ASTP Discusses the Era of Patient Engagement. The Assistant Secretary for Technology Policy (ASTP)/Office of the National Coordinator for Health Information Technology (ONC) published a Health IT Buzz post, titled “Digital Dividends Realized: Hospital Patient Engagement Capabilities.” This is the first in a new series in which the agency focuses on patients’ use of electronic health information and the policies driving patient engagement. This blog discusses the role hospitals are playing with enabling patient access. Data presented suggest how hospitals support patients’ abilities to view their data, share their data, access information via
apps, and securely message providers. Three distinct eras of patient engagement are outlined, Foundational, Emerging, and Advanced and the various regulations and initiatives that have driven the outcomes being seen today.

Senate HELP Committee Reviews Rural Hospital Cybersecurity Bill. The Senate Health, Education, Labor, & Pensions (HELP) Committee reviewed the bipartisan “Rural Hospital Cybersecurity Enhancement Act” on January 15 in an Executive Session. The bill, initially introduced in June 2025 by Sens. Josh Hawley (R-MO) and Mark Kelly (D-AZ), would require the Department of Health and Human Services (HHS) to create a comprehensive rural hospital cybersecurity workforce development strategy to address the growing need for skilled cybersecurity professionals in rural hospitals. The bill also calls for HHS to provide instructional
materials for rural hospitals that can be used to train staff on fundamental cybersecurity efforts.

House Health Subcommittee Holds Hearing on Legislative Proposals including WISeR Model. The U.S. House Energy & Commerce Committee Health Subcommittee held a hearing on January 8 titled, “Legislative Proposals to Support Patient Access to Medicare Services.” Ten bills were reviewed during the hearing. The intent of the hearing was to continue the Committee’s focus on modernizing and strengthening the Medicare program for seniors’ access to care. One of the bills reviewed was H.R. 6361, “Ban AI Denials in Medicare Act,” which would prohibit the Centers for Medicare & Medicaid Services (CMS) from implementing the Wasteful and Inappropriate Services Reduction (WISeR) Model or any substantially similar model. The bill would also prohibit any future Center for Medicare & Medicaid Innovation models that would test prior authorization, including the use of artificial intelligence, in traditional Medicare. Rep. Greg Landsman (D-OH), author of the bill, spoke during the hearing about concerns of prior authorization in traditional Medicare. Committee Chairman Rep. Brett Guthrie (R-KY) proposed discussing the topic further in a full committee hearing on January 22 with CEOs from health insurance companies.

ASTP/ONC’s Insights Condition and Maintenance of Certification Data Collection Began January 1. ASTP/ONC reminded Certified Health Information Technology (IT) developers who meet the Insights Condition and Maintenance of Certification eligibility criteria that they must start data collection as of January 1, 2026, continuing through December 31, 2026. Results from the data collection are due to be released in July 2027. Health IT developers that are not eligible are required to submit an attestation in July 2027 indicating they do not meet the minimum reporting qualifications. Additional information and resources are available on the Insights Condition page.

OCR Announces Tribal Consultation on Proposed Modifications to the HIPAA Privacy Rule. The HHS Office for Civil Rights (OCR) announced a virtual Tribal consultation on the proposed rule “Modifications to the HIPAA Privacy Rule to Support, and Remove Barriers to, Coordinated Care and Individual Engagement” to be held on February 6. HHS published the proposed rule in January 2021 to revise the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. The Tribal consultation is part of HHS’s process to develop modifications to the HIPAA Privacy Rule by soliciting input from Tribal officials and will address the proposed changes to the rule. Registration to attend the consultation virtually is available here.

HHS Releases Video on Typhoon Cyber Threat. HHS released a Typhoon Video explaining cyber typhoon threats. Developed by the Administration for Strategic Preparedness and Response and the 405(d) Program, the video discusses Chinese-backed cyber operatives, often referred to as cyber typhoons, an emerging risk in the health care and public health sectors. The educational video provides information on these attacks, the danger posed by these threat actors, and mitigation steps for organizations to take.

CMS Issues RFI and RFP for Claims Processing System. CMS issued a request for information (RFI) for large scale claims processing and adjudication system vendors interested in meeting CMS objectives of improving beneficiary experience, reducing provider burden, and improving administrative efficiency for Medicare. The request is for responses to the questions listed in the RFI and not proposals, abstracts, or quotes. CMS intends to re-platform its Medicare Fee-for-Service claims adjudication environment into a new system being called ClaimsCore that will combine currently separate systems. The announcement also includes a draft request for proposal (RFP) for potential bidders to review the requirements and provide feedback.

CISA and Partners Release Guidance on Secure Connectivity Principles for OT. The Cybersecurity & Infrastructure Security Agency (CISA) and UK National Cyber Security Centre, in collaboration with other federal and international partners, released Secure Connectivity Principles for Operational Technology guidance to help asset owners address increasing business and regulatory pressures for connectivity into operational technology (OT) networks. The guidance includes eight principles to use as a framework to design, secure, and manage connectivity into OT environments. Feedback on the guidance can be provided through this
anonymous survey.