Senior Communications Manager
Kirk Nahra Comments on Historic $4.8 Million HIPAA Settlement
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted yesterday in a DataGuidance article about a data breach case that resulted in the largest settlement to date under the Health Insurance Portability and Accountability Act (HIPAA).
Two health care organizations agreed last week to pay the U.S. Department of Health and Human Services a combined $4.8 million to settle charges stemming from a 2010 breach that exposed 6,800 patients’ confidential data. The case reflects important points about the way the agency’s Office of Civil Rights (OCR) conducts investigations, Mr. Nahra said.
“First of all, OCR continues to be thorough but reasonably slow,” he said. “So the fact that an event happened a while ago does not mean that covered entities have escaped attention. Second, this case reflects the ongoing need of all companies to stay on top of developments in their technology.”
The record settlement “reflects the fact that the actual problem was pretty bad—having information available on the Internet just isn’t good,” Mr. Nahra said. “So, it is also a reminder for companies to pay extra attention to things that actually matter—such as a public disclosure of information.”