CMS Responds to MIPS Reporting Challenges due to Change Healthcare Cyber Attack
Published April 9, 2024

CMS Responds to MIPS Reporting Challenges Due To Change Healthcare Cyber Attack

Healthcare organizations nationwide are still recovering from Change Healthcare’s February 2024 cyber attack, which led to delays in claims processing and significant cash flow uncertainty. To provide relief to 2023 Merit-based Incentive Payment System (MIPS) eligible clinicians who faced a reporting hardship due to data issues stemming from Change’s cyber attack, the Centers for Medicare & Medicaid Services (CMS) extended the data submission deadline for the 2023 performance year to April 15, 2024, 8 p.m. EST. CMS has also reopened the MIPS Extreme and Uncontrollable Circumstances (EUC) Exception Application that originally closed December 31, 2023. The new EUC application deadline also closes April 15, 2024, at 8 p.m. EST.

As the application window has been reopened due to the cyber attack, CMS reports only applications citing the cyber attack as the factor limiting their ability to submit will be approved. Any applications submitted for reasons other than the cyber attack will be denied, and any data previously submitted will override the application for those respective categories.

For eligible clinicians, groups, and entities who have already submitted data, CMS reports they will not reweigh any performance category for which data has been submitted. CMS states, however, “if three of the performance categories are reweighted to 0% and only one performance category can be scored, then the MIPS eligible clinician, group, or virtual group will earn a final score equal to the performance threshold and the MIPS eligible clinician(s) will receive a neutral payment adjustment.” CMS encourages eligible clinicians to submit applications as soon as possible, as applications are processed on a rolling basis.

PYA continues to monitor the situation and will provide updates as we become aware of them. Stay tuned and check back for the latest on the Change Healthcare cyber attack and subsequent response. Read PYA’s related article about the cyber attack.

If you would like assistance evaluating your entity’s MIPS strategy, one of our executive contacts would be happy to assist. You may e-mail them or call (800) 270-9629.

Executive Contacts

Interested in Learning More?

Sign Up for Our Latest Thought Leadership!

    Select Your Subscriptions