WEDI Holds MPA on CMS-0062-P Proposed Rule. WEDI held a Member Position Advisory (MPA) facilitated discussion on the Centers for Medicare & Medicaid Services (CMS) Interoperability and Drug Prior Authorization Proposed Rule (CMS-0062-P) to evaluate key provisions in the Rule and solicit broad membership input. The Proposed Rule, if finalized, will impact health data interoperability, prior authorization for drugs, and many other critical areas of health information technology. Feedback gathered during the MPA will be used to develop WEDI’s comments that will be approved by the WEDI Board of Directors and submitted to CMS. WEDI gives special thanks to the MPA facilitators and member attendees who provided their time and expertise to develop WEDI’s position on this important effort to standardize and streamline data exchange and prior authorization processes. Comments on the Proposed Rule are due June 15.

ONC Announces Testing Tracks for July 2026 CMS HL7® FHIR Connectathon. The Office of the National Coordinator for Health Information Technology (ONC) announced the testing tracks it will be hosting during the upcoming 7th Annual CMS HL7® FHIR Connectathon, taking place July 14–16. This free, virtual event brings together interoperability leaders, implementers, and innovators for three days of hands-on testing, collaboration, and real world FHIR implementation. ONC will be actively engaged throughout the Connectathon supporting implementer testing of electronic prior authorization workflows and quality measurement interoperability.

The 2026 - 07 Da Vinci Burden Reduction Track will focus on electronic prior authorization workflows by testing the Da Vinci Burden Reduction Implementation Guides (IGs). Inferno testing for provider systems and payer systems will be available with a focus on the Coverage Requirements Discovery (CRD) IG v2.2.1. A kickoff call for this track is being held on June 24. The 2026-07 US Quality Core (USCDI+ Quality on FHIR) track will focus on getting hands-on experience with newly developed US Quality Core FHIR IG and Inferno Test Kit designed to standardize how health care quality data is shared across the industry. A kickoff call for this track is being held on June 26. Registration for the CMS Connectathon is now open.

HHS Announces Restructuring of OCR. The Department of Health and Human Services (HHS) announced a reorganization of its Office for Civil Rights (OCR). OCR is charged with enforcing federal civil rights laws, conscience and religious freedom laws, HIPAA Privacy, Security, and Breach Notification Rules, and regulations governing the confidentiality of substance use disorder patient records. It accomplishes its mission through enforcement, rulemaking, guidance, technical assistance, training, education, and outreach. The reorganization returns OCR to a program-based structure that aligns OCR’s three critical substantive areas with three distinct subject-matter divisions: the Conscience and Religious Freedom Division, the Civil Rights Division, and the Health Information Privacy, Data, and Cybersecurity Division. 

TEFCA™ RCE Publishes Draft IAS SOP for Review. The Sequoia Project, the Trusted Exchange Framework and Common Agreement™ (TEFCA™) Recognized Coordinating Entity^® (RCE^®), along with ONC published the draft Individual Access Services (IAS) Exchange Purpose Standard Operating Procedure (SOP) Version 3.0 on the TEFCA Topics in Change Management webpage for review. This SOP identifies specific requirements that IAS Providers are required to follow for individual identity verification when sending an IAS Query. Feedback on the draft SOP is due on June 5.

HHS Launches KidneyX EMPOWER Challenge and Health Technology Project. HHS launched the 2026 KidneyX EMPOWER Prize Challenge to accelerate innovation supporting living kidney donors and patients who depend on them. As part of the challenge, HHS is supporting data standardization and health information technology (IT) improvements across the kidney care ecosystem. The challenge is being led through the Kidney Innovation Accelerator (KidneyX). ONC will focus on identifying gaps and advancing solutions that enable more seamless, secure, and patient-centered data exchange, supporting better clinical decision-making, care coordination, research, and innovation in kidney disease and transplantation.

ONC Announces New HITAC Co-Chairs. ONC announced the new co-chairs of the Health Information Technology Advisory Committee. Established by the 21^st Century Cures Act, HITAC advises ONC on health IT policies, standards, and implementation specifications. Named as the new HITC co-chairs are Eliel Oliveira, CEO at Connxus, Texas HIE, a Health Information Exchanged based in Austin, Texas and Katrina Miller Parrish, MD, a Family Physician and Clinical Informaticist who currently serves as President and Chief Medical Officer at The SSI Group. The full committee is scheduled to meet next on September 24.

CISA Releases Malware Analysis Report on FIRESTARTER. The Cybersecurity & Infrastructure Security Agency (CISA), in partnership with the United Kingdom National Cyber Security Centre, released a Malware Analysis Report on FIRESTARTER, a persistent backdoor malware specifically targeting publicly accessible Cisco Firepower and Secure Firewall devices. This release coincides with the updated Emergency Directive (ED) 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, which outlines required actions for U.S. Federal Civilian Executive Branch agencies, and actions for other U.S. organizations to review. FIRESTARTER enables remote access and control by advanced persistent threat actors and can survive firmware patching and device reboots.

CISA and Partners Release Joint Guidance on SBOM for AI. CISA and the Group of Seven international partners released joint guidance, “Software Bill of Materials for AI – Minimum Elements,” to help public and private sector stakeholders improve transparency in their artificial intelligence (AI) systems and supply chains. The SBOM acts as an “ingredients list” for software that better positions organizations to understand their supply chains and make risk-informed decisions about how to protect their critical systems. This guidance builds on CISA’s previous work with federal and international partners to establish a shared vision for an SBOM and provides recommendations on minimum elements that should be included for AI.