Regulatory Updates

OCR Settles HIPAA Ransomware Investigation with New York ASC. The Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced a settlement with a New York ambulatory surgical center (ASC) for potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security and Breach Notification Rules. The investigation by OCR followed…

CMS 2026 Medicare PFS Proposed Rule Includes Health IT Provisions. The Calendar Year 2026 Medicare Physician Fee Schedule (PFS) Proposed Rule was released by the Centers for Medicare & Medicaid Services (CMS) and includes numerous proposals for policy, payment, and other requirements, including provisions for health information technology (IT). The Proposed Rule also includes several…

OCR Settles with Texas Behavioral Health Provider Following Privacy and Security Investigation. The settlement with the Department of Health and Human Services (HHS), Office of Civil Rights (OCR) resolves potential violations by a Texas behavioral health provider under the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. The investigation by OCR started in…

CMS Introduces WISeR PA Model Aimed at Cutting Fraud, Waste, and Abuse. The Centers for Medicare & Medicaid Services (CMS) introduced a new model within the CMS Innovation Center called Wasteful and Inappropriate Service Reduction (WISeR). CMS will partner with companies and employ new technology, including artificial intelligence (AI), to address fraud, waste, and abuse…

WEDI Submits Comments to HHS on the CMS and ASTP/ONC Health Technology Ecosystem RFI. WEDI submitted comments to the Department of Health and Human Services (HHS) on the Centers for Medicare & Medicaid Services (CMS) and Assistant Secretary for Technology Policy (ASTP)/Office of the National Coordinator for Health Information Technology (ONC) (collectively, ASTP/ONC) “Health Technology…

WEDI Submits Comments to CMS on Deregulation RFI. WEDI submitted comments to the Centers for Medicare & Medicaid Services (CMS) in response to its “Unleashing Prosperity Through Deregulation of the Medicare Program Request for Information” (RFI). The RFI called for feedback from the industry on streamlining regulatory requirements, reducing administrative burden of reporting and documentation,…

Florida Health Care Provider Latest Subject of OCR Security Rule Settlement. A settlement related to an alleged violation of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule by a provider located in Florida was announced by the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR). The investigation by…

WEDI MPA Event May 28 on CMS and ASTP/ONC Health Technology Ecosystem RFI. WEDI will hold a Member Position Advisory (MPA) event on Wednesday May 28 from 12:30 p.m. ET to 3:30 p.m. on the Centers for Medicare & Medicaid Services (CMS) and Assistant Secretary for Technology Policy (ASTP)/Office of the National Coordinator for Health…

CMS and ASTP/ONC Release Health IT RFI, WEDI to Hold Members Only MPA. The Centers for Medicare & Medicaid Services (CMS) and Assistant Secretary for Technology Policy (ASTP)/Office of the National Coordinator for Health Information Technology (ONC) released a new Request for Information (RFI) titled “Health Technology Ecosystem.” The intent of the RFI is to…

OCR Settles HIPAA Ransomware Cybersecurity Investigation with Neurology Practice. The Office for Civil Rights (OCR) announced a settlement with a small New York neurology practice following a potential violation of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The settlement resolves the investigation of a ransomware attack reported by the practice in December…