Sansweet, Dearden and Burke, Ltd. (SDB) advises clients on compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and state privacy laws. HIPAA imposes extensive requirements on health care providers, which include limiting the disclosure of protected health information (PHI), establishing safeguards to protect electronic PHI, and providing notification in the case of a breach. In addition, many states also regulate the confidentiality and retention of medical records.


As the use of electronic health records and mobile technology increases, providers must be aware of their obligations under HIPAA and state laws. SDB attorneys provide the following services:

  • Drafting and reviewing business associate agreements and notices of privacy practices
  • Advising clients on when health information may be disclosed to the police or other government entities
  • Providing counsel regarding the storage and disposal of medical records
  • Recommending best practices for the privacy of health information