Bipartisan Coalition of Attorneys General Call for UHG to Take Decisive Action to Help Providers and Patients

Posted by Steve Alder

A bipartisan coalition of 22 state attorneys general sent a letter to UnitedHealth Group CEO Andrew Witty to express their concern about the response to the February 21, 2024, ransomware attack on Change Healthcare and the continuing problems faced by providers, pharmacies, and patients.

Providers and pharmacies in their various jurisdictions have reported catastrophic disruptions due to the extended outage and limited restoration of Change Healthcare’s services, and wholly inadequate responses from Change Healthcare and its payor partners. Many providers and pharmacies have said they are in jeopardy of collapse, with patients experiencing disruption to care due to delays in receiving vital prescription medications. In some cases, patients have been denied access to medications due to providers’ inability to conduct eligibility checks.

In the weeks following the attack, the Attorneys General have received increasingly dire messages from healthcare facilities, care providers, and patients due to the prolonged disruption to Change Healthcare’s services. The outage has caused problems with prescription drug access, there are catastrophic billing and payment backlogs, and other problems stemming from the continued lack of access to Change Healthcare’s services.

“Facilities that use Change Healthcare as their backbone to track services and claims have been unable to timely complete prior authorizations, confirm benefits, document and submit claims, and in some instances have even lost access to basic care IT infrastructure,” wrote the Attorneys General. “You must do more than you are currently to avoid imposing further harm to our states’ health care infrastructure and the patients who rely upon it.”

In addition to the lack of access to Change Healthcare’s systems, it has now been confirmed that there was a considerable data breach. UnitedHealth Group issued a statement confirming that personally identifiable and protected health information was compromised and that the data breach could affect “a substantial proportion of the U.S. population.” Further, “Given the ongoing nature and complexity of the data review, it is likely to take several months of continued analysis before enough information will be available to identify and notify impacted customers and individuals.”

The Attorneys General have been contacted by care providers and non-HG facilities who said they are unable to reach Change Healthcare staff who can provide timely information about the data that has been breached, how they can get financial support that does not impose unreasonable conditions such as waiver of liability, and how they can document and submit claims during the outage. While financial assistance has been provided, for many providers that have experienced financial difficulties due to the attack, the support offered has been “paltry”. Some independent providers have been quoted relief of as little as $10 per week.

In the letter, the Attorneys General outlined some of the specific actions that they believe need to be taken to help alleviate the harm caused by the outage. Those measures include the enhancement and expansion of financial assistance to all affected providers, ensuring providers and practices owned by UHG or its subsidiaries are not being offered more advantageous financial assistance than others, providing a dedicated helpline to allow providers to resolve unanswered questions, ensuring that the claims backlog is expeditiously resolved, to issuing timely notifications to the practices and patients whose data has been compromised. The Attorneys General also asked to be provided with an independent analysis confirming that UHG’s and Change Healthcare’s systems have been secured and the vulnerabilities that contributed to the cyberattack have been addressed.

The post Bipartisan Coalition of Attorneys General Call for UHG to Take Decisive Action to Help Providers and Patients appeared first on HIPAA Journal.

ComplianceJunction HIPAA Training Receives SCCE Accreditation

Posted by Steve Alder

The Society of Corporate Compliance and Ethics (SCCE) has recently accredited ComplianceJunction’s ‘HIPAA Training for Organizations’ training course. The SCCE is an Eden Prairie, MN-based non-profit association dedicated to enabling the lasting success and integrity of organizations by promoting high standards in compliance and ethics programs. The SCCE, which has more than 19,000 members in over 100 countries, provides resources, education, and networking opportunities for ethics and compliance professionals and offers professional certification through the Compliance Certification Board (CCB). The CCB is an independent body that recognizes individuals with competence in the practice of compliance and ethics.

ComplianceJunction’s mission is to help healthcare organizations train their employees on HIPAA compliance and ensure they understand their responsibilities when it comes to health information privacy. ComplianceJunction has developed a training course that provides an overview of the Health Insurance Portability and Accountability Act (HIPAA) and serves as a foundation for developing a comprehensive HIPAA training program. The training has been used by more than 1,000 healthcare organizations and over 100 universities to raise awareness of the HIPAA regulations.

“ComplianceJunction’s customers include practice owners and senior managers who want to ensure that their staff members are kept up to date on the HIPAA regulations and their organization maintains compliance with the HIPAA training requirements,” explained ComplianceJunction’s Ryan Coyne. “The SCCE accreditation means their employees can now earn CEUs for completing the course, which provides an extra incentive for completing the training.” Healthcare professionals who complete the accredited HIPAA training course will earn 2.6 Continuing Education Units (CEUs) that demonstrate they are taking steps to stay up-to-date with current regulations and are continuing their education and professional development.

“The ComplianceJunction HIPAA training offers a detailed overview of HIPAA fundamentals, laying a solid foundation for developing a comprehensive training program. The modules and case studies are excellent tools to engage staff in further discussion and uncover additional role-specific training needs,” said Joanne Curran, Director of Health Information Management at the Greater Lawrence Family Health Center. “Staff appreciate the opportunity to earn CEUs for completing the training series and look forward to additional training offerings.”

The post ComplianceJunction HIPAA Training Receives SCCE Accreditation appeared first on HIPAA Journal.