Already a member or subscriber? Sign in now

Advertisement
Previous
CMS extends deadline to submit MIPS data
Next
Change Healthcare issues more information about cyberattack and assistance fund

CMS offers MIPS reporting relief to physicians impacted by cyberattack

Erin Solis
March 15, 2024

The Centers for Medicare & Medicaid Services (CMS) has reopened the extreme and uncontrollable circumstances exception (EUC) application to those affected by the Change Healthcare cyberattack. The EUC exempts clinicians from the Merit-based Incentive Payment System (MIPS) reporting requirements for the 2023 performance year. The deadline to submit an EUC application is 8 p.m. ET on April 15.

Individual clinicians, groups, virtual groups, and alternative payment model entities participating in MIPS who anticipate being unable to submit data for the 2023 performance period because of the Change Healthcare cyberattack can submit an application requesting reweighting of any or all of the MIPS performance categories. Practices who would qualify include the following:

  • Practices that have had to focus their administrative resources on the workarounds required to submit claims and,
  • Practices that use a third-party intermediary to support their data submission but the third-party is engaged in efforts to redirect claims through other clearinghouses to assist their clients.

CMS notes that any submitted data will not override an EUC application. However, if three performance categories are reweighted and only one category can be scored, the clinician will receive a final score equal to the performance threshold and a neutral payment adjustment in the 2025 payment year.

Because the EUC application window is only being reopened as response to the Change Healthcare cyberattack, CMS will only approve applications that cite the attack as the basis for requesting reweighting. Applications submitted for reasons outside of this will be denied. Practices can submit applications through the Quality Payment Program (QPP) website. Select “Ransom/Malware” as the event type and include “Change Healthcare cyberattack” in the event description.

Additional information on data submission can be found in the QPP Resource Library. More information on the Change Healthcare cyberattack is available in the following resources:

— Erin Solis, Manager, Practice & Payment at the American Academy of Family Physicians

Posted on March 15, 2024

Copyright © 2026 by the American Academy of Family Physicians.

This content is owned by the AAFP. A person viewing it online may make one printout of the material and may use that printout only for his or her personal, non-commercial reference. This material may not otherwise be downloaded, copied, printed, stored, transmitted or reproduced in any medium, whether now known or later invented, except as authorized in writing by the AAFP. See permissions for copyright questions and/or permission requests.