Health Care Data Company Reviews Operations for HIPAA, Privacy Compliance

Faegre Drinker is reviewing a health care data company’s internal operations for compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws, as well as for compliance with its customer contracts. On behalf of its hospital and health system customers, the data company collects longitudinal treatment data relating to such customers’ cancer patients, and analyzes such data as necessary to assist its customers with identifying appropriate treatment options and developing standardized care plans. It also aggregates and de-identifies such data, and uses such de-identified data to provide insights and conduct research on behalf of its life sciences customers. Our firm was asked to opine on the data company’s compliance with applicable law and contractual obligations.