WEDI Submits Comments to CMS on Deregulation RFI. WEDI submitted comments to the Centers for Medicare & Medicaid Services (CMS) in response to its “Unleashing Prosperity Through Deregulation of the Medicare Program Request for Information” (RFI). The RFI called for feedback from the industry on streamlining regulatory requirements, reducing administrative burden of reporting and documentation, and identifying duplicative requirements. In response to the RFI, WEDI held a Member Position Advisory (MPA) facilitated discussion of the questions and input from the MPA was used in developing WEDI’s comments. WEDI emphasized the need for selective regulation to drive the industry’s adoption of standards and innovative technologies, proposed multiple ways to reduce quality and data reporting burden, and called for the improvement of the provider enrollment and credentialing and electronic data interchange enrollment processes, as well as other recommendations to improve efficiencies and remove burden.

WEDI Welcomes Newly Appointed Heads of ASTP/ONC and OCR.  In separate letters, WEDI welcomed Dr. Thomas Keane to his new position as the Assistant Secretary of Technology Policy (ASTP)/National Coordinator of Health Information (ONC) and Paula Stannard to her new position as Director of the HHS Office for Civil Rights (OCR). Both Thomas and Stannard come to their respective positions having previously served at HHS. Thomas is an interventional radiologist, with experience as a software developer and engineer. Stannard comes to OCR from her former position as Chief Legal Counsel of the Montana Department of Public Health and Human Services. WEDI looks forward to working with both Keane and Stannard to advance technology solutions that improve our nation’s health care infrastructure to achieve high-quality, coordinated, and secure patient-centered care.

James O’Neill Confirmed as Deputy Secretary of HHS. James O’Neill was confirmed by the Senate with a vote of 52-43 and sworn in as the Deputy Secretary of HHS; Secretary Kennedy’s second in command. O’Neill comes to the position following a career in health care, technology, and government service. He previously served at HHS from 2002 to 2008 working in the Food and Drug Administration on the design and launch of HHS’ Administration for Strategic Preparedness and Response to lead the health response to emergencies and disasters. In the private sector, he was the managing director of Clarium Capital, CEO of the Thiel Foundation, and, most recently, CEO of SENS Research Foundation.   

HHS OIG Releases Semiannual Report to Congress. The HHS Office of Inspector General (OIG) released its  Semiannual Report to Congress to the Secretary of HHS and Congress for the 6-month period of October 1, 2024, through March 31, 2025. The report details OIG’s independent oversight and recommendations focused on combating fraud, waste, and abuse in HHS programs. The report details that for every $1 invested, $11 was saved. The total amount of potential savings during the period was $16.61 billion from investigative receivables, audit receivables, and recommendations for cost savings. OIG issued 78 reports, closed 946 investigations, issued 165 recommendations, and was made aware of the implementation of 290 of its recommendations. The report also outlines five areas identified with management challenges including public health, financial integrity, Medicare and Medicaid, beneficiary safety, and data and technology security. 

Executive Order Signed to Strengthen U.S. Cybersecurity Defense. A new Executive Order, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144” was signed by the President on June 10 and focuses on actions that will further improve cybersecurity measures. The order calls for defending the nation’s digital infrastructure, securing the services and capabilities most vital to the digital domain, and building the nation’s capability to address key threats. Actions called for include:

• Establishing a consortium with industry stakeholders at the National Cybersecurity Center of Excellence to develop guidance that demonstrates the implementation of secure software development, security, and operations practices.
• Providing guidance on how to securely and reliably deploy patches and updates.
• Developing and publishing a preliminary update to the Secure Software Development Framework .
• Incorporating management of AI software vulnerabilities and compromises.

Complete Cybersecurity Survey to Provide Feedback on Resource Needs. DirectTrust has launched a cybersecurity survey to evaluate compliance readiness and gather industry-wide input on needs for cybersecurity resources for small and medium health care organizations. The five-minute survey asks organizations about their cybersecurity challenges, program, services, and resources. Participants of the survey will be entered for a chance to win a $100 gift card or free registration for DirectTrust’s August conference.

CISA Publishes New Guidance for SIEM and SOAR Implementation. The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with other U.S. and international partners, released new guidance for the Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms.

The guidance includes the following three resources:

• Implementing SIEM and SOAR Platforms – Executive Guidance addresses actions for executives that will speed up detection and response to cyber threats through the improvement of their cybersecurity framework and better understanding of network activities.
• Implementing SIEM and SOAR Platforms – Practitioner Guidance focuses on actions for practitioners that will improve incident response processes allowing quicker identification and response to potential cybersecurity threats.
• Priority Logs for SIEM Ingestion – Practitioner Guidance provides information for practitioners that will improve ingestion of priority logs into a SIEM, thereby enhancing threat detection and incident response capabilities.

Nebraska Enacts Prior Authorization Law. The “Ensuring Transparency in Prior Authorization Act” was signed into law on June 5. The law, effective on Jan. 1, 2026, requires: (i) Health plans respond to prior authorization (PA) requests for urgent services within 72 hours and routine services within seven days, (ii) Utilization review agents to post PA requirements on their websites, (iii) Adverse determinations be made by a physician or clinical peer of the requester, (iv) Use of a single uniform PA request form, and (v) Limitations in the use of artificial intelligence (AI) in reviewing PA requests.

Several other states have enacted or are considering legislation to address the usage or process of PA through state legislation. North Dakota enacted the Prior Authorization for Health Insurance requiring health insurers to respond to PA requests in 72 hours for urgent care and seven calendar days for non-urgent care and limits who can deny services. Arizona House Bill 2175 was recently signed and requires the insurer’s medical director to individually review PA denials and prohibits the use of artificial intelligence (AI) in the denial of PA requests. California, Nevada, and North Carolina are reviewing bills that would similarly place time limits on PA responses, limit who can perform PA reviews and denials, or address the use of AI in PA reviews.