X12 Publishes 008060 Versions of HIPAA-Mandated Implementation Guides. Standards Development Organization X12 has published the first of the 008060 versions of the HIPAA-mandated implementation guides. The rest of those 008060 versions will be published over the next few weeks.

These updated implementation guides can be viewed in X12’s online viewer, Glass, at  products.x12.org and navigate to Technical Report Library > Versioned Technical Reports > Implementation Guides > 008060 Version (2025). Go to the X12 licensing page to obtain a Glass premium subscription. Watch for other X12 announcements about the 008060 implementation guides and related educational offerings by following X12 on social media, or by checking for updates on the X12 news page. Questions may be submitted at X12.org/feedback.

Updated Unified Agenda Published: Outlines Expected Health IT Regulatory Action. The Federal government published the “Spring 2025 Unified Agenda of Regulatory and Deregulatory Actions.” The Unified Agenda reports on the actions administrative agencies plan to issue in the near and long term. Released by the Office of Information and Regulatory Affairs, the Unified Agenda provides important public notice and transparency about proposed regulatory and deregulatory actions within the Executive Branch. Included in the list of health IT regulatory actions by agency are:

• Centers for Medicare & Medicaid Services (CMS): (i) Requirements Related to Advanced Explanation of Benefits and Other Provisions Under the Consolidated Appropriations Act 2021 (CMS-9900); (ii) Administrative Simplification: Modifications to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Electronic Transaction Standards (CMS-0061); (iii) Interoperability Standards and Prior Authorization for Drugs (CMS-0062); (iv) Administrative Simplification: Adoption of Standards for Health Care Attachment Transactions and Electronic Signatures (CMS-0053); and (v) Administrative Simplification: Modifications of Operating Rules for Eligibility for a Health Plan, Health Care Claim Status and Health Care EFT and ERA Transactions (CMS-0060).
• The Assistant Secretary for Technology Policy/Office of the National Coordinator for Health IT (ASTP/ONC): (i) Health Data, Technology, and Interoperability: ASTP/ONC Deregulatory Actions to Unleash Prosperity; and (ii) Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability.
• Office for Civil Rights (OCR): (i) HIPAA Privacy Rule: Changes to support, remove barriers to coordinated care, and individual engagement; and (ii) HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information.

HHS Announces Health Data Blocking Crackdown. U.S. Department of Health and Human Services (HHS) announced that the Department will increase resources dedicated to curbing information blocking. HHS stated it will take an active enforcement against health care entities that restrict patients’ engagement in their care by blocking the access, exchange, and use of electronic health information.

The 21st Century Cures Act of 2016 authorized ASTP/ONC and HHS Office of Inspector General (OIG) to take enforcement actions to hold those who block patient information accountable and to prevent future violations. HHS stated that ASTP/ONC, the principal federal entity charged with coordination of nationwide efforts to implement and use health information technology, and the OIG, the primary investigative division of HHS, will play leading roles in this initiative.

The Cures Act Final Rule sought to improve health information access and health IT choice, maintains that (1) patients should have easy electronic access to their EHI at no cost, including via apps of their choice; and that (2) health care providers should be able to choose the digital tools that allow them to provide the best care, without excessive costs or technical barriers.

HHS issued a warning to actors still engaging in information blocking to come into compliance with the rules governing the flow of patient information and a call to action for patients, providers, payers, local health departments, and health IT companies to report alleged information blocking. Patients who have experienced information blocking or innovators trying to improve health care or reduce costs are encouraged to report it through ASTP/ONC’s Report Information Blocking Portal.

HHS stated that following consequences exist for information blockers: (i) Health care provider participating in certain Centers for Medicare & Medicaid Services programs, could be subject to disincentives under those programs; (ii) Health IT developer of certified health IT, or meet the definition of a health information network or health information exchange, could face a substantial civil monetary penalty of up to $1M per violation; and (iii) Developers with product(s) certified under the ONC Health IT Certification Program, could have your certifications terminated and be banned from the Certification Program.

ASTP and The Sequoia Project Designate 10^th QHIN; Release Beta Interactive Map. ASTP and The Sequoia Project, the Trusted Exchange Framework and Common Agreement Recognized Coordinating Entity (TEFCA RCE), announced the designation of Netsmart as the tenth Qualified health Information Network (QHIN). Since TEFCA’s inception, more than 26 million documents have been shared through TEFCA exchange. There are 9,321 organizations live on TEFCA, connecting more than 41,000 clinicians, hospitals, clinics, post-acute care/long-term care facilities, public health authorities, and others. The two also released the beta version of an interactive, searchable map for TEFCA participation.

CMS Releases ICD-10 and Other Coding Revisions to NCDs. CMS released two documents, 1 of 2 (PDF) and 2 of 2 (PDF), summarizing changes to the International Classification of Diseases, 10th Revision (ICD-10) and other coding revisions to National Coverage Determinations (NCDs). The NCD coding changes reflect the addition of new codes, NCD coding revisions, and coding feedback received by CMS. Updates to the NCDs are effective January 1, 2026, with an implementation date of January 5, 2026.

CMS Posts First Biannual HCPCS Non-Drug and Non-Biological Services. CMS has posted the first biannual Healthcare Common Procedure Coding System (HCPCS) Level II final coding, benefit category, and payment determinations for non-biological items and services. The document includes entries for each coding topic, summary of applicant’s submission, preliminary decisions, summary of public feedback, and final determinations. The coding actions are effective October 1, unless otherwise specified in the document. Visit the HCPCS Level II Coding Decisions webpage for more information.

CISA Releases Critical Infrastructure Program Survey. The Cybersecurity and Infrastructure Security Agency (CISA) released the 2025 Critical Infrastructure Program Customer Survey to collect information that will inform their efforts to support cyber resiliency across critical infrastructure. Congress directed CISA to provide scalable commercial cybersecurity shared services to the critical infrastructure community to detect and prevent cybersecurity threats and mitigate vulnerabilities to improve the nation’s risk posture. Information collected from this survey will help CISA in prioritizing innovative solutions. Survey responses are due by Sept. 12.

CHAI and NACHC Partner on AI for Community Health Centers. The Coalition for Health AI (CHAI) and the National Association of Community Health Centers (NACHC) announced a partnership to develop and deploy AI adoption in community health centers. The goal is to leverage AI and design an infrastructure and standards to support community health centers and other safety-net providers. Priorities of the joint work include: (i) Learning about AI adoption, use of AI tools, and their effect on health; (ii) Producing educational programs, resources, and services to improve understanding of AI; (iii) Supporting implementation of AI tools into both clinical and administrative workflows; and (iv) Advocating for policies, regulations, and standards for fair use of AI. The first project will be a survey to better understand current uses of technology and AI in community health centers and other safety-net organizations.