At this time, the U.S. Division of Well being and Human Providers (HHS) Workplace for Civil Rights (OCR) posted a brand new webpage to share solutions to often requested questions (FAQs) regarding the Well being Insurance coverage Portability and Accountability Act of 1996 (HIPAA) Guidelines and the cybersecurity incident impacting Change Healthcare, a unit of UnitedHealth Group (UHG), and lots of different well being care entities. The cyberattack is disrupting well being care and billing data operations nationwide and poses a direct menace to critically wanted affected person care and important operations of the well being care trade.
HIPAA Guidelines
OCR enforces the HIPAA Privateness, Safety, and Breach Notification Guidelines, which units forth the necessities that HIPAA coated entities (most well being care suppliers, well being plans, and well being care clearinghouses) and their enterprise associates should comply with to guard the privateness and safety of protected well being data and the required notifications to HHS and affected people following a breach.
The webpage solutions questions and supplies useful data on many subjects, together with:
- Why did OCR challenge the March 13, 2024, “Pricey Colleague Letter”?
- Why is OCR initiating an investigation and what does it cowl?
- Has OCR acquired breach studies from Change Healthcare, UHG, or any affected well being care suppliers?
- Are massive breaches (these affecting 500 or extra people) posted on the HHS Breach Portal on the identical day that OCR receives a regulated entity’s breach report?
- Is OCR’s 2016 ransomware steerage relevant to the Change Healthcare cyberattack?
- Are coated entities which might be affected by the cyberattack involving Change Healthcare and UHG required to file breach notifications?
- What HIPAA breach notification duties do coated entities have with respect to the Change Healthcare cyberattack?
- What HIPAA breach notification duties do enterprise associates have with respect to the Change Healthcare cyberattack?
The brand new FAQs on the Change Healthcare Cybersecurity Incident could also be considered at: https://www.hhs.gov/hipaa/for-professionals/special-topics/change-healthcare-cybersecurity-incident-frequently-asked-questions/index.html
The HHS Breach Portal: Discover to the Secretary of HHS Breach of Unsecured Protected Well being Info could also be discovered at: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
OCR is dedicated to imposing the HIPAA Guidelines that defend the privateness and safety of peoples’ well being data. Steerage concerning the Privateness Rule, Safety Rule, and Breach Notification Guidelines may also be discovered on OCR’s web site.
When you consider that your or one other individual’s well being data privateness or civil rights have been violated, you’ll be able to file a grievance with OCR at https://www.hhs.gov/ocr/complaints/index.html.
