Health Information Technology

  • Overview
  • Attorneys
  • Publications

The demand for robust and meaningful health information technology (“HIT”) has grown in scope and scale in the past decade—outpacing nearly all other sectors of software and technology. Due to sweeping changes in recent laws, there are unprecedented opportunities for the health care industry to invest in, upgrade or expand HIT and for new vendors to support this rapidly growing need.

However, these opportunities come prepackaged with complex legal and business challenges due to the highly regulated environment in which health care operates and the inherent risks of managing sensitive data in a fast-paced high technology economy.

Kutak Rock leverages experienced attorneys from its health care practice group and technology and e-commerce practice group to assist clients who face these challenges. In addition to a partnered, multidisciplinary approach to support its clients, Kutak Rock has attorneys who devote a substantial portion of their practice to addressing HIT needs of health care providers and HIT vendors and who understand the opportunities, challenges and market forces that drive the need for HIT implementation and strategy.

Our representative experience includes:

Privacy and Security. The Health Insurance Portability and Accountability Act (“HIPAA”) and other federal and state laws require that patient records are private and secure. Our attorneys have extensive experience in managing the intersection of applicable laws with the speed, volume and value of electronic patient data. We counsel our clients on selecting and implementing electronic health record systems (“EHR”) as well as all other technology platforms that will interface with the EHR, using big data, negotiating for data center space or with managed services vendors, participating in health information exchanges (“HIE”), and advising on innovative data uses and outcomes—all through the lens of regulatory restraints and requirements for sensitive health data. In addition, our attorneys have experience working directly with compliance departments, legal teams and IT staff in evaluating and assessing security risks to the organization, developing security policies and procedures, and developing training and awareness seminars to educate owners and employees regarding HIT and applicable laws.

HIT - Fraud and Abuse and Self-Referral. Our attorneys have counseled clients regarding the provision of HIT to physicians, other health care professionals, pharmacists and pharmacies within the parameters of the federal anti-kickback and physician self-referral statutes and regulations. Further, we have assisted clients in creating donation programs for items and services of EHR technology that comply with these laws.

HIT Vendor Management. Our HIT attorneys have experience negotiating with many of the top vendors in the HIT industry, as well as vendors in related technology industries, including telecommunications and data centers. We leverage this experience in routinely advising our clients in the procurement of HIT systems and related vendor services. We assist providers of all sizes in designing effective and efficient IT vendor management programs that help alleviate over-burdened contract and procurement departments, including diligence checklists and guides to support the selection and implementation of quality and reliable HIT, preparing form agreements, creating negotiation playbooks, and pairing seconded attorneys with clients to alleviate temporary gaps caused by leave, workflow spikes, or attrition.

Security Incident Response. Kutak Rock’s privacy and data security practice group routinely handles security incidents, cyber-attacks and related data events that result in a loss of electronic data or a potentially reportable breach. We quickly and efficiently leverage multiple practice areas to support clients during such a crisis: —a specialized team is selected based on the circumstances, which may include specialists with HIPAA, HIT, insurance, government relations, employment and litigation experience. In addition, our attorneys frequently work with law enforcement, public relation firms, computer forensics vendors, and data breach response organizations to cover all aspects of incident response. Our attorneys have experience representing clients before the Office of Civil Rights (DHHS) associated with privacy and security complaints.

Telehealth and HIT. HIT is leading the charge for businesses seeking innovative ways to deliver health care outside the traditional telemedicine context, such as web-based encounters or other dynamic uses of new technology. However, a significant constraint on this new area is antiquated state laws and rules originally developed to address the delivery of care in an office setting. Our attorneys help clients address the impact of these rules, and advise both providers and technology businesses interested in growing this exciting new area.