The CAP, the American Medical Association (AMA) and more than 50 provider groups asked the Department of Health & Human Services (HHS) Office for Civil Rights (OCR) to enforce the Health Insurance Portability and Accountability Act (HIPAA) reporting requirements involving the Change Healthcare cyber incident announced on February 21. Specifically, the groups asked for clarification around reporting responsibilities to assure affected providers that reporting, and notification obligations will be handled by Change Healthcare. On May 29, the HHS announced that covered entities (providers, hospitals, insurance companies) affected by the cyberattack do not have to take on the HIPAA-mandated responsibility of notifying patients that their health data have been breached and can delegate that responsibility to Change Healthcare. As a result of CAP advocacy, pathologists are not responsible for bearing the cost and administrative burden of sending out HIPAA notifications for a cyberattack which negatively affected them. For more information visit: HHS OCR’s recently updated frequently asked questions webpage.

Most Recent Content

1. Utility of Molecular Testing in the Diagnostic Workup of Difficult-to-Classify Tumors
   Articles
   Jie-Fu Chen, MD, FCAP and Jinjuan Yao, MD, PhD, FCAP
   Jan 21, 2026
2. January 20, 2026
   Advocacy Updates
   Jan 20, 2026
3. Congress proposes delay to Medicare lab cuts
   Advocacy Updates
   Jan 20, 2026
4. Examining health care affordability for seniors
   Advocacy Updates
   Jan 20, 2026
5. US freezes new immigrant visas for some countries
   Advocacy Updates
   Jan 20, 2026
6. View All