Privacy, Security Breach & Confidentiality
Crowell & Moring represents both health care and non-health care clients on issues related to the privacy of individually identifiable personal information that is gathered and used in the performance of business operations. We counsel clients and structure transactions for compliance with United States privacy laws, including the Health Insurance Portability and Accountability Act ("HIPAA"), the Gramm-Leach-Bliley Act, federal and state information security breach notification laws, as well as obligations that arise under other state laws and the European Union Directive. We litigate both federal and state privacy and security breach enforcement matters, as well as class action matters involving alleged security breaches of privacy lapses
The clients we represent include multi-state health plans, hospitals and health systems, professional medical associations, government health benefit program contractors, insurers, pharmaceutical and medical technology and equipment manufacturers, software developers, major employers and prescription benefit management companies. Representative activities include:
- Developing policies and procedures and compliance plans to protect the privacy of information
- Structuring joint ventures and other business arrangements to comply with data protection laws
- Counseling clients in the development of software and other business practices to comply with applicable privacy protections
- Formulating action plans following information security breach incidents (e.g., lost laptops)
- Defending clients accused of violating privacy/confidentiality/security breach laws in criminal, civil and administrative proceedings.