Kirk J. Nahra


Kirk J. Nahra


  • Co-Chair, Big Data Practice
  • Co-Chair, Cybersecurity and Privacy Practice

Kirk Nahra has been a leading authority on privacy and cybersecurity matters for more than two decades. Indeed, he is one of the few lawyers in the world ranked in Band 1 by Chambers in privacy and data security. Mr. Nahra counsels clients across industries, from Fortune 500 companies to startups, on implementing the requirements of privacy and data security laws across the country and internationally. He also advocates for clients experiencing privacy and security breaches, and represents clients in contract and deal matters, enforcement actions, regulatory investigations and related litigation. 

Mr. Nahra is best known for his work with health insurers, hospitals, service providers, pharmaceutical manufacturers and other health care industry participants. He has a deep understanding of the privacy and security issues healthcare companies face relating to HIPAA rules, state and federal legislation, enforcement activities, internal investigations, international principles, due diligence in transactions, data breach risk assessments, and the key lines between regulated and unregulated data. During his decades of experience, Mr. Nahra has developed compliance programs, drafted privacy and information security policies, negotiated agreements involving health data, responded to health incidents and defended clients against government investigations. 

Mr. Nahra also has substantial experience working with clients in the financial services and insurance industries on privacy and data security matters relating to the Gramm-Leach-Bliley Act, Fair Credit Reporting Act, Fair and Accurate Credit Transactions Act, data aggregation and sharing practices, and privacy and data security compliance under a wide range of state and federal laws. He also has a breadth of experience drafting and evaluating data security practices and policies across varying industry standards; has investigated and litigated potential fraud against insurers, and has assisted with the development and oversight of corporate compliance programs. 

Additionally, Mr. Nahra is well versed in a variety of other privacy and consumer protection issues, including marketing laws pertaining to email, phone and online communications; the Children's Online Privacy Protection Act; and the Family Educational Rights and Privacy Act of 1974. 

Professional Activities

A leader in the privacy bar, Mr. Nahra has been involved in developing the privacy legal field for 20 years. As a founding member and longtime board member of the International Association of Privacy Professionals, he helped establish the organization’s Privacy Bar Section and their first and most popular certification for Certified Information Privacy Professionals. He is a member of the Center for Cybersecurity and Privacy Protection National Advisory Board. He has taught privacy issues at several law schools, including serving as an adjunct professor at the Washington College of Law at American University and at Case Western Reserve University. In addition, he currently serves as a fellow with the Cordell Institute for Policy in Medicine & Law at Washington University in St. Louis and as a fellow with the Institute for Critical Infrastructure Technology. He actively shares his privacy insights through numerous speeches and articles, and on social media.


Mr. Nahra is an active author and lecturer in the health care, compliance, privacy, information security and anti-fraud areas. Some of his most recent publications include:

  • "The Top Five Health Care Privacy and Security Issues to Watch in 2019," Bloomberg BNA's Health Law Reporter, December 21, 2018
  • "The Top Five Privacy and Security Issues to Watch in 2019," Bloomberg Law Privacy and Security Law Report, December 8, 2018
  • Co-author, "Digital Health Regulatory Gaps in the United States," Compliance Elliance Journal, Fall 2018
  • "The Next Major Privacy Challenge for Corporate America—California’s New Privacy Law," Bloomberg Law Privacy and Security Law Report, July 3, 2018
  • "Takeaways from the 11th Circuit FTC vs. LabMD decision," IAPP's The Privacy Tracker, June 7, 2018
  • "The Top Ten Privacy and Data Security Developments to Watch in 2018," Bloomberg Law Privacy and Security Law Report, January 8, 2018
  • "The Past, Present and Future of Health Care Privacy," Health Law Handbook, 2017 Edition
  • "The Top Ten Health Care Privacy and Security Concerns for 2017," Bloomberg BNA’s Health Law Reporter, January 5, 2017
  • "Privacy and Security Impacts of the 21st Century Cures Legislation," IAPP's The Privacy Tracker, December 19, 2016
  • "Responding to Security Breaches," The Practical Lawyer, October 2016
  • "Impact of the EU-U.S. Privacy Shield on Health-Care Data Transfers," Bloomberg BNA’s Privacy and Security Law Report, August 1, 2016
  • "Is the Sectoral Approach to Privacy Dead in the U.S.?," Bloomberg BNA’s Privacy and Security Law Report, April 4, 2016
  • "The Top Ten Privacy and Security Issues Companies Need to Watch in 2016," Bloomberg BNA’s Privacy and Security Law Report, January 4, 2016
  • "Privacy, Research and the Evolution of Health Care in the 21st Century," Bloomberg BNA's Medical Research Law & Policy Report, March 18, 2015
  • "Obama’s drive to introduce new privacy and security laws," E-Commerce Law and Policy, February 2015
  • "Health Care Privacy and Security Developments: Top Issues to Watch in 2015," Bloomberg BNA's Health Law Reporter, January 8, 2015
  • "State Supreme Court Decision Addresses Common Law Privacy Claims Against Healthcare Providers," IAPP's The Privacy Tracker, November 12, 2014
  • "Privacy and Data Security Is for Everyone: Common Matters That All Companies Should Address," Bloomberg BNA Corporate Law & Accountability Report, July 18, 2014
  • "The Top Ten Health-Care Privacy and Security Issues to Watch in 2014," Bloomberg BNA’s Health Law Reporter, January 23, 2014
  • "The Top 10 Privacy and Security Issues to Watch in 2014," Bloomberg BNA Privacy and Security Law Report, January 13, 2014
  • "Mastering Cybersecurity by Learning Data Security," Bloomberg BNA Privacy and Security Law Report, September 9, 2013
  • "Do I Need New HIPAA Business Associate Agreements?" Bloomberg BNA's Health Law Reporter, June 27, 2013
  • "Analysing the US HIPAA Legacy and Future Changes on the Horizon," Data Protection Law and Policy, February 2013
  • "The Top Ten Privacy and Data Security Issues to Watch in 2013," Bloomberg BNA Privacy and Security Law Report, January 7, 2013
  • "Cloud Computing in Healthcare: Overview of the Main Challenges," Data Protection Law & Policy, August 2012
  • "What To Do While Waiting For The HIPAA Rules," Privacy & Consumer Protection Law360, July 17, 2012
  • "Protecting the Benefits of De-Identified Health Care Information," Legal Backgrounder, Washington Legal Foundation, June 8, 2012
  • "What To Watch For In Privacy And Security In 2012: The Top Five," The Privacy Advisor, January 20, 2012
  • "The Top Health Care Privacy Issues to Watch in 2012," BNA’s Health Law Reporter, December 15, 2011
  • "The HIPAA Accounting NPRM and the Future of Health Care Privacy," BNA Health IT Law & Industry Report, July 4, 2011
  • "Health Insurers in the Fraud Area Today: The Good, the Bad, and the Ugly," American Health Lawyers Association Payors Plans & Managed Care Newsletter, May 2011
  • "The Top Ten Privacy and Security Developments to Watch in 2011," BNA Privacy & Security Law Report, January 3, 2011

For copies of any of the articles mentioned above, please contact Mr. Nahra directly.


  • Recognized in the 2019 and 2020 editions of Chambers Global as a "Leading Global Lawyer for Business" for his privacy and data security practice
  • Recognized as a national leader in healthcare privacy and data security in the 2019 and 2020 editions of Chambers USA: America's Leading Lawyers for Business
  • Named among the 2020 and 2021 Best Lawyers in America for his healthcare law practice
  • Listed as a 2020 Washington DC leader in healthcare law by Super Lawyers
  • Named one of Washington DC’s best cybersecurity lawyers by Washingtonian in 2018

Insights & News


  • Education

    • JD, Harvard Law School, 1987

      cum laude Articles Editor, Harvard Journal on Legislation
    • BA, Georgetown University, 1984

      magna cum laude Phi Beta Kappa
  • Admissions

    • District of Columbia