OCR Settles HIPAA Investigation of PHI Disclosure by Delaware Provider. The Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced a settlement with a Delaware health care provider for a potential violation of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Breach Notification Rules. The settlement resolves an investigation of the provider that OCR initiated after receiving a complaint in September 2021 alleging that the organization disclosed on their website a patient’s name, photograph, and medical information without the patient’s permission. OCR’s investigation confirmed that the provider had disclosed the patient’s information without written HIPAA authorization, in addition to 150 other patients. OCR determined that the provider improperly disclosed protected health information (PHI); failed to have appropriate administrative, technical, and physical safeguards in place to protect the privacy of PHI; and failed to provide breach notification to the affected individuals. Under the terms of the resolution agreement, the provider agreed to pay a fine of $182,000 and implement a corrective action plan that OCR will monitor for two years.

ASTP Awards 2025 LEAP Health IT Projects. The Assistant Secretary for Technology Policy (ASTP) announced the 2025 Leading Edge Acceleration Projects (LEAP) in Health Information Technology (IT) awards. The two project areas for funding were announced earlier this year. The first project area is on demonstrating the readiness of Fast Healthcare Interoperability Resources® (FHIR®)-based Subscriptions capabilities for improving interactivity with third-party applications. The National Opinion Research Center received this funding and will enhance an existing prototype hypertension application with FHIR-based Subscription capabilities to automatically identify patients for a pregnancy-induced hypertension monitoring program and provide real-time responses to patients that report elevated blood pressure.

The second project area is on identifying and testing innovative technical approaches that would inform future changes to the Trusted Exchange Framework and Common Agreement™ (TEFCA™) infrastructure to increase adoption of Individual Access Service (IAS). The Healthcare Information and Management Systems Society was awarded this project and is seeking to simplify identity proofing, enhance patient matching, and reduce implementation complexity to advance the adoption of IAS under TEFCA. Both projects began in 2025 and are estimated to be completed in 2027.

ASTP Highlights Success of TEFCA in Improving Government Benefits Determination. In the latest Health IT Buzz post, ASTP highlighted improvements seen in government benefits determinations through the use of TEFCA. The specific case study was for individuals applying for Social Security Disability Insurance. Currently, it can take more than 200 days for an initial disability claim to be processed and costs are estimated to be over $500 million a year to collect and create medical evidence for applicants. Leveraging one of TEFCA’s six authorized Exchange Purposes, the records request process can be automated, allowing agencies to speed the processing of determinations up to 60 percent faster. The Qualified Health Information Network® (QHIN™) Technical Framework is being updated and implemented by the 10 designated QHINs to better support directed queries. 

CMS Innovation Center Releases Data and Evaluations of Value Based Care Models. The Centers for Medicare & Medicaid Services (CMS) Center for Medicare and Medicaid Innovation (Innovation Center) released data and evaluation reports on three of its value-based care models. The reports, along with key findings, are available on the CMS Innovation Center’s evaluations and research reports page. The models covered in the reports are the Maternal Opioid Misuse Model, Enhancing Oncology Model, and End-Stage Renal Disease Treatment Choices Model. 

NQF Seeks Public Comment on AI in Healthcare Quality Measurement Report, Deadline October 15. The National Quality Forum (NQF) is seeking comments on a draft report on the use of artificial intelligence (AI) methods in health care quality measurement. Comments are due by October 15. The report focuses on guidance and recommendations for developing, selecting, and implementing AI-enabled quality measures in value-based payment, public reporting, performance-based provider network designs, and accreditation programs. The efficiency of AI methods has the potential to improve quality measurement and reduce the burden of what is largely a manual process.

CISA Announces Transition to New Model for Commitment with SLTT Governments. The Cybersecurity and Infrastructure Security Agency (CISA) announced a new model to strengthen shared responsibilities with state, local, tribal, and territorial (SLTT) governments in the form of access to grant funding, tools, and cybersecurity expertise. The transition is a result of the planned end of CISA’s cooperative agreement with the Center for Internet Security on September 30, 2025. The new model aims to strengthen accountability, maximize impact, and empower SLTT partners in cybersecurity. Support for SLTTs includes the potential for grant funding from the Department of Homeland Security, free services and tools, cybersecurity performance goals and evaluation tools, and professional and support services. More information about CISA’s Cybersecurity Services for SLTT partners is available here.

CISA and Partners Release New Joint Cybersecurity Guidance. CISA, in collaboration with the Federal Bureau of Investigation, the United Kingdom’s National Cyber Security Centre, and other international partners has released new joint cybersecurity guidance related to operational technology systems. The guidance explains how organizations can leverage data sources, such as asset inventories and software bill of materials, to develop and maintain the status of their systems.

Living HHS Open Data Plan and Refreshed HealthData.gov Now Available. HHS released the Living HHS Open Data Plan version 1.0 and a refreshed version of HealthData.gov, which is a systematic approach to open data allowing data access within the appropriate safeguards. It was developed jointly between HHS and CMS followed by a pilot earlier this year demonstrating its efficiency through technology, transparency for the public, and data-driven delivery. The Living HHS Open Data Plan is part of the Open Data community being fostered by HHS. Feedback can be provided to HHS on the Living HHS Open Data Plan via GitHub.