Policy Review & Development
Privacy Policies and Notices (internal and public-facing/website) addressing applicable legal requirements including:
Health Information Portability and Accountability Act (HIPAA)
General Data Protection Regulation (GDPR)
State-specific laws addressing privacy and security obligations and breach response (ex. CA, CT, CO, MA, NY, UT, VA)
Gramm Leach Bliley Act (GLBA)
NAIC Model Privacy of Consumer, Financial, and Health Regulation & Insurance Data Security Model Law
Payment Card Industry Standards
HIPAA Program
Review and revision of existing programs to identify and remediate gaps, simplify processes, and increase understanding and compliance
Development of easy-to-understand policies, procedures, and forms addressing HIPAA Privacy, Security, and Breach Rules for covered entities and business associates based on best practices and individual business needs
Compliance Program
Development and review of corporate compliance programs addressing best practices and industry-specific requirements. Topics may include:
Code of Conduct
Confidentiality and Information Governance
Social media and CANSPAM Act
Conflicts of interest and fraud
Information governance and records retention
Non-discrimination, non-harassment and non-retaliation.