Following a major cyberattack on Change Healthcare, a subsidiary of UnitedHealth Group (UHG), confusion arose regarding who would handle the Change Healthcare cyberattack HIPAA breach notification for potentially millions of affected individuals. HIPAA regulations govern such notifications, but the situation presented unique challenges. In May 2024, the Department of Health and Human Services (HHS) issued […]
March 1, 2022, is the date by which HIPAA-covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were discovered during calendar-year 2021. A small breach involves fewer than 500 individuals. HIPAA Small Breach Notification Requirements HIPAA requires covered […]