The fallout from last winter’s ransomware attack on Change Healthcare has proved to be costly and disruptive, resulting in months of ongoing problems in the wake of one of the most widespread cyberattacks against the U.S. healthcare industry.
Now a temporary relief program designed to help providers deal with that fallout is coming to an end, and the U.S. Centers for Medicare and Medicaid Services (CMS) is encouraging providers to take specific action to strengthen their cybersecurity efforts.
Compromised health information
Change Healthcare is owned by UnitedHealth Group, and processes patient insurance and billing for thousands of medical practices across the country.
The February cyberattack compromised health information for scores of Americans served by those practices, and ChangeHealth responded by shutting down its critical healthcare data systems. As a result, medical care, prescriptions, procedures, and more were affected by operational delays.
To mitigate the impact on patient care, CMS stepped in with a program to provide both accelerated and advanced payments to Medicare providers and suppliers who were affected. Since its launch in March, the Change Healthcare/Optum Payment Disruption (CHOPD) Program has since paid billions to healthcare providers.
Change Healthcare/Optum Payment Disruption Program
Under the CHOPD program, many providers have qualified to receive up to 30 days’ worth of payments, subject to a specific mathematical formula that was based on total claims paid between Aug. 1 and Oct. 31, 2023.
Advance or accelerated payments disbursed were then repaid by automatic deductions from the provider’s future claims.
CMS says CHOPD has provided more than $2.5 billion in accelerated payments to more than 4,200 Medicare Part A providers and more than $717 million in advance payments to more than 4,700 Part B suppliers, doctors, non-physician practitioners, and durable medical equipment (DME) suppliers.
CMS also says more than 96 percent of CHOPD payments have now been recovered, indicating that the majority of providers and suppliers are no longer experiencing difficulties related to the Change Healthcare cyberattack.
CHOPD payments ending July 12
On July 12, CMS will stop providing accelerated and advanced payments to Medicare providers and suppliers affected by the Change Healthcare cyberattack. New applications for CHOPD accelerated or advance payments will no longer be accepted.
Providers who experience billing or payment difficulties due to the Change Healthcare cyberattack are instructed to contact Change Healthcare directly or reach out to their Medicare Administrative Contractor (MAC) for assistance.
CMS wants all providers to beef up cybersecurity
As the CHOPD temporary relief program comes to an end, CMS is encouraging all providers and stakeholders to focus on cybersecurity measures.
Specific suggestions, actions, and goals for improving cybersecurity protocols and protecting against future threats are offered on the Health and Public Health Cyber Performance Goals website at https://hphcyber.hhs.gov/performance-goals.html.
SimiTree can help
Risks associated with the protection of health information are rapidly evolving, especially in the area of technology, and guidance for compliance changes with each evolution. It’s important for providers to stay abreast of changes, provide necessary staff training, and make needed changes to agency policies and procedures.
SimiTree’s compliance experts help clients identify vulnerabilities and mitigate security risks. We see the interconnected nature of privacy, compliance, regulatory, and quality goals, and we can make a difference.
Reach out to us today, and let’s work together to shore up compliance and improve performance at your organization.
Next Week: Pointers for developing your Cybersecurity Breach Plan
Your questions matter! Tell us what to write about.
Rapidly changing regulations are impacting all behavioral health providers and creating many areas of uncertainty for providers. We want to address the questions that matter most to you in this weekly space.
Ask your compliance questions – or request the specific topic you’d like more information about – by writing to me at jgriffin@simitreehc.com to let me know what you’d like to read about in a future Compliance Report.
Make sure you’re subscribed.
It's more important than ever to stay abreast of compliance issues in 2024 -- and I don’t want you to miss any of my Weekly Compliance Reports. Be sure to add your name to the subscription list here.
Why not invite the compliance officers you know to sign up as well?
_________________________________
J’non Griffin serves as Senior Vice President/Principal for the Compliance as well as Coding divisions at SimiTree. Her healthcare career spans three decades of clinical and leadership experience, and she has a track record of helping many provider types implement effective compliance programs. She is a certified ACHC and CHAP consultant and holds additional certifications in diagnosis coding and other healthcare specialties. As an AHIMA ambassador, she was instrumental in the implementation of ICD-10.