HHS: Government, insurers must cooperate to recover from Change Healthcare cyberattack

© Skórzewiak - stock.adobe.com

Physicians, pharmacists, hospitals and health insurers across the country must work together to bounce back from the massive computer attack against Change Healthcare, according to the U.S. Department of Health and Human Services (HHS).

The hack has affected payments to doctors and other health care providers around the country, said a March 10 letter from HHS Secretary Xavier Becerra and U.S. Department of Labor Acting Secretary Julie A. Su. The health care sector has the support of President Joe Biden and Vice President Kamala Harris, they said.

Xavier Becerra
_{U.S. Department of Health and Human Services}

Julie A. Su
_{© U.S. Department of Labor}

“Many of these providers are concerned about their ability to offer care in the absence of timely payments, but providers persist despite the need for numerous onerous workarounds and cash flow uncertainty,” they said in the letter.

“In a situation such as this, the government and private sector must work together to help providers make payroll and deliver timely care to the American people,” Becerra and Su said. “The Biden-Harris Administration has taken action by removing challenges for health care providers and addressing this cyberattack head on. Now, we are asking private sector leaders across the health care industry – especially other payers – to meet the moment.”

The letter included a list of actions for Change Healthcare corporate parent UnitedHealth Group (UHG) and other insurers and clearinghouses.

Regarding UHG, the federal leaders said the company must:

• Take responsibility to ensure no provider is compromised by their cash flow challenges stemming from the cyberattack.
• Ensure expedited delivery of funds to affected providers for all receiving advanced payment from UnitedHealth Care.
• Ensure ease of access to UHG programs, by providing less restrictive terms and by addressing providers’ concerns regarding indemnification and arbitration requirements.
• Provide Medicaid agencies with a list of providers affected in their states.
• Expedite activation and ensure effectiveness of all programs UHG announces to serve as a financial backstop, and prioritize under-resourced, lower margin providers.
• Communicate more frequently and more transparently within the health care community and with state Medicaid agencies.

United HealthGroup’s last public update was March 8 announcing pharmacy functions generally were restored. However, the American Medical Association said a March 15 plan to restore connection for electronic payments was too long for physicians to wait.

Other insurance companies and payers should:

• Make interim payments to affected providers. Larger payers have the balance sheet stability to advance payments. Payers can stop-gap the cash flow concerns by stepping in with bridge payments.
• Medicaid plans should consider making interim payments to affected providers.
• Ease the administrative burden on providers by simplifying electronic data interchange requirements and timelines and by accepting paper claims.
• Pause prior authorizations and other utilization management requirements.
• Use all available leeway on deadlines.

Becerra and Su noted the U.S. Centers for Medicare & Medicaid Services (CMS) announced steps this month to help states and health care providers. Plans include the Change Healthcare/Optum Payment Disruption accelerated payments.

Last year, HHS also released a concept paper outlining the department’s cybersecurity strategy.

“Overall, this incident is a reminder of the interconnectedness of the domestic health care ecosystem and of the urgency of strengthening cybersecurity across the ecosystem,” Becerra and Su said.