Cybersecurity threat has implications for e-prescribing, claims submission and processing, pharmacy transactions and payment.
NOTE: This article will be updated frequently as new information and resources become available.
On March 25, HHS, CMS and ASPR compiled health plan contact information for providers seeking answers about flexibility and prospective payment. It is important to note that the document only includes national contacts, and HHS recommends that if practices have a regional point of contact for their health plan, to reach out to them first. In addition to contact information for payment questions, the document includes tools and links from health plans and payers for physicians monitoring the impact of the cyberattack on payment.
During a service disruption update call on March 27, UHG reported that the largest clearinghouse, Relay Exchange, is back online and claims have begun to flow. After receiving a claim, the remittance timeline will depend on the payer.
UHG will provide payer activity updates on the website as payers reconnect. UHG has made progress in adding payer routes throughout the day and reestablishing connections directly with payers. When asked about a timeline for fully reestablishing connections with payers, UHG noted that the process to recertify credentials for a payer is relatively quick, but getting through all the payers will take time.
With the help of a third-party team, UHG is still determining what data was compromised in the attack; no conclusion has been reached on protected health information (PHI) or personally identifiable information (PII) that may have been involved in the attack.
CMS announced that it is reopening applications for the 2023 MIPS Extreme and Uncontrollable Circumstances (EUC) hardship exemption due to the Change Healthcare cyberattack. The deadline to apply for an exemption is April 15, 2024. The 2023 MIPS EUC hardship exemption is not automatic and requires physicians to apply. CMS will only approve applications citing the Change Healthcare cyberattack as the basis for requesting reweighting under the MIPS EUC Exception. If a physician or practice has already submitted data and would like to take advantage of this flexibility, they may log into the CMS portal and update their submission. Detailed information is available on the Quality Payment Program website.
Additionally, the agency is continuing to establish flexibilities to ensure physicians can receive payment for services. On March 15, CMS announced flexibilities to ensure that states can start making interim payments to Medicaid providers affected by the Change Healthcare disruption. CMS is encouraging states to submit Medicaid state plan amendments (SPAs) for authority to make certain interim payments for services providers have rendered but for which the provider cannot submit claims.
On March 15, AOA met with Margaret-Mary Wilson, MD, chief medical officer for United Health Group (UHG), to discuss the organization’s response to the Change Healthcare cyberattack and what it is doing to support physicians. Kathleen Creason, MBA, AOA chief executive officer, raised questions regarding the organization’s timeline for having an alternative clearinghouse solution ready for provider to connect to, and raised concerns regarding the need for additional financial and technical assistance for practices that are expending tremendous resources trying to utilize workarounds to submit claims and receive payment.
During the discussion, Dr. Wilson noted that UHG has two advance payment programs that physicians may apply for, plans to provide technical support for physicians connecting to their temporary clearinghouse solution being brought online this week, and is currently waiving most prior authorization. AOA will provide additional details regarding any other forms of assistance as they are made available and can be reached for assistance at physicianservices@osteopathic.org.
On March 13, CMS issued guidance in the form of an FAQ for physicians seeking advance payment for services provided under Medicare Part B. The FAQs go into detail on eligibility criteria, repayment, financial concerns and other general questions. Practices whose Medicare claims submission and/or payment has been disrupted may apply for funds through their Medicare Administrative Contractor (MAC).
Additionally, in recognition of the burden physicians are currently facing navigating the Change Healthcare disruption, CMS has extended the deadline for 2023 Merit Based Incentive Payment System (MIPS) data submission to April 15, 2024. The extension is intended to aid physicians in light of the time, staff and resource limitations caused by the Change disruption. However, this two-week extension is insufficient, and AOA will advocate for additional flexibility.
On March 12, the AOA participated in a roundtable convened by the Biden Administration to discuss the steps the Department of Health and Human Services (HHS), Biden-Harris Administration and health care stakeholders are taking in response to the cyberattack on Change Healthcare. Meeting participants included leadership from the White House and HHS, as well as chief executives from major health plans, select physician societies and associations representing hospitals, pharmacies and other providers. During the meeting, AOA chief executive officer Kathleen Creason, MBA, emphasized the challenges osteopathic physicians across the country are experiencing as they try to maintain their practices and provide care to their patients.
The AOA asked the Biden Administration to require plans to:
Change Healthcare provides clearinghouse services to support a broad range of electronic transactions in health care. As noted by an HHS letter to stakeholders, “Change Healthcare, owned by UnitedHealth Group (UHG), processes 15 billion health care transactions annually and is involved in one in every three patient records.” The disruption has significant implications across the health care ecosystem for activities including e-prescribing, provider claims submission and processing, pharmacy claims transactions and payment. While solutions have been developed to largely restore some activities, such as e-prescribing and pharmacy claims, claims and payment transactions for physicians and other providers continue to be significantly disrupted.
Many physician practices continue to go without or with very limited revenue, and the outage will have disproportionate impacts on small and independent practices, as well as those in rural and underserved communities, who are already grappling with limited resources, thin margins and payment challenges.
HHS has taken several steps to support physicians and other providers during the Change Healthcare disruption, including making advanced payments available to Medicare Part A and B providers via the Change Healthcare/Optum Payment Disruption (CHOPD) accelerated payments program; issuing guidance to Medicare Advantage, Medicare Part D, Medicaid and CHIP plans urging them to grant flexibilities to providers for utilization management and claims submission; and coordinating with other federal agencies to take additional appropriate responses. However, more must be done to ensure the survival of physician practices who are entering a fourth week of limited revenue.
During the roundtable, HHS made clear that all health plans accepting federal funds, including MA, Part D, Medicaid managed care and CHIP plans, should be providing flexibility and advanced payments to providers. The AOA will continue to advocate with the Biden Administration and health plans and share resources with members.
CMS has announced that it will begin considering applications for advance payments to physicians in response to the disruptions created by the Change Healthcare outage. While the agency initially limited advance payments to Part A providers as it explored its authority to do the same under Part B, it has now expanded the Change Healthcare/Optum Payment Disruption (CHOPD) accelerated payments program.
The CHOPD accelerated and advance payments may be granted in amounts representative of up to thirty days (30) of claims payments to eligible providers and suppliers. The average 30-day payment is based on the total claims paid to the provider/supplier between Aug. 1, 2023, and Oct. 31, 2023, divided by three. These payments will be repaid through automatic recoupment from Medicare claims for a period of 90 days.
CMS outlines a detailed list of requirements providers must meet in order to qualify for advanced payments and directs them to work directly with the Medicare Administrative Contractor (MAC) to apply.
The Department of Health and Human Services (HHS) has announced that it is taking several steps to support hospitals, physician practices and other providers as a result of the disruption to Change Healthcare’s network.
The Centers for Medicare & Medicaid Services (CMS) is issuing guidance to Medicare Advantage and Part D plans urging them to waive or relax prior authorization and other utilization management (UM) for the duration of the disruption. CMS is also encouraging Medicaid and CHIP plans to similarly waive UM. CMS will also make accelerated payments available to hospitals to address their cashflow needs while payment is disrupted. However, more action is necessary to support the continued operation of small and independent practices that are threatened by this disruption. The agency has also directed providers to reach out to their Medicare Administrative Contractor (MAC) if they need to change clearinghouses and request a new electronic data interchange (EDI) enrollment.
The AOA will continue to engage with United Health Group, federal agencies and other stakeholders and share resources with members as they become available.
On Feb. 21, Change Healthcare reported a network interruption related to a cybersecurity issue. Once alerted to the threat, they took action by disconnecting their systems to prevent further impact. The company is working to bring systems back online as soon as it is safe to do so. This disruption to Change Healthcare’s network has significant implications across the health care ecosystem for activities including e-prescribing, provider claims submission and processing, pharmacy claims transactions and payment.
AOA staff are participating in update calls with leaders from UnitedHealth Group to stay informed of the latest developments. Daily updates, which include applications currently experiencing connectivity issues, are posted on the Optum Solutions Status webpage or you can subscribe to receive daily email updates. Change Healthcare launched a new webpage with a Q&A, which details workarounds and progress updates.
The AOA will continue to assist private practices through the Change Healthcare service disruptions with alternative workarounds until the issues are resolved. We will continue to investigate all possible solutions and provide as much information as possible.
Below are immediate steps you can take to minimize disruption to your practice for key impacted applications:
Claims
Electronic Remittance Advice (ERAs)
Payment