in D.C. (November 8, 2023)
Baker Donelson's Aldo M. Leiva Appointed Vice Chair of ABA International Law Section's Cyber Committee (August 23, 2023)
Michaela D. Poizner Named Chair of Baker Donelson's Nationally Recognized Health Law Group (April 10, 2023)
Health Care Regulatory Attorney Robert Wells Joins Baker Donelson (November 17, 2021)
Baker Donelson Continues to Expand Its Technology & Privacy Practice with Addition of Vivien F. Peaden in Atlanta Office (August 4, 2021)
Layna Cook Rush Named Chair of Baker Donelson's Data Incident Response Team (March 5, 2021)
Aldo M. Leiva Honored by Cuban American Bar Association (December 3, 2020)
Baker Donelson's Layna Cook Rush Earns Additional Information Privacy Certification (November 10, 2020)
Baker Donelson's Andrew J. Droke Earns Information Privacy Certification (July 16, 2020)
Baker Donelson Attorneys Elected Fellows of American Bar Foundation (September 3, 2019)
Privacy and Data Security Attorney Aldo M. Leiva Joins Baker Donelson (November 5, 2018)
Baker Donelson Privacy & Information Security Chair Alisa L. Chestler Joins Nashville Office (September 14, 2016)
Baker Donelson Adds Veteran Medicare Reimbursement Attorney Stephen M. Azia to Health Law Practice (June 4, 2013)
Baker Donelson Ranked Fifth on American Health Law Association's List of Largest Health Care Law Firms (January 23, 2012)

Eve Cann Talks with Law360 About Firm's New Fort Lauderdale Office Space (January 26, 2024)
Eve Cann Discusses Baker Donelson's Fort Lauderdale Office Move in South Florida Business Journal (January 23, 2024)
Robert Wells Featured in Pharmaceutical Executive Discussing Anticipated Regulatory Actions Governing Use of AI in Pharma Industry (January 17, 2024)
Layna Rush Discusses What to Expect After a HIPAA Violation in Healthcare Risk Management (December 1, 2023)
Layna Rush Comments on OCR's Security Risk Assessment Tool in Healthcare Risk Management (December 1, 2023)
David Oberly Talks with Law360 About Federal Regulatory Focus on AI (November 9, 2023)
Law360 Highlights Addition of Biometric Pro David Oberly to Baker Donelson's D.C. Office (November 9, 2023)
Alisa Chestler Featured in MedTech Intelligence Q&A on Overcoming Barriers to EHR Adoption in Behavioral Health (November 8, 2023)
Alisa Chestler Featured on Healthcare IT News' HIMSS TV Discussing Behavioral Health Data Interoperability (October 18, 2023)
Allison Cohen and Alissa Fleming Discuss Behavioral Health Changes Proposed in Physician Fee Schedule Rule in Part B News (September 18, 2023)
Alisa Chestler Discusses SEC Rules Regulating Cybersecurity in Nashville Post Q&A (September 5, 2023)
Layna Rush Quoted in Healthcare Risk Management on How a Hospital Cyberattack Can Critically Affect Other Hospitals in the Community (September 1, 2023)
Alisa Chestler Quoted in Part B News on Cybersecurity Challenges Facing Providers in the Wake of MOVEit Data Breach (August 21, 2023)
Alisa Chestler Comments on New SEC Cybersecurity Incident Disclosure Rule in VentureBeat (August 7, 2023)
Alisa Chestler Talks with Healthcare Risk Management About Impact of Proposed OCR Rule Involving Reproductive Privacy Rights on HIPAA Policies and Procedures (July 1, 2023)
Alisa Chestler Discusses Protecting Enterprise Assets Against Cybersecurity Failures in InformationWeek (June 21, 2023)
Layna Rush Discusses Cyber Liability Insurance vs. Data Breach Insurance in CSO Magazine (June 14, 2023)
Michaela Poizner Discusses Her New Role as Chair of Baker Donelson's Health Law Group in Law360 (April 11, 2023)
Nashville Medical News Highlights Michaela Poizner as Chair of Baker Donelson's Health Law Group (April 10, 2023)
Layna Rush Shares Best Practices for Cyberattack Response Planning in Healthcare Risk Management (April 1, 2023)
Robert Wells Talks with PharmaVoice About Increased Antitrust Scrutiny of Pharmaceutical Companies (February 2, 2023)
Robert Wells Quoted in PharmaVoice Newsletter on Increased Antitrust Enforcement for the Health Care Industry (January 17, 2023)
Robert Wells Discusses How CMS's New Emphasis on Behavioral Health is Likely to Lead to Enforcement Action in Part B News (January 2, 2023)
Ashley Cooper Comments on Addition of Four New Attorneys to Recently Launched Charleston Office in American Lawyer (October 7, 2022)
McKnight's Senior Living Highlights Guidance from Alissa Fleming and Catherine Wrenn on How Negotiated Risk Agreements May Mitigate Litigation Exposure (September 29, 2022)
Chief Growth Officer Mark Carlson Discusses Baker Donelson's Expansion into Charleston and Beyond in Law360 (September 13, 2022)
American Lawyer Talks with Chief Growth Officer Mark Carlson and Office Managing Shareholder Ashley Cooper About Launch of Baker Donelson's Charleston Location (September 12, 2022)
Chief Growth Officer Mark Carlson Comments in Reuters on Baker Donelson's New Charleston Office and Continued Expansion in the Carolinas (September 12, 2022)
Tim Lupinacci Quoted in Charleston Post and Courier on Baker Donelson's New Location in Charleston (September 12, 2022)
Kathleen Salsbury Comments in Part B News on Preparing for Policy and Compliance Changes as CMS Hints at End of COVID Public Health Emergency (September 8, 2022)
Robert Wells Comments on Impact of OTC Hearing Aid Rule in Part B News (August 29, 2022)
Alisa Chestler Quoted in Behavioral Health Business on Future of EHRs in Behavioral Health Care (August 18, 2022)
Robert Wells Talks with Healthcare Risk Management About Flexibility That Value-Based Safe Harbor and Stark Exception Offer Providers (July 1, 2022)
Newly Elected Nashville Shareholders Bert Chollet, Andy Droke and Ryan Richards Featured in Nashville Post (April 18, 2022)
Aldo Leiva Featured in Dairy Foods Magazine Offering Advice for Manufacturing Industry on Mitigating Cybersecurity Risk (April 5, 2022)
Robert Wells Featured Among Savoy's 2022 Most Influential Black Lawyers (February 14, 2022)
Layna Rush Comments in Tech Target on Impact of Potential Litigation and Regulatory Action from Data Breaches (January 20, 2022)
Robert Wells Discusses Demand for Health Law Attorneys in Law.com (December 6, 2021)
Law360 Highlights Addition of Robert Wells to Health Law Group (November 19, 2021)
Baker Donelson's Addition of Six North Carolina-Based Health Law Attorneys Featured in American Lawyer (October 13, 2021)
Layna Rush Quoted in Commercial Risk on Data Breach Response for the Vaccine Supply Chain (October 12, 2021)
Aldo Leiva Discusses Impact of Session Replay Lawsuit Dismissal in Daily Business Review (September 14, 2021)
Law360 Highlights Addition of Vivien Peaden to Firm's Privacy and Technology Practice (August 5, 2021)
Layna Rush Discusses Whistleblower Exception That Allows Reporting HIPAA Violations with PHI in Healthcare Risk Management (May 14, 2021)
Aldo Leiva Discusses Potential for Florida COVID Data Whistleblower to Face Felony Charge on WPTV (December 9, 2020)
Aldo Leiva Comments on Legal Implications for COVID-19 Data Whistleblower in Orlando Sun Sentinel (December 8, 2020)
Alisa Chestler Comments on Recent OCR Right of Access Settlements in Hospital Access Management (November 10, 2020)
Ashley Meredith Strittmatter Offers Advice for Professionals Returning to Practice in Plastic Surgery Practice (May 22, 2020)
Layna Cook Rush Comments in CityBusiness on Privacy Issues Related to Businesses Gathering Customer Information for Contact Tracing (May 6, 2020)
Alisa Chestler Featured on AUA Inside Tract Podcast on Understanding COVID-19 HIPAA Relief Provisions for Telehealth (March 31, 2020)
Layna Cook Rush Discusses Top Challenges Facing Healthcare Executives During 2020 in Managed Healthcare Executive (January 4, 2020)
Alisa Chestler Discusses Continued Emphasis on Cybersecurity and Data Privacy Law During 2020 in Law360 (January 1, 2020)
Alisa Chestler Featured on HealthcareInfoSecurity Discussing Data Privacy and Security Trends (November 13, 2019)
Alisa Chestler Discusses Best Practices for Health Care Providers to Prevent Ransomware Attacks in Bloomberg Law (July 31, 2019)
Alisa Chestler Quoted in Bloomberg Law on Trend of Tech Companies Partnering with Health Care (March 4, 2019)
Alisa Chestler Discusses HHS Draft Strategy for Interoperability Among Electronic Health Records in the Nashville Post (March 2, 2019)
Ashley Thomas Quoted in Bloomberg Law on Proposed HHS Rule Allowing Exceptions to Information Blocking Ban (February 11, 2019)
Alisa Chestler Talks with Law360 About the Continued Growth of Cybersecurity Practice Area in 2019 (January 1, 2019)
Alisa Chestler Quoted in HIPAA Regulatory Alert on Operational Issues Involved in Access to Patient Records (December 1, 2018)
Alisa Chestler Discusses Need for Comprehensive Information Security Programs to Prevent Health Care Cyber Extortion in Bloomberg Health Law & Business (November 15, 2018)
Michaela Poizner Featured in Nashville Medical News (April 4, 2018)
Alisa Chestler Offers Advice for Health IT Leaders After WannaCry Attack in HealthExec (May 16, 2017)
Alisa Chestler Talks About New HHS Position Focused on Health Technology with Bloomberg BNA's Health IT Law & Industry Report (April 3, 2017)
Alisa Chestler Quoted in McKnight's on HIPAA Compliance Crackdowns (March 3, 2017)
Alisa Chestler Quoted by Bloomberg BNA Regarding $2.2M Settlement over Data Breach (January 25, 2017)
Alisa Chestler Comments on Implementation of Electronic Information Blocking Provisions of Cures Act in Bloomberg BNA's Health Care Daily Report (December 15, 2016)
Michaela Poizner Talks with Part B News About Exclusions from Meaningful Use Public Health Reporting (October 26, 2015)
Layna Cook Rush Talks with Wolters Kluwer Health Law Daily About State Exchanges Post-King v. Burwell (October 15, 2015)
Michaela Poizner Discusses Meaningful Use Audit Mistakes to Avoid in Part B News (September 14, 2015)
Alisa Chestler Comments on Cybersecurity Concerns in the Mississippi Business Journal (August 21, 2015)
Layna Cook Rush Talks with Greater Baton Rouge Business Report About Promoting Healthy Lifestyles in the Workplace (August 19, 2015)
Alisa Chestler Quoted in Hotel News Now Article on Upcoming Changes in Credit Card Security Liability (August 12, 2015)
Alisa Chestler Comments on Data Breaches in Hotel News Now (August 10, 2015)
Alisa Chestler Comments on Cyber Security in Commercial Appeal (July 22, 2015)
Alisa Chestler Talks with Wolters Kluwer Health Law Daily About Patient Data Security (July 8, 2015)
Layna Cook Discusses Recent HIPAA Ruling in ABA Litigation News (May 1, 2015)
Steve Azia Quoted in Law360 on Medicare Audit Reforms (January 14, 2015)
Michaela Poizner Provides Insight on Health Care Law in 2015 in Nashville Medical News (January 6, 2015)
Alisa Chestler Comments on Data Breaches in Wolters Kluwer Health Law Daily (September 18, 2014)
Alisa Chestler Provides Insight on HIPAA Violations in Healthcare Risk Management (August 1, 2014)
Steve Azia Comments on RACs in Managed Care Contracting and Reimbursement Advisor (February 5, 2014)
Steve Azia Comments in HME News on Proposed Rule That Would Expand Medicare's Authority to Revoke Billing Privileges (May 31, 2013)
Alisa Chestler Comments on Federal Omnibus Rule Modifying HIPAA in Nashville Medical News (March 5, 2013)

View All Professionals in this Practice

Related Practices

Related Industries

Featured Media

HIPAA Updates: The Obligations Continue to Unfold

Publication / February 19, 2024

Bridging the Gap: Key Changes in the Part 2 Final Rule

Publication / February 14, 2024

Top Privacy and Cybersecurity Issues to Track In 2024

Publication / January 29, 2024

Search By Last Name

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Baker Donelson is a national law firm with more than 650 attorneys and public policy advisors representing more than 30 practice areas to serve a wide range of legal needs. Clients receive knowledgeable guidance from experienced, multi-disciplined industry and client service teams, all seamlessly connected across 23 offices in Alabama, Florida, Georgia, Louisiana, Maryland, Mississippi, North Carolina, South Carolina, Tennessee, Texas, Virginia, and Washington, D.C.