Feds’ Response to Cyberattack Aids Physicians, But Further Measures Needed
By Emma Freer

Eligible physician practices and others impacted by the recent cyberattack on Change Healthcare now may apply for accelerated and advanced payments for certain Medicare and Medicaid claims.  

The Centers for Medicare & Medicaid Services (CMS) announced the regulatory flexibility on March 9. It is part of a broader response to the cyberattack by the Biden administration that has earned recognition from the Texas Medical Association and others in organized medicine. However, medicine still calls for additional supportive measures. 

“Texas physicians are grateful for such support amid this attack, which has caused major disruptions to standard practice operations and, as a result, threatens patients’ access to care,” TMA President Rick Snyder, MD, told Texas Medicine Today. “But a lot more support is still needed.”  

American Medical Association CEO James Madara, MD, echoed this sentiment in a March 11 letter to U.S. Health and Human Services Secretary Xavier Becerra and U.S. Labor Secretary Julie Su. 

“Although the repayment terms may prove more challenging for physician practices than those provided during the pandemic, we anticipate that [these accelerated and advanced payments] will be helpful for physician practices that have seen their cash flow dry up as a result of the cyberattack and are at risk of not meeting their obligations, including paying their staff, to continue to care for patients,” he wrote. 

The Feb. 21 cyberattack on Change Healthcare, a health care technology company that is part of Optum and owned by UnitedHealth Group, upset payment and revenue cycle management operations in pharmacies and health systems across the country. Physicians may see disruptions in claims processing, eligibility checks, or day-to-day practice operations due to ongoing system outages.  

In another recent development, the U.S. departments of Health and Human Services and of Labor urged UnitedHealth Group and other members of the private sector, including other payers and claims processing clearinghouses, to take additional steps to mitigate the harms of the cyberattack to patients and physicians, according to a March 10 letter from Secretaries Becerra and Su to health care leaders.  

TMA supports these steps as well as AMA’s additional requests, outlined in its March 11 letter, that the federal government: 

  • Create an inventory of all health plans offering advance payments; 
  • Ensure all Medicare administrative contractors and health plans are accepting paper claims without waivers; 
  • Provide more support for physicians seeking to change clearinghouses; 
  • Automatically apply hardship exemptions for CMS-impacted programs, including the Merit-Based Incentive Payment System (MIPS); 
  • Waive timely filing deadlines for claims and appeals; and 
  • Encourage federal certified electronic health record developers to postpone service and user fees for impacted practices. 

Such advocacy already has had an impact. One day after AMA sent its letter to Secretaries Becerra and Su, CMS extended the data submission deadline for the 2023 MIPS performance year from April 1 to April 15.  

TMA continues to monitor the attack as it rapidly evolves, with updates on its Change Healthcare Cyberattack webpage. For more information about accelerated and advanced payments for Medicare and Medicaid claims, check out CMS’ fact sheet. Physicians also may contact the TMA Knowledge Center by phone at (800) 880-7955 or by email.

Last Updated On

March 14, 2024

Originally Published On

March 13, 2024

Emma Freer

Associate Editor

(512) 370-1383

Emma Freer is a reporter for Texas Medicine. She previously worked in local news, covering city politics, economic development, and public health. A native Clevelander, she graduated from Columbia Journalism School and the University of St. Andrews.

More stories by Emma Freer