Data Security & Privacy

It is becoming increasingly common for healthcare providers and affiliated entities to store protected health information in electronic form. As the healthcare sector becomes more mobile and efficient, the potential for data security risk increases. For this reason, the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA) is designed to protect this information. At O’Connell and Aronowitz, our experienced health law attorneys work with providers and covered entities in developing procedures to ensure they are in compliance with the HIPAA Security Rules.  We also assist health-related businesses when they have been victims of identity breaches. 

Electronic Protected Health Information (e-PHI)

The Security Rule is designed to enhance the protection of health information that is covered under the HIPAA Privacy Rule. In particular, information that a covered entity creates, receives, maintains or transmits in electronic form is protected under the Security Rule and is deemed to be “electronic protected health information.”  The rule applies to health plans, health care clearinghouses, and any healthcare provider (or “covered entity”) that transmits health information in electronic form. The Security Rule requires covered entities to implement administrative, physical and technical safeguards to ensure the confidentiality, integrity and availability of all e-PHI. This information cannot be made available to unauthorized persons, nor be altered or destroyed in an unauthorized manner; it must be accessible and usable on demand by an authorized person. In order to achieve these objectives, it is necessary for covered entities to undertake a Security Risk Analysis to identify potential data security threats and take steps to protect against them as well as to prevent anticipated, impermissible disclosure or use of e-PHI. Similar to the Privacy Rule, the Security Rule also requires appointing a security officer who is responsible for developing and implementing written policies and procedures. Lastly, covered entities must also establish a compliance training program for its employees. 

What is the HITECH Act?

The Health Information Technology for Economic and Clinical Health Act (HITECH) was part of the American Recovery Act of 2009. The law is designed to promote technology and encourage healthcare providers to store patient files electronically. The law essentially expands the responsibilities of healthcare providers and affiliated businesses under the HIPAA Privacy and Security Rules. Lastly, the Recovery Act offers incentives to healthcare providers to transfer their information into electronic form, but also requires periodic audits and has penalties for noncompliance. 

Data Breach and Security Compliance at O’Connell and Aronowitz

At O’Connell and Aronowitz, we work closely with healthcare providers and other covered entities to ensure they are compliant with the Security Rule under HIPAA and the HITECH Act. We advise security officers on how to prepare written policies, develop oversight capabilities and work with clients to implement security risk analyses and prepare for audits. While electronically storing patient information is designed to improve efficiency and enhance the delivery of healthcare, implementing safeguards to minimize the risk of data breaches requires the advice of our experienced health law attorneys. 

Locations We Serve

Our Health Law attorneys work throughout New York State to provide a wide range of business and legal services to healthcare and social service providers. With offices in Albany, NY and Saratoga Springs, NY, our location allows our attorneys easy access to all areas of the state.

Whether you are business, nonprofit, healthcare facility or provider, our Health Law practice group works statewide to offer business and legal strategies to foster our clients’ mission of delivering quality care. 

To learn more about our legal services in your area, visit our location page.


I highly recommend O’Connell and Aronowitz to my friends and colleagues. I found their knowledge and level of service to be excellent.

Luke B. Google Review

O’Connell & Aronowitz has the absolute best team in the Capital Region and beyond.They make the process seamless. They are the best legal help, hands down.

Thomas G. Facebook Review

Exemplary service provided by a well-informed staff of true professionals. Without question, as authentic as they come.

Dan M. Facebook Review

Back to Top