Change Healthcare Incident

Posted March 1, 2024

CAMFT is aware of an ongoing cyber security incident impacting Change Healthcare, which is part of the Optum unit of UnitedHealth Group. As a result of this incident, providers using Change Healthcare as their clearinghouse cannot access claims management, payment services, billing and data exchanges, and other services using the Change Healthcare network. Change Healthcare is providing regular updates online, and impacted members are encouraged to subscribe to Change Healthcare’s cybersecurity incident updates.

We recognize the impact not being able to transmit insurance claims will have on members and your ability to maintain day-to-day operations. Change Healthcare is reporting that it anticipates electronic payment functionality to be available for connection beginning March 15, and that it will begin testing and reestablishing connectivity to its claims network and software on March 18, restoring service through that week. Until such a portal is available, CAMFT, like other healthcare professional associations whose members are impacted, recommends affected providers consider workarounds while Change Healthcare address system restoration, including:

• Using an alternate healthcare clearinghouse, including the following (CAMFT does not endorse or have an affinity partnership with these vendors):
  • Availity is offering continuity and connectivity services through a dedicated website. Availity Client Services may be contacted at 1-800-282-4548.
  • Office Ally
  • Inovolan
  • If you are an Aetna provider, access this list for electronic transmission vendors
• Submitting claims directly through health plan provider portals (contact your plan for more information)
• Submitting paper claims to the health plan through the U.S. Postal Service or via fax (please note: there may be a delay in processing paper claims)
• TherapyNotes reports it has updated the ability for providers to download claim data files to be submitted outside of the Change Healthcare clearinghouse
• Medi-Cal providers should review a resource bulletin issued by the Department of Health Care Services  
• Medicare providers should review a statement issued by the U.S. Department of Health and Human Services 

Change Healthcare has not announced an expected resolution date for when its electronic claims processing will resume. As a result, CAMFT attorneys have received questions from members about whether they can bill patients directly for services rendered during this period of uncertainty and reimburse them once the claims are processed. Unfortunately, if a therapist is contracted with a patient’s health plan, it would likely violate the therapist’s contract with the plan if the therapist were to bill the patient directly for the services. Such action also could raise ethical concerns around the financial exploitation of the patient. Members experiencing liquidity issues due to delayed payments are encouraged to speak with their financial institutions and/or accountants to determine what steps may be in their best interests.

While the extent of the cybersecurity incident is being investigated by Change Healthcare, members may wish to review the U.S. Department of Health and Human Services overview of the Breach Notification Rule in preparation for a potential breach notification. Members who carry cybersecurity insurance should contact their insurance carrier to notify them they may be potentially impacted by the Change Healthcare cybersecurity incident.

CAMFT encourages all members to be mindful of the possibility of cybersecurity threats due to the sensitive nature of your work with patients. Members should consider reviewing an alert issued by the FBI, Cybersecurity & Infrastructure Security Agency, and Department of Health and Human Services on steps healthcare providers can take to stop ransomware attacks.