WASHINGTON – Today, Congressman Vern Buchanan, Vice Chairman of the House Ways and Means Committee and Chairman of the Health Subcommittee, and Congressman Gus Bilirakis (R-FL) led a letter to Health and Human Services (HHS) Secretary Xavier Becerra detailing concerns that the current recoupment period does not adequately reflect the harsh realities providers have faced in the wake of the Change Healthcare cyberattack.
On February 21, 2024, Change Healthcare, which “supports 14 billion clinical, financial, and operational transactions annually,” suffered from a major cyberattack. Researchers at the University of Minnesota revealed that there’s a nearly 21 percent increase in mortality for patients in a ransomware-attacked hospital. Due to Change’s presence throughout the health care network, many small, urban, and rural providers have struggled to determine the specific areas where may have been affected by the cyberattack.
“I am continuing to hear from providers in Florida who are still dealing with the fallout from this devastating cyberattack,” said Congressman Buchanan. “It’s crucial that the Biden administration gives the needed flexibility to health care providers that are still trying to recover from this historic attack on our nation’s health care system.”
“We appreciate your recognition of the need for flexibility to providers thus far, as well as your commitment to ensuring continuity of care for patients,” the lawmakers wrote in the letter. “As you know, this has been the most detrimental cyberattack to our health care system in our nation’s history. Providers have continued to face significant cash flow problems as a result of the cyberattack, with reports stating some providers estimate losses of up to $1 billion a day. Given the complexity and nature of the circumstances on our health care system, recouping these losses will need time rendering, and it’s important that CMS provides needed flexibility to these providers.”
“The Change Healthcare cyberattack impacted nearly every hospital in the state, especially those hundred plus hospitals that are solely reliant on Change Healthcare for their billing services, resulting in non-payment of hundreds of millions of dollars per week during their service outage,” said Mary Mayhew, President and CEO of the Florida Hospital Association. “Indeed, as the acute issues associated with the cyberattack have been dealt with, we expect continued negative impact as hospitals seek delayed payments. Many hospitals were required to take advanced payments from CMS to ensure their ability to pay providers and support care. Small and rural hospitals tend to have razor thin margins and may not be able to repay the agency on the truncated timeline required by CMS, especially given the longer than expected duration for Change Healthcare to come back online - some Medicare contractors were still offline as late as mid-April. We are grateful for this effort by Congressman Buchanan & Congressman Bilirakis to ensure that hospitals are not required to repay their advanced payments at the cost of being able to continue to deliver care.”
“Throughout the Change Healthcare cyberattack, hospitals continued to provide high-quality care 24/7 to every patient who came through the door,” said Charlene MacDonald, EVP, Public Affairs of the Federation of American Hospitals .More than two months after the incident, many health care providers are still grappling with claims processing systems that have yet to fully recover from the breach. We appreciate Rep. Buchanan & Bilirakis’ efforts to promote additional flexibility for affected providers during this tumultuous time.”
Read the letter HERE or below:
May 15, 2024
The Honorable Xavier Becerra
Secretary
The U.S. Department of Health & Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Dear Secretary Becerra:
We write expressing our concerns regarding Change Healthcare/Optum Payment Disruption (CHOPD) accelerated payments to Part A Providers and advance payments to Part B Suppliers. Specifically, we are concerned the current recoupment period does not adequately reflect the harsh realities providers have faced in the wake of the Change Healthcare cyberattack. As stated on your website, the “CHOPD accelerated and advance payments may be granted in amounts representative of up to thirty days (30) of claims payments to eligible providers and suppliers. The average 30-day payment is based on the total claims paid to the provider/supplier between August 1, 2023 and October 31, 2023, divided by three.”[1] Put simply, CMS’ maximum 30-day payment amount, with repayment in full required 90 days after the date issued, is not a sufficient amount of time for those affected and still dealing with the fallout of the cyberattack.
We appreciate your recognition of the need for flexibility to providers thus far, as well as your commitment to ensuring continuity of care for patients. As you know, this has been the most detrimental cyberattack to our health care system in our nation’s history. Providers have continued to face significant cash flow problems as a result of the cyberattack, with reports stating some providers estimate losses of up to $1 billion a day. [2] Given the complexity and nature of the circumstances on our health care system, recouping these losses will need time rendering, and its important that CMS provides needed flexibility to these providers.
Due to Change’s presence throughout the health care network, many small, urban, and rural providers have struggled to determine the specific areas where may have been affected by the cyberattack. Health care workers and businesses could spend “months sorting out patient eligibility, filing claims and paying additional staff to handle the extra administrative burden.”[3] Unfortunately, many providers that utilize the Change Healthcare network have seen some “of their revenue vanish since systems for filing claims or having them paid went offline Feb. 21.”[4] With many providers experiencing continued difficulties to recoup their own payments and pay staff for their invaluable services throughout this tumultuous period, it is critical CMS use the statutory flexibilities that it has to provide them realistic timeframe for repayments.
Therefore, we urge you to use the authorities provided to you in the law to adjust and extend the recoupment period for all providers continuing to deal with the fallout of an issue they did not cause. We must ensure providers do not experience any additional hardship in the face of this historic cyberattack so that patients across the nation can continue to receive the health care services they need without interruption.
We look forward to your continued engagement on this issue as we work to strengthen and secure our nation’s health care system.