U.S. health officials have urged insurers to urgently take steps to ease digital congestion after a massive data hack disrupted the administration of hospitals, doctors, pharmacies and millions of patients. He urged them to take action.
The U.S. Department of Health and Human Services on Tuesday asked insurance companies to waive prior authorization and require Medicare contractors to accept paper bills from doctors and hospitals. These temporary measures are intended to address administrative issues arising from the data hack of influential companies owned by UnitedHealth Group.
Change Healthcare, a unit of UnitedHealth Group, said on February 21 that hackers had disrupted its operations, which process 15 billion health-related transactions annually. Change Healthcare operates a digital “clearinghouse” that connects doctors, hospitals and other health care providers with the insurance companies that pay for and authorize health care services. Since news of the hack became public last month, doctors and hospitals have been unable to charge for some services and patients have struggled to get their prescriptions filled.
Last Thursday, UnitedHealth Group announced that the ransomware group known as ALPHV or Blackcat was responsible for attacks that disrupted billing and medical authorization systems across the United States.
HHS said in a statement Tuesday that it expects UnitedHealth to “do everything in its power to ensure continuity of operations” for doctors, hospitals and other health care providers. HHS also called on companies serving patients enrolled in Medicare, the federal health care program for adults 65 and older, to address problems caused by the cyberattack.
Some of the steps include:
∎ The federal government has recommended that Medicare health plans remove or relax requirements that patients or physicians obtain prior authorization before undergoing medical tests or procedures. Insurers are also being asked to discontinue “timely submission” rules governing when health care providers must submit claims for payment. Private Medicare plans should also provide “pre-funding” to health care providers affected by data hacks.
∎ HHS asked private liaisons serving Medicare to accept paper claims from health care providers. Hospitals, doctors, and other health care providers may revert to paper billing as a workaround when their computer systems are disrupted by data breaches or cyberattacks.
∎ HHS also asked hospitals, which have faced “significant cash flow issues” since the hack, to speed up payments from Medicare contractors. The federal agency also advised hospitals and doctors to switch to another payment facility and contact their local private Medicare contractors.
The HHS action was announced a day after the American Medical Association, an influential physician group, called on the Biden administration to provide emergency financial relief to doctors affected by cyberattacks.
On Tuesday, Jesse M. Ehrenfeld, president of the American Medical Association, said the federal government's action was a “welcome first step” but urged the agency that oversees Medicare: ”Recognize that physicians are experiencing financial hardship that threatens the survival of many medical practices. ”
The American Hospital Association on Monday condemned UnitedHealth's plan to provide temporary financial assistance to hospitals affected by data attacks. The industry group said the health insurance giant's funding proposal offers “unilateral contract terms” and limited eligibility.
This year's cyber attacks are by no means unusual.
Approximately one in three Americans was affected by a health-related data breach last year. The number of attacks has increased rapidly in recent years. They are often carried out by organized hackers operating overseas and target the computer systems of healthcare providers and vendors and companies that provide healthcare services. Most large-scale hacks target vendors that bill hospitals, doctors, and other healthcare providers or provide other services.
Last year, a record 133 million health records were exposed in a data breach. Most of these robberies were carried out by hackers targeting healthcare providers and their vendors. Last year, there were an average of two health data hacks or at least 500 record thefts per day in the United States.
Ken Alltucker can be reached at @kalltucker on X (formerly Twitter) or emailed at alltuck@usatoday.com..
