Senior Communications Manager
Kirk Nahra Discusses Latest FTC Cybersecurity Enforcement Action
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted in a HealthcareInfoSecurity.com article, discussing the Federal Trade Commission’s (FTC) latest cybersecurity enforcement action against medial software company Henry Schein Practice Solutions. According to the article, Henry Schein falsely advertised its software’s encryptions capabilities.
Mr. Nahra said that “the FTC’s case against Henry Schien spotlights why HIPAA covered entities need to scrutinize the assertions of their software vendors, as well as business associates, about how they're safeguarding patient protected health information. This case is mainly a question of making sure that clients take claims a bit skeptically, especially if they seem too good to be true or make statements that are hard to support.”
“Since there isn't a specific encryption standard under HIPAA, and a ‘product’ can’t by itself ever be HIPAA compliant, any vendor that says ‘my product is HIPAA compliant,’ really isn't making an accurate statement,” Mr. Nahra added.
Mr Nahra concluded, “People make claims to sell their products. Be a smart consumer with privacy/security products, the same way you would be if you were a consumer buying a used car.”
To read the complete article, please click here.