calculator and stethoscope over data sheet
(Credit: erdikocak / Getty Images)

As promised, Change Healthcare on Friday entered a new stage of recovery from a major cyberattack that has been massively disruptive to the healthcare industry, including long-term care providers. 

Although Congress and the US Department of Health and Human Services have engaged in what some would consider finger-pointing, long-term care advocacy organizations such as LeadingAge and the American Health Care Association have worked to educate members on what happens next. 

Change Healthcare has started to get its systems back, beginning with an announcement that its pharmacy network is now online, and has promised further systems recovery next week. But the effects of the cyberattack “could reverberate for some time,” LeadingAge’s Nicole Fallon, vice president for integrated services and managed care, told the McKnight’s Tech Daily on Friday.

“This is a complicated and dynamic situation,” she said. “We believe that the full extent of the CHC cyberattack’s impact on our nonprofit, mission-driven members simply is not yet clear, though more details about holes in cash flow and the need for interim funding assistance are emerging. The bottom line is that this is a significant disruption to operations and we’re continuing to support our members as they navigate through these challenges.”

LeadingAge and AHCA were among the organizations invited to a White House meeting about the cyberattack on Tuesday. 

Although attempts have been made to assist providers since the incident was first announced on Feb. 21, results have been less than desirable. 

For example, interim funding options offered by Optum to address the payments backlog have not worked for many providers because many third-party vendors rely on CHC anyway.

Quality measurements at risk

Some long-term effects from the claims backlog could include inaccurate quality measures for value-based care assessments, which in turn could affect claims-based calculations from the Centers for Medicare & Medicaid Services, Fallon warned. She added that LeadingAge has called for the reporting of those measures to be delayed until claims are properly processed.

Problems also remain when it comes to where providers can look to extra funding to cover payment gaps and who is the “payer of last resort,” Fallon said; both CMS and UnitedHealth Group, Change Healthcare’s parent company, have said that providers must first exhaust other options before coming to them.

Following the White House meeting, federal agencies and Congress started assessing what security failures led to the cyberattack and how to prevent it from happening again. HHS announced that an investigation had begun, and senators pushed HHS during a hearing Thursday to hold UnitedHealthcare accountable.

AHCA executives said it is essential for providers and federal agencies to work together to maintain “equitable access to care” across the entire healthcare industry. 

“Our long-term and post-acute care members have gained vital understanding from recent clarifications and are eager to keep collaborating for sustained recovery,” Martin Allen, senior vice president, reimbursement policy for AHCA, told McKnight’s Thursday.

LeadingAge announced that it will be holding a town hall for members Thursday to help give providers information and insight.  

Lisa Plaggemier, the executive director of the National Cybersecurity Alliance, said there must be lessons learned from the incident by healthcare companies, consumers and the government.

The breach highlights the need for “robust cybersecurity measures” in healthcare and for better government oversight to safeguard systems, she said.

“Through rigorous investigations and enforcement actions, regulatory bodies can hold healthcare entities accountable for lapses in data protection and ensure swift responses to cyber incidents,” Plaggemier said in a statement. “Moreover, collaboration between government agencies, law enforcement and private sector stakeholders is essential to bolstering the resilience of the healthcare sector against future cyberattacks.”