Senior Communications Manager
Kirk Nahra Comments on Fraud Case Involving Alleged Stolen Pediatric Patient Information
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted in a September 6 HealthCare Info Security article regarding the indictment of a Tampa, Florida pediatric center employee on charges of allegedidentity theft and fraud related to stolen patient information.
While no Health Insurance Portability and Accountability Act (HIPAA)-related charges were filed, Mr. Nahra noted that many factors are weighed when considering whether to prosecute a crime for HIPAA violations. “Prosecutors have lots of choices on how to pursue these cases and often just do what they are used to doing from previous cases,” he said.
According to the article, the case highlights the threat that internal employees pose to health organizations that possess large amounts of personally identifiable patient information such as names, dates of birth, and social security numbers. “I make the point to every company I work with that employees that have access to sensitive data are a significant risk,” said Mr. Nahra. “You need to have a plan to control access as best you can, educate staff on rules and sanctions and then monitor and enforce reasonably but aggressively."
To read the full article, please click here.