Nelson Hardiman regularly advises clients on issues related to HIPAA, the Health Insurance Portability and Accountability Act.  We assist clients in ensuring their compliance with security and privacy requirements for healthcare information.

Although the term “HIPAA” has become synonymous with patient privacy, California healthcare providers need to be equally concerned with CMIA, the Confidentiality of Medical Information Act. Together, these two laws address not only patient privacy requirements, but also electronic standardization, security, and other requirements governing the handling and transmission of health information.

Federal and California law have significant differences in the area of patient privacy. With respect to coverage for example, HIPAA privacy and security rules apply to “covered entities,” which include healthcare providers who transmit healthcare information in electronic form (using a standard transaction), healthcare clearinghouses (e.g. billing companies), and health plans. CMIA, by contrast, has a far broader scope of coverage. In many areas, CMIA is actually more stringent than HIPAA in establish safeguards for patient privacy.

Nelson Hardiman routinely designs and implements HIPAA compliance plans, which the Health Information Technology for Economic and Clinical Health (HITECH) Act rendered mandatory for covered entities and business associates alike beginning February 17, 2010. In addition to preparing compliance plans, Nelson Hardiman provides the following specific services:

  • Audits of the state of HIPAA compliance in your organization
  • Provision of business associate agreements and other HIPAA-compliant contracts
  • Preparation of HIPAA compliant security and privacy policies and procedures
  • Service on an onngoing basis as HIPAA compliance counsel
  • Breach assessment and notification
  • Workforce training

HIPAA lawyers at Nelson Hardiman counsel providers to determine and ensure HIPAA compliance and CMIA compliance, or when responding to allegations of noncompliance by state and federal regulators. We have assisted numerous providers, including physician organizations, skilled nursing and other long-term care facilities, educational institutions, software providers, and medical billing companies, with developing compliant notices and practices in their practices.

We also regularly respond to patient complaints concerning the handling of private information, and have defended lawsuits and administrative disciplinary actions involving these issues before both federal and state regulators.