Privacy Policies and Notices (internal and public-facing/website) addressing applicable legal requirements including:

• Health Information Portability and Accountability Act (HIPAA)

• General Data Protection Regulation (GDPR)

• State-specific laws addressing privacy and security obligations and breach response (ex. CA, CT, CO, MA, NY, UT, VA)

• Gramm Leach Bliley Act (GLBA)

• NAIC Model Privacy of Consumer, Financial, and Health Regulation & Insurance Data Security Model Law

• Payment Card Industry Standards

HIPAA Program

• Review and revision of existing programs to identify and remediate gaps, simplify processes, and increase understanding and compliance

• Development of easy-to-understand policies, procedures, and forms addressing HIPAA Privacy, Security, and Breach Rules for covered entities and business associates based on best practices and individual business needs

Compliance Program

• Development and review of corporate compliance programs addressing best practices and industry-specific requirements.  Topics may include:  

  • Code of Conduct

  • Confidentiality and Information Governance

  • Social media and CANSPAM Act

  • Conflicts of interest and fraud

  • Information governance and records retention

  • Non-discrimination, non-harassment and non-retaliation.