By: Sara Hussey, ACMS Executive Director
On February 21, Change Healthcare, a prominent provider of revenue cycle management and clinical data exchange solutions, fell victim to a cyberattack that compromised sensitive data, including patient records and financial information. The incident raised alarms across the healthcare sector, highlighting the sophistication of cyber threats targeting medical institutions. The ramifications of such breaches extend beyond financial losses, posing grave threats to patient privacy, trust, and overall healthcare delivery.
On Saturday, March 9, Centers for Medicare (CMS) and Medicaid Services announced a new opportunity for physicians impacted by the cyberattack and resulting disruptions with Change Healthcare to request advanced Medicare payments to help with cash flow disruptions. The details of the program, terms, and the steps needed to apply can be found in the links below.
CMS Statement – https://www.cms.gov/newsroom/press-releases/cms-statement-continued-action-respond-cyberattack-change-healthcare
The ACMS will continue to update this blog post with additional resources and articles as they are made available. If you have any resources you wish to share with the ACMS membership please email them to ACMS Executive Director, Sara Hussey.
Resources:
AMA Resources – Continuous Updates
PAMED Resources [member login required]
CMS releases Medicaid payment flexibilities during Change cyberattack (3/18/24)
AHIP Statement on Response to Cyberattack (3/12/2024)
Department of Health and Human Services Statement
United Health Group Site Resources
Novitas Advance Payments for Providers
QPP Deadline Extension: MIPS 2023 Data Submission Now Open Until April 15
- Based on AMA advocacy and ongoing concern with the impact the Change Healthcare cybersecurity attack is having on physician practices, CMS has extended the 2023 MIPS data submission deadline until April 15. Notably, this attack on our nation’s health care infrastructure coincides with the 2023 MIPS data submission window, which opened on January 2 and originally was scheduled to close on April 1.
- The AMA welcomes this extension until April 15, but we are concerned the timeline is insufficient. Therefore, we will continue to push CMS to automatically apply the Extreme and Uncontrollable Circumstances (EUC) hardship exception to all MIPS eligible clinicians for the 2023 performance period. Alternatively, we will encourage CMS to reopen the hardship exception application for the 2023 performance period and allow eligible clinicians to claim an exception due to the Change Healthcare cyberattack.
Articles:
Reuters: UnitedHealth says advanced over $2 bln in payments to providers (3/19/24)
Pittsburgh Business Times: Highmark Health unveils way to help cash-strapped health practices after cyberattack
CNN: We’re hemorrhaging money’: US health clinics try to stay open after unprecedented cyberattack
AMA Response: AMA response to UnitedHealth Group update on Change Healthcare cyberattack
Wallstreet Journal: UnitedHealth Aims to Restore Change Healthcare Systems Within Two Weeks
New York Times: With Cyberattack Fix Weeks Away, Health Providers Slam United
TechTarget: The Change Healthcare attack: Explaining how it happened
Modern Healthcare: Feds launch investigation into UnitedHealth over Change cyberattack
Modern Healthcare: White House presses UnitedHealth on Change outage at meeting
Modern Healthcare: ‘Nightmare’: Pharmacies, hospitals reel from Change Healthcare outage
Payer Information/Links: