Executive Order Signed Establishing Make America Healthy Again Commission. The Commission, chaired by newly confirmed HHS Secretary Robert F. Kennedy Jr., is tasked with investigating and addressing the root causes of America’s escalating health crisis, with an initial focus on childhood chronic diseases. The Executive Order requires that, within 100 days, the Commission is to produce an assessment that summarizes what is known and what questions remain regarding the childhood chronic disease crisis and include international comparisons. As well, within 180 days, the Commission will produce a strategy, based on the findings of the assessment, to improve the health of America’s children.

The Commission has four main policy directives to reverse chronic disease: (i) Empower Americans through transparency and open-source data and avoid conflicts of interest in all federally funded health research; (ii) Prioritize gold-standard research on why Americans are getting sick in all health-related research funded by the federal government; (iii) Work with farmers to ensure that U.S. food is the healthy, abundant and affordable; and (iv) Ensure expanded treatment options and health coverage flexibility for beneficial lifestyle changes and disease prevention. Read the Fact Sheet here.

DEA and HHS Issue Delay of Effective Date of Telehealth Rules. The Drug Enforcement Administration (DEA) and HHS submitted a final rule; delay of effective dates and request for comments entitled “Expansion of Buprenorphine Treatment via Telemedicine Encounter and Continuity of Care via Telemedicine for Veterans Affairs Patients.” The rule delays the effective date of the “Expansion of Buprenorphine Treatment via Telemedicine Encounter” final rule, from Feb. 18 to March 21. Also delayed is the effective date of the "Continuity of Care via Telemedicine for Veterans Affairs Patients" final rule. The Administration specified that its pushback will not impede telemedicine prescribing in the interim, as those covered under the two rules are still permitted to do so under temporary COVID-19 telehealth flexibilities that run through the end of this year.

House Committee Resolution Calling for $2 trillion in Cuts Could Impact Health Care Spending. The House of Representatives Budget Committee voted 21-16 to advance its fiscal year 2025 budget resolution to the full House for consideration. The bill seeks to implement the Trump administration's agenda and calls for spending cuts totaling $2 trillion. There is concern that the reductions in spending could impact federal health care programs. The U.S. Senate Budget Committee also advanced its budget resolution on an 11-10 party line vote authorizing $85.5 billion in spending per year to be offset by corresponding reductions in spending. Both the House and Senate are required to pass a common budget resolution to move forward with the reconciliation process.

Trump Administration Begins Cutting HHS Positions. The Trump Administration, under direction of the “Department of Government Efficiency” Task Force, has begun to cut positions from the Department of Health and Human Services (HHS). As reported in Healthcare IT News, more than five thousand probationary employees have been let go. Additional layoffs were made at the Assistant Secretary for Technology Policy, Centers for Medicare & Medicaid Services, Centers for Disease Control and Prevention, National Institutes of Health, areas that conduct oversight of the Affordable Care Act exchange, and other areas of the Department.

Kroll Report: Health Care is the Most Breached Industry Sector.  In a report, Kroll, a financial risk and advisory firm, states that the health care industry is the industry sector experiencing the most data breaches. In 2024, Kroll reports that the health care industry accounted for 23% of data breaches handled by Kroll, compared with 18% in 2023. Kroll indicated that the health care the sector ranked highest in the number of consumers who began using credit and identity monitoring after a data breach. They also report that 45% of these services activated in the wake of breach involved health care organizations, compared with 25% in the technology industry and 20% in the finance sector.

OCR Imposes a $1.5M CMP HIPAA Cybersecurity Hacking Investigation. The Office for Civil Rights (OCR) announced a $1,500,000 civil money penalty against a manufacturer and online retailer of prescription and non-prescription eyewear, concerning violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, following the receipt of a breach report regarding unauthorized access by one or more third parties to customer accounts.

In December 2018, OCR initiated an investigation following receipt of a breach report filed by the retailer. The report stated that in November 2018, the retailer became aware of unusual, attempted log-in activity on its website. It reported that between September 25, 2018, and November 30, 2018, unauthorized third parties gained access to their customer accounts by using usernames and passwords obtained from other, unrelated websites that were presumably breached. This type of cyberattack is often referred to as “credential stuffing”. In September 2020, the retailer filed an addendum to its December 2018 breach report, updating the number of individuals affected by the breach to 197,986. The compromised ePHI included customer names, mailing addresses, email addresses, certain payment card information, and eyewear prescription information. It also filed subsequent breach reports (each breach report affecting fewer than 500 persons) in April 2020, and June 2022, following similar attacks.

OCR’s investigation found evidence of three violations of the HIPAA Security Rule, including a failure to conduct an accurate and thorough risk analysis to identify the potential risks and vulnerabilities to ePHI in the retailers systems, a failure to implement security measures sufficient to reduce the risks and vulnerabilities to ePHI to a reasonable and appropriate level, and a failure to implement procedures to regularly review records of information system activity.

In September 2024, OCR issued a Notice of Proposed Determination seeking to impose a $1,500,000 civil money penalty. The retailer waived its right to a hearing and did not contest OCR’s imposition of a civil money penalty. Accordingly, in December 2024, OCR imposed a civil money penalty of $1,500,000. Read the Notice of Proposed Determination here.

Article Showcases the Use of AI in Health and Health Care. In an article published in Health Affairs titled “Artificial Intelligence In Health And Health Care: Priorities For Action,” the authors discuss the use of artificial intelligence (AI) in health and health care. The article describes the steps needed to achieve the goals laid out as part of the National Academy of Medicine’s Vital Directions for Health and Health Care: Priorities for 2025 initiative. The article focuses on four strategic areas: ensuring safe, effective, and trustworthy use of AI; promotion and development of an AI-competent health care workforce; investing in AI research to support the science, practice, and delivery of health and health care; and promotion of policies and procedures to clarify AI liability and responsibilities.