This site is operated by a third party, not by Costco. Use of this site (and any destination sites you reach through this site) is subject to the site's Terms of use and Privacy Policy, rather than those of Costco.
Welcome to the CBC Health Insurance
Marketplace for Costco Members
Marketplace Home Small Group Marketplace Large Group Marketplace Health News
Health News

Check Out the New HIPAA FAQs by HHS Post CH-Attack

August 12, 2024

smiling african american woman cutting up vegetables

 

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has recently updated its FAQ webpage in light of the recent cybersecurity breach at Change Healthcare. Originally published on April 19, 2024, these updates provide crucial information on the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and offer guidance on handling similar cybersecurity incidents. The Change Healthcare breach, which impacted a number of healthcare organizations including those under UnitedHealth Group (UHG), underscores the need for robust cybersecurity measures in the healthcare sector.

 

Understanding HIPAA Breach Notification Responsibilities

The updated FAQs clarify the responsibilities of covered entities—such as health plans, healthcare providers, and healthcare clearinghouses—in notifying HHS, affected individuals, and, where necessary, the media about breaches of Personal Health Information (PHI). Key points from the FAQs include:

 

  1. Delegation of Breach Notifications: Covered entities affected by the Change Healthcare breach have the option to authorize Change Healthcare to handle breach notifications on their behalf. This streamlines the process and ensures that notifications are managed effectively.
  2. Notification Responsibilities: The updated guidance confirms that either the covered entity or Change Healthcare is responsible for issuing breach notifications. This means that covered entities will not face additional HIPAA breach notification obligations if Change Healthcare complies with the requirements.

 

Strengthening Cyber Security Protocols

In response to the Change Healthcare incident, OCR urges all HIPAA-covered entities, including health plans, insurers, healthcare providers, and their business associates, to promptly review and enhance their cybersecurity protocols. Even if your organization does not directly handle PHI, it is crucial to assess the security measures of third-party vendors such as Third-party Administrators (TPAs) and Pharmacy Benefit Managers (PBMs). Ensuring these vendors have strong cybersecurity practices is essential to protecting PHI.

 

Proactive Measures for Enhanced Security

To address cybersecurity concerns and safeguard PHI effectively, consider the following actions:

 

  1. Review and Upgrade Cybersecurity Measures: Organizations should evaluate their existing cybersecurity protocols and implement necessary updates to enhance protection against cyber threats.
  2. Evaluate Third-Party Vendors: When selecting TPAs or PBMs, thoroughly assess their cybersecurity practices to ensure they meet industry standards and protect PHI effectively.
  3. Strengthen Business Associate Agreements: Ensure that business associate agreements include comprehensive security provisions to protect electronic PHI and mitigate risks associated with cybersecurity breaches.

 

Compliance Support and Resources

OCR offers a range of resources to assist covered entities and business associates in defending their systems against cyberattacks, including:

 

  • HIPAA Security Rule Guidance Material
  • OCR Webinar on HIPAA Security Rule Risk Analysis Requirement
  • HIPAA Security Risk Assessment Tool
  • Fact Sheet: Ransomware and HIPAA

 

We Are Prepared

The recent updates from HHS and OCR underscore the critical importance of HIPAA compliance and robust cybersecurity measures in the healthcare sector. The new FAQs provide valuable insights into breach notification responsibilities and reflect the urgency of protecting Personal Health Information (PHI). For organizations navigating these requirements, proactive measures are essential.

 

At The CBC Health Insurance Marketplace for Costco Members, we are committed to helping organizations strengthen their cybersecurity protocols and achieve HIPAA compliance. Our team of experts offers tailored solutions and resources to assist you in safeguarding PHI and mitigating cyber threats effectively. Contact us today to learn more about how we can support you in enhancing your cybersecurity measures and ensuring compliance with HIPAA regulations.

 

 

Brought to you by the insurance professionals at Custom Benefit Consultants, Inc.

 

Blog Tags:

Employees, Organizational Mission, hybrid work models, remote work models, Connecting with Employees

 

 

Recent Blog Posts:

Rise in Medical Cost & Strategic Insights for Large Group Businesses in 2025

Rise in Medical Cost & Strategic Insights for Large Group Businesses in 2025

Read More »
Health Savings Accounts (HSAs) for Businesses

Health Savings Accounts (HSAs) for Businesses

Read More »
California Small Business Grants: Up to $2,000 for Paid Family Leave

California Small Business Grants: Up to $2,000 for Paid Family Leave

Read More »
Q3 2024 Compliance Changes: A Review Report

Q3 2024 Compliance Changes: A Review Report

Read More »
Is Level-Funded Health Insurance the Right Choice for Your Small Business

Is Level-Funded Health Insurance the Right Choice for Your Small Business

Read More »

Contact us at (855) 332-3821 to speak with a
representative or to access to our language line.

All written materials from Qualified Health Plans
(QHP) can be translated and made available from QHP issuers.


contactus | Privacy Policy | Terms of Service | Data Requests | Interest-Based Ads | Sitemap | Accessibility
Copyright © 2024 CBC. All Rights Reserved.
All insurance products are sold by Custom Benefit Consultants, Inc., Ken Bahl, NPN: 4579133
ph: (800) 611-9056 M/F 8am-5pm (PST)
fax:(866) 505-3945 Real Time M/F 8am-5pm (PST) 24-Hour Response M-F

Language Assistance:


Spanish / Español
Russian / русский

Polish / Polskie

Japanese / 日本語

Chinese / 中文

French Creole-Haitian Creole / Franse - Kreyòl

Portuguese / Português

German / Deutsche

Vietnamese / Tiếng Việt

Arabic / العربية

French / Français

Persian-Farsi / فارسی

Korean / 한국어

Tagalog-Filipino

Italian / italiano

More Languages...

 

 

Attention: This website is operated by Custom Benefit Consultants, Inc. and is not the Health Insurance Marketplace website. In offering this website, Custom Benefit Consultants, Inc. is required to comply with all applicable federal law, including the standards established under 45 CFR 155.220(c) and (d) and standards established under 45 CFR 155.260 to protect the privacy and security of personally identifiable information. This website may not display all data on Qualified Health Plans (QHPs) being offered in your state through the Health Insurance Marketplace website. To see all available data on QHP options in your state, go to the Health Insurance Marketplace website at HealthCare.gov.

 

Costco Insurance Agency, Inc. is a licensed insurance agent. Insurance plans are offered by licensed insurance companies or health maintenance organizations. Health insurance plans on The CBC Health Insurance Marketplace for Costco Members are brokered and /or serviced by CBC Benefit & Insurance Services; CA License #: 0D75486 and Costco Wholesale Corp. License #: 0C28248. Costco Insurance Agency License #: 0D08407.

 

If you would like assistance in another language, please visit Healthcare.gov or contact us at (855) 332-3821 to access our language line.

 

All insurance products are issued by licensed insurance companies and made available to applicants through Costco Insurance Agency, Inc., which receives a commission from insurers to distribute these products. Your insurance policy, not the information on this site, determine the applicable terms and conditions of the insurance product. Neither Costco Insurance Agency, Inc. nor its affiliates guarantee the services of any insurance company.