Right now, the U.S. Division of Health and Human Providers (HHS) Workplace for Civil Rights (OCR) posted a brand new webpage to share solutions to incessantly requested questions (FAQs) regarding the Health Insurance coverage Portability and Accountability Act of 1996 (HIPAA) Guidelines and the cybersecurity incident impacting Change Healthcare, a unit of UnitedHealth Group (UHG), and plenty of different Health Care entities. The cyberattack is disrupting Health Care and billing Information operations nationwide and poses a direct risk to critically wanted affected person care and important operations of the Health Care trade.
OCR enforces the HIPAA Privateness, Safety, and Breach Notification Guidelines, which units forth the necessities that HIPAA lined entities (most Health Care suppliers, Health plans, and Health Care clearinghouses) and their enterprise associates should comply with to guard the privateness and safety of protected Health Information and the required notifications to HHS and affected people following a breach.
The webpage solutions questions and offers useful Information on many matters, together with:
- Why did OCR problem the March 13, 2024, “Expensive Colleague Letter”?
- Why is OCR initiating an investigation and what does IT cowl?
- Has OCR acquired breach reviews from Change Healthcare, UHG, or any affected Health Care suppliers?
- Are giant breaches (these affecting 500 or extra people) posted on the HHS Breach Portal on the identical day that OCR receives a regulated entity’s breach report?
- Is OCR’s 2016 ransomware steerage relevant to the Change Healthcare cyberattack?
- Are lined entities which can be affected by the cyberattack involving Change Healthcare and UHG required to file breach notifications?
- What HIPAA breach notification duties do lined entities have with respect to the Change Healthcare cyberattack?
- What HIPAA breach notification duties do enterprise associates have with respect to the Change Healthcare cyberattack?
The brand new FAQs on the Change Healthcare Cybersecurity Incident could also be seen at: https://www.hhs.gov/hipaa/for-professionals/special-topics/change-healthcare-cybersecurity-incident-frequently-asked-questions/index.html
The HHS Breach Portal: Discover to the Secretary of HHS Breach of Unsecured Protected Health Information could also be discovered at: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
OCR is dedicated to imposing the HIPAA Guidelines that defend the privateness and safety of peoples’ Health Information. Steerage concerning the Privateness Rule, Safety Rule, and Breach Notification Guidelines can be discovered on OCR’s web site.
If you happen to imagine that your or one other particular person’s Health Information privateness or civil rights have been violated, you possibly can file a criticism with OCR at https://www.hhs.gov/ocr/complaints/index.html.