Search Results
The default setting for search results displays All Content. If you prefer to see recent content only, please adjust the date filter.
Filter your results:
Types
Topics
6 Results Found
OCR launches webpage with HIPAA FAQs on Change Healthcare cyberattack
The Department of Health and Human Services’ Office for Civil Rights April 19 launched a webpage answering HIPAA-related FAQs about the Change Healthcare cyberattack.
NIST updates HIPAA cybersecurity resource guide
The National Institute of Standards and Technology this week released updated guidance to help HIPAA-covered entities and business associates assess and manage cybersecurity risks to electronic protected health information and comply with the HIPAA security rule.
In wake of cyberattack, OCR investigating Change Healthcare compliance with HIPAA rules
The Department of Health and Human Services’ Office for Civil Rights is initiating an investigation into the Change Healthcare cyberattack, the agency announced March 13in a “Dear Colleague” letter.
HHS says hospitals impacted by Change Healthcare cyberattack can delegate breach notifications to UnitedHealth Group
The Department of Health and Human Services May 31 announced that hospitals and health systems can require UnitedHealth Group to notify patients if their data was stolen during the Change Healthcare cyberattack Feb. 22.
CISA releases proposed rule on cyber incident reporting
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency March 27 released a proposed rule implementing cyber incident and ransom payment reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022, intended to help the agency prevent cyberattacks and deploy assistance to victims.
AHA to court: Revised OCR bulletin on online tracking technologies still unlawful
The Department of Health and Human Services’ revised “bulletin” for HIPAA covered entities and business associates using online tracking technologies only confirms that the original bulletin was “substantively and procedurally unlawful,” AHA April 11 told a federal court hearing its challenge to a bulletin issued by HHS’ Office for Civil Rights that restricts health care providers from using standard third-party web technologies that capture IP addresses on portions of their public-facing webpages.