News & Insights  |  Media Mentions

Related Professionals

Practice Areas


Patricia O'Connell
Senior Communications Manager

Kirk Nahra Discusses $2 Million HIPAA Fine in Patient Data Breach Case

Healthcare Info Security
October 20, 2016

Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted in an October 19 Healthcare Info Security article regarding the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recent punitive action against St. Joseph Health System. In the case, OCR fined St. Joseph $2.14 million after investigating a breach of protected health information that left the records over 30,000 individuals vulnerable to being searched and viewed via popular search engines. The settlement amount may lead other healthcare providers to reassess their internal security standards and training procedures to ensure that they are compliant with the Health Insurance Portability and Accountability Act.

“The main lesson on this is how important it is to have a broad, well-considered, overall risk assessment that really focuses on identifying your security risks and then—in the follow-up step—managing those risks,” said Mr. Nahra. “I'm not entirely sure why this settlement was a bigger amount, other than that the ‘problem’ that resulted may have been worse—public exposure—than many others.”

To read the full article, please click here.