HHS Office for Civil Rights Issues Letter, Initiates Investigation of Change Healthcare Cyberattack

In response to the recent cyberattack affecting Change Healthcare, a unit of UnitedHealth Group (UHG), the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) has taken decisive action to address the significant disruption caused to the nation's healthcare and billing systems. The cyberattack, which occurred in late February, has raised concerns regarding patient care and the integrity of essential healthcare operations nationwide.

OCR, responsible for enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules, has initiated an investigation into the incident. The primary focus of this investigation will be to ascertain whether there has been a breach of protected health information (PHI) and to evaluate Change Healthcare and UHG's compliance with HIPAA regulations.

The magnitude of this cyberattack has prompted OCR's intervention, emphasizing the critical nature of safeguarding PHI and ensuring uninterrupted patient care. While OCR acknowledges the broader impact on healthcare entities associated with Change Healthcare and UHG, it assures that its primary focus remains on investigating the breach and ensuring compliance with HIPAA regulations.

In addition to its investigative efforts, OCR has issued a "Dear Colleague" letter, underscoring the importance of maintaining regulatory obligations and responsibilities, particularly regarding business associate agreements and timely breach notifications to HHS and affected individuals as mandated by the HIPAA Rules.

Recognizing the urgency of the situation, OCR has provided resources to assist healthcare entities in enhancing their cybersecurity measures. These resources include educational materials, webinars, and tools aimed at promoting awareness and adherence to HIPAA Security Rule requirements.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.