Healthcare Data Breach Protection & Response
Healthcare Data Breach Protection & Response
With the number, scope and impact of healthcare data breach incidents constantly increasing, it is imperative for companies to create a proactive and vigilant healthcare data protection strategy to adequately defend against exposure to risk. Several of the country’s largest healthcare systems and numerous other healthcare companies have turned to Bass, Berry & Sims for assistance in responding to high-stakes breaches that required board and senior executive level involvement. Our Healthcare Data Breach Protection & Response practice has developed best-in-class data breach plans and resolution services to help clients mitigate risks in these volatile situations.
Our practice is led by data privacy and security members with decades of healthcare experience, attorneys from our Healthcare Fraud Task Force, and leaders in our HIPAA compliance area. As the fourth largest healthcare firm in the nation, we are able to immediately deploy an arsenal of attorneys and data technologists for data reviews when a mega breach occurs. With a former state and federal prosecutor of 20 years co-chairing the practice, as well as other experienced investigations attorneys, we are well positioned to engage in discussions and negotiations with the government when the need arises.
Our Healthcare Data Breach Protection & Response team stays abreast of developing technologies and current trends to help our healthcare clients control an exponentially-increasing amount of electronic data before disputes arise and to add efficiency, accuracy and consistency throughout all phases of data procurement, management and storage.
With regard to HIPAA/HITECH specifically, we regularly counsel healthcare providers on the increasingly stringent federal laws and regulations related to HIPAA compliance and the privacy and security of personal health information, including federal and state security standards, business associate standards, and breach reporting requirements. We navigate state and federal requirements related to responding to data breaches and preventing identity theft, implementing necessary policies and ensuring additional mitigation steps are fulfilled. We also counsel clients with respect to the use of mobile devices, including physician use of mobile devices to transmit and access electronic patient records.
In addition to our attorneys, Bass, Berry & Sims has a dedicated team of data technology professionals to collaborate with clients on all technical matters related to data management and preservation, document retention, and litigation readiness. With an eye toward cost containment and appropriately applying proven – yet new – technologies, the team ensures the firm offers innovative and effective solutions to clients in managing the volume, complexity and expense of electronic data. The Healthcare Data Breach Protection & Response team utilizes all available mechanical knowledge and resources of our data technology team to provide holistic strategies and practical solutions to our clients.
Our Clients
Our clients include publicly traded healthcare systems, regional and national not-for-profit systems, large hospitals, and healthcare companies with multiple facilities and large networks. Some examples include:
- National healthcare and hospital systems with dozens of facilities across multiple states
- Healthcare and hospital systems with facilities in the majority of counties in specific states/regions
- Healthcare networks offering community-based hospice and home healthcare services with 100+ branches
- Surgery center management companies with more than 200 ambulatory centers
- Operators of senior living and retirement communities with 1,000+ locations
- Large specialty care practices ranging from orthopedic centers to behavioral/substance abuse clinics
- Healthcare technology companies
- Global pharmaceutical and biotechnology companies
- Large medical supply and equipment companies
- National health plan and managed care providers
With the number, scope and impact of healthcare data breach incidents constantly increasing, it is imperative for companies to create a proactive and vigilant healthcare data protection strategy to adequately defend against exposure to risk. Several of the country’s largest healthcare systems and numerous other healthcare companies have turned to Bass, Berry & Sims for assistance in responding to high-stakes breaches that required board and senior executive level involvement. Our Healthcare Data Breach Protection & Response practice has developed best-in-class data breach plans and resolution services to help clients mitigate risks in these volatile situations.
Our practice is led by data privacy and security members with decades of healthcare experience, attorneys from our Healthcare Fraud Task Force, and leaders in our HIPAA compliance area. As the fourth largest healthcare firm in the nation, we are able to immediately deploy an arsenal of attorneys and data technologists for data reviews when a mega breach occurs. With a former state and federal prosecutor of 20 years co-chairing the practice, as well as other experienced investigations attorneys, we are well positioned to engage in discussions and negotiations with the government when the need arises.
Our Healthcare Data Breach Protection & Response team stays abreast of developing technologies and current trends to help our healthcare clients control an exponentially-increasing amount of electronic data before disputes arise and to add efficiency, accuracy and consistency throughout all phases of data procurement, management and storage.
With regard to HIPAA/HITECH specifically, we regularly counsel healthcare providers on the increasingly stringent federal laws and regulations related to HIPAA compliance and the privacy and security of personal health information, including federal and state security standards, business associate standards, and breach reporting requirements. We navigate state and federal requirements related to responding to data breaches and preventing identity theft, implementing necessary policies and ensuring additional mitigation steps are fulfilled. We also counsel clients with respect to the use of mobile devices, including physician use of mobile devices to transmit and access electronic patient records.
In addition to our attorneys, Bass, Berry & Sims has a dedicated team of data technology professionals to collaborate with clients on all technical matters related to data management and preservation, document retention, and litigation readiness. With an eye toward cost containment and appropriately applying proven – yet new – technologies, the team ensures the firm offers innovative and effective solutions to clients in managing the volume, complexity and expense of electronic data. The Healthcare Data Breach Protection & Response team utilizes all available mechanical knowledge and resources of our data technology team to provide holistic strategies and practical solutions to our clients.
Our Clients
Our clients include publicly traded healthcare systems, regional and national not-for-profit systems, large hospitals, and healthcare companies with multiple facilities and large networks. Some examples include:
- National healthcare and hospital systems with dozens of facilities across multiple states
- Healthcare and hospital systems with facilities in the majority of counties in specific states/regions
- Healthcare networks offering community-based hospice and home healthcare services with 100+ branches
- Surgery center management companies with more than 200 ambulatory centers
- Operators of senior living and retirement communities with 1,000+ locations
- Large specialty care practices ranging from orthopedic centers to behavioral/substance abuse clinics
- Healthcare technology companies
- Global pharmaceutical and biotechnology companies
- Large medical supply and equipment companies
- National health plan and managed care providers
Experience
-
We counseled an academic medical center on international data protection regulations that apply to a global disease surveillance platform involving...
Experience
-
We counseled an academic medical center on international data protection regulations that apply to a global disease surveillance platform involving...
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
Professionals
Name | Phone | |
---|---|---|
Michael K. Bassham Senior Litigation Attorney |
(615) 742-6286 | michael.bassham@bassberry.com |
Robert L. Brewer Member |
(615) 742-7760 | rbrewer@bassberry.com |
Nathan F. Brown Associate |
(615) 742-7715 | nathan.brown@bassberry.com |
John C. Eason Member |
(615) 742-7830 | jeason@bassberry.com |
Scott D. Gallisdorfer Member |
(615) 742-7926 | scott.gallisdorfer@bassberry.com |
Jeff H. Gibson Member |
(615) 742-7749 | jgibson@bassberry.com |
Ashleigh Karnell Associate |
(615) 742-7914 | ashleigh.karnell@bassberry.com |
Travis G. Lloyd Member |
(615) 742-6208 | travis.lloyd@bassberry.com |
Wesley McCulloch Associate |
(615) 742-7822 | wesley.mcculloch@bassberry.com |
Lisa S. Rivera Member |
(615) 742-7707 | lrivera@bassberry.com |
Molly K. Ruberg Member |
(615) 742-7862 | mruberg@bassberry.com |
Taylor M. Sample Associate |
(615) 742-7909 | taylor.sample@bassberry.com |
Nesrin Garan Tift Member |
(615) 742-7861 | ntift@bassberry.com |
Elizabeth S. Warren Member |
(615) 742-7719 | ewarren@bassberry.com |
Hannah E. Webber Associate |
(615) 742-7839 | hannah.webber@bassberry.com |
Publications
-
July 19, 2024 | Cybersecurity Insiders
-
May 15, 2024 | Firm Publication
-
April 10, 2024 | Firm Publication
Past Events
-
October 17, 2023 | WebinarStrafford
-
March 2, 2023 | WebinarBass, Berry & Sims
-
October 22, 2020 | WebinarBass, Berry & Sims
Media Mentions & Firm News
-
April 24, 2024 | Lexology Pro
-
October 2, 2023 | Health IT Security
-
May 9, 2022 | Healthcare Strategies Podcast
Publications
-
July 19, 2024 | Cybersecurity Insiders
-
May 15, 2024 | Firm Publication
-
April 10, 2024 | Firm Publication
Past Events
-
October 17, 2023 | WebinarStrafford
-
March 2, 2023 | WebinarBass, Berry & Sims
-
October 22, 2020 | WebinarBass, Berry & Sims
Media Mentions & Firm News
-
April 24, 2024 | Lexology Pro
-
October 2, 2023 | Health IT Security
-
May 9, 2022 | Healthcare Strategies Podcast
Contact
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
Notice
Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.
WE KNOW
HEALTHCARE
(from the inside out).
Our attorneys provide comprehensive counsel with perspectives from governmental and in-house roles.
Learn more about our Healthcare Regulatory practice and why healthcare companies nationwide choose Bass, Berry & Sims for their healthcare regulatory matters.
"Bass, Berry & Sims holds a deep bench with varied expertise across both regulatory and transactional healthcare matters. It is well equipped to handle significant multistate M&A deals, recapitalizations and dispositions. It is regularly mandated on joint ventures and syndications, in addition to compliance matters and government investigations. The firm's clients include healthcare companies, pharmacy groups, private equity investors and long-term care centers." Client feedback: "Bass Berry's attorneys are strategic in their thinking, extremely collaborative and they get results." "It's an exceptional firm. They are responsive, knowledgeable and strategic in their thinking." "Bass Berry are very business-focused and help us solve complex questions in an efficient manner."
From Chambers USA 2024