Senate Committees Votes to Move RFK Nomination Forward for Full Senate Vote. The Senate Finance Committee voted 14-13 along party lines to advance President Trump’s nominee for Secretary of the U.S. Department of Health and Human Services (HHS), Robert F. Kennedy, Jr. The Senate Finance Committee held a confirmation hearing on Jan. 29. View the hearing here. The Full Senate is expected to vote on the confirmation this week.

CMS Applies MIPS EUC Policy Due to California Wildfires. The Centers for Medicare & Medicaid Services (CMS) has applied the Merit-based Incentive Payment System (MIPS) Automatic Extreme and Uncontrollable Circumstances (EUC) Policy to MIPS Eligible Clinicians following California wildfires for 2024 and 2025 Participation. This action is in response to the California wildfires, as identified by both the Health and Human Services (HHS) Public Health Emergency (PHE) declaration (California) and Federal Emergency Management Agency (FEMA) disaster declaration (DR-4856-CA), CMS has determined that the MIPS automatic EUC policy will apply to MIPS eligible clinicians in designated affected counties of California for both the 2024 and 2025 performance periods.

ASTP/ONC Release Updated 2025 SAFER Guides. The Assistant Secretary for Technology Policy, Office of the National Coordinator for Health IT (ASTP/ONC) has released  updated SAFER Guides. The 2025 SAFER Guides consist of eight guides organized into three broad groups. These guides enable healthcare organizations to address EHR safety in a variety of areas. Most organizations will want to start with the Foundational Guides and proceed from there to address their areas of greatest interest or concern. The guides identify recommended practices to optimize the safety and safe use of EHRs. The SAFER Guides include self-assessment tools aimed at helping health care organizations evaluate their EHR safety practices, identify potential risks, and mitigate those risks.

FDA and CISA Issue Cybersecurity Safety Alert for Certain Patient Monitors. The Food and Drug Administration (FDA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued safety alerts for providers, patients, and caregivers highlighting cybersecurity vulnerabilities in patient monitors. The alert focuses on cybersecurity issues in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. Vulnerabilities may put patients at risk after being connected to the internet.

The following vulnerabilities have been identified: (i) The patient monitor may be remotely controlled by an unauthorized user or not work as intended; (ii) The software on the patient monitors includes a backdoor, which may mean that the device or the network to which the device has been connected may have been or could be compromised; and (iii) Once the patient monitor is connected to the internet, it begins gathering patient data, including personally identifiable information (PII) and protected health information (PHI), and withdrawing the data outside of the health care delivery environment. Unauthorized actors may be able to bypass cybersecurity controls, gaining access to and potentially manipulating the device. The agencies recommend users remove any Contec CMS8000 devices from their networks. Go here to access the CISA Fact Sheet.

HSCC Publishes Cybersecurity Working Group Annual Report. The Health Sector Coordinating Council's (HSCC) Cybersecurity Working Group released its 2024 annual report. The Working Group, an industry led council of more than 450 private sector organizations, is organized into outcome-oriented task groups that meet regularly to develop freely available cyber practices for a range of health care cybersecurity disciplines. Issues they address include cybersecurity controls, medical device security, supply chain cybersecurity, workforce development and more. The report highlights the leading practices developed for the sector over the past several years.

HC3 Publish Sector Alert on Business E-Mail Compromise Attacks. HHS’ Health Sector Cybersecurity Coordination Center (HC3) released a new Sector Alert on Business E-mail Compromise (BEC) Attacks. BEC is a large and growing problem that targets organizations of all sizes across every industry around the world. BEC scams have exposed organizations to billions of dollars in potential losses. The Sector Alert examines this type of cybercrime from a comprehensive perspective across multiple industries. It includes an overview of BEC, types and examples of these attacks, why they are difficult to detect, MITRE ATT&CK tactics, techniques, and procedures (TTPs), and recommended defense and mitigations.

Reminder from CMS: Data Submission Window Now Open for 2024 Performance Year. CMS reminds participating providers that the data submission window for the 2024 performance year is now open. Participating providers can submit data for the 2024 performance year until the submission window closes at 8 p.m. ET on March 31, 2025. Follow the steps outlined below to submit data:

• Go to the QPP sign in page.
• Sign in using your QPP access credentials.
• Submit your data for the 2024 performance year or review the data reported on your behalf by a third party. (You can’t correct errors with your data after the submission period, so it’s important to make sure the data submitted on your behalf is accurate.)

Submission resources are available now on the QPP Resource Library.

Highlighted Submission Resources:

• 2024 JSON Template and Instructions (ZIP, 856KB): This resource provides instructions for using the associated QPP JSON templates to submit the quality data you’ve collected for MIPS clinical quality measures.
• 2024 Traditional MIPS Data Submission Guide (PDF, 3MB): This resource provides information and screenshots for submitting your traditional MIPS data.
• 2024 MVPs Data Submission Guide (PDF, 4MB): This resource provides information and screenshots for submitting your MIPS Value Pathways (MVPs) data.
• 2024 APP Data Submission Guide (PDF, 3MB): This resource provides information and screenshots for submitting your Alternative Payment Model (APM) Performance Pathway (APP) data.
• MIPS Data Submission Process Demonstration (VIDEO): This demonstration video reviews the MIPS data submission process including the 3 MIPS reporting options, how to upload a file, how to review previously submitted data, and how to delete data.

How to Sign in to the QPP Data Submission System

To sign in and submit data, clinicians will need a HARP account and a QPP role. For help enrolling with HARP, please refer to “Step 1. Register for a HARP Account” in the QPP Access User Guide (ZIP, 4MB). For help obtaining a QPP role, please refer to “Step 2a. Connect to an Organization” in the QPP Access User Guide (ZIP, 4MB).

CMS encourages all users with an existing HARP account to sign in to the QPP website now to ensure they don’t lose access.

Note: Clinicians who are unsure about their eligibility to participate in MIPS for the 2024 performance year can check their final eligibility status using the QPP Participation Status Tool. Clinicians and groups who are opt-in eligible will need to make an election to opt in or voluntarily report before they can submit data. (No election is required for opt-in eligible clinicians and groups that don’t want to participate in MIPS.) Review the 2024 MIPS Eligibility & Participation Quick Start Guide (PDF, 1MB) for more information about eligibility.

CMS Releases Statement on Collaboration with DOGE. In a statement, CMS officials discussed their collaboration with the Trump Administration’s “Department of Government Efficiency” (DOGE). According to the Agency, CMS has two senior Agency veterans – one focused on policy and one focused on operations – who are leading the collaboration with DOGE, including ensuring appropriate access to CMS systems and technology. They state: “We are taking a thoughtful approach to see where there may be opportunities for more effective and efficient use of resources in line with meeting the goals of President Trump.”