In February, a large security breach occurred at a health care payments clearinghouse, exposing sensitive health information of over 30% of Americans. This has caused concern among hospitals and doctors nationwide, who feared they would have to locate the affected individuals. However, the Department of Health and Human Services (HHS) has recently announced that Change Healthcare, the parent company of UnitedHealth Group, is responsible for identifying and notifying impacted customers, not individual health care providers like hospitals and doctors’ offices.
This update comes after over 100 provider industry groups sent a letter to HHS secretary Xavier Becerra requesting clarification from the agency’s Office of Civil Rights, which manages HIPAA data breaches. The letter requested confirmation that Change Healthcare and its parent company UnitedHealth Group are responsible for identifying and notifying impacted customers.
Federal law requires health care providers to inform patients when their data has been compromised. With this in mind, it is important for patients to stay informed about any updates or developments regarding their sensitive health information. If you believe your personal information may have been exposed in the recent security breach, it is recommended to contact your healthcare provider or the relevant authorities for assistance.
