NANS Supports Protections for Thousands of Medical Providers in Change Healthcare Cyberattacks

In February, Change Healthcare, the nation’s largest processor of medical claims, experienced one of the largest cyberattacks in the healthcare industry. This resulted in the loss of patient and claims data. This breach continues to have significant financial and operating impacts on medical providers across the country.

According to a recent American Medical Association survey, a significant number of providers continue to report issues with operations despite UnitedHealth Group (UHG), of which Change Healthcare is a business unit, announcements of restored service.

Recently, the U.S. Department of Health and Human Services began investigating Change Healthcare and UHG through its Office of Civil Rights (OCR). While OCR has stated its focus is on UHG, it is unclear whether physicians could be held responsible for notifying their patients about the breach.

NANS, along with leading national medical societies, has signed on to this letter, asking the Department of Health and Human Services OCR how it intends to enforce the Health Insurance Portability and Accountability Act (HIPAA)-related reporting requirements involving the Change Healthcare cyber incident and to publicly state that its breach investigation and immediate efforts at remediation will be focused on Change Healthcare, and not the providers affected by Change Healthcare’s breach.