Senior Communications Manager
Kirk Nahra Weighs In on Rare HIPAA Criminal Conviction
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted in a Healthcare Info Security article about a rare criminal case involving Health Insurance Portability and Accountability Act (HIPAA) violations. A federal jury in Ohio convicted a respiratory therapist of wrongly accessing the protected health information (PHI) of as many as 596 patients at her placement of employment.
“Criminal HIPAA convictions are pretty rare, but they do happen in the right situations,” said Mr. Nahra. Criminal HIPAA cases “have tended to involve insiders who have done something seriously wrong—using PHI to commit fraud or identity theft, fraudulent submission of tax returns, selling information about celebrities, etc.”
According to the article, the therapist allegedly used the information to seek, obtain, or use intravenous drugs; the jury was instructed to use this information only for determining her motive to access the data. Mr. Nahra noted that “these are clear problems, not mistakes or misjudgments about the HIPAA rules.”
“So the good news is that people aren’t being prosecuted for making good faith HIPAA judgments, even if they aren’t right,” he said. “The government only prosecutes when there are significant bad things happening.”
Mr. Nahra added that preventing insider breaches requires a multifaceted approach. “The solution involves training, education, monitoring, controlling access and making sure people know they are being watched and that they will get caught and perhaps fired or prosecuted if they doing something seriously wrong, while at the same time reassuring employees that these actions don’t occur if people are trying to do the right thing.”
To read the complete article, please click here.