arrow-double-right arrow-noline-right arrow-lrg-left arrow-lrg-right arrow-med-down arrow-med-left arrow-med-right arrow-med-up arrow-sml-right checkmark close close-sml contact-card event-clock linkedin menu minus outbound-link phone plus print search-lrg search-sml twitter winthrop-mark
Health Law
Health Law

Health Care Data Privacy

Storing and exchanging protected health information (PHI) is both highly regulated and fraught with risk. Our team of healthcare privacy attorneys work with healthcare providers, insurers, management services organizations, and entities throughout the industry to develop policies that comply with state and federal laws, reduce exposure to cyber threats, and to help you quickly respond and mitigate harm when the unimaginable happens.

Our Approach

An ounce of prevention is worth a pound of cure. Therefore, whenever possible, we work with our clients to avoid violations of HIPAA, HITECH, and other healthcare privacy laws. We also advise and assist clients in minimizing exposure to cyber-security threats and data-privacy breaches before they happen by performing record-keeping audits, evaluating privacy policies, drafting security manuals, reviewing IT contracts, and training employees.  While proper planning can greatly reduce the risk of a breach, threats can impact even the most prepared. Therefore, when the privacy and security of your PHI is impacted, we work with you to analyze whether a reportable breach exists, and advise you regarding how to respond. In other words, we work with you to keep bad days from becoming unhappy endings.

Clients Include

  • Behavioral health and substance use disorder providers
  • Dentists and specialists
  • Physicians and medical practice groups
  • Radiologists and imaging centers
  • Management services organizations
  • Third-party administrators
  • Insurers
  • Court-appointed receivers and other asset managers


  • HIPAA, HITECH, and the Minnesota Health Records Act
  • 42 C.F.R. part 2
  • Compliance
  • Record-keeping policy reviews and audits
  • HIPAA Security Manual review and drafting
  • Employee training
  • Responding to subpoenas and third-party inquiries
  • Breach assessment and triage
  • IT contract review, evaluation, and negotiation

Notable Experience

  • Represent international wearable IoT company in connection with HIPAA compliance
  • Drafted and reviewed HIPAA Security Manual for health care client