Steptoe & Johnson's Privacy Team assists clients with complex issues, including:

• Matters involving the disclosure of individually identifiable information during litigation
• Common law invasion of privacy claims
• Drafting privacy policies for the collection, maintenance, use, and/or disclosure of individually identifiable information
• Employer surveillance and electronic monitoring issues
• Family Educational Rights and Privacy Act (FERPA) (education records) issues
• Freedom of Information Act issues
• Gramm-Leach-Bliley Act (financial records) issues
• HIPAA Privacy Rule issues
• HIPAA Security Rule issues

Steptoe & Johnson Attorneys Author Chapter about the HIPAA Privacy Rule and Litigation

Covered Entities have been required to comply with the HIPAA Privacy Rule since April 14, 2003 (April 14, 2004 for small health plans).  However, the HIPAA Privacy Rule left many compliance and litigation issues unanswered.   Since the HIPAA Privacy Rule has now been in effect for over two years, we are now beginning to see guidance from the judiciary regarding the interpretation of the HIPAA Privacy Rule.  While judicial interpretation of the HIPAA Privacy Rule is in its infancy, some important rulings and trends in the courts have already begun to develop.

In an effort to highlight judicial activity interpreting the HIPAA Privacy Rule, members of Steptoe & Johnson’s Privacy Practice Team, Eric Hulett, Susan Pauley, and Brad Shafer, have authored a chapter entitled HIPAA Privacy Rule, Confidentiality, and Litigation in the 2006 Health Law and Compliance Update (Aspen Publishers).

In this chapter, the authors also address issues related to the use or disclosure of Protected Health Information by Covered Entities in the course of litigation.  Before using or disclosing PHI in connection with litigation, the Covered Entity must ensure that the use or disclosure is not prohibited by the HIPAA Privacy Rule.