Insurance claims processing contractor seeks advice on possible data breach involving medical records
Client(s) Confidential client
Jones Day advised an insurance claims processing contractor regarding a possible data breach involving medical records. We conducted an expedited internal investigation and advised the client regarding its obligations under the federal HIPAA/HITECH breach notification rule, as well as the data breach notification laws of eight states. The representation involved the retention of computer forensic experts, consultation with information technology consultants, extensive interviews of witnesses, review of selected documents and third-party contracts, and risk assessment and analysis.