News and Information

Health Care Cybersecurity Act

A doctor with a blue stethoscope hanging behind his neck holds up his index finger pointed at a shield with a check mark imprinted in it

Three main points:

  1. The Change Healthcare cyberattack has had a major impact on the entire healthcare industry.
  2. The Health Care Cybersecurity Improvement Act of 2024 is the first bill introduced following the incident, setting minimum cybersecurity standards for providers and their vendors.
  3. Americollect is prepared for these requirements by being HITRUST Certified.

The Change Healthcare cyberattack has impacted the entire healthcare industry and shown how a disruption in billing services can threaten provider financial solvency. In late March, federal legislation involving a cybersecurity act was introduced to allow the Department of Health and Human Services (HHS) to speed up provider reimbursement when hospitals and physicians are affected by cyberattacks, but there is a caveat – providers and their vendors are required to meet minimum cybersecurity standards to qualify.

Legislative Cybersecurity Act Introduced

The Health Care Cybersecurity Improvement Act of 2024 was introduced by Sen. Mark R. Warner. It is the first bill that was introduced following the cyberattack, in late February 2024,  that affected Change Healthcare and the providers that utilized its claims processing program.

Who it Impacts

When cyberattacks impact the ability of providers to get paid, hospitals and physician groups have asked for greater financial assistance at the federal level as well as more flexibility from their payers.

This cybersecurity act bill would apply to Medicare Part A providers, such as acute care hospitals, skilled nursing facilities and other inpatient care facilities. It would also apply to Part B suppliers, including physicians, nonphysician practitioners, durable medical equipment suppliers and others who furnish outpatient services that may face cash flow issues due to circumstances beyond their control.

What the Cybersecurity Act Does

The Centers for Medicare and Medicaid Services have provided temporary financial relief through Accelerated and Advanced Payment programs since the 1980s. The Health Care Cybersecurity Improvement Act of 2024 would modify the existing Medicare Hospital Accelerated Payment Program and the Medicare Part B Advance Payment Program by:

  • Requiring the secretary to determine if the need for payments results from a cyber incident;
  • If it does, requiring the healthcare provider receiving the payment to meet minimum cybersecurity standards, as determined by the secretary, to be eligible; and
  • If a provider’s intermediary was the target of the incident, the intermediary must also meet minimum cybersecurity standards, as determined by the secretary, for the provider to receive the payments.

Are your Vendors Prepared?

Ensuring your facility meets the minimum cybersecurity standards for the cybersecurity act is something you have control over, but making sure your vendors are prepared is quite another. Your partners can tell you they have taken the necessary steps to protect your data, but can they show you how they did it? Americollect is HITRUST CSF certified, a recognition awarded for safeguarding sensitive information. This means that you are protected whether you use our early out solutions, bad debt collection or both.

If you would like to learn more about Americollect early out solutions, bad debt collection or our HITRUST CSF certification, contact us today!

Ridiculously Nice Legal Disclaimer

The content provided in this communication (“Content”) is presented for educational and general reference purposes only. Americollect, Inc and/or AmeriEBO LLC either directly or indirectly through speakers, independent contractors, or employees (collectively referred to as “Americollect”) is providing this Content as a courtesy to be used for informational purposes only. The Contents are not intended to serve as legal or other advice. Americollect does not represent or warrant that the Content is accurate, complete, or current for any specific or particular purpose or application. This information is not intended to be a full and exhaustive explanation of the law in any area, nor should it be used to replace the advice of your own legal counsel. By using the Content in any way, whether or not authorized, the user assumes all risk and hereby releases Americollect from any liability associated with the Content.

Join our mailing list

Sign up to receive email updates on current information impacting the healthcare field and revenue cycle.