Pharmacies continue to suffer disruptions in the wake of the February cyberattack on UnitedHealth Group, with UnitedHealth doing little to improve the situation, the National Community Pharmacists Association (NCPA) said in comments to Congress.
In a May 1 announcement, the NCPA said it submitted comments to the Senate Finance Committee and the House Energy and Commerce Subcommittee on Oversight and Investigations ahead of testimony by UnitedHealth CEO Andrew Witty to Congress.
NCPA CEO scathing in appraisal of UnitedHealth response
“Independent pharmacies are still struggling daily with operational and financial disruptions months after the cyberattack,” NCPA’s May 1 announcement said. “UnitedHealth Group has done the bare minimum to help pharmacy providers since the attack began, and despite requests for relief and flexibility, other pharmacy benefit manager-insurers are beginning to issue audits into prescriptions dispensed throughout it.”
This additional cyberattack-related strain, the association added “comes at a time when many pharmacies are already on the brink of closure, and patient access to care is in jeopardy.”
“Too much of our health-care system is being allowed to flow through gigantic corporate monsters like UnitedHealth; this unfortunate circumstance is proof-positive of that,” said NCPA CEO B. Douglas Hoey, pharmacist, MBA, before the Congressional hearings.
“This entity rakes in a tremendous amount of cash, yet it arbitrarily denies or slow-walks patient care, under-reimburses providers and otherwise makes it difficult to provide health-care services, and fails to protect itself and its customers from a catastrophic cyberattack. These broad, debilitating disruptions reiterate independent pharmacy’s view that UnitedHealth Group should not have been allowed to acquire Change Healthcare in the first place, and that Congress and other policymakers must finalize and enforce stronger laws to rein in these behemoths as swiftly as possible.”
NCPA asks for protection from PBM audits, punitive actions
In response to the continuing disruptions, the NCPA “is specifically urging Congress to direct plans and pharmacy benefit managers [PBM] to pause audits, make pharmacies whole for dispensing medications to patients in good faith throughout the cyberattack, and prevent punitive payer/PBM actions based on disruptions in care or recordkeeping that resulted from the event.”
UnitedHealth Group said Change Healthcare detected a cyberattack on Feb. 21 and took all systems offline as a precaution. NCPA indicated in a timeline of the cyberattack that UnitedHealth Group and Change Healthcare were slow to alert pharmacies of the reason behind the systems outage and to communicate details such as how long the outage was likely to last.