Submitted on Tue, 03/19/2024 - 10:05

The federal government continues to react to the United Health Group cybersecurity incident. A subsidiary of the group, Change Healthcare, which deals with as many as half of the payment transactions in the US health care system, has not corrected this breach, which initially occurred in February. CMS announced on Friday, March 15, another support for practices that have enrolled with MIPS, allowing for an extension of the Extreme and Uncontrollable Circumstances exception for those practices impacted by the breach. Following is the CMS update:

In response to the Change Healthcare cyberattack in late February, the Centers for Medicare & Medicaid Services (CMS) extended the data submission deadline and is now reopening the 2023 Merit-based Incentive Payment System (MIPS) Extreme and Uncontrollable Circumstances (EUC) Exception Application to provide relief to MIPS eligible clinicians impacted by this cybersecurity incident. The application will be open for the remainder of the extended data submission period, which closes April 15, 2024, at 8 p.m. ET.

  • Sign in to the QPP website.
  • Select ‘Exceptions Applications’ on the left-hand navigation.
  • Select ‘Add New Exception’.
  • Select ‘Extreme and Uncontrollable Circumstances Exception’.
  • Complete the application.
    • You MUST select “Ransom/Malware” as the Event Type and include “Change Healthcare cyberattack” in the Event Description.
  • Reminder: Any applications submitted for reasons outside of the Change Healthcare cyberattack will be denied.