Tuesday, January 26, 2016

Fox First to Guard its Own HIPAA Henhouse (Law Firm Risk, Privacy & Compliance)

With (slight) apologies for the punny title, we note the important development highlighted by the Legal Intelligencer: "Fox Rothschild Creates HIPAA Privacy Officer Role" --
  • "The firm announced health care ­regulatory partner Elizabeth G. Litten as its first privacy officer focused on ensuring the firm is protecting sensitive health information it receives from clients and employees. The news follows Fox Rothschild's naming last year of partner Mark McCreary as chief privacy officer."
  • "But for Fox Rothschild, it was important to keep separate the role of protecting health information. Litten said requirements under the Health Insurance Portability and Accountability Act are much more complex than some people might realize. She said lawyers and staff of the firm should know who they can call when they receive potentially protected health information."
  • ""We always thought that with an active health care practice, we are bound to have a certain amount of [protected health information] and we want to do everything we can to avoid a breach,' Litten said. The firm has never had a breach as far as Litten is aware, and it wants to make sure it has the policies, procedures and training in place to ensure that doesn't happen. "Shame on us if we don't take our own advice," Litten said of doing internally what the firm's health care lawyers counsel clients about."
  • "In her new role, which will be in addition to her daily practice, Litten will make sure Fox Rothschild has policies and procedures to handle protected health information, and trains attorneys on what is protected health information. Litten said it is important to know what is and what is not protected information under HIPAA because lawyers shouldn't give clients the wrong impression about the level of privacy and security surrounding their information. 'We treat all information as confidential of course, but there is an added layer of protection when it comes to HIPAA,' Litten said."
We've covered the impact of evolving HIPAA regulations on law firms for several years (including the significant 2013 Omnibus Rule changes). That history includes commissioning a survey on the topic, and noting several articles and updates. [See here and here.]

(We have also noted steps firms have taken to adopt security and confidentiality management software specifically as part of effort focused on HIPAA compliance. And now also note that the very firm that's the focus of this update for its expanded risk staffing approach, publicly highlighted a previous  investment in enhancing confidentiality management nearly six years ago.)

No comments:

Post a Comment