CMS Announced Medicare Accelerated and Advance Payments in Response to Change Healthcare Cyberattack
On March 9, 2024, the Centers for Medicare and Medicaid Services (CMS) announced the creation of the Change Healthcare/Optum Payment Disruption (CHOPD) Program. Under the CHOPD Program, CMS will make accelerated payments to Part A providers and advance payments to Part B suppliers that have experienced claims disruptions as a result of the Change Healthcare cyberattack.
Under the CHOPD Program, qualifying providers and suppliers will be eligible to apply for and receive Medicare advances of up to 30 days of their average Medicare payments. Applications for payment advances must be made to the provider’s or supplier’s Medicare Administrative Contractor (MAC). The 30-day payment advance will be based on the average Medicare payments to the provider or supplier between August 1, 2023 and October 31, 2023. Specifically, CMS will compute the total amounts paid to the provider during this period, and then divide by 3 to arrive at the 30-day average amount.
Advance payments received through the CHOPD Program are considered a loan. Therefore, these amounts must be repaid through offsets against future Medicare payments. Recoupments will commence on the date the advance payments are received by the provider or supplier. These recoupments will be equal to 100% of future payments, and will continue until the earlier to occur of: (1) the full repayment of the advance payment or (2) 90 days. In the event a balance remains after 90 days, the MAC will generate a demand notice for the outstanding balance, which must be repaid within 30 days. If the provider does not repay the outstanding balance within that period, interest will start to accrue on the outstanding balance.
Providers and suppliers with multiple National Provider Identifiers (NPIs) may be eligible for multiple advance payments.
Eligibility Requirements
To qualify for advance payments, a provider or supplier must meet the following requirements:
- Advance payments may be requested for individual providers or suppliers, i.e., a unique NPIs and Medicare ID (PTAN) combination.
- The provider or supplier must not currently be receiving Periodic Interim Payments.
- The provider or supplier must make the following certifications:
- The provider/supplier must certify that they have experienced a disruption in claims payment or submission due to a business relationship the provider/supplier has with Change Healthcare or another entity that uses Change Healthcare, or the provider’s/supplier’s third-party payers have with Change Healthcare or another entity that uses Change Healthcare.
- The provider/supplier must not be able to submit claims to receive claims payments from Medicare.
- The provider/supplier has been unable to obtain sufficient funding from other available sources to cover the disruption in claims payment, processing, or submission attributable to the cyberattack
- The provider/supplier does not intend to cease business operations and is presently not insolvent.
- The provider/supplier, if currently in bankruptcy, will alert CMS about this status and include case information.
- Based on its information, knowledge and belief, the provider/supplier is not aware that the provider/supplier or a parent, subsidiary, or related entity of the provider/supplier is under an active healthcare-related program integrity investigation in which the provider/supplier or a parent, subsidiary, or related entity of the provider/supplier: (1) is under investigation for potential False Claims Act violations related to a federal healthcare program; (2) is a defendant in state or federal civil or criminal action (including a qui tam False Claims Act action either filed by the Department of Justice or in which the Department of Justice has intervened; or (3) has been notified by a state or federal agency that it is a subject of a civil or criminal investigation or Medicare program integrity administrative action; or (3) has been notified that it is the subject of a program integrity investigation by a licensed health insurance issuer’s special investigative unit.
- The provider/supplier is enrolled in the Medicare program had has not been revoked, deactivated, precluded, or excluded by CMS or the HHS Office of the Inspector General.
- The provider/supplier does not have any delinquent Medicare debts.
- The provider/supplier is not on a Medicare payment hold or payment suspension.
- The provider/supplier will use the funds for the operations of the specific provider/supplier for which they were requested.
To the extent a provider or supplier is approved for an advance payment, they must then execute a Terms and Conditions document acknowledging the following:
- That the funds were advanced from the Medicare Trust Fund, and represent an advance on claims payments.
- The accelerated and advance payment is not a loan, and cannot be forgiven, indebtedness cannot be reduced, and there are no flexibilities regarding repayment timelines. CMSI will use its standard recoupment procedures to recover these amounts.
- Repayment will commence immediately via 100% recoupment of Medicare claims payment owed to the provider/supplier, as the provider/supplier submits claims and claims are processed, after the date on which the payment is granted. Recoupment will continue for a period of 90 days.
- A demand will be issued for any remaining balance on Day 91 following the issuance of the advance payment.
- Interest will start to accrue 30 days after a demand is issued consistent with the interest rate established under applicable interest authorities.
- CMS will proceed directly to demand the advance payments if any certifications or acknowledgements are found to be falsified.
- Grant of an advance payment is not guaranteed and payments will not be issued once the disruption to claims servicing is remediated, regardless of when a request is received. CMS may terminate the program at any time.
- CMS maintains the right to conduct post payment audits related to any advance payments issued under this program.
Centers for Medicare and Medicaid Services (CMS), cybersecurity