The Department of Health and Human Services is monitoring the ongoing fallout from the Change Healthcare cyberattack and has launched a dynamic website that will be updated as information emerges. In addition, Change Healthcare’s parent company, UnitedHealth Group (UHG), is now essentially tasked with sending out the required HIPAA breach notifications to patients and completing related administrative requirements on behalf of any provider that was affected. Federal officials at the Office for Civil Rights ruled recently that UHG can send these notifications for providers—something that spares the providers not only administrative work but also the negative optics that come along with the cyberattack. For its part, UHG has also created a practical website for patients and providers who have questions or concerns about the breach, which includes a phone contact and offers for credit monitoring.
Next up: Change has been analyzing instances of unsecured patient data, and a major update is expected within 30 days. Informational updates can be accessed on a dedicated UHG web page