How Change Healthcare’s cyber attack is putting pressure on providers, and what the government can do
The fallout from last month’s Change Healthcare cyberattack and its impact on health care systems across the country continued this week, with providers waiting with bated breath to find out when the Centers for Medicare and Medicaid Services will make the switch to another processor would expedite claims processing to restart after almost two weeks. weeks of disruption.
Policy relief from CMS came Tuesday, but health care groups are calling on the government to step in and provide financial relief during the crisis.
Ted Okon, executive director of the Community Oncology Alliance, shared Healthcare IT news how the national disruption has affected oncology providers.
Patients face delays in treatment
Optum’s payment processing going offline after the Change Healthcare cyber attack on February 21 has fallen on the shoulders of healthcare providers. They try to “protect” patients from delayed treatment and burdens, Okon said.
Manual and paper-based billing processes can delay cancer treatment for patients, he explained. For an oral drug, which represents 30% of oncology drugs, providers must determine the patient’s co-payment and deductible.
Many cancer treatments also require prior authorization. “And then there’s financial aid, because some of these third-party financial aid providers essentially go through Change,” Okon said.
With so many transactions going through Change — 15 billion a year, according to the company’s website — “some of that comes to an abrupt halt,” he said.
Anecdotally, some patients have experienced delays in getting their cancer medications as a result of the cyberattack, he said.
“I hope and believe that practices are now doing everything they can to ensure that patients continue to receive treatment and that they receive their medications,” he said. “That may not be true in all cases because this is a very complex situation.”
But “even the largest practices are very concerned” about cash flow, Okon says.
“Especially in an oncology practice,” he explains. “It’s a very expensive proposition because it’s not just about keeping the lights on and paying staff, but you’re also paying for very expensive medications that you have on hand, whether they’re IV medications or oral medications.”
The longer this crisis continues, the more providers will be affected, especially “rural providers who are on shaky ground to begin with,” he said.
Keep money flowing during a crisis
Half of all payments for affected oncology practices may be suspended due to a backlog of applications to CMS to switch processors.
Applications to Medicare to switch typically take at least 21 days, Okon explains.
“And you can imagine that if there’s a whole bolus of these applications, it could take longer,” he said, noting that the oncology providers involved are working to switch commercial payments to Change’s competition, without the added bureaucratic hurdles.
While Optum posted an update on his post online incident page on March 1 that it completed and launched a new instance of Change Healthcare’s Rx ePrescribe service and tested transactions, “we just haven’t heard if any of that works,” Okon said.
As for Optum Temporary Funding Assistance Program for providers, Okon called what he’s heard from several practices “absurd” because the amount of what United Health, Optum’s parent company, offers in terms of a practice’s cash flow is “only minuscule.”
“What United is doing in terms of offering advanced funds is just an insult,” he said, noting that they also charge providers a fee for the assistance.
On the other hand, where Medicare claims payments have stopped coming, “CMS can do something meaningful,” he said, calling it “low-hanging fruit.”
The government, as it did during the COVID-19 crisis, should “promote payments they can work on to keep cash flow going,” he said.
This is a different crisis than COVID, but it is a crisis nonetheless. –Ted Okon, executive director of the Community Oncology Alliance
The American Medical Association and other organizations are calling on U.S. Health and Human Services and the White House to release emergency funds to protect health care providers from the financial impact of the attack. AMA told HHS that the attack has forced medical practices to go without revenue for 12 days.
“As the situation continues to deteriorate and physicians await further guidance from Change Healthcare, we ask the department to use all available authorities to ensure that physicians’ offices can continue to operate and that patients can continue to receive the care they need “, the spokesperson said. AMA in its letter Friday.
When we interviewed Okon on Tuesday, HHS released a rack about the Change Healthcare cyberattack, which included instructions for Medicare providers to change the clearinghouses they use to process claims.
They “must contact their Medicare Administrative Contractor to request a new Electronic Data Interchange enrollment for the switch” and will receive instructions on how to expedite the new EDI enrollment, the statement said.
AMA credited HHS and CMS in an emailed statement with responding to the unprecedented disruption to provider and patient access following the Change Healthcare cyberattack.
However, the organizations urged CMS to also provide financial assistance “such as upfront payments for physicians.”
“Many physician practices operate on slim margins, and we are particularly concerned about the impact on small and/or rural practices, as well as practices that care for those in need,” AMA said in the statement.
Why United may have paid the ransom
Although United has not commented on the topic, news reports this week show BlackCat hackers to boast that was $22 million worth of Bitcoin deposited into ALPHV’s account.
Many healthcare technology leaders have reached out Healthcare IT news to explain why the company has done this – from protecting the data to staunching the financial bleeding of stopping payments. But Okon said he believes the company would only pay a ransom — something the FBI and DHS have long urged against — if there was a technical failure.
“That shows how desperate they are, that they couldn’t come up with any solution or workaround, or even engage all the different IT gurus they brought in. So if (the rumor) is true, that shows that this really has them tied up.”
The bigger concern for the entire healthcare system, according to Okon, is the threat of more widespread instability for hospitals and healthcare systems hit by cyberattacks.
“The problem here is that we are now seeing and beginning to realize how much consolidation is hurting us in health care in this country,” he said. “Hospitals are consolidating into mega-health systems and taking in astronomical amounts of patients. Insurers are consolidating among themselves. Consolidated in terms of pharmacy benefit managers.
“The top three control 80% of the prescription drug market,” he added, “and entities such as one insurer, namely United, own the largest claims clearinghouse.”
It is an attractive target for a cyber pirate to successfully attack. When an organization has such extensive and “meaningful system-wide impacts,” it could push a company to “eventually give in to ransom,” Okon added.
The bottom line: “This whole situation is a case study in how not to handle a crisis like this,” he said, pointing to a lack of information and misinformation that there would be “no impact on patients, caregivers or health care providers”. which was “simply not true,” Okon said.
Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.