HHS Launches HIPAA Compliance Investigation of Change Healthcare Following Cyberattack | Practical Law
On March 13, 2024, the Department of Health and Human Services (HHS) announced an investigation of the health care technology company that was targeted in February 2024 by a malware cyberattack (Change Healthcare). HHS's investigation of the target company, a business associate (BA) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), will focus on whether the target company and its corporate parent (a major health insurer) complied with HIPAA's privacy, security, and breach notification rules.