Provider resources

System update for providers

Last updated May 31, 2023

On April 17, Point32Health identified a cybersecurity ransomware incident that impacted systems we use to service members, accounts, brokers and providers. This is impacting systems that support Harvard Pilgrim Health Care commercial and Medicare Advantage Stride℠ plans (HMO)/(HMO-POS). Currently Tufts Health Plan, Tufts Medicare Preferred, Tufts Health Public Plans and CarePartners of Connecticut systems remain accessible.

After detecting the unauthorized party, we proactively took our Harvard Pilgrim Health Care systems offline to contain the threat. We have notified law enforcement and regulators and are working with third-party cybersecurity experts to conduct a thorough investigation into this incident and remediate the situation. While we work diligently to restore affected systems as quickly and as safely as possible, our team is working around the clock so that Harvard Pilgrim Health Care (HPHC) members receive the services they need.

Point32Health has communicated to our provider partners that they should continue providing care to HPHC members during this ongoing incident and services will be covered. Providers, if you have any questions, please contact the Provider Service Center by email at provider_callcenter@point32health.org.

Members, if you have any questions or are being denied care, please call the number on the back of your HPHC member ID card for assistance.

To date, we have taken several steps to further enhance the security of our organization and the data entrusted to us. We are:

Reviewing and enhancing user access protocols;
Enhancing vulnerability scanning and identifying prioritized IT Security improvements;
Implementing a new sustainable Endpoint Detection and Response (EDR) security solution to detect and respond to cyber threats; and
Conducting password resets for administrative accounts.

Our primary focus during recovery is to make sure members and our customers receive the care and services they need as quickly and as safely as possible. With this in mind, our system recovery efforts are focused on priority areas of the business, such as eligibility and enrollment; continuity of care, utilization management, and prior authorizations; provider payments; claims processing for medical and behavioral health; sales and renewals; and the remainder of business functions.

We take the privacy and security of the data entrusted to us seriously. Unfortunately, the investigation identified signs that data was copied and taken from our Harvard Pilgrim Health Care (“Harvard Pilgrim”) systems between March 28, 2023, and April 17, 2023. We determined that the files at issue may contain personal information and/or protected health information for current and former subscribers and dependents, and current contracted providers. Harvard Pilgrim has now begun the process of notifying individuals whose information may potentially have been involved in the incident. Additionally, while we are not aware of any misuse of personal information and protected health information as a result of the incident, out of an abundance of caution, Harvard Pilgrim is offering complimentary access to two (2) years of credit monitoring and identity theft protection services through IDX to potentially impacted individuals. We also recommend that individuals remain vigilant, monitor, and review their financial and account statements and explanations of benefits, and report any unusual activity to the institution that issued the record and to law enforcement.

For information about credit monitoring and identity theft protection services, please refer to Point32Health Ransomware Incident Update: Provider Impact.

Provider FAQ

What happened? What is Point32Health doing in response?

After detecting the unauthorized party, we proactively took our Harvard Pilgrim systems offline to contain the threat. We have notified law enforcement and regulators and are working with third-party cybersecurity experts to conduct a thorough investigation into this incident and remediate the situation.

During the course of our investigation, we determined that the files at issue may contain personal information and/or protected health information for Harvard Pilgrim current and former subscribers and dependents, and current contracted providers. Harvard Pilgrim has now begun the process of notifying individuals whose information may potentially have been involved in the incident.

For more information, please refer to the Notice of Data Security Incident on the Harvard Pilgrim Health Care website.

What systems are still affected or offline?How do I confirm my patient’s eligibility for coverage?

We have restored capabilities for 270/271 eligibility transactions for Harvard Pilgrim Health Care commercial plans and are ready to accept your 270/271 eligibility transactions. We are confident that it is safe to resume conducting these transactions with Harvard Pilgrim Health Care systems.

You can now check eligibility for Harvard Pilgrim Health Care commercial members who were enrolled on or before April 15, 2023 via HPHConnect, the Provider Call Center, batch 270/271 transactions, and via trading partners. For these members, you have access to the same information available in the past, including member’s plan participation, PCP and benefit information including copayment, coinsurance, and other cost-share details. The information reflects member participation in a Harvard Pilgrim commercial plan through April 15, two days prior to the identification of the cybersecurity ransomware incident.

Please be aware, however, that eligibility information for members who enrolled with Harvard Pilgrim Health Care commercial plans on or after April 16 is not currently available. We have issued temporary member ID cards (starting with P3 rather than the standard HP) and/or eligibility letters to these new members (see question below for more information); please accept the temporary ID card or eligibility letters as proof of eligibility and provide care to these members.

For Medicare Advantage Stride℠ (HMO)/(HMO-POS) members, providers can continue to access eligibility information through the Stride provider portal.

If I was unable to check eligibility for Harvard Pilgrim members, will I be reimbursed if I provide care and the member is later determined to be ineligible?How do I submit patient claims?

We are unable to accept claim submissions for Harvard Pilgrim Commercial members, and request that providers please hold these submissions until further notice.

However, you should continue to submit claims for:

Harvard Pilgrim Medicare Advantage Stride℠ (HMO)/(HMO-POS) members
all Tufts Health Plan members, including Tufts Health Commercial Plans, Tufts Health Plan Senior Products, and Tufts Health Public Plans
CarePartners of Connecticut members

Will you extend timely filing limits for claims? How are Harvard Pilgrim Health Care commercial claim appeals affected?

Although you may continue to submit Harvard Pilgrim Health Care commercial claim appeals, we are unable to process these appeals at this time. Once our systems are available, we will process all provider submitted commercial appeals using their original receipt date. Additionally, we will extend timely filing limits for claims appeals affected by the systems outage (please refer to the question on timely filing for additional details).

How does this affect patient care?What if I can’t determine the member’s copayment?Is utilization management affected?Will procedures be covered without prior authorization?

Effective April 15, 2023 and until further notice, we have waived all prior authorization (PA) requirements and related utilization management (UM) requirements for all Harvard Pilgrim Health Care members. This includes members who are out of area and have access to our national network partner, UnitedHealthcare.

Please keep in mind that the waiver of PAs, notification, referrals and related UM requirements for medical and behavioral health services applies only during this system outage. As soon as our PA and UM capabilities resume, we will share updated information and next steps on this website and through other communication channels.

When our systems are up and running again, claims for affected services will be adjudicated without an authorization. We will not require providers to subsequently submit an authorization for services rendered while authorization is waived (from April 15 through the date at which we communicate that our systems are operational). If you submitted an authorization request prior to the outage and received a denial, the denial will stand.

Delegated Pharmacy Authorization
The prior authorization waiver above does not apply to pharmacy benefit and medical benefit drugs as our pharmacy systems continue to function normally. Prior authorization requirements for medications still apply for both Harvard Pilgrim Health Care and Tufts Health Plan. However, prior authorization for Harvard Pilgrim members managed by our vendor partners OncoHealth, NIA, Carelon, or CareLink are currently waived.

Please contact us regarding any member who may benefit from care management and assistance in coordinating care. Our care management teams are ready and able to support.

All provider inquiries can be directed to the following:

Medicare Advantage Stride^SM(HMO)/(HMO-POS) plans: Call 888-609-0692 (TTY: 711). Representatives are available Monday through Friday from 8 a.m. to 8 p.m.
All other Harvard Pilgrim plans: Call the Provider Call Center at 800-708-4414 (TTY: 711). Representatives are available Mondays, Tuesdays and Thursdays from 8 a.m. to 6 p.m.; Wednesdays from 10 a.m. to 6 p.m.; and Fridays from 8 a.m. to 5:30 p.m.

How does this cybersecurity ransomware incident affect Harvard Pilgrim’s behavioral health services through Optum/United Behavioral Health (UBH)?

Please continue to submit your behavioral health claims for our Harvard Pilgrim Health Care members. Until further notice, Optum/UBH is waiving referral, authorization, and notification requirements for behavioral health services for members of Harvard Pilgrim Health Care commercial and Medicare Advantage Stride^SM (HMO)/(HMO-POS) plans. Optum/UBH is processing behavioral health claims and reimbursing providers without interruption.

Due to the continuous work on restoration efforts, we have made the decision to push back insourcing our Behavioral Health program, which was scheduled to occur on July 1 for our Harvard Pilgrim Health Care commercial members. By delaying the implementation, we can ensure the continuity of care for our members, while our staff continues work on the current outage.

There is no impact to Tufts Health Plan, Harvard Pilgrim Health Care Medicare Advantage Stride^SM (HMO)/(HMO-POS), and CarePartners of Connecticut members.

Although our rollout is delayed, there will be no interruption to care or provider access for our Harvard Pilgrim Health Care members. All Harvard Pilgrim Health Care members in New England and nationwide will be able to continue to see their providers as they do today based on their current health plan designs.

We will continue to build our behavioral health network in anticipation of the insourcing. If you are a behavioral health provider and you received a contracting packet from us, we encourage you to complete any necessary steps as soon as possible. This will help us offer a robust behavioral health network for our members and uninterrupted care to Harvard Pilgrim commercial members when insourcing occurs.

Until that time, Optum/United Behavioral Health will continue to provide behavioral health services for Harvard Pilgrim Health Care members; Tufts Health Plan behavioral health services will continue to be managed inhouse, with members receiving services from the existing Tufts Health Plan network of providers.

Please refer to the Behavioral Health section of the Integration FAQ for further details.

Which provider payments are impacted?

Provider reimbursement has been delayed for Harvard Pilgrim Health Care commercial members since the cybersecurity ransomware incident.

We are releasing the April 18 EFT payments for Harvard Pilgrim Health Care commercial plans and expect that providers receiving reimbursement in this check run will see these funds deposited into their accounts between Tuesday, May 16 and Thursday, May 18. We are able to issue these payments because they were in an advanced stage of processing at the time of the incident. However, we are not currently able to process and release EFT payments beyond this date.

Recognizing the impact of these delays on you, we have implemented a process for issuing bridge payments to providers. For details, please refer to these instructions on initiating a request for a bridge payment.

Please keep in mind that many lines of business were unaffected by this issue, and as such, provider payments — both electronic and paper check — were made on time and will continue without interruption. You should continue to submit claims for patients with the following products:

Harvard Pilgrim Health Care Medicare Advantage Stride℠ (HMO)/(HMO-POS)
Tufts Health Plan products (including Tufts Health Plan, Tufts Medicare Preferred, and Tufts Health Public Plans)
CarePartners of Connecticut

We are working diligently to reinstitute regular claims processing and payments to our Harvard Pilgrim Health Care commercial network. Until normal processes are restored, we will publish specific information about the status of provider payments for that week on Wednesday at noon.

Will new Harvard Pilgrim commercial members be issued a temporary ID card?

We have established a temporary process to enroll new commercial members. This applies to new groups as well as adding members to existing groups. As part of this process, we will be issuing temporary member ID cards for newly enrolled Harvard Pilgrim commercial members. The temporary ID cards look similar to current Harvard Pilgrim cards; however, the ID card number will start with P3 rather than our standard HP. Please use this card as you would a permanent ID card, and keep in mind that you can file claims using this temporary member ID number when we begin accepting claims for Harvard Pilgrim commercial members again. Permanent ID cards will be issued once the system outage is resolved. Please update your records when the permanent ID is presented. We will reconcile our records and map any transactions submitted using the temporary member ID number to the permanent member ID number. In the event that a new member needs services prior to receiving their temporary member ID, we will issue an eligibility verification letter, as we have in the past.

How is Health Plans, Inc (HPI) affected?

HPI is affected by the Harvard Pilgrim outage, as follows:

Claims priced by Harvard Pilgrim and provider payment: HPI is accepting claims from providers. However, HPI cannot process claims for payment, since HPI claim files are sent to Harvard Pilgrim Health Care for network pricing, and these systems are not currently operational. As a result, HPI payments are delayed for Harvard Pilgrim network providers.
Claims priced by United Health Care (UHC): HPI is accepting and can process claims priced by UHC outside of the Harvard Pilgrim Health Care service area. However, claims for members of UHC or UMR plans in the Harvard Pilgrim Health Care service area cannot be processed, due to the inability to have those claims priced by Harvard Pilgrim. As a result, those claims currently cannot be processed.
Prior authorization submission: HPI’s prior authorization requirements remain in place, and HPI is continuing to process prior authorization requests.
Eligibility: HPI can provide verification of eligibility by telephone for providers, who should direct these calls to the 800 number on member ID cards.

What is the affect on Passport?

UnitedHealthcare manages administrative services in all regions for Passport, including eligibility and claims processing. Please continue to access UnitedHealthcare’s provider portal for transactions and information for Passport members.

Claims: UnitedHealthcare is accepting and can process in-area and out-of-area claims. Please continue to submit claims to UnitedHealthcare for Passport members.
Eligibility: Current eligibility for Passport members is available and can be verified on UnitedHealthcare’s provider portal.
Prior Authorization: UnitedHealthcare is accepting and can process prior authorizations. Please continue to submit prior authorization to UnitedHealthcare for Passport members.
Customer Service: For questions and support, providers may contact UnitedHealthcare at 877-842-3210. Members may contact UnitedHealthcare’s member services at 866-801-4409 or access information on UnitedHealthcare’s member portal.

Are you anticipating any interruptions to member coverage?Will this affect any of the business I do with you?Is this impacting secure email between providers and Point32Health?Who should I contact for more assistance?Where can members find more information and support?

Members who need urgent assistance can call the Member Services number listed on the back of their Harvard Pilgrim ID card, but should be aware that call volumes are higher than normal and have created longer wait times.

For questions about behavioral health services, Harvard Pilgrim members can call Optum/United Behavioral Health at 888-777-4742. For questions about Pharmacy services, members can call the following numbers:

For specialty pharmacy help: 844-265-1705
For OptumRx home delivery help: 855-258-1561
For help with their OptumRx online account: 844-813-7271

How long will it take to return to normal operations?