6281 Tri-Ridge Boulevard, Suite 210, Loveland, Ohio 45140


Sweeping New Changes in Privacy and Data Security Law Affecting Medical Practices

Did you know that if your practice experiences a data breach, you may be required to report the breach to your local media?

Did you know that the breach could result in your practice name being listed on the Department of Health and Human Services website and that even a single breach of protected health information may require self-reporting?

In February of 2009, Congress passed the HITECH Act bringing sweeping and far-reaching changes to HIPAA regulations. HITECH ushers in the first significant national security breach reporting statute. Not only are health care providers and business associates required to comply with various state data-breach notification laws, HITECH now requires notification at the federal level. In addition, regulations overhauling HIPAA enforcement were put into play giving the Department of Health and Human Services and State’s Attorneys General greater enforcement power.

In addition, the FTC has extended its enforcement power to include the health care sector in its “Red Flags Rule” which requires certain business entities, including most medical practices, to have a written identity-theft prevention program with various required elements for compliance.

Breaches in privacy can expose your practice to malpractice litigation and regulatory actions. Your business’s bottom line may be further damaged by adverse media exposure that can lead to a loss of client trust, loss of reputation, and a diminished client base.

With all of the changes in privacy and data-security laws, make sure you are protected.

At Calderhead, Lockemeyer, & Peschke Law Office, we assist medical practices and business associates in ensuring privacy and data security law compliance.

We are prepared to—

  • Walk you through a DHHS investigation
  • Conduct HIPAA audits for health care entities
  • Conduct HIPAA compliance training sessions for employees
  • Create custom-designed policies for physician practices in all areas of patient privacy
  • Negotiate business associate agreements with local and national businesses
  • Handle HIPAA complaints and incidents and author corrective action plans
  • Defend against privacy and data breach claims
  • Design a data breach notification plan
  • Design and implement a Red Flags Rule compliance program

Protecting your practice takes experience. We have it.

Attorney Stephanie P. Franckewitz leads the firm’s privacy and data security law division. She is the creator of a comprehensive audit program for physician practices covering HIPAA and HITECH privacy and security rules. The reporting system enables physician practices to easily identify gaps in compliance and specifically outlines what is needed to bridge these gaps.

Stephanie is an experienced author of corrective action plans to assist physician practices in gaining compliance with privacy and security rules. She is a regular presence at national HIPAA and privacy summits and has conducted training sessions with large physician groups. Stephanie is adept at communicating to physician practices the larger picture and pecuniary impact of a compliance program that is not well maintained. In fact, she was appointed by the International Association of Privacy Professionals to co-chair the Southwest Ohio Knowledgenet—a program that brings privacy professionals together to discuss cutting-edge topics and strategies.

We rely on Stephanie’s extensive experience in HIPAA and HITECH privacy and security rules to guide your practice to compliance. We focus on the details so you can focus on what matters most to you—your patients.


Contact us today

If your practice is in need of assistance with privacy and data security law compliance, contact the Calderhead, Lockemeyer and Peschke Law Office online or call us at 513-576-1060. We look forward to speaking with you.


Contact Form

We will respond to your inquiry in a timely fashion. Thank you.

Quick Contact Form