OCR Creates FAQ Webpage In Response to Change Healthcare Cyberattack

BACK TO INSIGHTS     Articles

4/30/2024

On April 19, 2024, the U.S. Department of Health & Human Services, Office for Civil Rights (OCR) posted a new webpage containing frequently asked questions (FAQs) concerning HIPAA and the Change Healthcare cybersecurity incident. The FAQs, in part, address the fact that on March 13, 2024, the OCR published a “Dear Colleague Letter” advising that the OCR was aware of the Change Healthcare cybersecurity incident that occurred in late February 2024 “that is disrupting health care and billing information systems nationwide.”

Some of the FAQs covered include:

• Why did OCR issue the March 13, 2024, “Dear Colleague Letter”?
• Why is OCR initiating an investigation and what does it cover?
• Has OCR received breach reports from Change Healthcare, UHG, or any affected health care providers?
• Are covered entities that are affected by the cyberattack involving Change Healthcare and UHG required to file breach notifications?
• What HIPAA breach notification duties do covered entities have with respect to the Change Healthcare cyberattack?
• What HIPAA breach notification duties do business associates have with respect to the Change Healthcare cyberattack?

Click Here to read the entire April 2024 Healthcare Law Update now!

For additional information or for assistance with your organization’s privacy and security program, contact:
Lani M. Dornfeld, CHPC | 973.403.3136 | ldornfeld@bracheichler.com

*This is intended to provide general information, not legal advice. Please contact the authors if you need specific advice.

Related Practices:   Healthcare Law

Related Attorney:   Lani M. Dornfeld

Related Industry:   Healthcare