On May 31, 2024, the U.S. Department of Health and Human Services’ (HHS)Office for Civil Rights (OCR) updated its frequently asked questions (FAQs) regarding HIPAA and the recent cybersecurity incident involving ChangeHealthcare, a unit of UnitedHealth Group. OCR enforces the HIPAA Privacy,
Security and Breach Notification Rules (HIPAA Rules), which require covered entities and their business associates to protect the privacy and security of protected health information (PHI) and notify HHS and affected individuals following a breach.