WEDI Submits Comments on Draft USCDI v7. WEDI submitted comments to the National Coordinator for Health Information Technology (ONC) on the Draft U.S. Core Data for Interoperability (USCDI) Version 7 (v7). Draft USCDI v7 proposes 30 new and revised data elements across multiple data classes with the intent of standardizing health data exchange to support improved patient care, improved data interoperability, and reduced clinician burden. WEDI’s comments focused on clarifications of data elements that can improve the implementation of USCDI and reduce burden. Overall, WEDI supports ONC’s work in developing a standardized minimum data set to be implemented across the health care ecosystem driving interoperability by keeping pace with clinical, technology, and policy changes.

CISA Releases Advisory on Iranian-Affiliated Cyber Threats. The Cybersecurity & Infrastructure Security Agency (CISA), in partnership with the Federal Bureau of Investigation (FBI) and other federal agencies released a joint Cybersecurity Advisory titled, “Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure” warning U.S. organizations of ongoing cyber threats. Specific concerns are of exploitation targeting internet-connected operational technology devices across multiple critical infrastructure sectors. Organizations are encouraged to review the tactics, techniques, and procedures and indicators of compromise and implement the recommendations to reduce the risk of compromise. Additional information is available on CISA’s Iran Cyber Threat Overview and Advisories webpage and the FBI’s Iran Threat webpage

OCR Releases Educational Video on Risk Management Requirements. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released an educational video presentation on the Health Insurance Portability and Accountability Act (HIPAA) Security Rule’s Risk Management requirement. The video is intended to raise awareness and provide practical education to HIPAA covered entities and business associates on the Risk Management requirement, which is essential for both the HIPAA Security Rule compliance and broader cybersecurity preparedness. Topics included in the presentation are: (i) HIPAA Security Rule Risk Management requirements, (ii) Findings from OCR investigations of potential Risk Management violations, and (iii) Risk Management and cybersecurity resources.

CMS Delays Implementation of WISeR Model Requirements for Two Services. The Centers for Medicare & Medicaid Services (CMS) announced in the Federal Register the delay in implementing two services from the list of Wasteful and Inappropriate Services Reduction (WISeR) model items and services. Effective April 6, 2026, the two services being delayed for implementation of the prior authorization or pre-payment review process are: (i) Deep Brain Stimulation for Essential Tremor and Parkinson's Disease and (ii) Percutaneous Image-Guided Lumbar Decompression for Spinal Stenosis. CMS indicated the reason for the delay is to allow additional time for operational readiness. Announcement of the future date of implementation will be made in the Federal Register.

CMS Releases Evaluation Reports for CJR, PDSS, and RCHD Payment Models. The CMS Innovation Center released evaluation reports and publications on three advanced payment models. For the Comprehensive Care for Joint Replacement (CJR) Model Performance Years 6 and 7 (October 2021 – December 2023), participating hospitals continued to achieve value by generated $112.7 million in net Medicare savings, optimize post-acute care use, and maintain quality. The Part D Senior Savings (PDSS) Model Final Evaluation Report, 2021 – 2023 found the model achieved its two primary goals of lowering out-of-pocket drug costs for insulin users and increasing insulin utilization and adherence. The final report for the Rural Community Hospital Demonstration (RCHD), years 2016 to 2021, found the program did impact and improve Medicare inpatient margins, although combined Medicare inpatient and outpatient margins did not reach a breakeven point for all participants.

ONC Opens Attestation Submissions for Certified Health IT Developers. ONC opened the attestation submission window on April 1 for Certified Health Information Technology (IT) developers. Developers are now able to submit their attestations to their ONC-Authorized Certification Body (ONC-ACB) for review using the Certified Health IT Product List (CHPL) through April 30. The ONC’s Certification Program’s Attestations Resource Guide is available for reference. Questions about the attestation requirements or CHPL registration can be submitted to the applicable ONC-ACB. Subscribe for ONC email updates here.

ARPA-H Launches Biosensor Device Development Program. The Advanced Research Projects Agency for Health (ARPA-H), an agency within HHS, launched Delphi, a next-generation platform for biosensor device development. ARPA-H expects Delphi to lead to more affordable, precise, and reliable biosensor devices providing better data about health and wellness, unlike current biosensors that typically focus on one component of health monitoring. The Delphi program spans four and a half years, with strict performance metrics and a focus on creating initial prototypes within two years. ARPA-H will solicit proposals under its Innovative Solutions Opening in three phases: prototype research and development, component integration into working systems and regulatory application, and clinical trials or human factors testing. 

X12 Announces Webinar on HIPAA Version 008060 837 Transactions. X12 announced the third webinar in its 008060 education/information series will be held on Tuesday, April 21 at 3:30 pm ET. This session will focus on the 008060 version of the Health Care Claim: Professional, Institutional, and Dental implementation guides (837s). Registration is now open. Additional webinars and on-demand presentations in the series will be announced in the coming weeks. Questions about the 008060 education/information series can be submitted via the X12 feedback form.