The U.S. Department of Health and Human Services (HHS) is aware that Change Healthcare – a unit of UnitedHealth Group (UHG) – was impacted by a cybersecurity incident in late February. HHS recognizes the impact this attack has had on health care operations across the country. HHS’ first priority is to help coordinate efforts to avoid disruptions to care throughout the health care system.
HHS is in regular contact with UHG leadership, state partners, and with numerous external stakeholders to better understand the nature of the impacts and to ensure the effectiveness of UHG’s response. HHS has made clear its expectation that UHG does everything in its power to ensure continuity of operations for all health care providers impacted and HHS appreciates UHG’s continuous efforts to do so. HHS is also leading interagency coordination of the Federal government’s related activities, including working closely with the Federal Bureau of Investigations (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the White House, and other agencies to provide credible, actionable threat intelligence to industry wherever possible.
HHS refers directly to UHG for updates on their incident response progress and recovery planning. However, numerous hospitals, doctors, pharmacies and other stakeholders have highlighted potential cash flow concerns to HHS stemming from an inability to submit claims and receive payments. HHS has heard these concerns and is taking direct action and working to support the important needs of the health care community.
Today, HHS is announcing immediate steps that the Centers for Medicare & Medicaid Services (CMS) is taking to assist providers to continue to serve patients. CMS will continue to communicate with the health care community and assist, as appropriate. Providers should continue to work with all their payers for the latest updates on how to receive timely payments.
Affected parties should be aware of the following flexibilities in place:
- Medicare providers needing to change clearinghouses that they use for claims processing during these outages should contact their Medicare Administrative Contractor (MAC) to request a new electronic data interchange (EDI) enrollment for the switch. The MAC will provide instructions based on the specific request to expedite the new EDI enrollment. CMS has instructed the MACs to expedite this process and move all provider and facility requests into production and ready to bill claims quickly. CMS is strongly encouraging other payers, including state Medicaid and Children’s Health Insurance Program (CHIP) agencies and Medicaid and CHIP managed care plans, to waive or expedite solutions for this requirement.
- CMS will issue guidance to Medicare Advantage (MA) organizations and Part D sponsors encouraging them to remove or relax prior authorization, other utilization management, and timely filing requirements during these system outages. CMS is also encouraging MA plans to offer advance funding to providers most affected by this cyberattack.
- CMS strongly encourages Medicaid and CHIP managed care plans to adopt the same strategies of removing or relaxing prior authorization and utilization management requirements, and consider offering advance funding to providers, on behalf of Medicaid and CHIP managed care enrollees to the extent permitted by the State.
- If Medicare providers are having trouble filing claims or other necessary notices or other submissions, they should contact their MAC for details on exceptions, waivers, or extensions, or contact CMS regarding quality reporting programs.
- CMS has contacted all of the MACs to make sure they are prepared to accept paper claims from providers who need to file them. While we recognize that electronic billing is preferable for everyone, the MACs must accept paper submissions if a provider needs to file claims in that method.
CMS has also heard from providers about the availability of accelerated payments, like those issued during the COVID-19 pandemic. We understand that many payers are making funds available while billing systems are offline, and providers should take advantage of those opportunities. However, CMS recognizes that hospitals may face significant cash flow problems from the unusual circumstances impacting hospitals’ operations, and – during outages arising from this event – facilities may submit accelerated payment requests to their respective servicing MACs for individual consideration. We are working to provide additional information to the MACs about the specific items and information a provider’s request should contain. Specific information will be available from the MACs later this week.
This incident is a reminder of the interconnectedness of the domestic health care ecosystem and of the urgency of strengthening cybersecurity resiliency across the ecosystem. That’s why, in December 2023, HHS released a concept paper that outlines the Department’s cybersecurity strategy for the sector. The concept paper builds on the National Cybersecurity Strategy that President Biden released last year, focusing specifically on strengthening resilience for hospitals, patients, and communities threatened by cyber-attacks. The paper details four pillars for action, including publishing new voluntary health care-specific cybersecurity performance goals, working with Congress to develop supports and incentives for domestic hospitals to improve cybersecurity, increasing accountability within the health care sector, and enhancing coordination through a one-stop shop.
HHS will continue to communicate with the health care sector and encourage continued dialogue among affected parties. We will continue to communicate with UHG, closely monitor their ongoing response to this cyberattack, and promote transparent, robust response while working with the industry to close any gaps that remain.
HHS also takes this opportunity to encourage all providers, technology vendors, and members of the health care ecosystem to double down on cybersecurity, with urgency. The system and the American people can ill afford further disruptions in care. Please visit the HPH Cyber Performance Goals website for more details on steps to stay protected.
The U.S. Department of Health and Human Services (HHS) today proposed new rules to support seamless and secure access, exchange and use of electronic health information. The rules, issued by the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC), would increase choice and competition while fostering innovation that promotes patient access to and control over their health information. The proposed ONC rule would require that patient electronic access to this electronic health information (EHI) be made available at no cost.
“These proposed rules strive to bring the nation’s healthcare system one step closer to a point where patients and clinicians have the access they need to all of a patient’s health information, helping them in making better choices about care and treatment,” said HHS secretary Alex Azar. “By outlining specific requirements about electronic health information, we will be able to help patients, their caregivers, and providers securely access and share health information. These steps forward for health IT are essential to building a healthcare system that pays for value rather than procedures, especially through empowering patients as consumers.”
Continue Reading
The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) recently released “Connecting Health and Care for the Nation: A Shared Nationwide Interoperability Roadmap” version 1.0. The draft roadmap is a proposal to deliver better care and result in healthier people through the safe and secure exchange and use of electronic health information.
“HHS is working to achieve a better health care system with healthier patients, but to do that, we need to ensure that information is available both to consumers and their doctors,” said HHS Secretary Sylvia M. Burwell. “Great progress has been made to digitize the care experience, and now it’s time to free up this data so patients and providers can securely access their health information when and where they need it. A successful learning system relies on an interoperable health IT system where information can be collected, shared, and used to improve health, facilitate research, and inform clinical outcomes. This roadmap explains what we can do over the next three years to get there.”
The draft ONCE interoperability roadmap builds on the vision paper, “Connecting Health and Care for the Nation: A 10-Year Vision to Achieve an Interoperable Health IT Infrastructure,” issued in June 2014. Months of comment and feedback from hundreds of health and health IT experts from across the nation through ONC advisory group feedback, listening sessions and an online forum aided in the development of the roadmap.
“To realize better care and the vision of a learning health system, we will work together across the public and private sectors to clearly define standards, motivate their use through clear incentives, and establish trust in the health IT ecosystem through defining the rules of engagement. We look forward to working collaboratively and systematically with federal, state and private sector partners to see that electronic health information is available when and where it matters,” said Karen DeSalvo, M.D., national coordinator for health IT.
Continue Reading
Twenty eight states, three territories and the District of Columbia will receive more than $665 million in Affordable Care Act funding to design and test healthcare payment and service delivery models that will try to improve healthcare quality and lower costs, Health and Human Services Secretary Sylvia M. Burwell announced.
Together with awards released in early 2013, more than half of states (34 states and three territories and the District of Columbia), representing nearly two-thirds of the population are participating in efforts to support comprehensive state-based innovation in health system transformation aimed at finding new and innovative ways to improve quality and lower costs.
The State Innovation Models initiative supports states in planning or implementing a customized, fully developed proposal capable of creating statewide health transformation to improve health care. Example initiatives include:
- Improving primary care through patient centered medical homes, building upon current Accountable Care Organization models or integrating primary care and behavioral health services.
- Providing technical assistance and data to healthcare providers and payers that are working to advance models of integrated, team-based care, or transition to value-based payment models.
- Creating unified quality measure score cards that health care payers and providers can use to align quality improvement and value-based payment methodologies.
- Expanding the adoption of health information technology to improve patient care.
- Fostering partnerships among public, behavioral and primary healthcare providers.
- Strengthening the healthcare workforce through educational programs, inter-professional training, primary care residencies and community health worker training.
Continue Reading
The Department of Health and Human Services (HHS) published a new meaningful use rule that allows healthcare providers “more flexibility” in how they use certified electronic health record (EHR) technology (CEHRT) to meet meaningful use for an EHR Incentive Program reporting period for 2014. According to the HHS’ statement, “by providing this flexibility, more providers will be able to participate and meet important meaningful use objectives like drug interaction and drug allergy checks, providing clinical summaries to patients, electronic prescribing, reporting on key public health data and reporting on quality measures.”
“We listened to stakeholder feedback and provided CEHRT flexibility for 2014 to help ensure providers can continue to participate in the EHR Incentive Programs forward,” said Marilyn Tavenner, CMS administrator. “We were excited to see that there is overwhelming support for this change.”
Based on public comments and feedback from stakeholders, the Centers for Medicare & Medicaid Services (CMS) identified ways to help eligible professionals, eligible hospitals, and critical access hospitals (CAHs) implement and meaningfully use Certified EHR Technology. Specifically, eligible providers can use the 2011 Edition CEHRT or a combination of 2011 and 2014 Edition CEHRT for an EHR reporting period in 2014 for the Medicare and Medicaid EHR Incentive Programs; All eligible professionals, eligible hospitals, and CAHs are required to use the 2014 Edition CEHRT in 2015.
These updates to the EHR Incentive Programs support HHS’ commitment to implementing an effective health information technology infrastructure that elevates patient-centered care, improves health outcomes, and supports the providers that care for patients.
The rule also finalizes the extension of Stage 2 through 2016 for certain providers and announces the Stage 3 timeline, which will begin in 2017 for providers who first became meaningful EHR users in 2011 or 2012.
For more information about the EHR Incentive Programs, visit http://www.cms.gov/EHRIncentivePrograms. For more information about CEHRT, visit http://www.healthit.gov.
With more than 2,000 entrepreneurs, investors, data scientists, researchers, policy experts, government employees and more in attendance, the Department of Health and Human Services (HHS) is releasing new data and launching new initiatives at the annual Health Datapalooza conference in Washington, D.C.
Today, the Centers for Medicare & Medicaid Services (CMS) is releasing its first annual update to the Medicare hospital charge data, or information comparing the average amount a hospital bills for services that may be provided in connection with a similar inpatient stay or outpatient visit. CMS is also releasing a suite of other data products and tools aimed to increase transparency about Medicare payments. The data trove on CMS’s website now includes inpatient and outpatient hospital charge data for 2012, and new interactive dashboards for the CMS Chronic Conditions Data Warehouse and geographic variation data. Also today, the Food and Drug Administration (FDA) will launch a new open data initiative. And before the end of the conference, the Office of the National Coordinator for Health Information Technology (ONC) will announce the winners of two data challenges.
“The release of these data sets furthers the administration’s efforts to increase transparency and support data-driven decision making which is essential for health care transformation,” said HHS Secretary Kathleen Sebelius.
“These public data resources provide a better understanding of Medicare utilization, the burden of chronic conditions among beneficiaries and the implications for our health care system and how this varies by where beneficiaries are located,” said Bryan Sivak, HHS chief technology officer. “This information can be used to improve care coordination and health outcomes for Medicare beneficiaries nationwide, and we are looking forward to seeing what the community will do with these releases. Additionally, the openFDA initiative being launched today will for the first time enable a new generation of consumer facing and research applications to embed relevant and timely data in machine-readable, API-based formats.”
Continue Reading
The United States, Canada and Mexico have adopted a set of principles and guidelines on how the three countries’ governments will share in advance public information and communications products during health emergencies of mutual interest. U.S. Health and Human Services Secretary Kathleen Sebelius, Canada’s Minister of Health Rona Ambrose and Mexico’s Secretary of Health Mercedes Juan signed a Declaration of Intent, formally adopting the principles and guidelines, at a trilateral meeting today during the 67th World Health Assembly in Geneva, Switzerland.
“The United States, Canada and Mexico have had a long and close relationship in supporting and improving our collective ability to respond to public health events and emergencies of mutual interest when they arise,” Secretary Sebelius said. “This declaration reinforces our joint efforts to strengthen our national capabilities to communicate effectively with our respective populations.”
“Infectious diseases are not limited by countries’ borders, and neither are the ways through which we receive the news,” said Minister Ambrose. “This Declaration will help our countries work together on the essential task of communicating more effectively on public health issues, which will protect the health of all of our citizens.”
“The collaboration between the three North American countries has proved to be an extraordinary contribution to strengthening the security of health in the region,” said Secretary Juan. “The clear, transparent and timely exchange of information has been, and will remain, a central pillar of this cooperation, particularly for responding to public health emergencies.”
The Declaration of Intent calls on the three countries to:
Continue Reading
Attorney General Eric Holder and Department of Health and Human Services (HHS) Secretary Kathleen Sebelius announced today that a nationwide takedown by Medicare Fraud Strike Force operations in six cities has resulted in charges against 90 individuals, including 27 doctors, nurses and other medical professionals, for their alleged participation in Medicare fraud schemes involving approximately $260 million in false billings.
Attorney General Holder and Secretary Sebelius were joined in the announcement by Acting Assistant Attorney General David A. O’Neil of the Justice Department’s Criminal Division, FBI Assistant Director Joseph Campbell, U.S. Department of Health and Human Services (HHS) Inspector General Daniel R. Levinson and Deputy Administrator and Director of the Centers for Medicare & Medicaid Services (CMS) Center for Program Integrity Shantanu Agrawal.
This coordinated takedown is the seventh national Medicare fraud takedown in Strike Force history. The Medicare Fraud Strike Force operations are part of the Health Care Fraud Prevention & Enforcement Action Team (HEAT), a joint initiative announced in May 2009 between the Department of Justice and HHS to focus their efforts to prevent and deter fraud and enforce current anti-fraud laws around the country.
Since their inception in March 2007, Strike Force operations in nine locations have charged almost 1,900 defendants who collectively have falsely billed the Medicare program for almost $6 billion. In addition, CMS, working in conjunction with HHS-OIG, has suspended enrollments of high-risk providers in five Strike force locations and has removed over 17,000 providers from the Medicare program since 2011.
The joint Department of Justice and HHS Medicare Fraud Strike Force is a multi-agency team of federal, state and local investigators designed to combat Medicare fraud through the use of Medicare data analysis techniques and an increased focus on community policing. Almost 400 law enforcement agents from the FBI, HHS-OIG, multiple Medicaid Fraud Control Units and other federal, state and local law enforcement agencies participated in the takedown.
Continue Reading