We represent healthcare providers in proceedings involving the enforcement of the HIPAA Privacy and Security Rules by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Our experience in this area spans defending provider clients in complaints filed with OCR. We work with OCR to gather and review key information to determine compliance by the covered entity. We have assisted in the negotiation and implementation of voluntary compliance programs, corrective action plans and resolution agreements. We have extensive experience in negotiating within the civil monetary penalties (CMP) tiered penalty structure.

It is important to note that the HHS Secretary is prohibited from imposing civil penalties (except in cases of willful neglect) if the violation is corrected within 30 days (this time period may be extended at HHS’ discretion). Therefore, “time is of the essence” in responding to potential HIPAA violations. We have been successful in obtaining “no action” letters (meaning no civil penalties assessed) from OCR in numerous cases.