Senior Communications Manager
Privacy Practice Chair Kirk Nahra Offers Tips for Improving Risk Assessments
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice, was interviewed by HealthcareInfoSecurity for a June 7 webcast on steps health care organizations can take to improve risk assessments required under the Health Insurance Portability and Accountability Act (HIPAA).
The U.S. Department of Health and Human Services (HHS) last year reviewed more than 100 health care companies’ systems for protecting confidential patient data, and found that “there was a general weakness in conducting risk assessments,” Mr. Nahra said. “What HHS is really encouraging and pushing people to do is to be more focused, more organized, more consistent in how these risk assessments are done.”
Risk assessment rules require companies to identify potential vulnerabilities within their information systems and find ways to eliminate them. Companies that handle private medical data must find “the most effective ways of protecting this information while still getting your business done,” Mr. Nahra said.
“If you're a hospital, you need to think about how you control your workforce, because there's people all across your workforce who can access information,” he said. “You need to think about where you're sending information, in terms of parties that you have an arms-length relationship with like the health insurers. You have to make sure it’s going to the right places. You have to make sure your connections are secure. You have to make sure you’re only giving them the right information, and also think about people who are working for you, [such as] the service providers.”
To listen to Mr. Nahra’s interview with HealthcareInfoSecurity, click here.