article thumbnail

HIPAA Violation Cases

The HIPAA Journal

State Attorneys General can also impose financial penalties on HIPAA-covered entities and business associates for violations of the HIPAA Rules. Another increase is due to be applied on January 15, 2025, but will likely be applied much later. Alternatively, financial penalties can be imposed if a breach of ePHI violates state laws.

HIPAA 83
article thumbnail

UnitedHealth Group Confirms Data Stolen in Change Healthcare Ransomware Attack

The HIPAA Journal

The AHA explained in the letter that Change Healthcare is a covered entity and, as such, has a duty to notify OCR and the affected individuals about any data breach, even in cases where Change Healthcare acts as a business associate. When that happens, providers will be sent an invoice and will be given 30 days to repay the funds.

HIPAA 97
article thumbnail

New HIPAA Regulations in 2022-2023

The HIPAA Journal

The SUD records can then be shared by a covered entity or business associate for all TPO reasons, as is the case with HIPAA. Good Faith Uses and Disclosures of Protected Health Information by Business Associates for Public Health and Health Oversight Activities. A definition has been added for electronic health records.

HIPAA 126