Senior Communications Manager
Kirk Nahra Discusses Data Breach Settlement by Business Associate of Nursing Homes
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted by Bloomberg BNA’s Privacy Law Watch in an article about a recent $650,000 data breach settlement by a Philadelphia-based health care organization over the theft of a mobile device containing protected health information of nursing home residents.
The organization, a business associate of several nursing home facilities, allegedly violated the Health Insurance Portability and Accountability Act (HIPAA) security rule by failing to assess risk for electronic personal health information, according to the article. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) said the organization, as a business associate, should have had policies in place regarding the handling of mobile devices to address the privacy requirements of HIPAA.
According to Mr. Nahra, this case is the first of its kind involving a business associate.
Mr. Nahra added that “the issue of mobile devices has been consistent theme in both recent OCR enforcement and public statements, and everyone in the HIPAA circle of enforcement should be paying close attention to mobile device security practices.”