Your SlideShare is downloading. ×
Lawyers: What You Don't Know About HIPAA Could Hurt You
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Lawyers: What You Don't Know About HIPAA Could Hurt You


Published on

Learn how HIPAA rules and regulations apply to your law firm.

Learn how HIPAA rules and regulations apply to your law firm.

Published in: Business

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Lawyers: What You Don’t Know About HIPAA Could Hurt You Posted on 10/07/2013 by beverlym Do you receive, use, store, or transmit personal health information (PHI) on behalf of clients? If so, you are a “business associate” under HIPAA. As a business associate, lawyers must implement privacy and security programs to protect against improper use or disclosure of client health information. They are also obliged to ensure that their subcontractors (digital print shops, cloud providers, legal nurse consultants, medical experts) follow HIPAA rules. Practice Areas Affected by HIPAA Regulations HIPAA has the potential of touching more than the obvious practice areas:      Personal Injury Insurance Defense Social Security Workers Compensation Medical Malpractice Any lawyer who reviews or obtains inforamtion concerning payment for health care is also a business associate under the act. This may affect lawyers who practice in:        Conservatorships and Guardianships Estate Planning Probate Business Law Insurance Law Bankruptcy Debt Collection For more information on how HIPAA may apply to your law firm, see Kelly T. Hagan, “Business Associate, Esq.: HIPAA’s New Normal,” in the September 2013 issue of In Brief, available on the PLF Web site > In Brief. Hagan recommends lawyers take the following steps now: 1. Identify Privacy and Security Officials. This is not only required by rule, it places responsibility with identified persons. So long as everyone is responsible, no one is.
  • 2. 2. Document a Risk Analysis. Again, this is required, not simply a good idea. The firm may wish to take this on, or may look to compliance professionals for assistance. 3. Focus on Mobile Devices. The OCR hates PDAs. Data breaches resulting from stolen or misplaced laptops, iPhones, or Blackberries with PHI on them or accessible through them are a recurring breach scenario. 4. Compile Existing Policies and Procedures. We all have policies and procedures for keeping files safe and secure. You may be surprised at how far along you already are. You won’t know what is left to be done until you have all of your explicit materials in one place and can compare them to your legal obligations. The Multnomah Bar Association is offering a CLE on October 17 entitled HIPAA Omnibus Rule Compliance Checklist – For Law Firms and Other Entities that Fall Within the Definition of a Business Associate. This promises to be an incredibly helpful program for lawyers and legal staff. If you can’t attend, the MBA records and archives all CLEs for later access. Originally posted at on October 7, 2013. All Rights Reserved.