Sarah Borders, CEBS April 1, 2024 2 min read

OCR Reminds Covered Entities that Safeguarding HIPAA PHI is Top Priority

As a result of the cyberattack on Change Healthcare (HIPAA business associate of United Health Group), OCR (a division of HHS) has issued a letter regarding an investigation into the potential breach of PHI. The letter also reminds covered entities and business associates that safeguarding protected health information (PHI) remains a top priority.

Who this applies to:

  • All group health plans

Go Deeper:
 
According to the letter, OCR’s investigation into the Change Healthcare cyberattack will focus on whether a breach of PHI actually occurred, and into UHG’s compliance with HIPAA privacy, security, and breach notification rules.
 
As a reminder, “covered entities” under HIPAA (group health plans are covered entities) are required to conduct a risk assessment and create policies and procedures, as should any business associates used by the covered entity.  
 
The letter provides several resources to assist in protecting PHI from cyberattacks, including guidance materials, training videos and webinars, HHS Security Risk Assessment Tool, and other helpful materials.
 
OCR recommends all covered entities and business associates, including employers sponsoring group health plans and their vendors, to review cybersecurity measures to ensure the protection of health information.
avatar

Sarah Borders, CEBS

 Principal, Benefits Compliance Solutions. Sarah has spent the last 15 years in the employee benefits industry, has numerous designations and serves on NAHU’s Employer Working Group Subcommittee and is an active board member of Austin AHU. She recently stepped down as Vice President of Benefits Compliance at one of the nation's largest brokerage firms to start her own compliance consulting practice. Her designations include an active license with the Texas Department of Insurance, CEBS (Certified Employee Benefits Specialist), Certified Health Care Reform Professional, HIPAA certification and Health Care Service Associate. She holds an MBA from Texas A&M Corpus Christi and a BA from University of Incarnate Word. Her consulting firm, Benefits Compliance Solutions, partners with employers to identify unknown risks and avoid hundreds of thousands of dollars in fines and lawsuits from failure to comply with their healthplan obligations.

COMMENTS

RELATED ARTICLES

Hausmann Group
October 14, 2019 6 min read

“Why Am I Getting This Bill From My Provider?” Helping Employees Understand & Respond to Unexpected Balance Billing

With increasing frequency we find that the employees enrolled in our group health insurance plans are getting a shock when they ...
Start Reading
Hausmann Group
March 18, 2020 1 min read

Notification of Enforcement Discretion for Telehealth Remote Communications during the COVID-19 Nationwide Public Health Emergency

Yesterday, the Office of Civil Rights issued a bulletin advising medical practitioners that the office will not be enforcing ...
Start Reading
Hausmann Group
March 10, 2020 < 1 min read

Interim Guidance for Businesses and Employers to Plan and Respond to COVID-19

This guide provides information from the Centers for Disease Control and Prevention (CDC) about how businesses and employers ...
Start Reading