Senior Communications Manager
Kirk Nahra Discusses Data Breach Involving California Inmates’ Medical Records
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted in a HealthcareInfoSecurity.com article focusing on the recent theft of an unencrypted laptop computer that may contain confidential medical information of up to 400,000 current and former California prison inmates.
The compromised data may date as far back as 1996, and notifying all affected individuals may be a challenge, according to the article. “There clearly are issues in notifying any kind of group, especially if the data is older or there is a transient nature to the population,” Mr. Nahra said. “Obviously, in this context, it will be easy to notify current inmates and likely harder to notify others.”
He added that “notifying people that you can’t reasonably locate is always complicated,” and the U.S. Department of Health and Human Services’ rules “seem to push toward public notifications, which really cannot do a good job of focusing in the affected individuals.”
Mr. Nahra said the breach is “a good reminder on laptop encryption, as well as a reminder to makes sure that people control [what] data that is on a laptop. I always want to know in these situations why the data was on a laptop in the first place.”
In recent years, state agencies have reported many noteworthy health data breaches. Mr. Nahra noted that “state agencies have often lagged behind much of the private sector in privacy and security controls.”
To read the complete article, please click here.