More than 100 doctor groups are urging the federal regulators to hold UnitedHealth Group responsible for reporting and notification requirements related to the Change Healthcare cyberattack. The aftermath of the attack in February has caused chaos for physicians and medical care providers across the country, as it paralyzed the largest billing and payment system in the U.S. Doctors have been left without the ability to get insurance approval for patient services.
The medical associations and groups have written a letter to the U.S. Department of Health and Human Services Secretary and the HHS Office for Civil Rights Director, stating that UnitedHealth Group alone should be responsible for notifying patients about their protected health information following the cyberattack. They are requesting more clarity around reporting responsibilities and assurance that affected providers will not have to handle the reporting and notification obligations themselves.
Physicians across the country have reported difficulties in paying rent or their staffs, some have had to close their practices, leading to cancelled appointments and delays in treatments for thousands of patients. The FBI and the Department of Health and Human Services are investigating the cyberattack. However, UnitedHealth claims to be compliant with laws and regulations, and has offered assistance to affected providers, including no-cost loans based on claims volume.
UnitedHealth has increased provider assistance to $6.5 billion to help physicians and other medical care providers. The company is working closely with HHS’s Office of Civil Rights to ensure that their notice to affected individuals is effective, useful, and compliant with the law. The total impact of the cyberattack on the Change Healthcare unit is estimated to cost UnitedHealth between $1.35 billion and $1.6 billion in 2024.
The financial impact of the cyberattack has been significant, with 80 percent of physicians reporting lost revenue from unpaid claims, according to a survey by the American Medical Association. More than half of the survey respondents have had to use personal funds to cover practice expenses, and the attack has threatened the viability of physician practices across the country. The AMA is working to support its members and address the challenges posed by the cyberattack.
The medical community is calling for clearer communication and accountability from UnitedHealth Group in the aftermath of the cyberattack. They are urging federal regulators to ensure that UnitedHealth takes responsibility for notifying patients and handling reporting obligations. The impact of the attack on physician practices has been severe, with financial losses and delays in patient care. UnitedHealth is working to provide assistance to affected providers and comply with legal requirements while addressing the financial repercussions of the cyberattack.