In February, a security breach exposed sensitive health information of patients across the country. Hospitals and doctors have been worried about the potential impact of the breach and how they would notify affected patients. Federal law mandates that healthcare providers must inform patients when their data is compromised.
In response to the breach, over 100 provider industry groups have sent a letter to HHS Secretary Xavier Becerra, requesting clarification on who is responsible for notifying affected customers. They are seeking confirmation that Change Healthcare and its parent company, UnitedHealth Group, are accountable for identifying and informing individuals impacted by the breach, rather than individual healthcare providers.
This exclusive update from the federal agency provides some relief for healthcare providers who were unsure about their responsibilities in the aftermath of the breach. Rather than having to track down affected patients themselves, providers can now rely on Change Healthcare to handle the notification process. By clarifying these responsibilities, the Department of Health and Human Services is helping to streamline the response efforts and ensure that affected individuals are informed promptly.
