top of page
  • bill3766

HHS Updates HIPAA FAQs Regarding Change Healthcare Cybersecurity Incident

The U.S. Department of Health and Human Services (HHS) updated its HIPAA FAQs regarding the recent Change Healthcare cybersecurity incident, providing guidance on breach notification responsibilities and emphasizing the need for robust cybersecurity measures. Click here for article.

  • Breach Notification Responsibility: Covered entities can delegate the task of providing breach notifications to Change Healthcare.

  • Single Notification Requirement: Only one entity, either the covered entity or Change Healthcare, needs to provide the required breach notifications.

  • HIPAA Compliance: If Change Healthcare handles the breach notifications in accordance with HIPAA Rules, the covered entities have no additional notification obligations.

  • Cybersecurity Emphasis: HHS urges HIPAA-covered entities and their business associates to urgently review and strengthen their cybersecurity measures.

1 view0 comments


bottom of page