HHS OCR: Entities Covered by Change Healthcare Breach May Assign HIPAA Breach Notifications Tasks to Change Healthcare
Alrighty then! Let’s chat about some recent developments in the world of healthcare and cybersecurity, shall we? Remember back in April when an update was published regarding that big cybersecurity kerfuffle regarding something referred to as the ‘Change Healthcare incident’? They’ve gone ahead and released another update just recently, at the tail end of May, answering some pretty important questions.
Before we get into the thick of it though, let’s rewind a bit to the specifics of the issue we’re discussing. Now, I’m sure we’re all familiar with the Health Insurance Portability and Accountability Act, right? It’s a mouthful to say, but let’s just stick with its nice short nickname, HIPAA.
Right, moving on. So HIPAA is a pretty big deal, right? And for good reason. This U.S. legislation, which has been kicking about since 1996, aims to protect all the lovely and extremely personal health information people entrust to healthcare providers.
Anyway, in recent times, this noble act has found itself at the centre of a cybersecurity squabble, which is where the Change Healthcare incident comes into play. And it’s within this very incident that the frequently asked questions (FAQs) were raised, hence the updates we’re about to delve into.
Let’s have a gander at these updates from the U.S. Department of Health and Human Services (HHS) and their Office for Civil Rights (OCR) then, shall we? These chaps are responsible for maintaining and updating a rather informative FAQs webpage on the topic of this incident.
This second update they’ve just released mainly centres on the responsibilities of entities covered by HIPAA that, unfortunately, got their knuckles rapped by the Change Healthcare breach. The situation has been a bit muddled and that’s precisely why this latest update is key.
The OCR is making it clear that these entities, despite suffering from the breach, can delegate certain tasks that are otherwise necessary in the wake of such a situation. Now, that might not sound like much, but my goodness, it’s quite a weight off these entities’ shoulders. It surely kicks some important gears into motion!
It just goes to show how delicately the realms of healthcare and cybersecurity overlap, doesn’t it? One tiny hiccup can ripple through the echelons, affecting a wider range of operations than you’d initially imagine. But thankfully, the OCR, with their latest updates, are on the ball, making sure the right information gets to the right people.
So that’s it my friends, the gist of the recent Change Healthcare incident. And remember, in this ever-evolving digital era, it’s super important that we stay up-to-date, ensuring we maintain a good understanding of the intertwining worlds of healthcare and cybersecurity.
by Parker Bytes