The AHA and other national hospital groups May 8 sent a letter to UnitedHealth Group, urging the organization to formally accept responsibility for issuing breach notifications on behalf of providers or customers following cyberattacks if protected health information or personally identifiable information is stolen. UHG CEO Andrew Witty agreed to do so May 1 during hearings with Senate and House committees but has yet to notify the Department of Health and Human Services’ Office for Civil Rights of this plan. 

The letter refers to an April 19 OCR statement in which the agency said, "...with respect to a breach at or by a business associate, while the covered entity is ultimately responsible for ensuring individuals are notified, the covered entity may delegate the responsibility of providing individual notices to the business associate." The letter urges UHG to formally accept this delegation, and notify OCR, state regulators, Congress, media and other stakeholders. 

CMS will accept comments on the proposed rule through July 8. AHA members will receive an advisory with further details on the rule.

Related News Articles

Headline
New guidance released yesterday by the Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI informs health care and other…
Headline
A joint advisory released Nov. 20 by the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency and international partners warns of…
Headline
The Department of Justice Nov. 18 announced criminal charges against Evgenii Ptitsyn, a Russian national, for allegedly administering the sale, distribution…
Headline
A United Nations Security Council meeting the week of Nov. 4 discussed ransomware and the severe impacts that cyberattacks can have on hospitals and health…
Headline
AHA President and CEO Rick Pollack was recently a guest on Pinkston's "To the Point" podcast to discuss the future of U.S. health care, touching on a range of…
Headline
The Cybersecurity and Infrastructure Security Agency, FBI and other federal agencies have created a webpage with the latest cyberthreat updates and information…