Legal Services for Covered Entities
- Executive briefings and seminars to acquaint
top management and staff with HIPAA, including:
- Overview of the Privacy, Security,
Transaction and Code Sets and/or Identifier requirements imposed
by HIPAA
- Mechanisms to implement and promote
ongoing HIPAA compliance
- Requirements for enterprise-wide security
and privacy policies
- Compliance
- Clinical process
- Administrative/ business process
- IT use and change-control (both
computer and communications systems)
- Physical security
- Personnel security and security
clearances
- Security infrastructure requirements
for information technology and telecommunications
- Physical, personnel, and business-process
security and privacy requirements
- Data transaction and code set implementation
issues
- Trading Partner Agreements (also called
Chain-of-Trust and Business Partner Agreements)
- Criminal and civil penalties and related
litigation avoidance and preparation
- Unfunded mandates
- Employee Training or assistance in developing
employee training sessions or modules
- Development or assistance with privacy
and security policies
- Development or assistance with Business
Partner/Trading Partner Agreements and "standard" language for
agreements with Business Associates and other Covered Entities
- Interpretation of state and other federal
laws to identify applicable standards on Covered Entities
- Counseling concerning the interpretation,
application and implementation of HIPAA within client organizations
- Procurement & selection processes (fast-track
or use of RFIs and RFPs) and negotiation of contracts for
- Security and other consultants for
HIPAA-related matters
- Computer, telecommunications, security
system, encryption, and other infrastructure vendors
- Business Associate Agreements (the
"Chain-of-Trust" and "Business Partner" agreements specified
in HIPAA's proposed security and privacy rules)
- Analysis of HIPAA's various legal standards
to guide the work of your internal staff and those of your security
consultants in performing or developing
- Initial and recurring security assessments
- "Gap analyses" and penetration exercises
(hacking into networks and websites to identify vulnerabilities)
- Overall HIPAA plans covering:
- Business process reengineering
- Physical, personnel, and procedural
security plans
- Changes to computers and computer
and communications networks
- Insurance issues
- Patient notification issues
- Processes by which to handle requests
from patients regarding:
- Access to and review of their
medical records
- Review of accounting of disclosures
of protected health information
- Amendments to content of medical
records
- Analysis of existing contracts and contracts
currently being negotiated for HIPAA issues, including:
- License and maintenance agreements
with computer and telecommunications systems vendors
- Affiliation agreements between, for
example, affiliated hospitals or between hospitals and affiliated
medical schools
- Clinical or administrative services
agreements
- Budgeting for enterprise-wide HIPAA projects
(understanding the legal standards that control project decisions
can help direct resources appropriately and save wasted effort,
time, and money)
- Certification and accreditation requirements
of HIPAA
- Litigation avoidance planning (including
drafting appropriate policies) for HIPAA's:
- Criminal and civil penalties
- Self-reporting obligations
- Litigation strategies under:
- HIPAA
- State privacy laws related to HIPAA
- State tort and contract law
- Legislative work in Congress and before
the Executive Branch. The aim is to change various parts of HIPAA
that are unrealistic or unnecessarily burdensome in their approach
to security, the technology of security, cost-benefit analysis,
and providers' ability to deliver effective, efficient health care
services under HIPAA's present regime.
return to eHealth/HIPAA
Legal Services main page
|
