Emergency reimbursement for Change Healthcare breach ends in July
Emergency payments the Centers for Medicare and Medicaid Service (CMS) implemented as a response to the Change Healthcare breach are coming to an end.
The final date for providers and healthcare organizations to request reimbursement under the Change Healthcare/Optum Payment Disruption (CHOPD) accelerated payment program is July 12. The program was launched to keep providers afloat while Medicare reimbursements trickled out of Change Healthcare after it was forced to shut down in February.
Since its launch, CMS said the program has issued payments to over 4,200 Part A hospitals providers, totaling more than $2.55 billion. Another 4,722 advance payments were sent to Part B suppliers—including those that support doctors and other clinicians—for amounts totaling more than $717.18 million, the agency said.
“In the face of one of the most widespread cyberattacks on the U.S. health care industry, CMS promptly took action to get providers and suppliers access to the funds they needed to continue providing patients with vital care,” CMS Administrator Chiquita Brooks-LaSure said in a statement. “Our efforts helped minimize the disruptive fallout from this incident, and we will remain vigilant to be ready to address future events.”
New applications for reimbursement can continue to be submitted until the July 12 deadline.
Not back to normal
Change Healthcare’s parent company, UnitedHealth Group, has continued to provide updates on the status of system recovery after the February ransomware attack. However, the investigation into the incident—including what data was taken—is still ongoing.
Cybersecurity experts have said it could still take months for UnitedHealth to complete its investigation and rebuild Change Healthcare’s application to an acceptable level of security. UnitedHealth CEO, Andrew Witty, confirmed as much when he spoke to the Senate in May.
During the hearing, Witty revealed the breach was a result of a server that lacked multi-factor authentication. The hack likely impacted more than a third of Americans, as most reimbursement is processed through Change Healthcare.
UnitedHealth has yet to send out the required HIPAA notifications to providers whose patient data was compromised, which has concerned many healthcare associations.
By July 12, it remains unclear if providers will be receiving the normal reimbursement from Change Healthcare. In May, a survey from the American Medical Association showed independent practices and small provider groups have faced major financial struggles since the breach slowdown.