Senior Communications Manager
Kirk Nahra Quoted in Coverage of State HIPAA Enforcement Cases
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted by HealthcareInfoSecurity.com in a November 9 article about state enforcement actions related to violations of the Health Insurance Portability and Accountability Act’s (HIPAA) privacy and security rules.
The article cites a recent data-breach settlement that Connecticut’s attorney general (AG) negotiated with a hospital and its business associate. Several providers also have agreed to pay HIPAA-related fines in settlements with the attorney general of Massachusetts.
Most other states have not pursued HIPAA enforcement cases, according to Mr. Nahra. “We have not seen very many HIPAA settlements by state AGs, even though they have very broad authority in many situations,” he said. “Each time there is one, I think other folks will jump on board, but that hasn’t really happened yet. I can’t really explain why they haven’t done more, particularly since there have been plenty of potential cases.”
Mr. Nahra noted that state attorney general cases against business associates (BAs) remain rare, and no HIPAA cases against BAs by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) have been revealed so far. But he said that could change in the coming months.
“I would expect to see a BA enforcement [by OCR] in 2016,” Mr. Nahra said.
To read the article, click here.