HHS to investigate Change Healthcare cyberattack

In an announcement calling the cyberattack that crippled Change Healthcare a “direct threat to critically needed patient care,” the HHS Office for Civil Rights (OCR) said it would open an investigation into the incident focused on Change and its parent company, UnitedHealth Group (UHG).

“Given the unprecedented magnitude of this cyberattack, and in the best interest of patients and health care providers, OCR is initiating an investigation into this incident,” states a “Dear Colleague” letter from OCR director, Melanie Fontes Rainer. “OCR’s investigation of Change Healthcare and UHG will focus on whether a breach of protected health information occurred and [on] Change Healthcare’s and UHG’s compliance with the HIPAA Rules.”

Fontes Rainer adds that, while OCR isn’t prioritizing investigations of any specific Change or UHG partner, providers or health plans should still ensure they are aware of their “regulatory obligations and responsibilities, including ensuring that business associate agreements are in place and that timely breach notification to HHS and affected individuals occurs as required by the HIPAA Rules.”

To that end, Fontes Rainer ends the letter by linking to a variety of cybersecurity and HIPAA guidance materials for partners of Change and UHG.

Evan Godt
Evan Godt, Writer

Evan joined TriMed in 2011, writing primarily for Health Imaging. Prior to diving into medical journalism, Evan worked for the Nine Network of Public Media in St. Louis. He also has worked in public relations and education. Evan studied journalism at the University of Missouri, with an emphasis on broadcast media.

Around the web

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Trimed Popup
Trimed Popup