INSURANEWS Logo
Top Stories
Life
Health
Medicare
Property & Casualty
Annuity
Industry

CMS Relief Payments for Change Healthcare Cyberattack Reveal Overpayment Issues

Share:

The Centers for Medicare and Medicaid Services (CMS) distributed $3.3 billion in relief funding to healthcare providers affected by the February 2024 ransomware attack on Change Healthcare, with $2.2 billion allocated to hospitals. A Health Affairs report highlights that the opt-in, uniform nature of this relief program caused both overpayments to certain hospitals and underparticipation by others who also suffered revenue losses. The CMS relief initiative, termed the Change Healthcare/Optum Payment Disruption accelerated and advance payment program (CHOPD), aimed to offset disruption in Medicare reimbursements due to the cyberattack impacting claims processing nationwide. The analysis showed that while individual physicians and dialysis facilities made up the majority of recipients, hospitals received the lion's share of payments, accounting for 67.1% of total disbursements despite being only 7.7% of recipients. Hospital revenue notably declined for approximately six weeks following the attack compared to the previous year. Hospitals receiving CHOPD payments tended to be nonprofit, non–publically owned, and part of larger health systems. Despite the substantial payments, the report identified some hospitals experiencing revenue losses comparable to those receiving funds but who did not participate in the CHOPD program, suggesting gaps in relief distribution. Health Affairs suggests that future relief efforts by CMS could benefit from more tailored payment models, such as adjusting payments based on more granular revenue loss metrics and incorporating outlier payments for providers with severe disruption. The report notes limitations, including challenges attributing revenue changes solely to the cyberattack, given the lack of other nationwide events causing similar disruptions. The study also focused exclusively on fee-for-service Medicare revenue, thereby omitting other important revenue sources such as those associated with UnitedHealth Group's internal assistance programs. The authors also acknowledge they could not analyze how providers utilized the relief funds. This case study informs ongoing discussions about refining public reimbursement interventions in response to sudden provider disruptions like cyberattacks. The findings underscore the complexity of designing equitable and effective relief payment systems within the Medicare program during systemic service interruptions affecting payer and provider operations.