{"id":21991,"date":"2024-06-12T15:26:21","date_gmt":"2024-06-12T15:26:21","guid":{"rendered":"https:\/\/www.insurancejournal.com\/?p=779165"},"modified":"2024-06-12T15:26:21","modified_gmt":"2024-06-12T15:26:21","slug":"hhs-says-unitedhealth-can-notify-patients-of-data-breach","status":"publish","type":"post","link":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/2024\/06\/12\/hhs-says-unitedhealth-can-notify-patients-of-data-breach\/","title":{"rendered":"HHS Says UnitedHealth Can Notify Patients of Data Breach"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.insurancejournal.com\/app\/uploads\/2024\/05\/UnitedHealth-Group-Logo-580x326.png\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.insurancejournal.com\/app\/uploads\/2024\/05\/UnitedHealth-Group-Logo.png\" class=\"ff-og-image-inserted\"><\/div>\n<ul class=\"nav nav-tabs tabs tabs-entry\">\n<li class=\"active\"><a href=\"https:\/\/www.insurancejournal.com\/news\/national\/2024\/06\/12\/779165.htm\">Article<\/a><\/li>\n<li><a href=\"https:\/\/www.insurancejournal.com\/news\/national\/2024\/06\/12\/779165.htm?comments\" rel=\"nofollow\">0 Comments<\/a><\/li>\n<\/ul>\n<div class=\"article-content clearfix\">\n<p class=\"tr-story-p1\">U.S. <span class=\"tr-strong\">healthcare providers can ask Uni<\/span>tedHealth Group to <span class=\"tr-strong\">notify <\/span>people whose data was exposed during a hack on <span class=\"tr-strong\">the company\u2019s <\/span><a href=\"https:\/\/www.insurancejournal.com\/news\/national\/2024\/02\/28\/762566.htm\" target=\"_blank\" rel=\"noopener\">Change Healthcare unit in February<\/a><span class=\"tr-strong\">, according to an update on the health department\u2019s website.<\/span><\/p>\n<p>The <span class=\"tr-strong\">news comes <\/span>as a relief for U.S. hospitals and healthcare providers <span class=\"tr-strong\">that had <\/span><a class=\"bold1 tr-link\" href=\"https:\/\/searchlf.ama-assn.org\/letter\/documentDownload?uri=%2Funstructured%2Fbinary%2Fletter%2FLETTERS%2Flfcyso.zip%2F2024-5-20-CHIME-HHS-OCR-Sign-On-Letter-FINAL.pdf\" target=\"_blank\" rel=\"noopener\">urged<\/a> the Department of Health and Human Services (HHS) to shift <span class=\"tr-strong\">the notification responsibility to <\/span>UnitedHealth and its unit.<\/p>\n<div class=\"bzn bzn-sized bzn-intext\">\n<ins data-revive-zoneid=\"79\" data-revive-topics=\"cyber\" data-revive-companies data-revive-block=\"1\" data-revive-id=\"36eb7c2bd3daa932a43cc2a8ffbed3a9\"><\/ins> <\/div>\n<p>\u201cAffected covered entities that want Change Healthcare to provide breach notifications on their behalf should contact Change Healthcare,\u201d the HHS\u2019 Office for Civil Rights (<span class=\"tr-strong\">OCR) <\/span>said in an update dated May 31.<\/p>\n<p>U<span class=\"tr-strong\">.S. law states data breaches must be reported to individual patients within 60 days of discovery.<\/span><\/p>\n<p>A UnitedHealth spokesperson said the company appreciates the clarification from OCR, which \u201creiterates our stated preference to ease the reporting obligations of our customers.\u201d<\/p>\n<p>Earlier in May, the healthcare conglomerate\u2019s CEO Andrew Witty told a Congressional committee that hackers potentially stole a third of Americans\u2019 data in the Feb. 21 cyber attack that led to disruptions in processing medical claims. The company is still trying to fix <span class=\"tr-strong\">the processing <\/span>s<span class=\"tr-strong\">nags<\/span>.<\/p>\n<p>Witty <span class=\"tr-strong\">had also said <\/span>the company continued to investigate the amount of data involved and <span class=\"tr-strong\">thought it was <\/span>\u201cgoing to be substantial.\u201d<\/p>\n<p>UnitedHealth warned the breached data could contain sensitive information such as names, addresses, medical codes and insurance numbers, <span class=\"tr-strong\">the Wall Street Journal<\/span> reported <span class=\"tr-strong\">earlier in the day<\/span>, citing the company\u2019s responses to questions from the Senate Finance Committee.<\/p>\n<div class=\"bzn bzn-sized bzn-intext-2\">\n<ins data-revive-zoneid=\"162\" data-revive-topics=\"cyber\" data-revive-companies data-revive-block=\"1\" data-revive-id=\"36eb7c2bd3daa932a43cc2a8ffbed3a9\"><\/ins> <\/div>\n<p>The breach at the unit, which handles healthcare billing, data systems and many other services, has caused widespread disruptions in claims processing, impacting patients and providers across the country.<\/p>\n<p><strong>Related:<\/strong><\/p>\n<p class=\"tagtag\"> <span class=\"tagtag\">Topics<\/span> <a href=\"https:\/\/www.insurancejournal.com\/cyber\/\" class=\"btn btn-sm btn-primary tagtag\">Cyber<\/a> <\/p>\n<\/p><\/div>\n<div class=\"article-poll\" data-post=\"779165\">\n<div class=\"article-poll-vote\">\n<p>Was this article valuable?<\/p>\n<\/p><\/div>\n<div class=\"article-poll-feedback voted-no\">\n<form class=\"feedback-form\">\n<p>Thank you! Please tell us what we can do to improve this article.<\/p>\n<p> <textarea placeholder=\"Enter your feedback...\"><\/textarea> <button type=\"submit\" class=\"submit\" disabled>Submit<\/button> <button class=\"cancel\">No Thanks<\/button> <\/form>\n<\/p><\/div>\n<div class=\"article-poll-feedback voted-yes\">\n<form class=\"feedback-form\">\n<p>Thank you! <span class=\"percent\"><\/span>% of people found this article valuable. Please tell us what you liked about it.<\/p>\n<p> <textarea placeholder=\"Enter your feedback...\"><\/textarea> <button type=\"submit\" class=\"submit\" disabled>Submit<\/button> <button class=\"cancel\">No Thanks<\/button> <\/form>\n<\/p><\/div>\n<div class=\"article-poll-more-articles\">\n<p class=\"thank-you-text\">Here are more articles you may enjoy.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"subscribe-banner subscribe-banner-in-content-2\">\n<div class=\"content\">\n<h4>Interested in <em>Cyber<\/em>?<\/h4>\n<p>Get automatic alerts for this topic.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Article 0 Comments U.S. healthcare providers can ask UnitedHealth Group to notify people whose data was exposed during a hack on the company\u2019s Change Healthcare unit in February, according to an update on the&#46;&#46;&#46;<\/p>\n","protected":false},"author":1,"featured_media":21992,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[33,865,34,2,1,328,866],"jetpack_featured_media_url":"https:\/\/blog.lifeinsurance-orleans.ca\/wp-content\/uploads\/2024\/06\/hhs-says-unitedhealth-can-notify-patients-of-data-breach.png","_links":{"self":[{"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/posts\/21991"}],"collection":[{"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/comments?post=21991"}],"version-history":[{"count":0,"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/posts\/21991\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/media\/21992"}],"wp:attachment":[{"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/media?parent=21991"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/categories?post=21991"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/tags?post=21991"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}