Skip Navigation
United States Flag

An official website of the United States government. Here's how you know >

Change Font Size

State Medicaid Agency Breach Protections and Responses

Breaches of unsecured protected health information (PHI), including data held by State Medicaid agencies and their contractors, are a major concern for health care providers and consumers. The Breach Notification Rule (BNR) outlines requirements for health information safeguards and for notifications after the discovery of a breach of unsecured PHI (45 CFR §§ 164.400414). Beyond the BNR requirements, State Medicaid agencies may establish other requirements that govern their responses to breaches. We will examine the efforts of State Medicaid agencies in conducting oversight and in responding to breaches.

Announced or Revised Agency Title Component Report Number(s) Expected Issue Date (FY)
Nov-16 Centers for Medicare & Medicaid Services State Medicaid Agency Breach Protections and Responses Office of Evaluation and Inspections OEI-09-16-00210 2018

Office of Inspector General, U.S. Department of Health and Human Services | 330 Independence Avenue, SW, Washington, DC 20201