The AAMC joined five other hospital groups in a letter to UnitedHealth Group (UHG) CEO Andrew Witty, urging him to formally commit to notifying patients affected by the Feb. 22 Change Healthcare data breach. The letter reminded Witty of his own acknowledgment that nearly a third of Americans’ data was stolen during the breach, and that an April 22 news release from the company stated that they would make the appropriate notifications to patients [refer to Washington Highlights, May 3]. The groups noted that “it is important to emphasize that hospitals, health systems and other providers were not the direct targets of this cyberattack, nor were they responsible for the potential release of private patient information.” The letter reminded Witty that UHG must officially inform the Department of Health and Human Services Office for Civil Rights (OCR) as well as state regulators that UHG will be solely responsible for notifications required under law, and that they will provide OCR with a timeline for the notifications.
- Washington Highlights