News & Insights  |  Media Mentions

Related Professionals

Practice Areas


Patricia O'Connell
Senior Communications Manager

Kirk Nahra Comments on Largest HIPAA Settlement to Date

Healthcare Info Security, Politico
August 5, 2016

Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted in Healthcare Info Security and Politico about Advocate Health Care’s settlement with the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR), the largest Health Insurance Portability and Accountability Act (HIPAA) enforcement settlement to date. The Chicago-based health care organization agreed to pay $5.5 million after several computer-theft and breach incidents in 2013.

Mr. Nahra told Healthcare Info Security that the settlement focuses on compliance issues such as failure to conduct risk analysis. “OCR is—and has been historically—both reasonable and knowledgeable,” Mr. Nahra said. “They seem to know when people are trying hard and when they are not. Going through their cases—and I don’t see anything here to indicate this [Advocate case] is different –‘extent and duration’ matters a lot, as does not fixing existing problems.”

Commenting to Politico, Mr. Nahra said: “You could certainly read into the last few months of HIPAA activity and say both that the pace of enforcement is increasing and that OCR is being less tolerant of significant violations. [But] I don’t see any overall change at the biggest-picture level—they still tend to be reasonable, and appreciate strong efforts at compliance even if something doesn’t work.” What’s important is to demonstrate that you’re trying to do a good job with data security and to cooperate with agency efforts, he added.

To read the Healthcare Info Security article, please click here.

To read the Politico article, please click here.