In response to the recent cybersecurity incident at Change Healthcare, a subsidiary of UnitedHealth Group, the Centers for Medicare & Medicaid Services (CMS) has taken significant steps to mitigate the impact on Medicaid providers and ensure continued access to healthcare coverage.
CMS has introduced new flexibilities aimed at assisting state Medicaid agencies in providing much-needed relief to affected providers. These flexibilities include enabling states to initiate interim payments to providers affected by the cybersecurity incident. To facilitate this, CMS is encouraging states to submit Medicaid state plan amendments (SPAs) to authorize certain interim payments for services rendered by providers who are unable to submit claims. Additionally, CMS has issued guidance to support states in implementing these flexibilities, allowing them to make retroactive interim payments to affected providers and draw Federal Financial Participation (FFP) once the appropriate Medicaid SPA is submitted, subject to specific conditions outlined in the guidance.
Furthermore, CMS emphasizes the importance of safeguarding critical links to healthcare coverage and remains actively engaged with state Medicaid agencies, health plans, providers, suppliers, and other stakeholders to address concerns and ensure continued access to care.
In addition to these flexibilities, CMS has extended the data submission deadline and reopened the 2023 Merit-based Incentive Payment System (MIPS) Extreme and Uncontrollable Circumstances (EUC) Exception Application to provide relief to clinicians impacted by the cybersecurity incident. This application will remain open for the remainder of the data submission period, closing on April 15, 2024.
For more details, please refer to the following links:
https://www.medicaid.gov/federal-policy-guidance/downloads/cib031524.pdf