At the end of 2000, the Department of Health and Human Services published final rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) that establish standards and security requirements for electronic health care transactions and that protect the confidentiality of patients’ health information.  Those rules took effect on April 14, 2001, and give covered entities two years to come into compliance.

 The new HIPAA regulations are complicated and pose substantial compliance challenges to persons and entities that engage in electronic health care transactions or transmit patient health information.  The depth and breadth of experience that our Health Care Practice has in counseling clients on compliance and patient privacy issues, joined with our experience in fraud and abuse counseling and investigation, uniquely positions us to counsel clients on the compliance issues raised by the new HIPAA regulations.

We have advised  physicians, hospitals, medical societies, and managed care organizations on a variety of patient privacy and compliance issues, including:


  • Conducting a compliance review for the new management of a large managed care company to identify potential compliance issues, including data collection and submission and claims handling issues.
  • Conducting a compliance review for the new management of a medical billing company to identify potential compliance issues.
  • Counseling medical societies on patient privacy issues arising in connection with the creation of computerized outcomes databases and the organization of clinical trials.
  • Regularly investigating, counseling and defending clients in connection with fraud and abuse issues.