Senior Communications Manager
Kirk Nahra Comments on HIPAA-Related Legal Dispute
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted in a HealthcareInfoSecurity.com article about a Health Insurance Portability and Accountability Act (HIPAA)-related legal dispute between the MetroChicago Health Information Exchange (HIE) and its IT vendor Sandlot Solutions, which is going out of business. The lawsuit, alleging breach of contract, relates to Sandlots’ plan to destroy patient data before the HIE can properly download and validate it.
Mr. Nahra said this case is similar to disputes between health care providers and their electronic health record (EHR) vendors that he has witnessed in the past. “There are a variety of issues that can arise in these settings,” he said. “We’ve seen some similar situations come up when there have been contract disputes and threats to move from one EHR to another, where the records have been sort of held hostage.”
Mr. Nahra noted that these kinds of potential disputes between healthcare entities and vendors also spotlight the importance of having a recovery and backup plan.
“Unfortunately, this puts some stress on the system, and should cause hospitals and others to develop backup scenarios, which are required by the [HIPAA] Security Rule in any event,” Mr. Nahra said. “This should be a reminder to hospitals to make sure they have developed an approach to anticipate something going wrong with the vendor.”
To read the complete article, please click here.