<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=118459&amp;fmt=gif">
Show all

HIPAA FAQs Updated Regarding Recent Cybersecurity Incident

phone that reads HIPAA compliance

1 minute read

On May 31, 2024, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) updated its FAQs regarding HIPAA and the recent cybersecurity incident involving Change Healthcare, part of UnitedHealth Group. OCR enforces HIPAA Privacy, Security and Breach Notification Rules (HIPAA Rules) which require entities to protect PHI and report breaches to HHS and affected individuals.


FAQ Updates

The updated FAQs discuss the obligation to notify HHS, impacted individuals, and, when relevant, the media about breaches. The FAQs state that:

  • Covered entities affected by the Change Healthcare breach can delegate breach notifications to Change Healthcare
  • Only one entity needs to provide breach notifications, and
  • if Change Healthcare provides the required breach notifications in a manner consistent with the HIPAA Rules, covered entities have no additional breach notification obligations.


Cybersecurity Measures

OCR has urged HIPAA-covered entities and their business associates to promptly review cybersecurity measures to protect health information. Employers using third-party vendors like third-party administrators (TPAs) and pharmacy benefit managers (PBMs) should verify their cybersecurity practices and have secure business associate agreements in place for electronic PHI. Download the bulletin for more details.


Compliance Resources

HIPAA Security Rule Guidance Material

OCR Webinar on HIPAA Security Rule Risk Analysis Requirement

HIPAA Security Risk Assessment Tool

Fact Sheet: Ransomware and HIPAA

New call-to-action

National Insurance Services is not a law firm and no opinion, suggestion, or recommendation of the firm or its employees shall constitute legal advice. Readers are advised to consult with their own attorney for a determination of their legal rights, responsibilities and liabilities, including the interpretation of any statute or regulation, or its application to the readers’ business activities.

the words overtime pay written on a clipboard
The Impact of DOL's New Overtime Rule on Employee Benefits
June 07, 2024
female doctor talking to female patient
Battling Healthcare Affordability
June 07, 2024
Mari Wagner

Mari Wagner

The greatest badge of success for Mari Wagner is when her customers reach out and let her know how appreciative they are of her help and services. Mari is dependable, driven, committed, and enjoys meeting new people. Mari joined the National Insurance Services (NIS) team after working with NIS for several years on mutual clients benefit plans. She finds that NIS has similar values and mindset to her own. As an Account Manager, Mari works with schools, cities, and counties in the Midwest Region. She is a licensed insurance agent with a background in sales, wellness, managing insurance pools, marketing, and consulting.