Naomi Diaz reports:
The American Hospital Association sent a letter to the HHS urging them to clarify whether hospitals and health systems should be providing breach notification to patients if protected health information is compromised due to the Feb. 21 cyberattack on Change Healthcare.
The March 21 letter, penned to Melanie Fontes Rainer, acting director of the Office for Civil Rights at the HHS, asks the agency to provide clarification to hospitals and other providers regarding breach reporting when it comes to the Change Healthcare hack.
“We remain concerned, however, that OCR may require hospitals to make breach notifications to HHS and affected individuals, if it is later determined that a breach occurred,” the letter reads. “We are seeking additional clarification that hospitals and other providers do not have to make additional notifications if UnitedHealth Group and Change Healthcare are doing so already.”
Read more at Becker’s Heatlh IT.