CMS announces flexibilities in response to Change Healthcare attack; Schumer calls for additional action

Mar 05, 2024 - 03:15 PM
cms-nh-work-for-medicaid

The Centers for Medicaid & Medicare Services March 5 announced flexibilities intended to help providers continue to serve patients in the wake of the cyberattack on Change Healthcare. They include expedited claims processing; guidance for Medicare Advantage and Part D programs to remove or relax prior authorization, utilization management and filing requirements; and exceptions, waivers or extensions available through Medicare Administrative Contractors in addition to paper claim submissions. CMS also encourages Medicaid and Children's Health Insurance Program agencies to offer the same flexibilities during the Change Healthcare system outages.

In a statement shared with the media, AHA President and CEO Rick Pollack said, “We cannot say this more clearly – the Change Healthcare cyberattack is the most significant and consequential incident of its kind against the U.S. health care system in history. For nearly two weeks, this attack has made it harder for hospitals to provide patient care, fill prescriptions, submit insurance claims, and receive payment for the essential health care services they provide.

“The magnitude of this moment deserves the same level of urgency and leadership our government has deployed to any national event of this scale before it. The measures announced today do not do that and are not an adequate whole of government response.

“Rest assured, the AHA will continue to work with Congress on meaningful solutions to preserve 24/7 access to care. If limitations exist for an appropriate government response, it is incumbent upon the executive branch to propose the necessary legislation and authorities to ensure the provider network in this nation is not further compromised.”

As requested by AHA in a letter to congressional leaders, Senate Majority Leader Chuck Schumer, D-N.Y., March 4 urged CMS to immediately make Accelerated and Advanced Payments available to hospitals, pharmacies and other providers impacted by the Change Healthcare cyberattack, and direct the MACs to use a streamlined and efficient process to ensure claims processing and payments resume in a timely manner. He also urged federal law enforcement agencies to hold perpetrators accountable for the attack. 

“As a consequence of the termination of Change Healthcare’s systems, hospitals, pharmacies, and healthcare providers are facing an immediate — and rapidly intensifying — adverse impact on their cash flow and, ultimately, on their financial solvency,” he wrote. “While Change Healthcare remains offline, impacted healthcare institutions and providers will remain hamstrung and are unable to complete the necessary tasks to deliver care. Patients are unable to receive the eligibility checks needed to determine if their insurance will cover a prescribed treatment, or even get their needed medications filled at the local pharmacy. Hospitals are struggling to process claims, bill patients, and receive electronic payments, leaving them financially vulnerable with no anticipated timeline for resolution. Many hospitals are approaching a financial cliff where they will no longer be able to rely on their cash on hand. … The longer this disruption persists, the more difficult it will be for hospitals to continue to provide comprehensive healthcare services to patients.”

Related News Articles

Headline
CISA guidance informs users on software products which should be secure by design and demand 
The Cybersecurity and Infrastructure Security Agency and FBI Aug. 8 released guidance on secure by design software products which includes resources to assess…
Perspective
Keeping Up Our Guard and Fighting Back Against Cybercrime
It seems like barely a week goes by without a new cyberattack that affects health care providers. Often, it’s a ransomware attack conducted by foreign criminal…
Headline
Agencies issue update on BlackSuit ransomware group
The Cybersecurity and Infrastructure Security Agency and FBI today issued an updated advisory on the BlackSuit ransomware group, providing information on…
Headline
AHA podcast: The FBI’s Global Fight Against Cybercrime 
Cybercriminals are ramping up attacks on health care systems throughout the United States, with a majority of these crimes originating from international,…
AHA Cyber Intel
Third-Party Cyber Risk Impacts the Health Care Sector the Most. Here’s How to Prepare.
We all know by now that cyber risk is not just an "IT issue," but rather it is an enterprise risk issue. Cyberattacks represent a potential risk to every…
Headline
Southeast hospitals impacted by cyberattack on OneBlood; AHA, Health-ISAC post updated advisory on cyberattacks against health care suppliers 
OneBlood, a nonprofit organization that provides blood and blood products to health care providers in Florida, Georgia, Alabama, North Carolina and South…