legal-document-to-plain-english-translator/”>Try Free Now: Legalese tool without registration

Find a LOCAL lawyer

House Subcommittee on Health and Insurers

The House Subcommittee on Health and witnesses slammed insurers Tuesday for continuing to make money during the Change cyberattack crisis while hospitals and health systems suffer revenue losses and some physician practices are on the brink of bankruptcy.

At least two representatives called out UnitedHealth Group for not attending the hearing on the Change cyberattack. UnitedHealth Group, the parent company of Change, held its Q1 earnings call on Tuesday.

“UnitedHealth Group chose not to make anyone available today,” said Rep. Cathy McMorris Rodgers, R-Washington.

Insurers have been inflexible in helping providers get claims paid, witnesses said during “Examining Health Sector Cybersecurity in the Wake of the Change Healthcare Attack,” held by the Subcommittee on Health of the Energy and Commerce Committee. While payers continue to make money off of unpaid claims, providers are struggling, they said.

Many were forced to submit paper claims after the February 21 cyberattack shut down Change’s electronic processing system but insurers made no accommodations to accept anything other than electronic payments, according to Dr. Kimberly Merle Schrier, D-Washington. 

Kittitas Valley Healthcare, a small rural hospital in Washington, has only recouped 50% of their regular March receipts, Schrier said. Nearly two months since the attack they’re still submitting claims manually. 

“However I’ve heard from a couple hospitals, including Kittitas Valley Hospital, that many national commercial payers have refused to provide any flexibility,” Schrier said. “This means that while hospitals are forced to file claims by paper, some large insurance plans are still requiring prior authorizations and timely filing, and frankly I don’t see a lot of incentive for these plans to not just to sit on the money that they’re holding and I remain concerned they’re doing that for their bottom line, meanwhile providers and patients are just left hanging.”

“We have heard the same,” said John Riggi, national advisor for Cybersecurity and Risk, American Hospital Association. “That other commercial payers are reluctant or simply refusing to provide beneficial terms for advance payments.”

UnitedHealth Group has been offering advance payments through a financial assistance program. The Centers for Medicare and Medicaid Services has also made available advance and accelerated payments.

It’s not been enough to meet the need, according to orthopedic spine surgeon Dr. Adam Bruggeman. Many providers have chosen to work through Availity for claims processing, he said.

One provider submitted a 600-page paper claim, Riggi said, and that’s not the end of the process. Once in the system it has to be edited, often the claim is rejected and additional layers of processing are needed. In the meantime the insurers sit on the reimbursements, he said.

Hospitals were aware right away of a problem with the claims system because they were disconnected from Change’s services, Riggi said.

However, he said by statement, “During the early days and weeks of the event, it was very difficult to obtain clear information from UnitedHealth Group. Initially, there was little communication and a minimization of the impact this event was having on the ability to process medical claims.”

When the question arose during the hearing of the cyberattack’s impact on patients’ personal health information, Riggie said, “We have no confirmation of data stolen.”

How AI legalese decoder Can Help

AI legalese decoder can assist in understanding complex legal language and decoding it into simpler terms for better comprehension. With the current situation regarding insurers and the Change cyberattack crisis, utilizing AI legalese decoder can help providers navigate through legal documents, contracts, and policies to ensure they are aware of their rights and obligations. It can also aid in deciphering any legal jargon used by insurers to ensure providers are fully informed and protected in their dealings with them.

What’s needed:

Schrier said as a legislative body Congress needs to do more to fix the root of the problem.

Riggi said the government needs to provide resources and it needs to go after bad actors overseas. The 2015 Cybersecurity Sharing Act called for automated sharing of malware signatures. 

“We need to have this done on an automated basis,” Riggi said.

Scott MacLean, board chair, College of Healthcare Information Management Executives (CHIME) said the Office of the National Coordinator provides an annual risk assessment. What’s needed, he said, are safe harbors for information sharing. Greater transparency is needed.

“Our sector also needs a federally driven playbook,” MacLean said. “We need to know who to call during a cyber incident and we must have a clear pathway to the federal front door at HHS (Department of Health and Human Services).”

Reaction:

Riggi submitted this statement: “Since the AHA first learned of the attack, we have remained in communication with UnitedHealth Group leadership to lend our support and share our members’ challenges because of the Change Healthcare outage. The AHA issued a survey to all U.S. hospitals on Friday, March 9, 2024. These results reflect responses representing 960 hospitals as of the morning of Tuesday, March 12, 2024.

“According to Kodiak Solutions, a revenue cycle data analytics firm, the value of claims submitted dropped $6.3 billion for their 1,850 hospitals and 250,000 physician clients alone,” Riggi said “While much of the claims and payment system functionality has been restored, it remains unclear as to how long it will take for all operations to return to normal. This is because reconnecting is not the only step to recovery. Providers will need to work through the backlog of claims, reprocess denials received during this time, reconcile payments to accounts, and bill patients, among other tasks. Therefore, hospitals, physicians and patients are continuing to experience financial and operational impacts.” 

Riggi said, “What we do know, however, is that UnitedHealth Group reported to the Securities and Exchange Commission on March 21 that, ‘the company has not determined the incident is reasonably likely to materially impact the company’s financial condition or results of operations,’ even as it has harmed providers across the country.”

Blue Cross Blue Shield Association submitted this statement to the House Energy and Commerce Health Subcommittee: “The Change Healthcare cyberattack caused significant disruption for the entire healthcare industry, including patients, health care providers and health plans that rely on Change Healthcare for claims processing and other functions. The security of patients’ data is a critical priority.

MGMA Recommendations

MGMA submitted a statement for the record to the House Committee on Health: “Given the breadth of services Change Healthcare offers, MGMA members felt myriad negative consequences following the cyberattack. Physician practices diligently instituted workarounds for various processes to remain operational, which required significant labor costs and time to institute, diverting critical resources from patient care.
 
“The cyberattack on Change Healthcare made it evident that there are significant vulnerabilities in our healthcare system, which must be addressed — especially as the threat of such attacks only continues to rise.MGMA submitted recommendations including: Having safeguards and contingency plans in place for health plans, clearinghouses, and other third-party vendors; Examining whether further authorities and flexibilities should be granted to federal agencies responding to future attacks to support physician practices; A review whether other policies should be introduced such as waiving timely filing requirements for health plans, reducing prior authorization burden and relaxing other requirements.

The president’s budget acknowledged the need to bolster cybersecurity resources within the healthcare sector, allocating $800 million to assist “high-need, low-resourced” hospitals to help implement cybersecurity practices, MGMA said. The budget also proposed $500 million for an incentive program for advanced cybersecurity practices for hospitals. Ensuring that all physician practices are afforded resources similar to those proposed for hospitals is critical.”

 

Email the writer: [email protected]

legal-document-to-plain-english-translator/”>Try Free Now: Legalese tool without registration

Find a LOCAL lawyer

Reference link