What happened in Congress this week?

Congress will be out of session until after the November 5 election.

HIPAA Security Rule Update Expected by End of Year

This week, a proposed rule that would update HIPAA Security standards advanced to the final stage of review before it is officially published.

The proposed rule titled “Proposed Modifications to the HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information” is expected to officially be proposed by the HHS Office of Civil Rights (OCR) in the coming days. 

Before proposing a regulation for public comment, an agency must first submit its proposed rule to the Office of Budget Management (OMB) for review. OMB is the largest office within the Executive Office of the President and is tasked with overseeing the performance of federal agencies and administering the federal budget, among other responsibilities.

On October 18th, OCR, responsible for enforcing the Health Insurance Portability and Accountability Act (HIPAA), submitted a proposed update to the OMB for review. After OMB’s review, the rule will be published in the Federal Register, opening for public comment for a set period, typically 30 to 60 days. Once the comment period closes, OCR will evaluate the comments before issuing a Final Rule. The Final Rule will respond to themes from the comments and discuss how the rule was changed from its proposed to final versions. The Final Rule will include an effective date, at which point the new or updated regulation will be fully implemented.

Until the proposed rule updating the HIPAA Security Rule is officially published in the Federal Register, the public will not know exactly what will be included. However, CAI speculates that whatever is included will mark big changes in cybersecurity compliance for HIPAA Covered Entities and their Business Associates.

Notably, this would mark the first major update to the HIPAA Security Rule in a long time. This action is likely motivated by this year being one of the worst years on record for health sector data breaches. The most prominent of these attacks was the cyberattack on Change Healthcare which is estimated to have exposed the protected health information (PHI) of one-third of Americans.

From Congress to federal agencies, there has been widespread interest in taking government action to modify health sector cybersecurity requirements over the past few months. As featured in Capitol Insights earlier this month, Senators Ron Wyden (D-OR) and Mark Warner (D-VA) recently introduced the Health Infrastructure Security and Accountability Act. Regardless of whether this bill advances, it clearly highlights Senate Finance Committee Chairman Wyden’s focus on strengthening health sector cybersecurity requirements.

This latest push by OCR is further proof that action will be taken before the end of the year and HIPAA covered entities should be ready to respond.

The rule may include highly technical cybersecurity changes and perhaps stronger penalties for non-compliance. CAI recommends that HIPAA covered entities interested in commenting have cybersecurity and compliance experts ready to review the proposed rule when it is published.

Top Stories in Healthcare Policy

According to a report from Better Medicare Alliance, Medicare Advantage enrollment has grown significantly, with 55% of the Medicare population now enrolled in Medicare Advantage. Experts predict that this trend will continue as open enrollment for 2024 begins.

Politico Pulse provided an excellent overview of new candidate physicians with chances to win House seats in the November 5th election.

  • Sherri Biggs (R) – South Carolina 3rd District – Psychiatric Nurse Practitioner
  • Mayra Flores (R) – Texas 34th District – Respiratory Care Therapist
  • Mike Kenny (R) – Utah 3rd District – Family Medicine Doctor
  • Bob Onder (R) – Missouri 3rd District – Allergy and Asthma Doctor
  • Amish Shah (D) – Arizona 1st District – Emergency Doctor
  • Prasanth Reddy (R) – Kansas 3rd District – Internist

The Coalition for Health AI (CHAI) has released a draft framework on AI Assurance Standards Guide and Reporting Checklist, requesting feedback before the final certification process and Model Card design are released in April 2025.

A new study was published this week focusing on examining the role of discrimination in obesity care, evaluating sex differences in perceived discrimination among individuals with obesity.

Black Book Research’s latest survey highlighted the growing challenges of upcoding fraud, with 90% of respondents expressing concerns about upcoding. Other issues brought up in the survey included concerns about the transition to ICD-11, the integrity of coding processes, and the potential for AI to introduce biases into healthcare billing and access. 

Two new studies from the American Society for Metabolic and Bariatric Surgery and the American College of Surgeons, have both found that bariatric surgery is better for sustained weight loss and more cost-effective than GLP-1 drugs in the long run.

The Biden Administration has proposed a rule that enhances provisions of the Affordable Care Act (ACA) by expanding access to free over-the-counter contraceptives, including birth control and condoms, for women of reproductive age.

A study found that gaps in quality-of-care outcomes between Medicare Advantage and traditional Medicare varied by racial and ethnic minority group.