News & Insights  |  Media Mentions

Related Professionals

Practice Areas


Patricia O'Connell
Senior Communications Manager

Kirk Nahra Comments on Recent Breach Activity and HIPAA Omnibus’ Impact 

September 30, 2015

Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted in a September 29 HealthcareInfoSecurity article, discussing the impact of the modified breach notification requirements under the Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule in light of a recent surge in hacker activity in the health care field. According to the article, the total number of reported breaches has nearly doubled since September 2013, when the HIPAA Omnibus enforcement kicked in, and the number of individuals affected is up almost five-fold. Under the new requirements, security incidents are now presumed to be reportable breaches unless organizations can demonstrate that the risk of compromise to protected health information is low.

“In my own experience dealing with clients, people are taking the [modified breach notification rule] seriously,” said Mr. Nahra “But what’s less clear is whether what’s being reported would’ve been reported anyway. Overall, I don't think it’s made much impact. We’re still seeing plenty of modest-sized breaches, but the most significant breaches we’re seeing now have been due to hackers.”

To read the complete article, please click here