SDOs & Operating Rules Updates

OCR Settles HIPAA Ransomware Cybersecurity Investigation for $90,000. The Office for Civil Rights (OCR) announced a settlement with a provider of emergency medical services in Oklahoma for a potential violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. The settlement resolves an investigation concerning a ransomware attack on the provider’s…

OCR Settles Ransomware Cybersecurity Investigation for $500,000. The Office for Civil Rights (OCR) announced a settlement with a plastic surgery practice in South Dakota for several potential violations of the HIPAA Security Rule, following an investigation into a ransomware attack breach. OCR initiated an investigation following the receipt of a breach report filed by the…

Assistant Secretary Tripathi Details Challenges with API Data Exchange. Micky Tripathi, Ph.D., Assistant Secretary for Health Technology, National Coordinator, Office of the National Coordinator for Health It (ASTP ONC) detailed several challenges ASTP ONC has encountered in the nation’s drive toward leveraging application programming interfaces (APIs) to exchange health information, including: (i) Publicly accessible API…

ASTP ONC Finalizes Federal Health IT Strategy. The Assistant Secretary for Technology Policy, Office of the National Coordinator for Health Information Technology (ASTP ONC) published the final 2024-2030 Federal Health IT Strategic Plan in accordance with the Health Information Technology for Economic and Clinical Health (HITECH Act.) The Strategic Plan presents federal health information technology (health IT)…

HHS Releases Proposed Rule on Technology Adoption.  The Department of Health and Human Services (HHS) published a proposed rule in the Federal Register entitled “HHS Acquisition Regulation: Acquisition of Information Technology; Standards for Health Information Technology.” The regulation proposes to amend and update the Health and Human Services Acquisition Regulation (HHSAR) to implement requirements to…

CMS Releases Data on No Surprises Act Complaints. The Centers for Medicare & Medicaid Services (CMS) issued a new report that details the total complaints related to the No Surprises Act and Affordable Care Act compliance. CMS notes that, as of June 2024, it had received more than 16,000 complaints, with providers and consumers receiving…

WEDI Makes Recommendations to HHS on Key No Surprises Act Issue. WEDI sent a letter to Xavier Becerra, Secretary of the Department of Health and Human Services (HHS), on the issue of including diagnosis codes on Good Faith Estimations (GFEs) for insured individuals. GFEs are required under the No Surprises Act. WEDI’s recommendations included urging…

OCR Takes Enforcement Action Against Puerto Rican Hospital. The HHS Office for Civil Rights (OCR) issued a notice of violation to a psychiatric hospital located in Puerto Rico for failure to comply with federal civil rights laws on disability. Following an investigation, OCR found that the hospital violated disability civil rights laws when it failed…