Editorial: It’s Never Too Late to “Change”
In the wake of the Change Healthcare cyberattack, Kodiak Solutions has been sharing incredibly valuable data about the quantifiable impacts that the event has had on hospitals and health systems throughout the country. The results are astonishing. What is even more concerning are the impacts to come. This cyberattack event is a tsunami.
When a catastrophic event happens that is beyond the affected parties’ control, typically a sense of community occurs. People help each other. Donations pour in, funds are raised, and everything that can be done to help with displacement is done. The focus is on rebuilding, together. The Change Healthcare cyberattack was a catastrophic event. But instead of receiving support, hospitals and health systems have been largely left to stand alone, while the entities that can provide the most assistance are looking on from afar, in silence, watching the wave approach the shore.
On March 5, 2024, the Department of Health and Human Services issued a statement outlining what the Centers for Medicare & Medicaid Services is doing to help impacted hospitals and systems manage through this event. Examples include the issuance of guidance to Medicare Advantage and Part D plan sponsors, encouraging them to remove or relax prior authorization and timely filing requirements and asking for plans to offer advance funding to providers most affected by this cyberattack. CMS is encouraging the same for Medicaid plans. The problem is that CMS can only reach so far, and it has no real authority to mandate these concessions.
Then on March 10, 2024, HHS issued a letter to healthcare leaders asking for “private sector leaders across the health care industry—especially other payers—to meet the moment.” HHS went on to state that “payers have a unique responsibility and opportunity to address the challenge before us.” Despite the encouragement, there has been near silence from the Medicare Advantage plans and even more deafening quiet from the commercial, non-Medicare Advantage plans. The organizations that we call on to care for the sick and dying are left to stand alone in one of their greatest times of need. Where is the sense of community?
There has been a long-standing sense that payors and providers are adversaries, and that they are motivated by different incentives. In conversations with payors and providers, however, there has been a spoken desire to rewrite this narrative and to work together to put patients first and better the healthcare industry as a whole. But as the old adage states, actions speak louder than words. The cyberattack has presented a perfect opportunity for payors to take actions. Payors could lessen the impacts of the cyberattack for providers single-handedly. Yet they choose inaction and silence. What an incredible disappointment for our industry.
Without concessions from payors, cash will continue to decline. Even when the Change Healthcare systems are all back online and providers can begin sending claims electronically again, payors will begin denying those claims. It is anticipated that without leniency, prior authorization denials, medical necessity denials, and timely filing denials will skyrocket. These denial categories are precursors to fatal denials—those that have no further appealability and will not result in payment for providers. These denials will further impact providers’ cash flow. And the thing that is most bothersome about this whole scenario is that providers are taking the biggest hit—and none of this is their fault.
It is unclear when things will return to normal, if ever. This cyberattack has had far-reaching implications for the healthcare industry. One can only hope that we learn from this situation, including that no one company should ever have so much control over what is arguably the most important industry to the American people. The Department of Justice’s anti-trust investigation into UnitedHealth Group should shed light on the implications of a company having its cake and eating it too. As providers stare at a more than $6 billion (and counting) negative impact to cash since the cyberattack occurred—without any assistance from payors, with a weak plea for intervention by the government, and with nowhere to turn for support or assistance—we can only hope the industry can see how much providers are impacted by this event and that something more will be done to help them. More importantly, we must hope the industry acts to prevent something like this from happening again.
The last time a crisis impacted the industry like this was when the COVID-19 pandemic was in full force. As we look back on how we acted during the pandemic, I feel proud of our industry. There was community. There was support. There was financial assistance for providers. There was action because it was the right thing to do. The providers were on the front lines, and we applauded them for their efforts and work to navigate through an incredibly challenging time. Providers are once again on the front lines, but this time they are left to navigate a crisis alone. We must do better. We must do what is right, so we can look back and be proud of how we handled this situation, too.
Written by Colleen O. Hall, SVP of Revenue Cycle at Kodiak Solutions
