Read Biden-Harris administration’s follow-up meeting with insurers on cyberattack on health care overhaul
Read Biden-Harris administration’s follow-up meeting with insurers on cyberattack on health care overhaul

Leaders from HHS, the White House and health insurance companies gathered to discuss ways to mitigate the harm to patients and providers caused by the cyber attack.

On Monday, March 18, US Department of Health and Human Services (HHS) Secretary Xavier Becerra and Deputy Secretary Andrea Palm led a payer convening to discuss specific actions to mitigate the harm to patients and providers caused by the cyber attack against Change Healthcare. White House Domestic Policy Advisor Neera Tanden and White House Deputy National Security Advisor (DNSA) for Cyber ​​and Emerging Technologies Anne Neuberger and others in the federal government also participated. This was a continuation of last week’s meeting.

Since the last meeting, HHS has surveyed payers for data and information related to the actions they are taking to help providers resolve issues stemming from the cyberattack. HHS teams then worked through the weekend to review the responses.

During the meeting, Secretary Becerra and Director Tanden discussed adjustments made to improve claims processing, but called for more support for providers who remain in need, particularly those serving vulnerable populations, rural hospitals and smaller institutions. They made it clear that the government and the private sector must continue work together to help providers make payroll and deliver timely care to the American people.

Deputy Secretary Palm acknowledged steady progress in recovering claims processing and urged insurers to direct advance payments to small, rural and sheltered health care providers who still express concerns about cash flow.

DNSA Neuberger noted the interconnectedness of the local healthcare ecosystem and the urgency of strengthening cybersecurity resilience across the sector. She urged insurers to implement HHS’s voluntary HPH Cyber ​​Performance Goals (CPG). Noting that many payers and providers will require third-party certification of Change Healthcare’s system cybersecurity before reconnecting, she encouraged United Health Group (UHG) to communicate to providers efforts to secure claims systems and timelines framework for these third-party assessments.

Secretary Becerra and Deputy Secretary Palm also called on United Health Group (UHG) to connect providers with the support they need. Director Tanden urged insurers to assess their own data to determine which providers need additional support and engage them directly.

Representatives from participating insurance providers offered an update on their efforts to date and outlined specific actions they will take to resolve outstanding issues. HHS leadership and the White House have urged insurers to be targeted and specific in implementing solutions, including increasing upfront payments where needed to providers and communities still most in need.

List of participants in the administration:

  • HHS Secretary Xavier Becerra
  • HHS Deputy Secretary Andrea Palm
  • Neera Tanden, White House domestic policy adviser
  • Ann Neuberger, White House Deputy National Security Advisor for Cyber ​​and Emerging Technologies
  • Chiquita Brooks-LaSure, Administrator, Centers for Medicare & Medicaid Services (CMS)
  • Jonathan Bloom, Principal Deputy Administrator and Chief Operating Officer, CMS
  • Melanie Fontes Reiner, director of the HHS Office for Civil Rights
  • Brian Mazanek, Deputy Assistant Secretary and Deputy Director for Readiness, Strategic Readiness and Response Administration
  • Berta Alicia Guerrero, Director of the Office of Intergovernmental and External Affairs

List of Stakeholder Participants:

  • Alliance for Community Health Plans (ACHP)
  • American Health Insurance Plans (AHIP)
  • AmeriHealth Charities
  • Association of Community-Based Plans (ACAP)
  • Blue Cross Blue Shield Association (BCBSA)
  • Hundreds
  • The Cigna Group
  • CVS Health/Aetna
  • Elegance
  • Health Care Services Corporation
  • Humana
  • Kaiser Permanente
  • Medicaid Health Plans of America (MHPA)
  • Molina
  • UnitedHealth Group

These efforts are part of HHS’s broader cybersecurity strategy. HHS continues to urge everyone to implement the aforementioned CPGs, designed to help healthcare organizations strengthen cyber preparedness, improve cyber resilience, and ultimately protect health information and patient safety.

HHS Actions to Change Health Care to Date

After the US Department of Health and Human Services (HHS) was notified of the February 21, 2024 cyber attack against Change Healthcare systems, HHS took action to address the impacts. The following are additional key actions taken by HHS since the last report on Tuesday, March 12.

Additional key actions:

  • On March 13, CMS published a set of answers to frequently asked questions about the availability of expedited and advance payments for Part A and Part B providers and suppliers, respectively.
  • On March 13, HHS sent a survey to health care payers who participated in a March 12 call about the Change Healthcare cybersecurity incident.
  • On March 13, HHS’s Office for Civil Rights (OCR) issued a “Dear Colleague” letter regarding the cybersecurity incident affecting Change Healthcare, a unit of UnitedHealthcare Group (UHG), and many other healthcare organizations. Given the unprecedented scale of the attack and the public interest, OCR announced in the letter that it has opened an investigation into the cyber attack against Change Healthcare and United Health. The letter also made it clear to the thousands of other covered entities affected by the breach that they were not targeted by OCR. OCR enforces the HIPAA Security Rule, which is the Department’s law enforcement tool to protect protected health information from cyber attacks.
  • On March 15, CMS reopened the 2023 Extreme and Uncontrollable Circumstances (EUC) Exception Application to the Merit-Based Incentive Payment System (MIPS) to provide relief to clinicians affected by this cybersecurity incident in the reporting requirements frameworks.
  • On March 15, CMS announced important flexibilities to help state Medicaid agencies provide needed relief to Medicaid providers and protect access to health coverage. In particular, CMS announced flexibility to ensure that states can begin making interim payments to providers affected by the Change Healthcare cybersecurity incident.

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *