The folks at Iron Mountain have published the results of their 2014 Law Firm Information Governance Symposium. These events brought together industry thinkers and leaders to discuss and develop best practices.
Industry experts Brian McCauley and Ann Killilea (McDermott), Rudy Moliere (Morgan Lewis), Charlene Wacenske (MoFo), Scott Christensen (Edwards Wildeman), Grant James (Troutman Sanders), Sharon Keck (Polsinelli) and Intapp's Kathryn Hume collaborated on: "HIPAA Omnibus Task Force Report" --
- "The following report summarizes and analyzes key components of the HIPAA Omnibus Rules that affect law firms as HIPAA business associates, i.e., in their role as custodians of HIPAA protected health information on behalf of their clients."
- "After presenting the elements of the HIPAA Omnibus Rule for which law firm business associates are liable, the report outlines the framework for a law firm enterprise data protection program comprehensive enough to satisfy the multiple data privacy and security requirements imposed by HIPAA. The report concludes by recommending a set of industry best practices for achieving HIPAA compliance in a law firm environment."
- "Especially when considered alongside emerging state data privacy and security laws and transitive requirements imposed on firms from clients in regulated industries like financial services, the Omnibus Rule is significantly impacting the way law firms develop and implement a culture focused on regulatory compliance, client data privacy, and client confidentiality. To achieve compliance with the new HIPAA rules, many firms have little choice but to enhance their confidentiality controls and to adopt more stringent security measures to prevent unauthorized disclosure of any information protected under HIPAA’s rules."