Health Care Cybersecurity Act

Three main points:

1. The Change Healthcare cyberattack has had a major impact on the entire healthcare industry.
2. The Health Care Cybersecurity Improvement Act of 2024 is the first bill introduced following the incident, setting minimum cybersecurity standards for providers and their vendors.
3. Americollect is prepared for these requirements by being HITRUST Certified.

The Change Healthcare cyberattack has impacted the entire healthcare industry and shown how a disruption in billing services can threaten provider financial solvency. In late March, federal legislation involving a cybersecurity act was introduced to allow the Department of Health and Human Services (HHS) to speed up provider reimbursement when hospitals and physicians are affected by cyberattacks, but there is a caveat – providers and their vendors are required to meet minimum cybersecurity standards to qualify.

Legislative Cybersecurity Act Introduced

The Health Care Cybersecurity Improvement Act of 2024 was introduced by Sen. Mark R. Warner. It is the first bill that was introduced following the cyberattack, in late February 2024,  that affected Change Healthcare and the providers that utilized its claims processing program.

Who it Impacts

When cyberattacks impact the ability of providers to get paid, hospitals and physician groups have asked for greater financial assistance at the federal level as well as more flexibility from their payers.

This cybersecurity act bill would apply to Medicare Part A providers, such as acute care hospitals, skilled nursing facilities and other inpatient care facilities. It would also apply to Part B suppliers, including physicians, nonphysician practitioners, durable medical equipment suppliers and others who furnish outpatient services that may face cash flow issues due to circumstances beyond their control.

What the Cybersecurity Act Does

The Centers for Medicare and Medicaid Services have provided temporary financial relief through Accelerated and Advanced Payment programs since the 1980s. The Health Care Cybersecurity Improvement Act of 2024 would modify the existing Medicare Hospital Accelerated Payment Program and the Medicare Part B Advance Payment Program by:

• Requiring the secretary to determine if the need for payments results from a cyber incident;
• If it does, requiring the healthcare provider receiving the payment to meet minimum cybersecurity standards, as determined by the secretary, to be eligible; and
• If a provider’s intermediary was the target of the incident, the intermediary must also meet minimum cybersecurity standards, as determined by the secretary, for the provider to receive the payments.

Are your Vendors Prepared?

Ensuring your facility meets the minimum cybersecurity standards for the cybersecurity act is something you have control over, but making sure your vendors are prepared is quite another. Your partners can tell you they have taken the necessary steps to protect your data, but can they show you how they did it? Americollect is HITRUST CSF certified, a recognition awarded for safeguarding sensitive information. This means that you are protected whether you use our early out solutions, bad debt collection or both.

If you would like to learn more about Americollect early out solutions, bad debt collection or our HITRUST CSF certification, contact us today!