CMA urges HHS to clarify HIPAA requirements related to Change Healthcare cyberattack

May 29, 2024

The California Medical Association (CMA) joined the American Medical Association (AMA) and more than 100 health care organizations in seeking clarification on Health Insurance Portability and Accountability Act (HIPAA)-related breach reporting and notification requirements involving the Change Healthcare cyberattack.  

CMA signed a joint letter urging the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) to confirm that no entity other than Change Healthcare, its parent company United Health Group and corporate affiliates such as Optum bear responsibility for the breach and are responsible for breach reporting and notification requirements under HIPAA.  

The letter notes that “there are indications that certain data may indeed have been compromised, resulting in a perplexing situation for providers tasked with ensuring the privacy and security of [patient health information] and [personally identifiable information].” 

“We are writing to request more clarity around reporting responsibilities and assure affected providers that reporting and notification obligations will be handled by Change Healthcare,” the letter states. “OCR should publicly state that its breach investigation and immediate efforts at remediation will be focused on Change Healthcare, and not the providers affected by Change Healthcare’s breach.” 

Providers are continuing to grapple with the fallout of the Change cyberattack,  CMA is committed to supporting physician practices during this difficult time. We have developed a grid that lists a summary of known impacts, workarounds and guidance from payors, available free to CMA members.  

Additional Resources 



Was this article helpful?    
Download the New CMADocs app!

Download the new CMADocs app!

CMA's new mobile app lets you connect with your colleagues and engage with CMA content!  Download the "CMADocs" app today from the Apple or Google Play app stores for daily news updates, events calendar, resource library and more.

Latest News

Load More