Senior Communications Manager
Kirk Nahra Discusses Recent HHS Actions to Enforce HIPAA
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted by DataGuidance’s Privacy This Week newsletter, in an article about recent actions taken by the U.S. Department of Health and Human Services (HHS) to enforce the Health Insurance Portability and Accountability Act (HIPAA) rules and regulations. As part of a settlement with HHS over potential HIPAA violations, a Puerto Rico-based insurance holding company recently agreed to pay $3.5 million—the second largest financial penalty ever issued as part of a HIPAA resolution agreement, according to the article.
“HHS has generally been very reasonable and thoughtful in its enforcement actions,” Mr. Nahra told Privacy This Week. “While companies certainly should understand that it is ramping up its enforcement approach generally, they also should take note that the message is not to be scared of HHS, but to be focused on fixing problems.” He added that companies should be “actively monitoring compliance efforts and making a sincere and ongoing commitment to best efforts to understand the privacy and security rules and to comply with all applicable requirements.”