As an extension of our counseling and risk management services to clients in the health care industry, we stand ready to assist in evaluating the scope of a potential data breach, as well as formulating a response plan that complies with state and federal regulations and also aligns with our clients’ own data strategies. We help in determining if data incidents rise to the level of a reportable breach, and work closely with clients in responding to data breaches including disclosures affecting hundreds of thousands of individuals.
Incident Response & Breach Reporting
We guide our clients through incident analysis under HIPAA and state breach reporting laws, the investigation process, mitigation and breach reporting where necessary. Our attorneys are experienced in incident response, government enforcement actions and subsequent litigation. We assist with breaches involving residents of all 50 states and have deep experience in the state breach notification laws. We partner with forensics companies to determine root cause, assist in remediation activities and evidence preservation, draft the required notices, and prepare for OCR investigations.
Audits & Investigations
The firm has deep experience in helping clients prepare for and respond to OCR compliance reviews and HIPAA audits. Our team of privacy attorneys includes a former OCR attorney who actively participated in the first round of HIPAA audits and regularly advised regional investigators on policy and legal questions that arose throughout OCR breach investigations. As such, we are particularly well-positioned to provide clients with practical advice to help them successfully navigate through a government investigation or compliance review without the imposition of penalties.
We have created an audit preparation tool for clients to prepare for all potential phases of an OCR audit, and have successfully guided clients through breaches involving tens of thousands of affected patients, resulting in OCR closing the cases without adverse findings. We have also guided clients through privacy-related investigations at the state level, including by state Attorneys General and other agencies, including the California Department of Public Health (CDPH) and have assisted clients in successfully obtaining closure of investigations.