- On March 18, 2024
What Happened?
In late February 2024, Change Healthcare, a major healthcare clearinghouse, experienced a cyberattack. A clearinghouse processes healthcare claims electronically, routing them between providers, insurers, and other entities involved in the billing process. This attack disrupted operations for Change Healthcare, causing significant downstream effects across the healthcare system. On March 5th, 2024, HHS released a statement outlining their plan to mitigate disruptions.
Impact on Group Health Plans
While the attack didn’t directly target group health plans themselves, it caused delays in claims processing for many providers. This could have led to:
- Cash Flow Issues: Providers may have experienced delays in receiving reimbursement for services rendered to plan participants.
- Administrative Burdens: Plan sponsors and providers might have had to resort to manual claims processing, increasing administrative workloads.
- Potential Delays in Care: In some cases, delayed claims processing could have caused delays in authorizing or reimbursing necessary medical services for plan participants.
What Has Been Done?
The Department of Health and Human Services (HHS) has taken several steps to mitigate the impact on the healthcare system:
- Investigation: HHS launched an investigation into the attack to assess potential HIPAA violations by Change Healthcare and its parent company, UnitedHealth Group (UHG).
- Financial Assistance: HHS has implemented measures to financially support providers impacted by the attack, aiming to prevent disruptions in care due to cash flow issues.
- Streamlined Processes: HHS has worked with UHG to streamline the process for healthcare providers switching to different clearinghouses.
What Group Health Plan Sponsors Should Do
While the situation is evolving, here are some steps group health plan sponsors can consider:
- Monitor the Situation: Stay informed about developments related to the attack by following updates from HHS and industry organizations.
- Communicate with Providers: Connect with your plan network providers to understand if they experienced any disruptions due to the attack and inquire about potential delays in claims processing.
- Review Processes: Assess your current claims processing procedures and explore alternative clearinghouse options to mitigate future risks.
- Consider Short-Term Relief: If your plan participants experienced delays in care due to the attack, consider offering temporary solutions like waiving certain prior authorization requirements or extending deadlines for submitting claims.
ExpressLink will continue to monitor developments and keep our Broker Partners informed.