Senior Communications Manager
Modern Healthcare Highlights Kirk Nahra’s Speech on Health Privacy Rules
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice, was the subject of a Modern Healthcare article yesterday on medical privacy concerns related to mobile health applications and other emerging technologies.
The privacy and security framework created under the 1996 Health Insurance Portability and Accountability Act (HIPAA) could be expanded as Congress and federal agencies take steps to address those concerns, Mr. Nahra said in an October 29 speech covered by Modern Healthcare.
“There are all kinds of companies gathering all kinds of health information and not having anything to do with HIPAA,” Mr. Nahra told attendees of the American Health Information Management Association’s annual conference in Atlanta. “This is now the biggest hotspot for the government on privacy and security.”
Security breaches within and beyond the health care sector—and growing federal attention to cybersecurity as part of a national defense—are putting a spotlight on the privacy and security of all electronic records, Mr. Nahra said. The Federal Trade Commission, the U.S. Food and Drug Administration, and the U.S. Department of Defense are among agencies expanding their regulatory efforts in this area.
“At a minimum, we're going to see new standards for people who are not involved in the health care industry that are not directly covered by HIPAA,” he said. “We need to keep an eye on that.”
Health care providers and insurance companies, known as covered entities, are subject to HIPAA regulations. Covered entities’ business associates also must comply with certain privacy and security requirements under updated HIPAA rules that took effect last month.
Mr. Nahra said the debate over mobile devices highlights tensions with the role of patients in their own healthcare. “We’re seeing it with things as simple as, can doctors have e-mail conversations with their patients,” he said. “I think this is going to lead to a lot of pressure to have a broader interpretation of HIPAA beyond covered entities.”