Mintz Levin attorneys have been influential in the development of portions of federal privacy statutes as well as numerous corporate policies for clients in a range of industries. Many of our attorneys counsel clients on a day-to-day basis regarding their privacy policies and have drafted policies for those same clients to help ensure they avoid litigation and negative publicity while operating in accordance with the growing body of federal and state privacy statutes and global data protection laws and regulations. We advise clients on privacy and security matters that arise in connection with corporate transactions, international business operations, risk management strategies, and data breach notification obligations. We also handle state and federal civil and criminal litigation matters involving the privacy and security of information and assist clients in responding to inquiries from government agencies. Our clients include health care providers and suppliers, pharmaceutical and medical device manufacturers, investors, IT companies, web hosting companies, and many others.
Our services for these clients include:
- Developing and implementing privacy and security policies and procedures and data breach incident response planning
- Creating and conducting employee privacy and security training programs and seminars
- Representing clients in responding to data breaches and data breach compliance
- Analyzing Business Associate relationships, and preparing and reviewing Business Associate Agreements
- Conducting privacy and security audits and providing internal policy development tools and advice
- Counseling organizations on responses to and analyses of potential security incidents and breaches, including coordinating with technology specialists and forensics experts
- Advising clients on data use and disclosure requirements, including responding to subpoenas and third party requests for information
- Counseling organizations in government audits and in civil and criminal HIPAA enforcement actions brought by the OCR, the Department of Justice (DOJ), and various state attorneys general
- Providing strategic advice on federal and state legislative and regulatory developments related to health care privacy and security laws
- Assisting researchers and research sponsors with data access, use, and disclosure issues, and HIPAA compliance in the context of clinical trials
- Conducting due diligence reviews of the information security practices and procedures of potential acquisition targets and business partners and coordinating due diligence production and data rooms to comply with global data protection laws.