CMS Releases Claims Attachments Final Rule. The Centers for Medicare & Medicaid Services (CMS) released the “Adoption of Standards for Health Care Claims Attachments Transactions and Electronic Signatures (CMS-0053-F)” Final Rule via display on March 20 and will publish in the Federal Register on March 24. Compliance with the regulation will be 24 months from the effective date of the final rule. The final rule sets standards for claims attachments, including:

• X12 Health Care Claim Request for Additional Information (277), Version 006020
• X12 Additional Information to Support a Health Care Claim or Encounter (275), Version 006020
• HL7 Clinical Document Architecture (CDA) Release 2: Consolidated CDA (C-CDA) Templates for Clinical Notes (US Realm) Draft Standard for Trial Use Release 2.1, Volume One – Introductory Material, June 2019 with Errata (HL7 C-CDA IG Volume One)
• HL7 CDA Release 2: C-CDA Templates for Clinical Notes (US Realm) Draft Standard for Trial Use Release 2.1, Volume Two – Templates and Supporting Material, June 2019 with Errata (HL7 C-CDA IG Volume Two)
• HL7 CDA Release 2 Attachment IG: Exchange of C-CDA Based Documents, Release 2, March 2022 (HL7 Attachments IG)

The requirement for an electronic attachments standard was included in the Health Insurance Portability and Accountability Act (HIPAA) law enacted in 1996 and the Patient Protection and Affordable Care Act enacted in 2010. The new standards will streamline administrative transactions, reduce manual work, and support improvements in administrative efficiency. The final rule also names an electronic signatures standard to enable secure, authenticated electronic signatures for claims attachment transactions. The CMS fact sheet provides a summary of the regulation, including the standards, benefits, and changes between the proposed rule and final rule. WEDI will offer education on the requirements of the final rule along with its impact on affected stakeholders.

CMS CCSQ Releases FY2025–2028 Strategic Roadmap on Optimal Health for All. The Centers for Medicare & Medicaid Services (CMS) Center for Clinical Standards and Quality (CCSQ) released a strategic roadmap for Fiscal Years 2025-2028 titled “Optimal Health for All Within Our Nation’s Health and Long-Term Care Systems.” The roadmap focuses on the following strategic goals: (i) prevention; (ii) quality and safety; (iii) coverage innovation; (iv) data and technology; and (v) burden reduction. For data and technology, the goal is to build modern digital tools for faster, more effective health care improvement and specifically identifies implementing Fast Healthcare Interoperability Resources® standards to connect data systems enabling real-time information exchange and expanding the use of digital quality measures across CMS Quality Reporting and Value-Based Purchasing programs. The goal of reducing burden focuses on simplifying the system so providers can spend more time with patients and less time on paperwork by removing outdated requirements, streamlining oversight, and using automation to reduce unnecessary administrative work.

ICD-10 Coordination and Maintenance Committee Meets for Spring Proposals. The Centers for Disease Control and Prevention’s (CDC) National Center for Health Statistics Centers ICD-10 Coordination and Maintenance Committee met for its spring meeting on March 17-18. The procedure code topics, agenda, materials, slide presentations, and recordings from the meeting are available here. The deadline for submitting comments on the proposed procedure code updates is April 1 for the October 1, 2026, implementation date.

The diagnosis code proposals were presented and May 15, 2026, is the deadline for submitting comments on proposed diagnosis codes being considered for implementation on October 1, 2027. The agenda and meeting materials for the diagnosis code topics are available here.

FDA Updates Digital Health Technology Medical Devices Lists. The Food and Drug Administration (FDA) updated its searchable lists of medical devices that incorporate digital health technology authorized for marketing in the U.S. Specifically, these devices include technology for artificial intelligence, augmented reality and virtual reality, and sensor-based digital health technology. Digital health innovators can refer to these lists to better understand regulatory expectations, which can help foster innovation and ensure public safety. The lists also provide transparency for providers and patients by clearly identifying when medical devices use these technologies.

ASTP/ONC Updates USCDI+ Behavioral Health Data Elements. The Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (ASTP/ONC) updated the Behavioral Health Overarching and Comprehensive Care use case data elements in the U.S. Core Data for Interoperability (USCDI)+ Behavioral Health data element list. The data element lists are available in PDF and XLSX formats.

USCDI+ Behavioral Health is designed to standardize the exchange of behavioral health data across various health care settings through a core set of data elements. The updates were developed from public comments received March-May 2024 on USCDI+ Behavioral Health, public comments received on the US Behavioral Health Profiles Implementation Guide (IG), and results from USCDI+ Behavioral Health IG testing at two Connectathon events. Pilot testing of the data element lists and an additional public comment period is planned for 2026.

ASTP/ONC Announces Availability of Lantern 3.0. ASTP/ONC announced the availability of Lantern 3.0. First launched in 2020, Lantern serves as a tool to monitor health information technology (IT) developers’ compliance with ONC Health IT Certification Program requirements. It is also a resource for patients to find and more easily access their electronic health information using the applications of their choice. Lantern 3.0 updates address industry and user requested improvements designed to help developers more easily connect patients with their health information. Improvements also include better organization of information, e xpanded download options, performance upgrades, and data cleanup.

CMS Requesting Public Input on Strengthening Supply Chain for PPE and Essential Medicines. CMS issued an Advance Notice of Proposed Rulemaking with a 60-day comment period for public feedback on potential approaches to strengthen the American-made supply chain for personal protective equipment (PPE) and essential medicines. Building on lessons learned during the COVID-19 public health emergency, the agency is exploring future supply chain policies to advance national security, strengthen domestic manufacturing capacity, improve care quality, and support a more resilient health care system. Comments are due by March 30.

CISA Issues Fortinet Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability. The Cybersecurity & Infrastructure Security Agency (CISA) released Fortinet guidance that details ongoing vulnerabilities in the document “Common Vulnerabilities and Exposures (CVE)-2026-24858.” The threat allows malicious actors with a FortiCloud account and a registered device to log in to separate devices registered to other users in Fortinet products, if FortiCloud single sign on (SSO) is enabled on devices. In response to the vulnerability, Fortinet disabled all FortiCloud SSO authentication and reinstated the service with changes to prevent exploitation of vulnerable devices. CISA urges users to check for indicators of compromise on all internet-accessible Fortinet products affected by this vulnerability and immediately apply updates as soon as they are available.