Skip to Main Content

Health Information Privacy and Security

View as PDF

Our Clients

We help covered entities and business associates navigate the complex requirements of the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and other state and federal privacy, security and data breach notification requirements.

Industry segments we represent include large public health systems, academic medical centers, hospitals and health systems, physician group practices, ancillary service providers, health plans and other payors, health care clearinghouses, health data analytics companies, accountable care organizations, patient safety organizations, medical device companies, revenue cycle management companies, and mobile clinical communication platforms.

Our Services

Katten has been working with the HIPAA Privacy Rules and Security Rules since they were in draft form, and we follow agency pronouncements, enforcement actions and other industry developments closely. Our attorneys combine deep knowledge of HIPAA, the HITECH Act, and state privacy and data breach laws with broader experience in health care, insurance regulation, technology law, employee benefits, litigation and liability management to deliver tailor-made, cost-effective solutions to our clients' privacy and security issues. Our health information privacy and security team is an integral part of the firm's broader Privacy, Data and Cybersecurity group.

Clients rely on Katten to handle HIPAA and state law privacy and security incident response and breach notification activities. Our attorneys routinely help clients evaluate whether a given incident requires notification under HIPAA/HITECH and state law and applicable business associate agreements, and assist with remediation and breach notification. We also work with clients to quickly and effectively respond to Office for Civil Rights and other regulatory agency investigations of their privacy and security practices. Because an ounce of prevention is worth at least a pound of cure, our attorneys can work closely with covered entities and business associates to prospectively identify HIPAA compliance gaps and mitigate related risks through corrective action. Whether that requires developing additional policies and procedures and training tools, or merely refining existing ones to deal with a newly-identified threat, we can help. We strive to provide practical, easy-to-understand feedback.

On an ongoing basis, we help clients understand how HIPAA, HITECH and related state laws affect a wide range of business models and actual or proposed operations—from information-sharing within a clinically integrated network, to implementing critical cloud storage arrangements, to addressing issues involved in implementing patient-facing communications portals, mobile apps and other provider or patient communications platforms. We represent both covered entities and business associates in negotiating and putting in place the necessary agreements when protected health information will be accessed, used or disclosed, and work to address any issues expeditiously. We also help companies investing in HIPAA-regulated businesses conduct due diligence and related negotiations.

In an environment of enhanced enforcement, dramatically higher penalties, and tougher privacy and security requirements, Katten's health information privacy and security team offers the necessary guidance and resources to successfully overcome the challenges our clients face.

  • Counsel to numerous clients on a wide array of actual or potential HIPAA data breaches, security incidents and related reporting obligations.
  • Provision of help to clients in successfully responding to OCR investigations and complaints.
  • Provision of assistance to numerous covered entity and business associate clients in revising HIPAA policies, procedures and forms.
  • Provision of advice to clients on the HIPAA implications of a wide array of arrangements, including clinically integrated networks, ACOs, PSOs and HIEs.
  • Development of internal HIPAA training materials and provision of training programs to covered entities and business associates.
  • Representation of clients in negotiations with EHR and cloud storage vendors.
  • Counsel to clients in the drafting and negotiation of numerous business associate agreements and HIPAA subcontractor agreements.
  • Provision of help to clients in conducting internal HIPAA compliance audits.
  • Representation of purchasers and lenders in conducting HIPAA diligence and negotiating HIPAA representations, warranties and indemnifications for a wide array of HIPAA-covered entities and business associates.
February 22, 2017
GAMSS 1st Quarter 2017 Meeting | Alpharetta, Georgia
January 20, 2017
September 30, 2016
2016 Joint Fall CLE Meeting | Boston, Massachusetts
May 5–7, 2016
January 12, 2016
November 13, 2015
CHRMS Law Day 2015 | Chicago, Illinois
September 17, 2015
April 2014
HIPAA Breach Notification – Practical Tips
July 10, 2013
Recent HIPAA/HITECH Enforcement Highlights
June 20, 2013
HIPAA Update for PR Professionals – What's New and What's Not
April 11, 2013
HIPAA Omnibus Rule Panel Discussion
Health Information Privacy and Security


Chambers USA – Healthcare (New York)
Healthcare (New York), 2006–2019
U.S. News Best Lawyers "Best Law Firms" – Health Care Law (New York)
Health Care Law (New York), 2011–2019
U.S. News Best Lawyers "Best Law Firms" – Health Care Law (National)
Health Care Law (National), 2013–2019
Chambers USA – Healthcare (Illinois)
Healthcare (Illinois), 2006–2019
U.S. News Best Lawyers "Best Law Firms" – Health Care Law (Chicago)
Health Care Law (Chicago), 2011–2019
Chambers USA – Healthcare (Texas)
Healthcare (Texas), 2006–2019
Legal 500 US – Healthcare: Service Providers
Healthcare: Service Providers, 2016–2019
Previous Next


Healthcare (New York), 2006–2019
Health Care Law (New York), 2011–2019
Health Care Law (National), 2013–2019
Healthcare (Illinois), 2006–2019
Health Care Law (Chicago), 2011–2019
Healthcare (Texas), 2006–2019
Healthcare: Service Providers, 2016–2019

IAPP corporate member image

Screen Reader Content

IAPP Corporate Member

Health Care Perspectives: A Health Care Industry Knowledge Resource image

Screen Reader Content

Health Care Perspectives - A Health Care Industry Knowledge Resource

Katten Websites   Careers  |  Alumni  |  Mobile Site
Contact Us   Offices  |  Media Center  |  People  |  Email
Legal Notices   Disclaimer  |  Privacy Notice  |  Cookie Notice  |  United Kingdom Notices  | Accessibility 
Attorney Advertisting. © 2019 Katten Muchin Rosenman LLP