HHS to investigate Change Healthcare cyberattack

In an announcement calling the cyberattack that crippled Change Healthcare a “direct threat to critically needed patient care,” the HHS Office for Civil Rights (OCR) said it would open an investigation into the incident focused on Change and its parent company, UnitedHealth Group (UHG).

“Given the unprecedented magnitude of this cyberattack, and in the best interest of patients and health care providers, OCR is initiating an investigation into this incident,” states a “Dear Colleague” letter from OCR director, Melanie Fontes Rainer. “OCR’s investigation of Change Healthcare and UHG will focus on whether a breach of protected health information occurred and [on] Change Healthcare’s and UHG’s compliance with the HIPAA Rules.”

Fontes Rainer adds that, while OCR isn’t prioritizing investigations of any specific Change or UHG partner, providers or health plans should still ensure they are aware of their “regulatory obligations and responsibilities, including ensuring that business associate agreements are in place and that timely breach notification to HHS and affected individuals occurs as required by the HIPAA Rules.”

To that end, Fontes Rainer ends the letter by linking to a variety of cybersecurity and HIPAA guidance materials for partners of Change and UHG.

Evan Godt
Evan Godt, Writer

Evan joined TriMed in 2011, writing primarily for Health Imaging. Prior to diving into medical journalism, Evan worked for the Nine Network of Public Media in St. Louis. He also has worked in public relations and education. Evan studied journalism at the University of Missouri, with an emphasis on broadcast media.

Around the web

The scheme took place over a period of at least seven years, resulting in Medicare being billed for more than $70 million in fraudulent claims for unnecessary scans. 

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals.