TriZetto Clearinghouse Data Breach

0 Comments read eagle associates staff
TriZetto Clearinghouse Data Breach

Recently, many providers received a notification from TriZetto Provider Solutions alerting them of a data breach affecting patient PHI. TriZetto provides clearinghouse services for covered entities like medical practices and hospitals.

If you received this alert from TriZetto, the message will include an estimated number of patients associated with your organization whose information was compromised. The information that was compromised includes patient name, address, date of birth, Social Security Number, health insurance information, and other demographic and health information. The breach did not include any financial information.

The HIPAA Breach Notification Rule requires notifications to be provided to affected patients within 60 days of discovery of a breach. When a business associate, like TriZetto, experiences a breach, either the business associate or the covered entity must take responsibility for providing patient notifications. TriZetto has offered to send patient notifications at no cost, but affected entities must opt-in to this service before the date listed in their notification.

If your organization has received this alert from TriZetto, we recommend the following steps:

  1. Authorize TriZetto to send individual patient notifications by following the instructions in the email notification you received. Be sure to do this before the date listed in your notification from TriZetto. If you do not choose this option, your practice will be responsible for sending breach notifications to affected patients, which can be expensive and time-consuming.
  2. Ensure that you have an up-to-date Business Associate Agreeement on file with TriZetto if you contract with them directly. If TriZetto is a subcontractor of your electronic health record (EHR) company, you must have a Business Associate Agreement with the EHR company. In this case, the EHR company utilizes Trizetto as a subcontractor, and will have a downstream BAA in place with Trizetto, which covers your organization.

If you have questions or concerns about this breach, please reach out to Eagle Associates.

You May Also Like

Hazard Communication Standard Exemptions Hazard Communication Standard Exemptions Notice of Privacy Practices Revision Deadline Notice of Privacy Practices Revision Deadline Introducing: Video Tips for Compliance Officers Introducing: Video Tips for Compliance Officers