Patient confidentiality historically has been a key concern for healthcare providers, and Kutak Rock has a longstanding tradition of assisting providers with protecting patient privacy and difficult disclosure issues. With the enactment of the Administrative Simplification Provisions of the Health Insurance Portability and Accountability Act of 1996 and the promulgation of the standards for privacy, security, and breach notification thereunder (collectively, “HIPAA”), the healthcare practice group assisted many healthcare providers in drafting and implementing policies and procedures to comply with HIPAA and with the federal and state privacy and security laws with which HIPAA interacts. Over time and with increased enforcement activity and risk of breach, Kutak Rock has assisted clients in reviewing and updating their HIPAA policies and procedures, performing internal audits, responding to complaints filed with the Office of Civil Rights, performing breach analyses, and handling breach events. We have also advised clients who either desire to or are providing services to healthcare providers in understanding their status under HIPAA, obligations as a HIPAA business associate, if applicable, obligations under state law, and in drafting necessary policies and procedures. Members of the healthcare practice group also have experience advising providers on compliance with 42 C.F.R. Part 2.