Phyllis F. Granade is a Martindale-Hubbell AV peer review rated™ health care attorney with a nationally recognized reputation concerning privacy and security law. Ms. Granade has substantial experience assisting clients with their compliance concerns regarding federal and state privacy and security laws, including but not limited to:
- The Administrative Simplification Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and HIPAA’s Privacy, Security and Enforcement Regulations
- State and Federal Data Breach Laws
- State Privacy and Security Statutes and Regulations
- The Red Flag Program Clarification Act of 2010 amending the Fair and Accurate Credit Transactions Act of 2003 (FACTA), better known as the “Red Flag Rules”
- Gramm-Leach-Bliley Act (GLBA)
Ms. Granade assists entities subject to the privacy and security regulations promulgated pursuant to HIPAA. She defends clients during privacy and security investigations brought by the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR). Ms. Granade advises clients regarding industry standards and guidelines to protect the privacy and security of individually identifiable information, including guidance and standards issued by the National Institute of Standards and Technology (NIST) and the Payment Card Industry (PCI) Standards. She primarily represents large organizations in the health care industry, including the largest publicly-traded health system in the nation.
Ms. Granade often represents clients that have experienced a data breach due to a theft or intentional intrusion (e.g., stolen laptops, hackers) or an accident (e.g., natural disasters, lost backup tapes). Her assistance includes:
- Analyzing and responding to privacy and security complaints (internal and external) including investigations by federal and state agencies;
- Conducting employee interviews and preparing attorney-client confidential analysis
- Investigating why the client’s technical, physical and/or administrative safeguards were insufficient to prevent the breach
- Advice concerning applicable data breach laws, and preparation of notifications required by law
- Risk management advice
- Cooperating with state Attorneys General and consumer protection agencies
- Preparation of privacy and security policies and procedures
In 2009, the American Health Lawyers Association (AHLA) published an Enterprise Risk Management Handbook containing a chapter regarding telemedicine written by Ms. Granade, as well as a chapter concerning the use of radiofrequency identification devices (RFID) in health care settings, co-authored with Joshua Rozovsky.
Education
- J.D., University of South Carolina School of Law (1993)
- A.B., cum laude, University of Georgia (1991)
Involvement
- Member, American Health Lawyers Association (former co-chair of the Health Information Technology, or HIT, Practice Group)
- Admitted to practice in Georgia and South Carolina
Publications and Speaking Engagements, 2008 to the Present
- Co-author of the chapter Telemedicine and Enterprise Risk Management for Enterprise Risk Management for Healthcare Facilities, Second Edition, published by the American Health Lawyers Association in February 2013
- Speaker, HIPAA Security Policies, Risk Management Trends in IT, (Client: Multi-State Hospital System), July 2012, Plano, TX
- Speaker, HIPAA Privacy and Security Training, (Client: University Health Care System), April – May, 2012
- Speaker, HIPAA Privacy and Security Training, (Client: University Health Care System), April – May, 2012
- HIPAA and HITECH Training, (Client: Largest Hospital System in the US), August 2010, Nashville, TN
- Co-speaker, “Stimulating HIPAA: The Far Reaching Effects of the Economic Stimulus Package on the Health Insurance Portability and Accountability Act,” Health Care Compliance Association (HCCA) South Central Regional Annual Conference, November 2009, Nashville, TN
- Co-speaker, “Can I Disclose This? Navigating the Intricacies of HIPAA in Claims Litigation,” ABA Tort Trial & Insurance Section Teleconference, September 2009
- Co-author of the chapter Radiofrequency Identification (RFID) – A Challenge for Healthcare for Enterprise Risk Management for Healthcare Facilities, First Edition, published by the American Health Lawyers Association in 2009
- Moderator, “HIPAA Privacy Regulations Fundamentals – An Introductory Course,” American Health Lawyers Association teleconference, May 2009
- Panelist, “Can I Disclose This? Navigating the Intricacies of HIPAA in Claims Litigation,” ABA Tort Trial & Insurance Section Mid-Year Meeting, January 2009
- Moderator and speaker, “HIPAA Audits and Investigations,” Lorman Education Services, January 2009
- Author, Lost or Stolen Data: Minimizing Fallout, Counsel to Counsel Magazine, May 2008
- Moderator and co-speaker, “HIPAA and Law Enforcement – Responding to Requests for Protected Health Information,” American Health Lawyers Association Teleconference, April 2008
- Speaker, “Hot Topics in HIPAA,” American Health Lawyers Association’s Hospitals and Health Systems Law Institute, February 2008