Employers
HHS Signals Continued Focus on Health Plan Privacy and Cybersecurity
Privacy and security are enforcement priorities for government regulators following HHS's restructuring of its Office for Civil Rights.
HR Compliance
HHS Updates HIPAA Breach FAQs
Department of Health and Human Services’ Office for Civil Rights (OCR) recently updated its FAQs on their webpage regarding the cybersecurity incident at Change Healthcare, a...
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently updated its FAQs on their webpage regarding the cybersecurity incident at Change Healthcare, a part of UnitedHealth Group. This update clarifies the responsibilities and procedures concerning breach notifications required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
The OCR enforces HIPAA’s Privacy, Security, and Breach Notification Rules, which are aimed at protecting the privacy and security of protected health information (PHI). These updates are particularly significant in the context of the recent cybersecurity breach that affected Change Healthcare and several other healthcare entities. The updated FAQs underscore the necessity for affected entities to inform individuals whose PHI has been compromised.
Key updates include:
- Affected covered entities may delegate the task of providing breach notifications to Change Healthcare.
- Only one entity needs to perform breach notifications to affected individuals, the Department of Health and Human Services (HHS), and, if applicable, the media.
- If covered entities coordinate with Change Healthcare to handle breach notifications, and if these are executed in compliance with the HITECH Act and HIPAA Breach Notification Rule, they will not have additional notification obligations under HIPAA.
These updates aim to streamline the process of breach notifications, ensuring that all required notifications are efficiently managed and communicated. This is especially important for protecting vulnerable populations, including the elderly, disabled, and those with limited access to technology, ensuring they understand the implications of the breach on their personal medical records.
The detailed FAQs and further guidance on this matter can be viewed on the HHS website here.
Notice to the Secretary of HHS Breach of Unsecured Protected Health Information may be found here.
HR professionals should stay compliant with federal regulations and be prepared to manage cybersecurity incidents effectively.
Benefit Allocation Systems (BAS) provides online solutions for: Employee Benefits Enrollment; COBRA; Flexible Spending Accounts (FSAs); Health Reimbursement Accounts (HRAs); Leave of Absence Premium Billing (LOA); Affordable Care Act Record Keeping, Compliance & IRS Reporting (ACA); Group Insurance Premium Billing; Property & Casualty Premium Billing; and Payroll Integration.
MyEnroll360 integrates with major insurance carriers for enrollment eligibility management (e.g., Blue Cross, Blue Shield, Aetna, United Health Care, Kaiser, CIGNA and others), and with leading payroll platforms for enrollment deduction management (e.g., Workday, ADP, Paylocity, PayCor, UKG, and others).
This article is for informational purposes only and is not intended as legal, tax, or benefits advice. Readers should not rely on this information for taking (or not taking) any action relating to employment, compliance, or benefits. Always consult with a qualified professional before making decisions based on this content.
Topics
HR Compliance
Hiring Young Workers This Summer
Hiring workers under age 18 requires additional compliance responsibilities under the Fair Labor Standards Act's child labor provisions.
HR Compliance
What Federal Eligibility Verification Rules Can Teach Private Employers
A new OPM rule on federal health plan eligibility verification offers practical lessons for private employers managing dependent audits and qualifying life event documentation.