Contributor: Kirk J. Nahra, CIPP/US

Kirk J. Nahra, CIPP/US, is a partner with Wiley Rein LLP in Washington, D.C, where he represents companies across the country and internationally on privacy and information security issues. He is Chairman of the IAPP Publications Advisory Board and was a long-time IAPP Board member. He can be reached at 202.719.7335 or knahra@wileyrein.com.  Follow him on Twitter at @kirkjnahrawork.

HIPAA

Why Employers Need to Carefully Approach Employee Healthcare Data

By Kirk J. Nahra

The recent controversy about AOL CEO Tim Armstrong's comments on employee healthcare expenses reflects ongoing confusion about the actual and appropriate rules for employers and the protections for employees concerning their health care information. As employers become more involved in the overall management of employee wellness and overall healthcare expenditures, this confusion is likely to...

More from Kirk J. Nahra
From the Tool Belt

Moving Past the New HIPAA Rules

By Kirk J. Nahra

Note from the Editor:

Kirk J. Nahra, CIPP/US, will further delve into the future of healthcare privacy during his break out session Next Generation Healthcare Privacy later this month at the IAPP Privacy Academy in Seattle, WA. He will also co-lead this year's Privacy Bootcamp, an introductory preconference workshop to help professionals navigate the privacy landscape.

So, you’re a HIPAA covered entity or business associate who is in the final throes of revamping (or creating) appropriate and compliant HIPAA privacy and security policies. And, you finally think you are getting a handle on all the changes required by the new HITECH components of the HIPAA rules. And, boy, it’s been some work. So, you’re good for a while, right?

Not really. While the HIPAA...

More from Kirk J. Nahra
From the Tool Belt

Policing Your Own People

By Kirk J. Nahra

The recent reports of terminations at Cedars-Sinai Medical Center following inappropriate review of celebrity medical records should serve as a reminder to every healthcare entity—and any company with sensitive information. You must police your own people. They need access to information to do their own job, but history has shown that they can’t be trusted entirely. You need a plan to make sure...

More from Kirk J. Nahra