MGMA has sent a letter to the Department of Health and Human Services’ Office for Civil Rights seeking clarity on whether providers or Change Healthcare will be responsible for alerting affected patients that their personal health information may have been compromised.
The burden of HIPAA-required breach notifications should fall to Change, MGMA said.