Feds Issue Guide for Change Health Breach Reporting Duties

HHS OCR Says the Company Has Not Yet Filed HIPAA Breach Reports to the Agency
The Department of Health and Human Services has not yet received HIPAA breach reports from Change Healthcare or parent company UnitedHealth Group about their massive cyberattack. HHS is telling HIPAA-covered firms and their vendors to do their duty if a breach affects protected health information.

breach breach reporting change change healthcare cyberattack department department of health and human services guide health healthcare hhs hipaa human issue ocr reporting reports services the company unitedhealth unitedhealth group vendors