HHS OCR Creates FAQ Webpage in Response to the Change Healthcare Cyberattack

  • Federal Health Policy Committee (FHPC)

    HHS OCR Creates FAQ Webpage in Response to the Change Healthcare Cyberattack

    Posted by name on April 22, 2024 at 9:47 am

    _________________________________________________

    April 19, 2024

    HHS Office for Civil Rights Creates FAQ Webpage in Response to the Change Healthcare Cyberattack

    Today, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) posted a new webpage to share answers to frequently asked questions (FAQs) concerning the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules and the cybersecurity incident impacting Change Healthcare, a unit of UnitedHealth Group (UHG), and many other health care entities. The cyberattack is disrupting health care and billing information operations nationwide and poses a direct threat to critically needed patient care and essential operations of the health care industry.

    OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules, which sets forth the requirements that HIPAA covered entities (most health care providers, health plans, and health care clearinghouses) and their business associates must follow to protect the privacy and security of protected health information and the required notifications to HHS and affected individuals following a breach.

    The webpage answers questions and provides helpful information on many topics, including:

    • Why did
      OCR issue the March 13, 2024, “Dear Colleague Letter”?
    • Why is
      OCR initiating an investigation and what does it cover?
    • Has OCR
      received breach reports from Change Healthcare, UHG, or any affected
      health care providers?
    • Are
      large breaches (those affecting 500 or more individuals) posted on the HHS
      Breach Portal on the same day that OCR receives a regulated entity’s
      breach report?
    • Is
      OCR’s 2016 ransomware guidance applicable to the Change Healthcare
      cyberattack?
    • Are
      covered entities that are affected by the cyberattack involving Change
      Healthcare and UHG required to file breach notifications?
    • What
      HIPAA breach notification duties do covered entities have with respect to
      the Change Healthcare cyberattack?
    • What
      HIPAA breach notification duties do business associates have with respect
      to the Change Healthcare cyberattack?

    The new FAQs on the Change Healthcare Cybersecurity Incident may be viewed at: https://www.hhs.gov/hipaa/for-professionals/special-topics/change-healthcare-cybersecurity-incident-frequently-asked-questions/index.html

    The HHS Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information may be found at: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

    OCR is committed to enforcing the HIPAA Rules that protect the privacy and security of peoples’ health information. Guidance about the Privacy Rule, Security Rule, and Breach Notification Rules can also be found on OCR’s website.

    If you believe that your or another person’s health information privacy or civil rights have been violated, you can file a complaint with OCR at https://www.hhs.gov/ocr/complaints/index.html.

    eur02.safelinks.protection.outlook.com

    Change Healthcare Cybersecurity Incident Frequently Asked Questions

    Change Healthcare Cybersecurity Incident Frequently Asked Questions

    name replied 11 months, 2 weeks ago 1 Member · 0 Replies
  • 0 Replies

Sorry, there were no replies found.

Log in to reply.

Start of Discussion
0 of 0 replies June 2018
Now