Chances are, if you are reading this column, you have heard about the ransomware attack on Change Healthcare that occurred on February 21, 2024. In the ever-evolving landscape of health care, where technology plays an increasingly crucial role, this recent event has sent shockwaves through the industry. At the time of this writing, Change Healthcare’s systems were not yet fully restored.
The repercussions extend far beyond the realms of data breaches and system downtime, bringing revenue to a screeching halt for many providers. For nephrology practices and dialysis programs whose sole clearinghouse is Change Healthcare, reimbursement may be limited to the advance payments available from Medicare Administrative Contractors and United Health Group. In this column, we will discuss the operational challenges the Change Healthcare attack has posed as well as some methods for mitigating the impact of future clearinghouse outages.
Nephrology practices and dialysis facilities rely entirely on timely and accurate claim submissions for revenue generation. Dialysis programs generally submit one claim per patient per month. Losing the ability to obtain their monthly reimbursement has the potential to jeopardize operations for small dialysis programs. With the attack on Change Healthcare’s systems, renal providers have been confronted with a harsh reality: Their revenue streams are vulnerable to yet another external threat beyond their control.
Considering the technology utilized in the health care industry, some of the challenges related to the Change Healthcare attack may appear trivial. For instance, many of the insurance companies no longer accept paper claims. When there are no barriers to submitting electronic claims, eliminating paper claims seems like a great idea. However, if there is no mechanism to process paper claims and no pathway to submit claims electronically, there is no way to reimburse providers and facilities for the services they are providing to their patients. Another challenge presented by the Change Healthcare attack is that a sizable number of insurance companies can accept claims exclusively from Change Healthcare. Again, this is not a problem if all systems are running at full capacity. As an industry, we now understand more than ever the importance of redundancy in every aspect of a nephrology practice or dialysis program.
The company I work for is incredibly fortunate that our clearinghouse of choice was not Change Healthcare. However, we still felt the impact of the attack on Change Healthcare as several of our clients submit large volumes of claims to payers that only accept claims from Change Healthcare or the electronic connection was routed through Change Healthcare by our clearinghouse. Thankfully, we already had access to alternate claim submission methods for most of the insurance companies to which we submit claims. While these alternate submission methods were not as efficient as sending all the claims to our clearinghouse, we were still able to keep the revenue cycle moving.
The importance of maintaining contingency plans for claim submission in the event that a nephrology practice or dialysis program’s main method of submission is compromised has been driven home by the attack on Change Healthcare. The alternate claim submission methods available are dependent on each insurance company’s accepted methods for claim submission and it can take anywhere from minutes to weeks to gain access. Examples of alternate claim submission methods are direct submission of an electronic claim file to the insurance company’s online provider portal, electronic claim submission via direct access to alternate clearinghouses, and direct data entry of claims into the insurance company’s online provider portal.
In conclusion, the ransomware attack on Change Healthcare underscores a critical lesson for the health care industry about the pitfalls of relying solely on a single electronic claim submission method without backup submission methods. As we move forward, it is imperative for health care organizations to implement comprehensive contingency plans, ensuring redundancy in their operations to protect against future disruptions. This attack serves as a reminder of the need for continuous improvement in cybersecurity measures and the importance of adaptable and resilient infrastructure in safeguarding the financial stability and operational continuity of nephrology practices and dialysis programs.
© 2025 Mashup Media, LLC, a Formedics Property. All Rights Reserved.