Healthute

Your Trusted Online Resource for Comprehensive Health and Wellness Insights

HHS Office for Civil Rights Creates FAQ Webpage in Response to the Change Healthcare Cyberattack

On

By

HealWell

In

Today, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) posted a new to share answers to frequently asked questions (FAQs) concerning the and the cybersecurity incident impacting Change Healthcare, a unit of UnitedHealth Group (UHG), and many other health care entities. The cyberattack is disrupting health care and billing information operations nationwide and poses a direct threat to critically needed patient care and essential operations of the health care industry.

OCR enforces the , which sets forth the requirements that HIPAA covered entities (most health care providers, health plans, and health care clearinghouses) and their business associates must follow to protect the privacy and security of protected health information and the required notifications to HHS and affected individuals following a breach.

The webpage answers questions and provides helpful information on many topics, including:

  • Why did OCR issue the March 13, 2024, “”?
  • Why is OCR initiating an investigation and what does it cover?
  • Has OCR received breach reports from Change Healthcare, UHG, or any affected health care providers?
  • Are large breaches (those affecting 500 or more individuals) posted on the HHS Breach Portal on the same day that OCR receives a regulated entity’s breach report?
  • Is OCR’s 2016 ransomware guidance applicable to the Change Healthcare cyberattack?
  • Are covered entities that are affected by the cyberattack involving Change Healthcare and UHG required to file breach notifications?
  • What HIPAA breach notification duties do covered entities have with respect to the Change Healthcare cyberattack?
  • What HIPAA breach notification duties do business associates have with respect to the Change Healthcare cyberattack?

The new FAQs on the Change Healthcare Cybersecurity Incident may be viewed at:

The HHS Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information may be found at: 

OCR is committed to enforcing the HIPAA Rules that protect the privacy and security of peoples’ health information. Guidance about the , , and  can also be found on OCR’s website.

If you believe that your or another person’s health information privacy or civil rights have been violated, you can file a complaint with OCR at .

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Archives

Tags

Fitness