Healthcare Privacy and Security
Sheppard Mullin’s award-winning team represents some of the nation’s largest and most respected companies across the healthcare industry spectrum, including device manufacturers, health IT companies, laboratories, health plans, hospital organizations, contract research organizations, pharmaceutical companies, long-term care providers and others. Our team of healthcare and privacy attorneys has extensive experience helping clients understand the complex state and federal laws regarding the privacy of medical records and related data, proactively identify regulatory compliance challenges and craft policies and compliance programs to minimize the company’s vulnerability points. From laws that generally protect medical information (such as HIPAA), to state laws that apply to specially protected types of information (e.g., HIV test results and mental health/substance abuse treatment records), to general privacy laws such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) we have provided in-depth guidance on these laws and policies and the steps that healthcare organizations and professionals will need to take to be in compliance.
   We have particular expertise in designing and implementing privacy compliance programs. Our legal services also include interpreting HIPAA’s statutory requirements and administrative pronouncements. We strongly believe that healthcare providers must take a proactive approach to ensure continued compliance with HIPAA’s privacy standards and well as state federal and international laws. We also assist clients in writing privacy policies and procedures, in providing notice to employees regarding these policies and procedures, in revising contracts and planning for future business partnerships and in training employees.
What We Do
• Develop and implement compliance programs, establish data sharing programs and protocols and prepare patient notices, authorizations/consents
• Conduct employee training on privacy and security issues, including HIPAA compliance
• Advise on participation in HITRUST and/or healthcare industry ISACs and assist with achieving certification
• Draft or review contractual arrangements, such as
business associate agreements, vendor agreements and payor agreements to ensure legal compliance and the greatest amount of protection
•Assist in compliance with applicable data security breach notification laws
• Represent companies in governmental agency investigations and litigation by state attorneys general or private citizens, including class actions
• Conduct privacy and security diligence in the context of healthcare mergers, acquisitions, divestitures and other transactions
• Draft indemnifications and negotiate protections related to privacy and security issues
• Advise on the legalities and risks of data transfers, including cross-border transfers, and the sale of data
• Advise on compliance with PCI-DSS, NIST and other
security standards
 Brussels | Century City | Chicago | Dallas | Houston | London | Los Angeles | New York | Orange County
San Diego (Downtown) | San Diego (Del Mar) | San Francisco | Seoul | Shanghai | Silicon Valley | Washington, D.C. www.sheppardmullin.com
- 14 -