The Feb. 21 cyberattack on Change Healthcare continues to have a widespread negative impact on patients and practices. UnitedHealth Group is regularly sharing updated information on restoration timelines and resources.
Since the attack and outage, the AAFP continues to closely monitor the situation and has:
Jump to a section: Latest updates | Funding assistance and MIPS relief | Share your experience
On May 31, 2024, HHS' Office of Civil Rights (OCR) updated their Change Healthcare Cybersecurity Incident FAQs. This was in response to a joint letter from the AAFP and more than 100 health care organizations that requested HHS’ OCR clarify notification requirements.
The updated OCR FAQs "make clear that: Covered entities affected by the Change Healthcare breach may delegate to Change Healthcare the tasks of providing the required HIPAA breach notifications on their behalf."
Follow these steps to potentially access temporary funding provided by Optum Financial Services:
For answers to common questions about funding assistance, visit Optum's webpage for the program.
The U.S. Department of Health and Human Services is maintaining a list of information about private payers to help you connect with them for support and more.
CMS advanced payment program will stop taking new applications for those affected by the outage on July 12, 2024:
Practices can now cite the Change Healthcare outage when applying to CMS for a Merit-based Incentive Payment System (MIPS) Extreme and Uncontrollable Circumstances (EUC) exception for the 2024 performance year.
FPM's Getting Paid blog entry on CMS' announcements summarizes the 2023 MIPS reporting relief available to physicians.