Health Care Counsel

Arent Fox's health care law blog offers news, analysis, and insights for the health care industry.

Health Care Counsel

HIPAA / Health Privacy & Security

Arent Fox began advising clients in matters involving the privacy and security of health information long before the final promulgation of the Privacy and Security Standards under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In fact, we represented clients before Congress and HHS throughout the negotiations of the Administrative Simplifications Provisions of HIPAA and the crafting of the final regulations. We also developed a comprehensive model HIPAA compliance program that enables health care providers to implement the Federal Privacy Standards in a systematic and efficient manner.

Given the depth of our HIPAA experience, we are uniquely positioned to provide our clients with a comprehensive, cost-effective means to incorporate new HIPAA and HITECH requirements into existing compliance programs, assess their obligations under the new data breach notification requirements, and unravel the complex HIPAA issues that frequently arise in the context of clinical research. Clients facing a HIPAA enforcement action can turn to Arent Fox with confidence knowing that one of our attorneys was involved in the resolution of the largest HIPAA enforcement case to date.


Secure Yourself: NIST Releases Final Version of the Cryptographic Standards and Guidelines Development Process

Covered entities and business associates subject to HIPAA Security Rule are closer to getting a benchmark for encryption standards with the release of the Standards and Guidelines Development Process in late March by the National Institute of Standards and Technology (NIST).


Stricter European Privacy Rules: Think Twice Before Marketing Health Care Goods and Services Across the Atlantic

On April 14, 2016, the European Union formally adopted a new scheme – known as the EU General Data Protection Regulation (GDPR) – to protect the personal data of European residents. The GDPR will enter into force in May 2018, replacing the EU Data Protection Directive 95/46/EC.  The GDPR is significantly more onerous than the Directive, seeking to enhance data privacy protections for Europeans. US health care organizations processing Europeans’ personal data should start preparing now for compliance. 


How Providers Can Prepare For Round 2 Of HIPAA Audits

*This article was originally published on Law360. To view online, click here


Are You Safe? Providers Struggle to Contend with Surge in Ransomware Attacks

In the wake of the recent ransomware attack on Hollywood Presbyterian Medical Center (discussed here), news reports have emerged that at least three more medical centers and a large health care system have been the victims of these attacks. Ransomware is a type of computer attack in which a computer virus encrypts computer files, preventing users from accessing the files until a ransom is paid.


Providers Prepare: OCR Launches Second Round of HIPAA Audits

On March 21, 2016, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced it was beginning its next round of audits of covered entities and business associates for compliance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule (the “Phase 2” audits). OCR’s audit program is designed to help OCR assess the HIPAA compliance efforts of the full range of entities covered by the HIPAA regulations.


SAMHSA Proposes First Revisions to Substance Abuse Medical Record Privacy Rules in Almost Three Decades

On Tuesday, February 9, 2016, the Substance Abuse and Mental Health Services Administration (SAMHSA) published proposed revisions to the rules governing the confidentiality of substance abuse treatment records found in 42 C.F.R. Part 2. The rules apply to any federally assisted drug or alcohol abuse program (as defined by the regulations) (each a Part 2 Program). These proposed changes mark the first time the regulations have been subject to revision since 1987.


Administrative Law Judge Upholds Imposition of Civil Penalties on Health Care Provider for HIPAA Violations

In a recent decision, a US Department of Health and Human Services (HHS) Administrative Law Judge (ALJ) agreed with the HHS Office of Civil Rights (OCR) that Lincare, Inc. d/b/a United Medical had violated HIPAA. The ALJ also sustained OCR’s imposition of a civil money penalty (CMP) of $239,800 on Lincare.


Ransomware Attack on California Hospital Puts Providers on Alert for New Threats to Health Information

While management at hospitals and other health care providers has long been aware of the need to implement computer security policies to comply with HIPAA’s requirements for protecting sensitive patient information, cybersecurity may have rocketed to the top of management’s priority list in the wake of the recent cyberattack on Hollywood Presbyterian Medical Center (HPMC) that left the hospital unable to access some of its computer systems for ten days.


Webinar: Text for Success- New Rules for Engaging Your Audience Amid Regulatory Changes


New Partner Douglas Grimm Adds to Health Care Practice Regulatory Clout

Washington, DC — Arent Fox is pleased to welcome partner Douglas A. Grimm, a Fellow of the American College of Healthcare Executives (FACHE), to its national Health Care practice. Mr. Grimm joins the Washington, DC office from Stradley Ronon where he was chair of the firm’s health care practice. Mr.


Subscribe to RSS - HIPAA / Health Privacy & Security


Add the Arent Fox Health Care Law blog to your RSS feed reader.

Arent Fox In Your Inbox
To subscribe to Arent Fox Alerts and other news, click here.


Arent Fox LLP, founded in 1942, is internationally recognized in core practice areas where business and government intersect. With more than 350 lawyers, the firm provides strategic legal counsel and multidisciplinary solutions to clients that range from Fortune 500 corporations to trade associations. The firm has offices in Los Angeles, New York, San Francisco, and Washington, DC.