In response to the Change Healthcare cyberattack in late February, the Centers for Medicare and Medicaid Services (CMS) today announced it is reopening the 2023 Merit-based Incentive Payment System (MIPS) Extreme and Uncontrollable Circumstances (EUC) exception application to provide relief to impacted practices.

IMPORTANT: Only applications citing this cyberattack will be approved.  When completing the application, applicants must select “Ransom/Malware” as the Event Type and include “Change Healthcare cyberattack” in the Event Description.

Individual MIPS eligible clinicians, groups, virtual groups and Alternative Payment Model (APM) Entities participating in MIPS (including Shared Savings Program Accountable Care Organizations) who anticipate being unable to submit data for the 2023 performance year, or to complete their data submission before the April 15 deadline due to the cyberattack, can submit a 2023 MIPS EUC exception application until 5 p.m. Pacific Time on April 15, 2024.

What If We’ve Already Submitted Some Data?

For those who have already submitted some data, CMS will not reweight any performance category for which they’ve received data. Additionally, any data submitted to CMS after applying for the EUC exception will override the application for those performance categories.

However, if three of the performance categories are reweighted to 0% and only one performance category can be scored (e.g., because the MIPS eligible clinician, group, or virtual group submitted data for that category), then you will earn a final score equal to the performance threshold and you will receive a neutral payment adjustment.

If a physician or practice would like to still be scored on the 2023 MIPS program, the extended deadline to submit data remains April 15, 2024.

Read the full CMS announcement.