Policy Review & Development

Privacy Policies and Notices (internal and public-facing/website) addressing applicable legal requirements including:

  • Health Information Portability and Accountability Act (HIPAA)

  • General Data Protection Regulation (GDPR)

  • State-specific laws addressing privacy and security obligations and breach response (ex. CA, CT, CO, MA, NY, UT, VA)

  • Gramm Leach Bliley Act (GLBA)

  • NAIC Model Privacy of Consumer, Financial, and Health Regulation & Insurance Data Security Model Law

  • Payment Card Industry Standards

HIPAA Program

  • Review and revision of existing programs to identify and remediate gaps, simplify processes, and increase understanding and compliance

  • Development of easy-to-understand policies, procedures, and forms addressing HIPAA Privacy, Security, and Breach Rules for covered entities and business associates based on best practices and individual business needs

Compliance Program

  • Development and review of corporate compliance programs addressing best practices and industry-specific requirements.  Topics may include:  

    • Code of Conduct

    • Confidentiality and Information Governance

    • Social media and CANSPAM Act

    • Conflicts of interest and fraud

    • Information governance and records retention

    • Non-discrimination, non-harassment and non-retaliation.