News & Insights  |  Media Mentions

Related Professionals

Practice Areas


Patricia O'Connell
Senior Communications Manager

Privacy Practice Chair Kirk Nahra Discusses Challenges Presented by New HIPAA Rule

July 31, 2013

Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice, was interviewed by HealthcareInfoSecurity for a July 29 article on the biggest challenges that the new Health Insurance Portability and Accountability Act (HIPAA) omnibus rule will present business associates and their subcontractors.

Medical service providers have a September 23 deadline to be in compliance with the new rule, which will require companies to greatly improve the security they offer patients’ private records.  The U.S. Department of Health and Human Services last year reviewed more than 100 health care companies’ systems for protecting confidential patient data, and “found there was a general weakness in conducting risk assessments,” Mr. Nahra noted.

Under the new regulation, these business associates face penalties if they can’t comply with federal privacy and security regulations for protected data.  “The real challenge is to meet all of the requirements of the HIPAA security rule, which they have not had to deal with before,” Mr. Nahra told HealthcareInfoSecurity. “People are really being forced to revisit their security programs to go through a more focused analysis of what it is they’re trying to do and how they deal with different risks.”

Complicating matters are a number of other regulations—including 46 different state laws—that are also related to protecting privacy, but have different guidelines than HIPAA’s.  Hospitals and other medical providers will have to reconcile the differences in the state and federal rules, Mr. Nahra said.  Additionally, Congress is working to tighten data security breaches, which could lead to more laws that impact health care and other industries.

“One of the things we have to be careful about is that there aren’t so many rules that people get confused and don’t do things that they really should be doing, even in terms of sharing information,” said Mr. Nahra. “But … that’s a real ongoing battle within the health care industry these days.”