News & Insights  |  Media Mentions

Related Professionals

Practice Areas


Patricia O'Connell
Senior Communications Manager

Kirk Nahra Discusses Massachusetts Marijuana Dispensary Privacy Breach 

August 19, 2015

Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted extensively in a HealthcareInfoSecurity article about a Massachusetts medical marijuana dispensary that allegedly compromised the privacy of 157 patients. The dispensary reportedly sent a group email to the patients and displayed their email addresses in the “CC” line, rather than hiding them in the “BCC” line.   

According to the article, the Massachusetts Department of Health and Human Services is investigating the breach as a possible violation of state privacy regulations. The incident leaves “lots of open questions,” Mr. Nahra said. “Any entity that has a security breach of any kind needs to think about state law.”

Whether this type of facility must also abide by HIPAA privacy and security requirements can be a difficult question to answer, he added. “There are two questions under HIPAA,” Mr. Nahra said. “Are they a ‘health care provider,’ and then, if they are, do they use any of the HIPAA standard transactions? Not all health care providers are covered by the HIPAA rules.”

To read the full article, please click here.