What happens when the “customers” are patients and the data exposed by a breach includes medical records and other protected health information (PHI)? The Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended, the HIPAA privacy, security, and breach notification rules, and state law govern how healthcare providers must safeguard their patients’ PHI and the steps providers must take in the event of a breach. These requirement are vigilantly enforced by the Office of Civil Rights (OCR) of the U.S. Department of Health & Human Services (HHS).

Our panel of cybersecurity and privacy experts will walk through the HIPAA Rules’ requirements and share best practices for HIPAA compliance and preparedness. They will then discuss what happens in the event of a breach, the steps needed to notify affected patients and OCR and other government enforcement entities, and discuss the potential for follow-on litigation, including under new state law requirements such as the California Consumer Privacy Act and other data privacy laws.

Panelists include:

• Iliana L. Peters, Shareholder, Polsinelli
• Rainier Elias, Senior Counsel, Cybersecurity, University of California
• Mark C. Mao, Partner, Boies Schiller Flexner

Moderated by Wendy T. Wu, Principal, Pacific Intelligence & Cyber

Presented by the Health Law Committee; Co-Sponsored by the Data Security and Privacy Committee