“It’s Not If, It’s When”
Data breaches are on the rise in an increasingly high-stakes regulatory and litigation climate. Data security problems lead to government enforcement actions, civil monetary penalties and potential class action lawsuits. Despite diligent efforts by organizations to safeguard sensitive customer, employee and patient data, breaches will occur. Dilworth provides highly experienced, responsive and cost-effective legal counsel to help clients prevent and respond to data breaches.
Breach Response Services
Interdisciplinary approach. Data privacy issues cut across business and legal disciplines: IT, financial services, retail and manufacturing companies, utilities, educational institutions, health care providers and health plans all possess valuable data. Proven and respected in their areas of specialty, our lawyers know the business of our clients and the unique data issues they face. Our team quickly coordinates the right legal expertise to investigate, remediate and respond to data breaches.
Sizing up the problem. Not all data incidents are breaches. Over-notification impacts operations and reputation. We quickly evaluate lost or accessed data to ensure that breach notification does not occur unnecessarily.
Regulatory realities. Responding to a data breach requires ready understanding of state and federal regulatory requirements and experience interacting with regulatory agencies. Our breach team quickly identifies the often multiple sets of applicable state and federal laws applicable to a breach scenario. We are experienced in notifying and responding to federal and state enforcement agencies including the federal Department of Health and Human Services Office of Civil Rights and Office of Inspector General, CMS, the FBI and Secret Service, state Attorneys General, Medicaid agencies and state departments of insurance and health.
HITECH breaches. Health care organizations have more to worry about; their effective breach responses require a solid HIPAA understanding. Since HIPAA was amended by the Health Information Technology for Economic and Clinical Health Act (HITECH), health care providers, health plans and their vendors now have potential patient, regulatory and media notification obligations.
Our team, lead by nationally recognized HIPAA counsel, guides our health care client breach responses, conducts and documents risk of harm analyses, drafts required notices, coordinates communications strategies and involves IT forensics, credit monitoring, mail-house and call center vendors as necessary. With experience dating back to HIPAA’s enactment, we provide practical approaches to remediating HIPAA compliance gaps and we effectively resolve post-breach governmental investigations.
We are staffed to defend data breach and other privacy claims brought by customers, patients and the government. Our litigators are seasoned and skilled strategic thinkers known for strong and effective representation. We represent clients throughout the U.S. in federal and state trial and appellate courts, and before numerous administrative and regulatory agencies.
- Systems vendor breach of pharmacy data
- Breach of enrollee data due to incorrectly mailed explanation of benefits materials
- Multi-state breach by TPA of self-insured employer health plan data
- Breach by law firm of medical malpractice client’s patient information
- Multi-state health system breaches of patient data on missing laptops and hard drives
- Breaches of patient information on stolen x-ray films
- Breaches caused by inappropriate Facebook postings and other social media data breaches