Data breach, breach response, cyberliability, drones, and encryption are just a few of the terms that have worked their way into our vocabulary as businesses use evolving technologies to collect and maintain increasing amounts of electronic data. Competitive pressures require companies to take advantage of these efficiencies, but raise a host of new and ever-changing security risks, privacy considerations, compliance concerns, and legal requirements.
Our interdisciplinary team has significant experience in advising legal departments, boards, executive leadership, and compliance and IT teams on sophisticated and practical data management, data security and privacy matters, including proactive data security and privacy strategic planning, breach preparation and cybersecurity risk management, security breach response, national and global privacy and security program design and implementation. We provide practical advice to clients on how they can collect, use, and share data and still meet their operational and organizational goals while complying with the ever-changing privacy laws, regulations, and industry standards, including: California Consumer Privacy Act (CCPA); EU General Data Protection Regulation (GDPR); EU ePrivacy Directive; Health Insurance Portability and Accountability Act (HIPAA); Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA); China’s Cybersecurity Law; Fair Credit Reporting Act (FCRA); Gramm-Leach-Bliley Act (GLBA); Telephone Consumer Protection Act (TCPA); Electronic Communication Privacy Act (ECPA); Children’s Online Privacy Protection Act (COPPA); U.S. state privacy laws; Federal Trade Commission (FTC) Guidance; Payment Card Industry Standards (PCI); and the Network Advertising Initiative’s Code of Conduct. Our attorneys closely track developments at the state, federal and international levels to ensure that our clients always are fully informed of and compliant with changes in the legal and regulatory environment.
With regard to HIPAA/HITECH specifically, we counsel hospital companies and healthcare providers on the increasingly stringent federal laws and regulations related to HIPAA compliance and the privacy and security of personal health information, including federal and state security standards, business associate standards and breach reporting requirements. We navigate state and other requirements related to the responding to data breaches and preventing identity theft, implementing necessary policies and training employees. As providers are incorporating information security and electronic health records (EHR) into their compliance plan and patient experience, we counsel them with respect to the use of mobile devices, including physician use of mobile devices to transmit and access electronic patient records.
Our attorneys assist clients with:
The information blocking regulations issued by the Office of the National Coordinator of Health Information Technology (ONC) pursuant to the 21st Century Cures Act (Information Blocking Rules) present complex operational, compliance and security challenges for a variety of entities across the healthcare landscape. Healthcare providers, health IT developers of certified IT, and health information exchanges and networks (HIEs/HINs) must take proactive steps to comply with the new regulatory structure that upsets traditional methods for addressing requests for electronic health information (EHI).
Drawing from our extensive knowledge of healthcare regulatory and data privacy matters, our multidisciplinary team provides practical solutions to the commercial and regulatory issues that come with navigating the intersection of Information Blocking Rules, Health Insurance Portability and Accountability Act (HIPAA), other federal and state laws and operational concerns. We assist a wide range of healthcare companies with compliance and implementation of the Information Blocking Rules, including operationalizing these rules in alignment with existing processes. We advise healthcare providers, health IT developers and HIEs/HINs on the following:
Counseled an academic medical center on international data protection regulations that apply to a global disease surveillance platform involving data from dozens of countries
We advise professional sports organizations, including NFL and MLS franchises, with respect to intellectual property licensing and enforcement matters, events and entertainment agreements, major sponsorship and technology agreements, registration, protection and enforcement of trademarks, trademark and copyright clearance issues, domain name issues, website and mobile app privacy policies and data collection practices (including responses to potential data breaches), as well as legal compliance in connection with fan rewards marketing programs.
We advise a multinational specialty manufacturing and technology company in all domestic and international privacy and data protection matters, including assistance in implementing a privacy compliance program and drafting license and services agreements, including data use and rights terms, and data access and deletion request response procedures.
We serve as lead outside counsel for a global Fortune 500 media company negotiating data protection and privacy agreements and contractual terms, including for engagements of ad tech, security infrastructure, financial services, and clinical healthcare service providers, as well as advising on U.S. and international security and privacy regulations and self-regulatory framework compliance.
We advise a Fortune 100 healthcare company on both HIPAA and non-healthcare regulatory privacy legal compliance, including assistance with consent management, data usage rights, and enterprise-wide multi-disciplinary design of a patient communications system.
We provide ongoing counseling and assistance with U.S. and international data protection and privacy legal and regulatory compliance matters and contract negotiation for an international nonprofit association in a highly regulated industry, including updates and revisions to multiple privacy notices and policies for various audiences and stakeholders, negotiation of data protection, privacy and data rights terms in client and supplier agreements, implementation of data transfer mechanisms, and counseling with respect to information security and data management practices.
We provide ongoing counseling and advice for a publicly-traded health and wellness company regarding privacy and data protection compliance matters with respect to state and federal privacy laws, including the California Consumer Privacy Act (CCPA), including mergers and acquisitions compliance diligence, and assistance with development of an effective data governance and privacy compliance program.
We provide ongoing counseling and assistance with data protection and privacy legal and regulatory compliance matters for a multinational wellness company, including developing and updating privacy notices and security policies, advising on data governance across the organization, drafting and implementing data access and deletion request response procedures and programs, and negotiating vendor agreements, including privacy, security and data protection terms.