For the past month or longer, many providers have reported a significant impact on their revenue cycle due to the cyberattack on Change Healthcare, LLC. In light of that impact, the Centers for Medicare & Medicaid Services (CMS) issued a fact sheet offering some assistance, albeit limited, to healthcare providers.
For example, CMS has made available accelerated payments to Part A Medicare providers and advance payments to Part B Medicare suppliers experiencing claim disruption. The accelerated and advance payments could be granted in amounts representing up to 30 days of claims payments, based on the total claims paid to the provider/supplier between August 1, 2023, and October 31, 2023, divided by three. To receive these payments, the provider/supplier must make numerous promises and representations related to the entity’s financial and compliance statuses. These payments, however, will have to be repaid through automatic recoupments.
CMS has also offered flexibilities with regard to the Medicaid program so that states can make certain interim payments for services rendered by healthcare providers, but for which the healthcare provider cannot submit claims due to the disruption.
Just recently, on March 22, 2024, federal legislation titled Health Care Cybersecurity Improvement Act of 2024 was introduced. The legislation would modify the existing programs for advance and accelerated payments to healthcare providers so that in the event of a cybersecurity incident, the healthcare provider only receives payments if it meets certain cybersecurity standards that shall be determined by the Secretary of the U.S. Department of Health and Human Services. We will keep track of the status of this new legislation as well as any cybersecurity standards issued by the Secretary.