HHS Delegates Authority to OCR to Administer and Enforce Confidentiality of Substance Use Disorder Records. The U.S. Department of Health and Human Services (HHS) Secretary issued a Statement of Delegation of Authority allowing the Office for Civil Rights (OCR) to administer and enforce the “Confidentiality of Substance Use Disorder Patient Records” regulations at 42 CFR part 2 (“Part 2”). The delegation of authority gives OCR the control to impose civil money penalties, enter into resolution agreements, and issue subpoenas, for failures to comply with the Part 2 requirements. The delegation also gives OCR the authority to make decisions on the interpretation, implementation, and enforcement of the Part 2 requirements. A fact sheet on the Part 2 final rule is available here.  

TEFCA RCE Seeks Experts to Share Experiences with Implementation. The Sequoia Project, the Trusted Exchange Framework and Common Agreement^™ (TEFCA^™) Recognized Coordinating Entity^® (RCE^®), is seeking experts willing to share their experiences with implementing TEFCA. This effort is part of the overall work by the RCE to refine TEFCA through new or updated standard operating procedures. Experts who agree to participate will work on specific, time-limited workstreams. The RCE is looking for individuals with experience as providers, payers, public health organizations, consumers and caregivers, technology vendors, and health information exchanges. They should be knowledgeable about health care operations, payment, public health operations, privacy, individual access services, security, or standards. Individuals interested must submit their information by September 4.

CMS Updates Medicare Plan Finder for 2026. In a memo to Medicare Advantage Organizations, the Centers for Medicare & Medicaid Services (CMS) provided details on changes to the Medicare Plan Finder (MFP) and Medicare.gov website for calendar year 2026. The changes include adding Medicare Advantage (MA) provider directory information, expanding the display of MA supplemental benefits, and implementing a new artificial intelligence (AI) drug search tool. The MFP does not currently include MA provider network information making it difficult for patients to find providers in their network, which prompted adding the information. Starting on October 1, the display of MA supplemental benefits will include more detailed information on in-network and out-of-network cost sharing, authorization requirements, and plan limits. The AI drug search tool is expected to be available in the fall on Medicare.gov and will provide drug pricing information.

CMS Announces Challenge to Detect Fraudulent Claims Using AI. CMS is holding a “Crushing Fraud Chili Cook-Off Competition” and is calling for developers to create artificial intelligence (AI) and machine learning (ML) models that can identify fraudulent Medicare claims. The goal of the project is to identify new approaches to detecting fraud through anomalies and trends in the claims data that may represent fraud. Phase 1 of the competition includes submission and review of project proposals and announcement of the finalists. In Phase 2, ten teams will compete using Medicare Fee-for-Service Hospice, Part B, and Durable Medical Equipment claims data in their AI or ML models. CMS plans to announce the winner on December 15.

Comment Period Open on 2025 CISA SBOM Minimum Elements. The Cybersecurity and Infrastructure Security Agency (CISA) and Department of Homeland Security published a Request for Information (RFI) in the Federal Register seeking comments on the 2025 CISA Software Bill of Materials (SBOM) Minimum Elements. An SBOM is an inventory of software components, which supports organizations’ ability to identify vulnerabilities, manage dependencies, and mitigate risks. The 2025 update builds on the 2021 version of the National Telecommunications and Information Administration SBOM Minimum Elements through updated data fields, automation support, and operational practices allowing SBOMs to be scalable, interoperable, and comprehensive. Comments being sought in the RFI relate to changes made to the data elements, any additional elements needed, clarity of the definitions, applicable products for the minimum elements, and any additional comments related to the document. Comments are due by October 3, 2025.

CISA and FEMA Announce Over $100 Million in Cybersecurity Grants. CISA and the Federal Emergency Management Agency (FEMA) announced the availability of over $100 million in cybersecurity grant funding. Funding is available for states, tribes, and localities for the purpose of strengthening community cybersecurity. The funding comes from the Fiscal Year 2025 State and Local Cybersecurity Grant Program and the Tribal Cybersecurity Grant Program. Both grants provide additional resources for communities to use for cybersecurity improvements, including planning, exercises, staffing, and improving services.

CMS Innovation Center Releases Results on Enhancing Oncology Model. Analysis of data from the CMS Innovation Center’s Enhancing Oncology Model (EOM), which started in July 2023, found 79% of participants achieved cost savings, and more than half of the participants met the criteria for the highest performance bonus for delivering quality care. The voluntary model was designed to incentivize oncology practices to improve care coordination while reducing costs. This first round of results demonstrates that EOM is exceeding expectations for significant cost savings and improved quality of care for cancer patients. The EOM expanded in July with a second group of participants of seven oncology physician practices at 500 sites across 33 states and Washington, D.C. Additional information about EOM is available here.

CIOs Support Use of AI to Reduce Administrative Burdens, According to Survey. A survey of Chief Information Officers (CIOs), conducted by the CHIME Foundation and CliniComp, found that 81% view the implementation of artificial intelligence (AI) as a priority for reducing administrative burden on providers. This result supports the overall trend by organizations to include AI in their information technology strategies, specifically within the EHR. Automating administrative functions and freeing up providers and staff from these burdens has been a focus of organizations and AI is widely seen as a new tool for this work. Forty-eight percent of the responding CIOs considered the inclusion of AI capabilities within the EHR as being extremely important. AI-driven interoperability for data sharing and care coordination was identified as being extremely important for 32% of the CIOs. Other areas where CIOs saw AI as a solution included improving revenue cycle management, reducing documentation burdens through automated notetaking, supporting clinical decision making, and improving patient flow.