Disruptions to small practices’ operations remain ‘severe and ongoing’ months after Change cyberattack
Months after the Change Healthcare cyberattack, disruptions to small physician practices remain “severe and ongoing,” industry advocacy groups warned the administration on Thursday.
Hackers first hit the healthcare payment processing outfit—owned by industry giant UnitedHealth Group—in February, disrupting the flow of funds for weeks. UHG had claimed that services would be largely restored by late March. However, doc lobbying groups such as the Medical Group Management Association say things are still a mess.
The matter is further complicated after UHG recently revealed that personal health information was captured in the attack, noted MGMA, which represents 15,000 group practices and 350,000 physicians across radiology and other specialties.
“While MGMA appreciates the steps the department has taken, along with the efforts of Change and its parent, UnitedHealth Group, many challenges remain,” Anders Gilberg, senior vice president, government affairs, wrote in an April 25 letter to the HHS Office for Civil Rights. “Of immediate concern is confusion surrounding the extent to which protected health information and personally identifiable information have been improperly disclosed, to whom, and on whom the burden of providing HIPAA-required breach notifications to both your office and affected patients will fall.”
The American Medical Association also wrote a similar recent message, highlighting “deep” concern stemming from UnitedHealth’s April 22 announcement. AMA also continues to hear complaints from physicians, and particularly small practices, about the “havoc caused by the cyberattack.” Two months after the original incident, providers continue to report suspended claim payments and the inability to submit requests or verify benefits, a recent informal AMA survey found.
“As information becomes available, the AMA urges UHG to keep patients and physicians informed about how it will implement these announcements, as well as provide the financial assistance and administrative flexibilities needed for practices to stay open and provide patient care,” President Jesse M. Ehrenfeld, MD, said in a statement.
Amid these concerns, AMA is urging Congress to ensure that practices in radiology and other specialties have the resources to weather future cyberattacks. This includes fixing the “broken” Medicare payment system.
MGMA also urged the feds to make clear that responsibility for breach notifications rests solely with Change Healthcare and UHG, not radiology providers. It wants practices held “completely innocent in this unique situation,” and to ensure the payment processing firm fulfills promises to providers in a “prompt and transparent manner.”
“No prudent medical group can rely on vague promises in a press release containing no specifics with respect to either timing or implementation,” MGMA wrote. “To our knowledge, no MGMA member has actually received from Change or United the promised ‘offer,’ in writing or otherwise.”