News & Insights  |  Media Mentions

Related Professionals

Practice Areas


Patricia O'Connell
Senior Communications Manager

Kirk Nahra Weighs in on Health Data Breaches and HIPAA Enforcement

Employer’s Guide to HIPAA Privacy Requirements
April 4, 2014

Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted in two articles that appeared in Employer’s Guide to HIPAA Privacy Requirements’ March newsletter.  Mr. Nahra’s quotes were based on remarks he made during the 22nd National HIPAA Summit in Arlington, VA.

The first article focused on the increased enforcement of the Health Insurance Portability and Accountability Act (HIPAA) by the U.S. Department of Health and Human Services (HHS).  According to the article, last year HHS’s Office for Civil Rights got $4 million through “resolution agreements.”  That number remains about the same as in 2012.  Mr. Nahra said he was surprised that there hasn’t been a larger increase in monetary enforcement actions.  “I do think the investigations are becoming more and more thorough,” he said.  “We’re going to continue to see a small increase over time.”

He warned against one problematic area:  low-level employees who misuse protected health data.  “Make sure you are reviewing your security practices on a regular basis,” Mr. Nahra said.

The second article focused on a need for improved procedures when responding to potential health data breaches.  Mr. Nahra said it’s important to inform the right people after a breach is detected and to not assume that each incident is like the last.  “Do not try to shoehorn your incidents into something else,” he said.  “You’re going to have to work through this step every time.”

Ultimately, being proactive is better than being reactive, he said.  “The best thing you can do is reduce your breaches in the first place,” Mr. Nahra said.