The Octillo Health Law team members have decades of experience working with clients on compliance issues related to HIPAA, HITECH, state health and data notification laws, and the E.U. General Data Protection Regulation. Octillo helps diverse covered entity and business associate clients, including health insurance plans, hospitals and health care providers, not-for-profit organizations, health information technology providers and scientific research organizations.
Octillo routinely works with our clients to develop policies and advise on implementation to help clients meet legal requirements, and incorporate industry best practices. We work with clients to develop robust vendor management programs that address the unique risks presented by vendor access, use and storage of protected health information. Octillo also negotiates data-related contracts including business associate agreements, data use agreements, and vendors contracts. Our practice recently expanded to include guidance on the newly-released Interoperability and Patient Access Rules, and we routinely work on technical and legal issues related to Patient Access and Provider Directory API policies and practices.
Finally, Octillo attorneys have significant experience working with clients to respond to data incidents involving protected health information. Octillo works with clients at all stages of an incident, from initial detection through remediation and notification. Octillo coordinates with forensic experts, analyzes legal obligations, advises on public relations and business continuity issues, and responds to inquiries from regulators. Our collective knowledge and experience as former regulators and in-house counsel help Octillo to provide practical and accurate advice in the context of federal and state audits, enforcement actions, and first and third-party data breaches.