Physicians using Change Healthcare – a health care technology company that is part of Optum and owned by UnitedHealth Group – may experience claims disruptions after the company experienced a cyberattack on Feb. 21.
The Texas Medical Association is monitoring updates on the attack as it rapidly evolves. Physicians can share payment-related questions and concerns via TMA’s Physician Payment Resource Center.
The attack upset payment and revenue cycle management operations in pharmacies and health systems across the country. Physicians may see disruptions in claims processing, eligibility checks, or day-to-day practice operations due to ongoing system outages.
Change Healthcare stated it has taken action to contain the incident so health care professionals and health systems do not need to sever network connections to central services.
In a Feb. 23 statement posted on the company website, it said: “Once we became aware of the outside threat, and in the interest of protecting our partners and patients, we took immediate action to disconnect Change Healthcare’s systems to prevent further impact. This action was taken so our customers and partners do not need to. We have a high level of confidence that Optum, UnitedHealthcare, and UnitedHealth Group systems have not been affected by this issue.”
TMA has learned that some clearinghouses are disconnecting from Optum and UnitedHealthcare to mitigate risk to their own systems. This may delay the processing of claims submitted to United.
Concerned practices can contact their electronic health record (EHR) vendors to shut down their exposure to Optum if they are using the Change Healthcare clearinghouse and continue to evaluate updates from the company.
TMA experts recommend physicians avoid delays in claims payment by using alternative means of submission when appropriate. Practices are encouraged to check with health plans to see if they can submit claims via a physician’s portal.
Additionally, TMA has learned the Texas Department of Insurance (TDI) is granting extensions on claims-filing and prompt-pay deadlines to account for the disruption. TDI is permitting the extensions under existing state regulations governing “catastrophic” events and is directing physicians and payers to its prompt pay FAQ.
The agency briefly explains the waiver process (including certain timing requirements) in a Feb. 28 bulletin stating TDI “is aware of stakeholders’ inability to meet claim filing and prompt pay requirements due to the failure of a third-party service.”
In a March 4 meeting with organized medicine, UnitedHealthcare told TMA, the American Medical Association, and other participants that to help physicians until systems are restored, the company will make weekly payments to practices based on historical payments made by United to those practices. The payments, which will not be tied to any fees or interest, will be reconciled after systems are restored, United representatives said.
In a filing with the U.S. Securities and Exchange Commission (SEC), UnitedHealth Group said it had “identified a suspected nation-state associated cyber security threat actor” behind the Change Healthcare attack. The company did not definitively attribute the attack to a specific country’s government.
“The Company has retained leading security experts, is working with law enforcement and notified customers, clients and certain government agencies. At this time, the Company believes the network interruption is specific to Change Healthcare systems, and all other systems across the Company are operational.”
Continue to read Texas Medicine Today for updates. As of this writing, the following resources are available:
Alisa Pierce
Reporter, Division of Communications and Marketing
(512) 370-1469