A variety of businesses and institutions turn to Nutter for counseling, regulatory advice and litigation services related to the protection of confidential personal information that they maintain or store. The firm has a dedicated team of experienced attorneys with an exceptional track record in handling all legal aspects of data privacy and security matters, ranging from compliance with HIPAA and banking regulations to responses to data security breaches. Our clients trust our strategic guidance and experience, and with Nutter at their side are able to stay focused on core business activities and minimize potential risks.
We regularly provide clients with services in the following areas:
Security breach responses
What you do in the days following a data security incident will have a significant impact upon your standing under state and federal law, and your liability to those whose private information has been compromised or to third-party claimants. We help clients that have learned of a data breach manage their immediate legal responsibilities under applicable state and federal law and develop a response plan for the affected consumers, clients, employees or other individuals. Our response team will assist you in coordinating with the applicable regulatory authorities, meeting your public disclosure requirements, assessing your response to the incident, helping you evaluate the appropriate remedial measures to be taken and responding to civil litigation or government enforcement actions.
Banking and financial services
We counsel our clients on compliance with state law, the Interagency Guidelines Establishing Information Security Standards issued by the federal banking agencies as well as the principal interpretive guidance the federal banking agencies have issued under those Guidelines, the Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice. We work with our clients to prepare response programs, and in circumstances where data has been accessed or used without authorization or unintentionally disclosed.
HIPAA and health care privacy
Information Privacy & Security
We work with a wide range of health care organizations on HIPAA privacy and information security compliance. Our clients include a regional data network that handles millions of health care claims for leading hospitals and health plans in Massachusetts, a national e-prescribing company, and a non-profit collaborative that develops cutting edge clinical health information exchange systems. We also have advised several integrated health care delivery systems on the legal aspects of developing and deploying hosted electronic medical record systems that serve hundreds of physicians in Massachusetts.
Biotechnology and Clinical Research
We advise sponsors, academic medical centers and investigators on the legal requirements that apply to clinical research information, and assist in the development of research agreements that comply with U.S. and international privacy requirements.
Computer crimes
Crimes committed using a computer are increasingly prevalent. Despite careful hiring practices and state of the art computer security, companies and individuals are increasingly at risk. Crimes can be committed by employees, former employees or enterprising individuals who gain unauthorized access to a computer or computer system. Typical crimes can include theft of trade secrets, economic espionage, wire fraud, theft and embezzlement, among others. We help our clients who have been victimized in this way, evaluate the nature and scope of the intrusion, do a damage assessment, determine what state or federal laws may have been violated, decide whether to report an event to law enforcement or pursue civil remedies, help reconcile law enforcement priorities with business realities, and generally help clients navigate the legal process.
In addition to data privacy and security issues, Nutter offers broader experience in handling data management issues, including record retention policies, which are increasingly governed by statute, and electronic discovery issues presented in litigation, which can impose significant costs on businesses. Nutter’s data management services include:
Data management
We help clients develop, refine and implement record-retention policies that effectively manage information, reduce strain on computer and information systems, decrease storage expenses, improve organization, reduce time spent searching for records, and limit accidental reliance on outdated, obsolete or superseded data. Tailored to the client’s individual needs, we offer advice and training on record-retention policy directives, such as the implementation of retention schedules that comply with state and federal laws and regulations. Our team ensures that confidentiality and privacy concerns are addressed in the policy and assists in setting up mechanisms to audit and manage the program. Upon reasonable anticipation of litigation, we can also advise on properly suspending policies while considering the business needs of the client.
E-discovery/litigation preparedness
Nutter helps clients assess their data backup and storage capabilities and take inventory of the types of ESI they have (and where the information is being stored). The group also advises clients on every aspect of the e-discovery process and has the experience necessary to negotiate a tailored discovery plan with opposing counsel or the government, and to work with vendors to follow through with the discovery plan in a cost-effective manner.