Health and Human Services (HHS) Demands Commercial Health Insurance Companies Help Physicians with Cash Flow Following UnitedHealth Group/Optum/Change Mismanagement of Cyber Attack Response
Too entrenched to to be held accountable, American taxpayers bailout UnitedHealth Group | Jakob Emerson for Becker’s Healthcare March 11, 2024
The federal government is urging UnitedHealth Group and other insurers to address cash flow issues among providers facing an absence of timely payments following the cyberattack on Change Healthcare in February.
The attack has significantly complicated operations for hospitals, insurers, physician practices and pharmacies nationwide, with the American Hospital Association calling it the "most significant cyberattack" on healthcare in American history.
CMS said March 9 it has made advance payments available to Medicare Part A providers and Part B suppliers that are experiencing financial challenges. On March 1, Change set up funding assistance for providers facing cash flow issues after losing access to its payer systems, which provider groups like the AHA have called insufficient.
In its March 10 letter, HHS called on UnitedHealth to "take responsibility to ensure no provider is compromised by their cash flow challenges" and to expedite the delivery of payments. The government is also urging the company to communicate about recovery efforts more frequently and with more transparency to both the healthcare system and state Medicaid agencies.
For all payers, HHS is asking that interim payments be made to affected providers and that prior authorization and other utilization management requirements be put on hold temporarily. The agency is also asking payers to simplify electronic data interchange requirements and accept paper claims.
The American Medical Association has said physician practices will face "significant financial disruptions" after Change shared that certain key functionalities will not be tested or fixed until March 18. One cybersecurity firm estimated that large health systems were bleeding more than $100 million per day because of the interruptions.
"The prospect of a month or more without a restored Change Healthcare claims system emphasizes the critical need for economic assistance to physicians, including advancing funds to financially stressed medical practices," Jesse Ehrenfeld, MD, president of the AMA, said in a March 8 news release.
"Larger payers in particular have the balance sheet stability to advance payments," HHS wrote. "Payers have the opportunity to stop-gap the cash flow concerns by stepping in with bridge payments."
"Just like the impacted providers, these payers are not responsible for the cyberattack; however, as hospitals and doctors have not wavered from their responsibility to care for their patients despite significant hardship, all payers must too honor their responsibility to support hospitals, physicians and patients for care delivered without delay," AHA President and CEO Rick Pollack said in a March 10 news release shared with Becker's.
CMS previously encouraged Medicare Advantage organizations and Part D sponsors to remove or relax prior authorizations, asked MA plans to extend advanced funding to affected providers, advised providers to request new electronic data interchanges from their Medicare Administrative Contractors for claims processing, and notified those contractors to accept paper claims.
Until March 31, UnitedHealth has suspended MA and D-SNP prior authorizations for outpatient services, except for durable medical equipment, cosmetic procedures and Part B step therapies. Utilization review for MA inpatient admissions and drug formulary exception review processes for Part D pharmacy benefits have also been temporarily suspended. Other large payers have not relaxed prior authorization requirements.
As of March 7, Change Healthcare's pharmacy electronic prescribing is fully functional for claim submission and payment transmission. Change is expected to have its electronic payment platform available for connection on March 15. Its medical claims network and software is expected to start testing for reconnection on March 18, with the company working throughout that week to restore service.
"We are committed to providing relief for people affected by this malicious attack on the U.S. health system," UnitedHealth CEO Andrew Witty said March 7. "All of us at UnitedHealth Group feel a deep sense of responsibility for recovery and are working tirelessly to ensure that providers can care for their patients and run their practices, and that patients can get their medications. We're determined to make this right as fast as possible."
“Overall, this incident is a reminder of the interconnectedness of the domestic health care ecosystem and of the urgency of strengthening cybersecurity resiliency across the ecosystem. That’s why, in 2023, HHS released a concept paper that outlines HHS’ cybersecurity strategy. The concept paper builds on the National Cybersecurity Strategy that President Biden released in 2023, focusing specifically on strengthening resilience for hospitals, patients, and communities threatened by cyberattacks.”
“Also, in 2021, the Department of Labor released Cybersecurity Program Best Practices to assist plan fiduciaries and recordkeepers in their responsibilities to manage cybersecurity risks. We urge you to visit the HPH Cyber Performance Goals website and implement these steps to stay protected.”
Sincerely,
Xavier Becerra
Secretary, U.S. Department of Health and Human Services
Julie A. Su
Acting Secretary, U.S. Department of Labor
Letter to UnitedHealth Group, March 12, 2024
Humana executives said the cyberattack on Change Healthcare is making it harder for payers to gauge their medical expenses, Bloomberg reported March 5.
Humana CFO Susan Diamond said about 20 percent of the company's medical claims submitted by providers go through Change Healthcare's system before they reach the payer. She said Humana is still evaluating all the effects of the hack.
UnitedHealth Group is now being investigated by the United States Department of Justice for AntiTrust manipulation, systemic over-billing fraud and other White Collar Crimes ongoing.