Skip to Main Content
Practices

HIPAA

Print Version

Baker Donelson's Health Law attorneys have carefully tracked and mastered HIPAA's intricacies to provide authoritative counsel to health care clients as they undertake the demanding compliance burdens of the Act and its rules.

Why Baker Donelson?


More than 200 attorneys and advisors serving the health care sector
Ranked as a top health law firm by Modern Healthcare, Best Law Firms®, Chambers USA, ABA, and AHLA
Extensive experience working with HHS, CMS, DOJ, FEMA, and other federal government agencies
5 former American Health Law Association presidents who served while practicing at Baker Donelson

Featured Experience


Successfully defended hundreds of financial institutions, health systems, educational institutions, and other businesses in data security breaches and the corresponding federal and state law requirements and investigations; served as regulatory counsel in numerous privacy lawsuits.

Advised HIPAA Covered Entities and Business Associates in HIPAA Privacy, Security and Breach Notification compliance and state consumer privacy compliance.

Represented covered entities and business associates with regard to compliance with HIPAA and HITECH standards, including negotiating service and business associate agreements, preparing policies and procedures, and analyzing complex transactions and business relationships, including data supply and related arrangements.

Practice Overview


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) profoundly changed health care privacy requirements and patient privacy rights. A nearly four-year period of regulatory rulemaking culminated in the HIPAA transaction and code set regulations that mandate uniform formats and coding for electronic health care transactions, such as insurance eligibility determinations and claims presentments and payments. In the move to standardize electronic transactions, the privacy and security regulations were also federally mandated to regulate the privacy of patient health data and to require certain entities to implement physical, administrative and technical privacy and security policies and procedures in order to deter unauthorized access, use or disclosure of oral, written and electronic protected health information (PHI). With the enactment of the HITECH Act came an expansion of the HIPAA Privacy and Security requirements and an increase in the potential civil and criminal penalties that may be assessed. The Breach Notification Final Rules soon followed requiring certain entities to notify patients, the government and even the media of certain breaches of unsecured PHI.

Baker Donelson's Health Law attorneys have carefully tracked and mastered HIPAA's intricacies to provide authoritative counsel to health care clients as they undertake the demanding compliance burdens of the Act and its rules. The four main categories of these services are:

  • Assessing and implementing HIPAA compliance plans, including form documents, on-site visits and training;
  • Providing legal services for covered entities, vendors and service providers (business associates), to defend patient complaints and mitigate the damage of costly breaches;
  • Providing counsel to assist clients in breaches of unsecured PHI notification, reporting and documentation processes; and
  • Defending entities in governmental investigations/actions and private causes of action for alleged state and federal privacy violations.
  • Successfully defended hundreds of financial institutions, health systems, educational institutions, and other businesses in data security breaches and the corresponding federal and state law requirements and investigations; served as regulatory counsel in numerous privacy lawsuits.

  • Co-authored thousands of pages of data security policies and procedures, presented lectures at statewide hospital training conferences and conducted daily help-line services for a hospital association's HIPAA Privacy and Security Compliance Program.

  • Implemented Corporate Compliance and Ethics Plans and HIPAA Compliance Plans for health care organizations including hospitals, nursing home chains, hospice providers, physician practices, DME suppliers, and pharmaceutical manufacturers.

  • Conducted audits and due diligence reviews for a broad array of clients with regard to compliance with Medicare standards, HIPAA, fraud and abuse, and 340B Drug Pricing Program compliance.

  • Represented clients before the Centers for Medicare & Medicaid Services in connection with regulatory and policy interpretation issues and billing revocation determinations; the Office for Civil Rights for HIPAA Privacy Rule investigations and data breach notifications; and the Health Resources and Services Administration, Office of Pharmacy Affairs, for 340B Drug Pricing Program compliance.

  • Advised HIPAA Covered Entities and Business Associates in HIPAA Privacy, Security and Breach Notification compliance and state consumer privacy compliance.

  • Represented providers in HIPAA, HITECH, privacy litigation, and related compliance advice.

  • Navigated client through HIPAA investigation conducted by the HHS Office of Civil Rights. Investigation was dismissed and no penalties assessed.

  • Represented covered entities and business associates with regard to compliance with HIPAA and HITECH standards, including negotiating service and business associate agreements, preparing policies and procedures, and analyzing complex transactions and business relationships, including data supply and related arrangements.

  • Represented a medical practice in connection with a HIPAA reportable data breach.

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept