HHS Issues Cybersecurity Rule
The U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), issued a proposed rule to improve cybersecurity and better protect the healthcare system from cyberattacks.
The proposed rule modifies the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. It requires health plans, healthcare clearinghouses, most healthcare providers, and most business associates, to strengthen cybersecurity protections against external and internal threats. It requires updates to existing cybersecurity safeguards, using modern best practices, to reflect advances in technology and cybersecurity. It provides greater detail on what covered entities and business associates need to do to protect the security of electronic protected health information (PHI). Policies and procedures would have to be in writing, reviewed, tested, and updated on a regular basis.
Specifically, HHS says the rule reacts to:
- Changes in the environment in which healthcare is provided.
- Significant increases in breaches and cyberattacks.
- Common deficiencies OCR has observed in investigations into Security Rule compliance by covered entities and their business associates.
- Other cybersecurity guidelines, best practices, methodologies, procedures, and processes.
- Court decisions that affect enforcement of the Security Rule.
The rule is in response to growing cybersecurity incidents, including the Change Healthcare attack earlier this year that made much of healthcare come to a standstill.
Th fact sheet is well written and explains many of the details of the rule. I am surprisingly impressed with the proposal and its details. I think it is a good start to protecting the nation from emerging cyberattacks. The problem, though is the readiness of health plans and providers, especially many who have limited expertise and knowledge. They do not have the dollars or know-how to implement protections. As such, I think we need a true national cyber plan with a strong budget and implementation strategy. The rule is a start but is not enough.
Rule at Federal Register: https://www.federalregister.gov/public-inspection/2024-30983/health-insurance-portability-and-accountability-act-security-rule-to-strengthen-the-cybersecurity-of .
Fact Sheet: https://www.hhs.gov/hipaa/for-professionals/security/hipaa-security-rule-nprm/factsheet .
#cybersecurity #healthplans #providers #cms #hhs
$2,000 Part D Retail Drug Cap Starts in 2025
The Inflation Reduction Act’s (IRA) cap of $2,000 for Part D retail drug out-of-pocket costs takes effect as of January 1, 2025 along with a number of other Part D provisions. The provision is touted as a huge win by senior lobby AARP and the Centers for Medicare and Medicaid Services (CMS). About 19 million will save $400 per year, on average. An estimated 1.4 million adults will reach this cap and save at least $1,000 each year between 2025 and 2029. About 420,000 will save more than $3,000.
But the sad fact is that the IRA’s Part D out-of-pocket savings provisions are critically endangering the standalone Part D (PDP) program. CMS had to intercede to spend $5 billion over the next three years to prevent a huge surge in premiums. Nonetheless, premiums, deductibles and cost-sharing increased and plan choice suffered. The IRA could critically endanger the program but neither AARP nor CMS will admit it.
#ira #drugpricing #partd #pdp #medicareadvantage #cms
https://www.beckershospitalreview.com/pharmacy/medicares-2k-drug-cap-starts-jan-1.html
UHG and Amedisys Extend Acquisition Deadline
UnitedHealth Group Inc. and Amedisys extended their timeframe to consummate United’s acquisition of the home health entity. The deal is worth $3.3 billion. The Department of Justice (DOJ) and regulatory authorities oppose the deal as it could give United too many home care assets and undermine competition and raise prices. The DOJ has challenged the merger in court.
Additional article: https://www.modernhealthcare.com/mergers-acquistitions/unitedhealth-amedisys-deal-extension
(Some articles may require a subscription.)
#unitedhealthcare #optum #homecare
https://www.beckerspayer.com/m-and-a/unitedhealth-amedisys-extend-merger-deadline.html
Stakeholders Commenting On CMS 2026 Exchange Rule
Stakeholder comments are coming in on the Centers for Medicare and Medicaid Services’ (CMS) proposed 2026 Exchange rule. Many support CMS’ proposal to beef up marketing rules. The insurance lobby says the Special Enrollment Period allowing certain low-income enrollees to enroll outside of the standard period should end altogether so as to stop bad actors moving enrollees illegally.
(Article may require a subscription.)
#exchanges #aca #marketing #cms #regulations
Healthcare Execs More Optimistic Going Into 2025
After a very tough few years, a new survey shows that healthcare executives are more optimistic going into 2025. The Deloitte survey finds that most expect greater revenues and improved profitability.
About 60% of C-suite leaders have a favorable view of the coming year, up from 52% a year ago. About 69% expect greater revenues, while 71% anticipate improved profitability.
About 65% say developing growth strategies is a top priority for 2025. About 46% of executives identified consumer affordability as a top trend.
#healthcare #healthplans #providers #2025
— Marc S. Ryan