News & Insights  |  Media Mentions

Related Professionals

Practice Areas


Patricia O'Connell
Senior Communications Manager

Kirk Nahra Discusses Recent Report Regarding Enforcement of HIPAA Security Rule

December 16, 2013

Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice, was quoted in a December 12 article in DataGuidance about a report that found the Office for Civil Rights (OCR) has not met its federal mandate to enforce the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.

According to the article, the U.S. Health and Human Services’ Office of Inspector General (OIG) determined in an audit that OCR should more actively monitor whether covered entities and business associates are in compliance with the rule.  The report, released on December 4, lays out a series of recommendations to improve enforcement.

Noting that the report was not critical of how covered entities are protecting personal information, Mr. Nahra predicted that organizations that fall under HIPAA’s purview may soon be under more stringent review.  “For covered entities and business associates, this report makes it somewhat more likely that OCR will start getting more aggressive in its investigations, but it’s not likely to have a substantial impact,” he said.

Mr. Nahra said that the OIG report’s most significant result could be that OCR gets the money it has been lacking to keep a better watch.  “Presumably, there will be pressure to get some funds to conduct a more involved audit program (particularly now that OCR has the authority to regulate and audit business associates),” he said.