RVM Adds HIPAA Compliance to its Extensive List of Security Measures and Certifications

RVM is committed in its efforts to ensure the confidentiality, integrity and availability of all protected electronic information, and as such, RVM is pleased to announce the inclusion of HIPAA Compliance to its extensive list of security measures and certifications. As of January 02, 2015, RVM is able to provide attestation to HIPAA Compliance through both internal and third-party audit processes.

“By augmenting our existing Information Security Management System (ISMS) to incorporate safeguards for Protected Health Information (PHI) we ensure that our clients’ data is managed safely and in compliance with Federal Healthcare laws and regulations, specifically the 2013 HIPAA Omnibus Rule,” said Geoffrey Sherman, RVM’s Chief Technology Officer.

As law firms and healthcare providers strive to comply with the HIPAA Omnibus Rule they must ensure that their business associates meet or exceed the data safeguards required for dealing with protected health information (“PHI”). These safeguards are including but not limited to data privacy, security, and breach notification procedures specific to PHI. Failure to comply with HIPAA rules may result in civil penalties that can reach up to $25,000 for violations observed. It should also be noted that PHI privacy breaches are subject to penalties of up to $1.5 million where the timely reporting and breach management procedures in compliance with HIPAA regulations are not met.


Health care privacy concerns are governed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Clinical Health Act (“HITECH”) of 2009. This legislation was passed by Congress to encourage the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information. It serves to improve efficiency and effectiveness of Medicare, Medicaid, and the health care system.  HIPAA places requirements on health care providers known as covered entities and business associates including requirements to comply with privacy, security, and transaction standards.  The Privacy Rule established under HIPAA is a set of national standards for the protection of certain health information.  The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirements of HIPAA.  The purpose of the Privacy Rule is to establish standards which respect to the confidentiality of an individual’s health information or PHI by entities which are subject to HIPAA.  Within HHS, the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the Privacy Rule with respect to compliance activities and civil money penalties.

About RVM

RVM provides data solutions and eDiscovery services to leading global financial institutions, corporations and Am Law 100 firms.  RVM is dedicated to innovation in technology to address the ever-changing business models in today’s legal and corporate environments. RVM is proud of receiving certification as a women’s business enterprise by the Women’s Business Enterprise National Council (WBENC).

RVM’s services include forensic data collection, eDiscovery processing and hosting, advanced data analytics, eDiscovery strategic consulting, information governance consulting, litigation readiness and managed document review.

Ultimately, RVM may from time to time have access to PHI by virtue of RVM’s data solution and or eDiscovery services to a health care provider or its business associate.