HIPAA's Right of Access: Compliance Challenges, OCR Enforcement, and Best Practices

Ms. Klein is a leading practitioner on privacy and data protection matters, with a special emphasis on the health and life sciences sectors. She has been recognized by The Legal 500 US in the cyber law (including privacy and data protection) category from 2019 through 2022. She has focused on privacy and data protection law for more than 20 years. Ms. Klein assists clients with issues arising under state and federal privacy, security and data breach notification laws and regulations. These include the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), Section 5 of the Federal Trade Commission (FTC) Act, the FTC Health Breach Notification Rule (HBNR) and myriad state privacy, security and breach notification laws, including the California Consumer Privacy Act (CCPA) and California Confidentiality of Medical Information Act (CMIA). Ms. Klein has examined privacy and data protection issues arising in a broad array of settings, ranging from hospitals to professional sports, including medical device and pharmaceutical companies, developers of health-related apps, and leading-edge technology companies.

Ms. Montague represents a variety of health care providers, digital health companies, senior living facilities, nonprofit trade associations, life sciences companies, and vendors of health care providers. She is a Certified Information Privacy Professional/United States (CIPP/US), the preeminent credential in the field of privacy.  Ms. Montague assists health care providers and business associates of all types in complying with the requirements of HIPAA and the HITECH Act, from the development of policies and workforce training to analysis and notification of breaches to guidance through Office for Civil Rights investigations. She also advises vendors initiating arrangements with health care entities on whether their business triggers HIPAA. Beyond HIPAA, Ms. Montague counsels health care providers on compliance with other federal and state health information confidentiality requirements, as well as cybersecurity best practices.