Law Firm HIPAA Survey Highlights Industry Commitment to Compliance with New Privacy and Security Rules Now in Effect

Share Article

Intapp, Inc. today announced the publication of a risk management survey report presenting information gathered from over 70 organizations relating to new HIPAA regulations.

Formal enforcement for the new HIPAA Omnibus Rule begins today, September 23, 2013.

Intapp, Inc., provider of the most-adopted information security and compliance management software for law firms, today announced the publication of a risk management survey report presenting information gathered from over 70 organizations, focused on measuring attitudes, priorities and response strategies relating to new HIPAA regulations now in effect.

On January 17, 2013, the U.S. Department of Health and Human Services announced that the new HIPAA Omnibus Rule holds those law firms that act as Business Associates, or interact with protected health information (PHI), directly liable for compliance with the HIPAA Security Rule and Privacy Rule (press release). These rules mandate that access to and use of PHI must be restricted to a "minimum necessary" standard, with access restrictions documented and verified using activity monitoring technology. In turn, many organizations are currently revising their information management policies and practices to achieve compliance. Formal enforcement begins today, September 23, 2013.

The 2013 HIPAA Law Firm Risk Survey focuses on firm risk management policies, practices and priorities. It examines specific issues including internal education, confidentiality management, and compliance tracking and verification. The published survey report provides quantitative summaries of overall group response data and samplings of individual responses to free-form questions.

Selection of Key Findings of the Survey Report:

1.    Interest in and responsibility for HIPAA compliance spans departments and stakeholder roles – survey participants include firm management, risk management, heads of IT, information security managers and practice group leaders.

2.    Firms report that protected health information subject to HIPAA protections often appears in matters from firm healthcare, litigation, labor & employment, insurance, and medical/life science practice areas.

3.    Firms see reputational harm as the key risk and impact of a breach or compliance failure.

4.    Firms are actively pursuing compliance with new HIPAA regulations, employing measures including undertaking internal assessments and review of business associate agreements, implementing new policies and training and adopting security and monitoring controls.

5.    In many instances, compliance measures are spearheaded by IT, often working cross-functionally with risk and practice stakeholders.

6.    To manage future compliance, firms overwhelmingly plan to modify business intake procedures to identify and flag HIPAA-related matters at the point of inception.

7.    Many firms are discussing HIPAA compliance with their insurance brokers or underwriters to assess the applicability of current malpractice and cyber insurance policies or expand coverage.

“We sponsored this survey to provide our customers and partners with insight into how the legal industry is responding to the new HIPAA Omnibus Rule, which affects a significant number of organizations,” said Pat Archbold, head of Intapp's Risk Practice Group. “We’re working closely with many firms to help them respond, supporting their efforts to safeguard and monitor the treatment of sensitive information and meet their compliance objectives.”

For more information about the 2013 Law Firm HIPAA Response Survey and to request a copy of the complete report, visit:

About Intapp
Intapp provides software products and services that enable law firms to thrive in an increasingly competitive marketplace by improving client service, increasing profitability, and reducing operational costs. Intapp's three practice groups (Revenue, Risk and Integration) focus on understanding existing pressures and emerging trends, and translate this knowledge into products and best practices. Intapp products are recognized as the most advanced in their respective categories - DTE Axiom and Time Builder for time entry and recording, Integration Builder for application integration and business process automation, Wall Builder for information and matter security, and Intapp Open for new business intake and conflicts management.

Intapp serves over 450 customers, is endorsed by major software vendors across all categories, and has cultivated a vibrant partner community. For more information, visit:

About The Risk Roundtable Program
The Risk Roundtable program provides a forum for law firm leaders to develop and share best practices and industry standards for managing risks driven by legal, ethical, client and regulatory requirements. The program brings together a mix of professionals including operational management, general counsel, loss prevention partners, risk management partners, conflicts managers, intake managers and IT leadership. At regular regional events and webinars, Risk Roundtable participants discuss client requirements, evolving legal duties and industry trends. For more information, visit:

Kathryn Hume
Intapp, Inc.

“Intapp,” is a trademark of Intapp, Inc. Other trademarks are the property of their respective owners.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Kathryn Hume
+1 (650) 852-0400 702
Email >
Visit website