NCVHS Deliberates on Modifications to HIPAA Privacy Proposed Rule. The National Committee on Vital and Health Statistics (NCVHS) met on April 16 for the first time in over a year and deliberated on the proposed rule, published in 2021, that would modify the Health Insurance Portability and Accountability Act (HIPAA) privacy rule. The Committee was reconstituted this year with Chair Joseph Marine, MD (Johns Hopkins University School of Medicine) and all new members. The meeting began with a presentation from the Department of Health and Human Services (HHS) Office for Civil Rights on the proposed changes included in the rule. Following the presentation, the presenters answered questions and the Committee members discussed their recommendations for the Secretary of HHS on moving forward with the proposed rule. The Committee ended the meeting with the intent of sending a letter to the Secretary with its recommendations.
CMS Celebrates First Wave of HealthTech Ecosystem Tools. The Centers for Medicare & Medicaid Services (CMS) celebrated newly released HealthTech Ecosystem tools at its “First Wave Launch” event on April 9. The event highlighted tools from more than 50 companies, including the Medicare App Library and an initial set of patient-facing applications (apps). The work is part of the commitment by more than 700 organizations that have pledged to build and support a modern digital health ecosystem in which patients can access, share, and use their health information through trusted apps. The First Wave Launch is the first in what is expected to be a series of events showcasing advancements in digital, patient-centered solutions.
Keane Addresses Changes and Priorities at ONC in Interview. National Coordinator Thomas Keane, MD spoke about changes and priorities at Office of the National Coordinator for Health Information Technology (ONC) in a recent interview with Anthony Guerra on The healthsystemCIO Show. On the recent change back to the singular ONC, National Coordinator Keane assured that the work and priorities of ONC will not change based on the reorganization. He addressed the complementary approaches to health data exchange through the Trusted Exchange Framework and Common Agreement™ (TEFCA™) and the CMS Aligned Networks. Related to TEFCA, he highlighted successes by the participants in exchanging patient health data and addressed concerns about the onboarding process related to vetting of organizations and privacy of data. On the topic of ONC’s priorities, he shared their three pillars focused on data liquidity, affordability and access, and technology evolution.
CMS Announces ACCESS Model Participants, Extends Application Deadline. CMS announced the more than 150 health care organizations that have been accepted to participate in Advancing Chronic Care with Effective Scalable Solutions (ACCESS) Model. CMS is also extending the application deadline to May 15 to allow more organizations to apply. The ACCESS Model is open to providers that serve Medicare patients and focuses on chronic conditions including high blood pressure, diabetes, chronic musculoskeletal pain, and depression. ACCESS is scheduled to begin on July 5.
FBI 2025 Internet Crime Report Includes Cyber Threats to Health Care Industry. The Federal Bureau of Investigation (FBI) released its 2025 Internet Crime Report summarizing work from its Internet Crime Complaint Center (IC3). For the health care sector, ransomware continues to be a significant threat. Health care suffered the highest number of cyber threats, with 182 data breaches and 460 ransomware attacks, compared to other critical infrastructure sectors. With this report, IC3 is also celebrating its 25th anniversary as the central hub for reporting cyber-enabled crime.
ONC Releases Updated USCDI+ Behavioral Health. ONC released updates to the Behavioral Health Overarching and Comprehensive Care use case data elements in the U.S. Core Data for Interoperability+ (USCDI+) Behavioral Health data element list. USCDI+ Behavioral Health is designed to facilitate seamless integration and exchange of behavioral health data across various health care settings. The updates to the data element list were developed based on feedback received during the March-May 2024 USCDI+ Behavioral Health public comment period, development of the US Behavioral Health Profiles Implementation Guide (USCDI+ Behavioral Health IG), and findings from successful USCDI+ Behavioral Health IG testing at two Connectathon events.
CISA Releases Update to RESURGE Malware Analysis Report. The Cybersecurity & Infrastructure Security Agency (CISA) released an update to its Malware Analysis Report regarding RESURGE Malware to provide network defenders with additional technical insights and enhanced tools to identify, mitigate, and respond to this threat. CISA warns that RESURGE may pose an active threat and the updated analysis identifies how RESURGE can remain latent on systems until a remote actor attempts to connect to the compromised device. The updated analysis expands on RESURGE's sophisticated network-level evasion and authentication techniques, including the use of advanced cryptographic methods and forged Transport Layer Security certificates to enable covert communications.
NIST Announces Spring 2026 Cyber AI Profile Virtual Working Sessions. National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence announced a series of virtual working sessions to discuss the NIST Cybersecurity Framework Cyber Artificial Intelligence (AI) Profile. Session 1: Updates to Profile Elements and Contents will be held on April 28. Session 2: Extending the Technical Content will be held on May 5. Session 3: Usability of the Profile will be held on May 12. The sessions will focus on community feedback on adapting cybersecurity practices to AI, strengthening the Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile) in key technical areas, and exploring revised Profile packaging and delivery formats to enhance usability for different roles in the AI ecosystem.
NIST Publishes Summary of Second Cyber AI Profile Workshop. NIST published a summary of the Cyber AI Profile Workshop held on January 14. The input received during the workshop on the draft Cyber AI Profile is being used to inform the development of the next draft. The workshop was a continuation of efforts to engage with the public in response to feedback from the cybersecurity and AI communities. NIST also shared updates of its various AI and cybersecurity projects, including AI Risk Management Framework, Center for AI Standards and Innovation, Secure Software Development Framework AI Profile, and AI Accelerators. Additional information on the Cyber AI Profile is available here