Senior Communications Manager
Kirk Nahra Discusses U.S. House Data Security and Breach Notification Draft Bill
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted by Law360 in a March 16 article about a draft U.S. House bill that aims to strengthen the framework that protects consumers’ data from cyberattacks.
The discussion draft of the legislation, known as the Data Security and Breach Notification Act, would preempt various state data security and breach notification laws, according to the article. “This is a useful step forward on this issue,” Mr. Nahra said. “It contains a good preemption provision, which would be a deal breaker for industry if not included.”
While the proposal includes regulatory exemptions for entities covered by the Health Insurance Portability and Accountability Act (HIPAA), those exemptions would not apply to their business associates, which are also subject to HIPAA requirements.
“I’m very uncomfortable with the exclusion of HIPAA business associates from the exemptions under the proposal, as that will cause considerable confusion and complexity for the health care industry,” Mr. Nahra said.