CMS offers MIPS reporting relief to physicians impacted by cyberattack
The Centers for Medicare & Medicaid Services (CMS) has reopened the extreme and uncontrollable circumstances exception (EUC) application to those affected by the Change Healthcare cyberattack. The EUC exempts clinicians from the Merit-based Incentive Payment System (MIPS) reporting requirements for the 2023 performance year. The deadline to submit an EUC application is 8 p.m. ET on April 15.
Individual clinicians, groups, virtual groups, and alternative payment model entities participating in MIPS who anticipate being unable to submit data for the 2023 performance period because of the Change Healthcare cyberattack can submit an application requesting reweighting of any or all of the MIPS performance categories. Practices who would qualify include the following:
- Practices that have had to focus their administrative resources on the workarounds required to submit claims and,
- Practices that use a third-party intermediary to support their data submission but the third-party is engaged in efforts to redirect claims through other clearinghouses to assist their clients.
CMS notes that any submitted data will not override an EUC application. However, if three performance categories are reweighted and only one category can be scored, the clinician will receive a final score equal to the performance threshold and a neutral payment adjustment in the 2025 payment year.
Because the EUC application window is only being reopened as response to the Change Healthcare cyberattack, CMS will only approve applications that cite the attack as the basis for requesting reweighting. Applications submitted for reasons outside of this will be denied. Practices can submit applications through the Quality Payment Program (QPP) website. Select “Ransom/Malware” as the event type and include “Change Healthcare cyberattack” in the event description.
Additional information on data submission can be found in the QPP Resource Library. More information on the Change Healthcare cyberattack is available in the following resources:
- Department of Health and Human Services Statement - https://www.hhs.gov/about/news/2024/03/05/hhs-statement-regarding-the-cyberattack-on-change-healthcare.html
- CMS Statement - https://www.cms.gov/newsroom/press-releases/cms-statement-following-health-care-payer-and-provider-roundtable-cyberattack-change-healthcare
- Getting Paid: Change Healthcare issues more information about cyberattack and assistance fund
— Erin Solis, Manager, Practice & Payment at the American Academy of Family Physicians
Posted on March 15, 2024
Other Blogs
- Quick Tips from FPM journal
- AFP Community Blog
- Fresh Perspectives
- In the Trenches
- Leader Voices
Feed
Disclaimer: The opinions and views expressed here are those of the authors and do not necessarily represent or reflect the opinions and views of the American Academy of Family Physicians. This blog is not intended to provide medical, financial, or legal advice. Some payers may not agree with the advice given. This is not a substitute for current CPT and ICD-9 manuals and payer policies. All comments are moderated and will be removed if they violate our Terms of Use.