Senior Communications Manager
Kirk Nahra Discusses Health Care Companies’ Alleged HIPAA Violations
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted in an April 23 article published in Bloomberg BNA’s Privacy & Data Security Law Resource Center about two health care companies who recently agreed to pay civil penalties to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA).
Concentra Health Services and QCA Health Plan Inc. each entered separate no-fault resolution agreements with the Department of Health and Human Services Office for Civil Rights (OCR) and agreed to pay a combined total of more than $1.7 million. The OCR conducted separate investigations; each focused on the theft of laptops that contained unencrypted protected health information.
“These agreement show that OCR cares a lot about things that people should know how to take care of,” like mobile encryption, Mr. Nahra said. “Companies need to fix issues that have confronted others.” He said the agreements show that OCR is “pursuing cases slowly but diligently. Don’t think you’ve escaped a penalty just because OCR isn’t fast.”