Spencer Fane LLP Logo

Privacy Management Strategies

Spencer Fane Data Privacy and Cybersecurity attorneys are adept at helping organizations in health care, banking, and other industries understand how and when to use customer or patient information to avoid potentially costly missteps related to private information.

The risks companies face in handling personally identifiable information (PII) and protected health information (PHI) continue to increase, and we assist in developing sound strategies and best practices to better position clients to safeguard the privacy of patients and/or customers. Our attorneys provide legal counsel aimed at allowing businesses to not only serve their patients and customers but also keep care and compliance in handling data as an emphasis.

Spencer Fane creates value for clients through the ability to handle both privacy and security matters — helping to better understand both how to protect PII and PHI and handle it appropriately. This process starts with assessing our client’s role as it gathers information so that the applicable laws can be identified and incorporated into the privacy strategy. Our attorneys’ deep experience in privacy management allows us to quickly identify steps a client should take to improve privacy best practices. This often includes the development of training regimens and policies for staff, especially in the health care industry.

Our team employs a proactive approach to privacy management, putting our clients in a strong position to prevent unintentional violations of federal and other privacy rules, including HIPAA, 42 CFR Part 2, GLBA, and state privacy laws while also handling the rare but critical intentional violations by an employee. Spencer Fane helps clients reach a stronger privacy state by guiding clients to sound procedures for using and disclosing consumer information.

Representative Experience 

  • Drafted policies and procedures for numerous covered entities and business associates to implement revisions to the HIPAA regulations under HITECH.
  • Worked with numerous financial institutions in the implementation of the FDIC’s Financial Guidance on Response Programs.
  • Developed a data sharing structure to allow for information sharing between health care providers, community service providers, and local law enforcement, including integration of necessary consent processes, to improve population health and maximize resources for the community.
  • Created a data extraction process for a company serving as third party administrator to standardize and coordinate the processing of data requests from its self-insured health plan clients and their other contracted vendors.
  • Counseled a private equity firm regarding the assessment of the types of data gathered and maintained by its multiple entities, including applicable regulatory requirements for each entity and relevant risks and considerations for the private equity firm.