News & Insights  |  Media Mentions

Related Professionals

Practice Areas


Patricia O'Connell
Senior Communications Manager

Kirk Nahra Comments on HIPAA Obligations For Cloud Service Providers   

October 10, 2016

Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted in an October 7 Politico article regarding recent guidance issued by the U.S. Department of Health and Human Services’ Office for Civil Rights. The guidance states that cloud service providers that process or store patient health data for their health care service provider clients must be classified as business associates. As a result, these companies must sign a business associate agreement with their clients and comply with regulations under the Health Insurance Portability and Accountability Act (HIPAA).   

Reactions to the guidance were mostly positive, according to the article. “Most cloud companies have accepted [being a business associate],” said Mr. Nahra. “Not all have.”

Mr. Nahra added that the regulations are unlikely to be a significant burden. “If their security is actually good, it should be easy for them to comply.”

To read the full article, please click here.