HIPAA Basics for Every Lawyer

So we talked about HIPAA and more generally how it applies to attorneys and the constrictions attorneys to think about HIPAA is part of a regulatory federal regulatory scheme scheme that protects individuals protected health information so anything that's individually identifiable to them that doesn't prove a record when they go seek health care services entities that are subject to HIPAA include covered entities but also their business associates and their subcontractors attorneys usually fall into those subcontractors that work with those covered entities and other business associates of the covered entities When an attorney or law firm realizes that they are receiving protected health information from a client the first thing they do is sign a business associate agreement with that client it's important to look at the terms of those BAAs because standard BAAs don't really take into account the attorney-client relationship so looking at the return and destroy requirements, the insurance requirements, indemnification, making sure that they have insurance in place that appropriately covers a liability so do they have cyber liability insurance do they have a CGL policy that covers data breaches so when an attorney enters into a relationship with a covered entity or a business associate that handles an individual's protected health information protected under the HIPPA regulations they need to be very conscious of those HIPPA regulations and maintaining those protections to any PHI that the attorneys receive on behalf of their clients that are covered under HIPAA Risk assessment is required under HIPAA for anybody who is subject to HIPAA which would include law firms that are business associates so absolutely we need to do a full risk assessment that's recommended by industry groups in addition to just the regulations under HIPAA so even if you're not subject to HIPAA have a security assessment is really important because law firms are dealing with all sorts of confidential information not just health information Covered entities under HIPAA have an obligation to make sure that the vendors they are using are complying with HIPAA so we're seeing a lot more due diligence on the part of our clients when they're making sure that all of their vendors and service providers including their law firms are meeting appropriate security standards sometimes attorneys don't know that they are either receiving individuals protected health information and are subject to HIPAA or that these regulations even exist and apply to them it's been increasingly important the omnibus rule actually included business associates like attorneys and their subcontractors which could also be attorneys to be directly regulated by the Office of Civil Regulations so now they can be liable for those violations by the OCR If you're a smaller or a midsize firm I would start with looking at whether you're receiving protected health information from your clients what type of information you're receiving and where you're receiving it so you have it electronically or you getting paper records then I'd look and see if you can afford encryption that's usually the first safeguard to look at making sure that the data that you have is encrypted when you have it in your files then making sure you have appropriate insurance coverage is also an important next step as data security becomes an increasing interest in clients many insurers are offering cybersecurity coverage it's pretty standard now with all the major carriers and you can just call your broker and they'll know exactly what you mean when you ask for a quote on cyber coverage

Source: Youtube

Like it? Share with your friends!


Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Voting to make decisions or determine opinions
Formatted Text with Embeds and Visuals
The Classic Internet Listicles
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Upload your own images to make custom memes
Youtube, Vimeo or Vine Embeds
Soundcloud or Mixcloud Embeds
Photo or GIF
GIF format