Health Care


Wiggin and Dana's HIPAA (Health Insurance Portability and Accountability Act) team helps local, national, and international clients develop and implement practical, tailored strategies to stay compliant with the far-reaching and complex requirements of HIPAA and HITECH (Health Information Technology for Economic and Clinical Health Act). Working with our Cybersecurity and Privacy Practice Group, our HIPAA team also helps clients address other privacy and security requirements that might apply to them, such as the GLBA, FERPA, and the EU's GDPR.

For decades, we have worked with a broad range of organizations and companies within the healthcare industry—and vendors that provide IT (information technology), consulting, and other services to them—employing our deep understanding of privacy, security, and data exchange issues. We have also counseled health information exchanges on the complex array of regulatory and contracting matters applicable to those arrangements and provided privacy guidance in the context of complex corporate transactions.

Renowned academic medical centers, health care systems and networks, universities, provider associations, pharm and biotech companies, employers with self-insured health plans, and vendors of all kinds rely on our expertise in both information technology (IT) law and HIPAA/HITECH. We can provide some or all of the following services, tailored to your needs.

  • Build a HIPAA compliance program from the ground up, including developing policies and procedures for compliance with the HIPAA Privacy, Security and Breach Notification Rulesand other applicable privacy and security laws
  • Review and update existing policies and procedures to ensure ongoing compliance with HIPAA and HITECH, and other applicable privacy and security laws
  • Assist with reviewing and negotiating agreements and resolving legal issues and questions arising in business associate-covered entity relationships
  • Perform audits to determine the organization's compliance with privacy and security requirements and develop and implement remediation plans to address areas of non-compliance
  • Assist with the development of auditing tools and ongoing monitoring and compliance programs and provide overall coordination of internal auditing and monitoring efforts