CMS announces flexibilities in response to Change Healthcare attack; Schumer calls for additional action

Mar 05, 2024 - 03:15 PM
cms-nh-work-for-medicaid

The Centers for Medicaid & Medicare Services March 5 announced flexibilities intended to help providers continue to serve patients in the wake of the cyberattack on Change Healthcare. They include expedited claims processing; guidance for Medicare Advantage and Part D programs to remove or relax prior authorization, utilization management and filing requirements; and exceptions, waivers or extensions available through Medicare Administrative Contractors in addition to paper claim submissions. CMS also encourages Medicaid and Children's Health Insurance Program agencies to offer the same flexibilities during the Change Healthcare system outages.

In a statement shared with the media, AHA President and CEO Rick Pollack said, “We cannot say this more clearly – the Change Healthcare cyberattack is the most significant and consequential incident of its kind against the U.S. health care system in history. For nearly two weeks, this attack has made it harder for hospitals to provide patient care, fill prescriptions, submit insurance claims, and receive payment for the essential health care services they provide.

“The magnitude of this moment deserves the same level of urgency and leadership our government has deployed to any national event of this scale before it. The measures announced today do not do that and are not an adequate whole of government response.

“Rest assured, the AHA will continue to work with Congress on meaningful solutions to preserve 24/7 access to care. If limitations exist for an appropriate government response, it is incumbent upon the executive branch to propose the necessary legislation and authorities to ensure the provider network in this nation is not further compromised.”

As requested by AHA in a letter to congressional leaders, Senate Majority Leader Chuck Schumer, D-N.Y., March 4 urged CMS to immediately make Accelerated and Advanced Payments available to hospitals, pharmacies and other providers impacted by the Change Healthcare cyberattack, and direct the MACs to use a streamlined and efficient process to ensure claims processing and payments resume in a timely manner. He also urged federal law enforcement agencies to hold perpetrators accountable for the attack. 

“As a consequence of the termination of Change Healthcare’s systems, hospitals, pharmacies, and healthcare providers are facing an immediate — and rapidly intensifying — adverse impact on their cash flow and, ultimately, on their financial solvency,” he wrote. “While Change Healthcare remains offline, impacted healthcare institutions and providers will remain hamstrung and are unable to complete the necessary tasks to deliver care. Patients are unable to receive the eligibility checks needed to determine if their insurance will cover a prescribed treatment, or even get their needed medications filled at the local pharmacy. Hospitals are struggling to process claims, bill patients, and receive electronic payments, leaving them financially vulnerable with no anticipated timeline for resolution. Many hospitals are approaching a financial cliff where they will no longer be able to rely on their cash on hand. … The longer this disruption persists, the more difficult it will be for hospitals to continue to provide comprehensive healthcare services to patients.”

Related News Articles

Headline
Agencies issue advisory on threat of China-based cyber group 
A joint advisory issued the week of July 8 by the Cybersecurity and Infrastructure Security Agency, National Security Agency, FBI and several international…
Headline
AHA comments on CIRCIA’s cyber incident reporting requirements 
The AHA July 2 submitted comments to the Cybersecurity and Infrastructure Security Agency on its proposed rule establishing reporting requirements for…
Headline
HHS issues cyber alert on critical vulnerability in ‘MOVEit,’ file transfer platform
The Department of Health and Human Services Health Sector Cybersecurity Coordination Center June 27 issued an alert about a critical vulnerability in MOVEit, a…
Headline
Agencies issue joint report on memory safety vulnerabilities in open source projects
A joint report released June 26 by the Cybersecurity and Infrastructure Security Agency, FBI, the Australian Cyber Security Centre and Canadian Centre for…
Headline
Bulletin alerts health sector to cyberthreat exploits on TeamViewer
The Health Information Sharing and Analysis Center June 27 issued a threat bulletin alerting the health sector to active cyberthreats exploiting TeamViewer. H-…
Headline
FBI, HHS issue advisory on cyberthreat actors targeting health care to divert payments
The FBI and Department of Health and Human Services June 24 released an advisory about cyberthreat actors targeting health care organizations in attempts to…