The Centers for Medicare and Medicaid Services (CMS) will encourage health insurers to remove or relax requirements that often slow billing, such as requirements that physicians obtain prior authorization before providing certain care to patients, among other steps. The agency is also encouraging private health plans to provide advance funding to the organizations most affected by the cyberattack.
CMS also said it would consider individual requests for accelerated payments, such as those made during the coronavirus pandemic, recognizing that “hospitals may face significant cash flow problems from the unusual circumstances impacting hospitals’ operations.” Senate Majority Leader Charles E. Schumer (D-N.Y.) had requested such relief in a letter to federal officials Friday.
The Feb. 21 hack of Change Healthcare, part of UnitedHealth Group, has crippled health-care payments for tens of thousands of hospitals, physicians and other providers. Industry and government officials have said it is among the most serious cyberattacks ever made on the U.S. health-care system. Federal officials, including HHS Secretary Xavier Becerra and Deputy Secretary Andrea Palm, have held emergency meetings with administration leaders and UnitedHealth about how to address the widening health-care payment crisis, officials told The Washington Post.
Some hospitals and medical practices are seeing cash reserves dry up after nearly two weeks of being largely cut off from their ability to submit medical claims and get paid by insurers. Patients in some cases are experiencing delays in care and have been unable to use discount cards or patient-assistance programs that run through the electronic clearinghouse operated by Change Healthcare, according to health-care providers and industry officials.
CMS has told providers to contact their Medicare administrative contractors to enroll in a new electronic clearinghouse to process claims, and has instructed the contractors to expedite the onboarding and billing process, the agency said Tuesday.
It was not immediately clear if the steps announced by federal officials Tuesday would sufficiently address concerns raised by health-care providers around the country. While UnitedHealth has made emergency funding available to affected organizations, offering short-term loans through its Optum health services arm, physicians have said the offers are insufficient.
The cyberattack has gripped the health industry, with officials saying it underscores the growing digital risks facing the health system. “This incident is a reminder of the interconnectedness of the domestic health care ecosystem and of the urgency of strengthening cybersecurity resiliency,” HHS said in its statement.
The hackers stole data about patients and encrypted company files and demanded money to unlock them. Change Healthcare subsequently shut down most of its network as it tried to recover. UnitedHealth has declined to comment on reports that the ransomware gang, ALPHV, received a $22 million payment. “We are focused on the investigation,” the company said in a statement Monday.
Change Healthcare processes 15 billion medical claims a year, far more than any other company, and is a critical pipeline connecting health-care organizations with insurance companies who review their claims, pay for their services and determine the costs of care for patients.
This is a developing story and will be updated.