Health IT Security June 3, 2024
Jill McKeon

OCR updated its FAQ webpage and affirmed that covered entities may delegate breach notification responsibilities to Change Healthcare.

The HHS Office for Civil Rights (OCR) updated its frequently asked questions (FAQ) webpage regarding the Change Healthcare cyberattack, clarifying breach reporting requirements for affected covered entities.

As previously reported, more than 100 industry groups undersigned a letter to OCR in mid-May seeking clarity about data breach reporting responsibilities related to the Change Healthcare cyberattack, which resulted in operational and financial difficulties for healthcare providers nationwide.

UnitedHealth Group (UHG) offered to “make notifications and undertake related administrative requirements on behalf of any provider or customer,” which would ease individual reporting requirements for affected entities. However, OCR’s initial FAQ page stressed that it...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, HHS, Provider, Technology
Related Articles:
HIMSS25 Cyber Forum keynote urges industry involvement
Cybersecurity For Startups: Building Resilience From The Ground Up
7 Operational Challenges You Must Address As Cyberattacks Evolve
HIMSS 2025: Four big themes of the health conference
Weak cyber defenses are exposing critical infrastructure — how enterprises can proactively thwart cunning attackers to protect us all

Share This Article