Law of Information Privacy

Friday, September 15th - Saturday, September 16th, 2017


1 hour of CLE credit has been approved

Webcast Archive Content

Event Description

Data is everywhere today, and is being used by a broader range of entities for a broader range of purposes every day. Lawyers in an increasingly broad variety of fields must understand the key principles surrounding the use and disclosure of personal data when providing virtually all aspects of legal advice to companies, in both regulated and unregulated industries, including compliance, mergers and acquisitions, litigation and the full range of specific privacy and data security laws and regulations.

This 2-part lecture series will explore the primary legal and policy principles surrounding the use and disclosure of personal data. This will be relevant for attorneys working in the areas of compliance, data security, mergers/acquisitions and in healthcare.

Attendees can attend one or both days. Day one will be 5 CLE credits and day 2 is 4.75 CLE credits.

Speaker Information

Mr. Kirk Nahra is a partner with Wiley Rein LLP in Washington, D.C., where he specializes in privacy and information security litigation and counseling, along with a variety of health care and compliance issues. He is chair of the firm’s Privacy Practice and co-chair of its Health Care Practice. He assists companies in a wide range of industries in analyzing and implementing the requirements of privacy and security laws across the country and internationally. He provides advice on data breaches, enforcement actions, contract negotiations, business strategy, research and de-identification issues and privacy, data security and cybersecurity compliance. He advises companies in virtually all industries, ranging from Fortune 500 companies to start-ups. He also works with insurers and health care industry participants in developing compliance programs and defending against government investigations into their practices.

A long-time member of the Board of Directors of the International Association of Privacy Professionals, he is the editor of Privacy Advisor, the monthly newsletter of the International Association of Privacy Professionals. He is also a founding Board Member of the Privacy Bar Section of the IAPP. He is a Certified Information Privacy Professional and serves on the Advisory Board for the Health Law Reporter, the Privacy and Security Law Report and the Health Care Fraud Report. He served as the Co-Chair of the Confidentiality, Privacy and Security Workgroup, a panel of government and private sector privacy and security experts advising the American Health Information Community (AHIC) on privacy and security issues arising from health information technology. He has held leadership positions with various groups within the American Health Lawyers Association and the American Bar Association Health Law Section.

Continuing Legal Education Readings


Friday September 15th, 2017
Day 1 – 5 CLE

Time Topic
9:00 - 9:30 am A brief History, and Defining the Key Terms [.5 CLE]

A discussion of the recent history of information privacy law and the key concepts that are emerging in the area

9:30 - 9:45 am Fair Information Principles [.25 CLE]

A discussion of the concept of fair information practices and how these practices impact overall development of privacy law

9:45 - 10:45 am The Key Laws (Part 1) [1.0 CLE]

Laws: Industries

  • Gramm-Leach-Bliley
  • FCC/Internet Privacy
  • FERPA (educational records)
  • State vs. Federal
10:45 - 11:00 am Break
11:00 - 11:30 am The Key Laws (Part 2) [.5 CLE]

Laws: Practices

  • Marketing Practices
  • Employee Privacy
11:30 - 12:00 pm International Privacy [.5 CLE]

A discussion of privacy and data security at the international level, focusing on the EU privacy rules and various other international privacy frameworks

12:00 - 12:45 pm Lunch break

note: lunch is not provided by the law school

12:45 - 1:15 pm An Introduction to Data Security [.5 CLE]

A discussion of data security as a separate and emerging legal requirement, including how it is different from priacy and legal strategies for providing advice on data security issues

1:15 - 1:30 pm Breach Notification [.25 CLE]

A discussion of breach notification laws and related issues

1:30 - 1:45 pm The Federal Trade Commission [.25 CLE]

A discussion of the role of the Federal Trade Commission in the data privacy and security area

1:45 - 2:00 pm Break
2:00 - 3:00 pm Key Issues [1.0 CLE]

A discussion of some of the key operational and policy issues in the business world involving privacy and data security issues

  • Enforcement
  • Litigation
  • Vendor Relationships
  • Offshoring/Cloud Computing
  • Identity Theft
  • Big Data
3:00 - 3:15 pm Key Steps for Companies [.25 CLE]

An overall analysis of key steps for companies relating to data privacy and security

3:15 - 3:30 pm Questions and Conclusions

Saturday September 16th, 2017
Day 2 – 4.75 CLE

Time Topic
9:00 - 9:15 am
Topic 1 - Introduction to the scope and approach of the Health Insurance Portability and Accountability Act (“HIPAA”) [.25 CLE]
We will discuss the development of the HIPAA Privacy and Security Rules, focusing on the scope of the rules and the overall approach set out by them
9:15 - 10:15 am
Topic 2 - The HIPAA Privacy Rule - Core principles of use and disclosure, consent, authorization, public policy disclosures, notice of privacy practices. Key definitions. [1.0 CLE]
We will discuss the core elements of the HIPAA Privacy Rule, focusing on the use and disclosure principles. We will also touch on individual rights and administrative requirements under the Privacy Rule.
10:15 - 10:30 am Break
10:30 - 11:15 am Topic 3 - The HIPAA Security Rule, Security Standards for the Protection of Electronic Protected Health Information. Discuss the lawyer’s role in connection with data security. [.75 CLE]
We will discuss the overall approach to the HIPAA Security Rule, including the key provisions and the challenging aspects of providing legal advice in connection with the Security Rule.
11:15 - 11:45 am Topic 4 - HIPAA Breach Notification Rule/Security Breach Issues [.5 CLE]
We will discuss the HIPAA/HITECH breach notification rule. For an in class exercise, we will provide a sample breach situation. You will be expected to discuss a risk assessment and evaluation of steps related to addressing the breach.
11:45 - 12:30 pm Lunch break
note: lunch is not provided by the law school
12:30 - 1:00 pm Topic 5 – Business Associates [.5 CLE]
We will discuss the application of the HIPAA rules to business associates, including various issues that have specific implications for business associates. We will discuss some examples of categories of business associates (e.g., accounting firm, billing consultant), and will evaluate the particular issues of interest for this company in connection with business associate agreements and other key HIPAA issues for this company/category.
1:00 - 1:15 pm Topic 6 – HIPAA Enforcement; Rule; AG Role [.25 CLE]
We will discuss the HIPAA enforcement process and the overall enforcement approach, along with the implications of this approach on the health care industry.
1:15 - 1:30 pm
Topic 7 - Health Privacy Litigation [.25 CLE]
We will discuss some of the key litigation issues that are arising in connection with the HIPAA Privacy and Security Rules and other health care privacy issues.
1:30 - 2:00 pm Topic 8 - Non-HIPAA Health Care Data [.5 CLE]
We will discuss the expansion of the amount and nature of “non-HIPAA” health care data, and how this activity is altering the environment for health care privacy and security rules. We will evaluate the implications for both lawyers and the health care business from these developments.
2:00 - 2:15 pm
2:15 - 2:30 pm Topic 9 - Health Privacy Laws Beyond HIPAA: Discussion of State Law and HIPAA Pre-emption; other Federal Privacy Laws. [.25 CLE]
We will discuss how HIPAA impacts state law and other federal laws.
2:30 - 2:45 pm Topic 10 - Research, De-identification, and Big Data [.25 CLE]
We will discuss the role of big data in the health care industry, focusing on two related issues: the process for healthcare research and the concept of “de-identification” of health care information.
2:45 - 3:00 pm Topic 11 - Evaluating HIPAA: How has it worked and where are we going? [.25 CLE]
We will discuss how the HIPAA rules have changed over time and the changes that might be needed (or might happen) in the future, and then will evaluate how the rules have worked, from the perspective of individuals, the healthcare industry and the public.
3:00 - 3:30 pm Topic 12 - Questions and Conclusions (and professional opportunity discussion)


Event Location

Room A57
11075 East Boulevard
Cleveland, Ohio 44106

Kirk Nahra

Kirk Nahra
Partner, Wiley Rein LLP


Free and open to the public
Online registration required


Academic Centers and Continuing Legal Education Programs