CMS proposal requires HIXs to report breaches within one hour

Laura Pedulli | | Health Exec | Policy & Regulations

The Centers for Medicare & Medicaid Services is proposing an emergency review that requires state health insurance exchanges to report suspected or confirmed incidents affecting loss or suspected loss of protected health information within one hour of discovery. The exchanges would be required to notify their Center for Consumer Information and Insurance Oversight state officer, which in turn would notify affected federal agendy data sources.

“The approval of this data collection process is essential to ensuring that Information Security (IS) incidents, which also include Personally Identifiable Information (PII) and Protected Health Information (PHI), are captured within the specified timeframe,” Martique Jones, deputy director, regulations development group, office of strategies operations and regulatory affairs, wrote in a notice published on Aug. 21 in the Federal Register. “In absence of this change, a significant number of incidents will not be detected; therefore causing harm and potential risk to the public's identity with identity fraud.”

CMS requested that the Office of Management and Budget review and approve this collection by Sept. 25 with a 180-day approval period and is seeking comments on the proposal.

To review the notice and instructions on submitting comments, go here.

Laura Pedulli

Related Content

Cardiologist demand is on the rise—can hospitals keep up?
AdvaMed itemizes AI imperatives for ‘the entire healthcare ecosystem’
UnitedHealth defends $3.3B Amedisys acquisition
DOJ sues to block UnitedHealth’s $3.3B acquisition of home health giant
Private equity firm to buy Summa Health for $485M
Private equity transactions in healthcare down 15% since 2023, report finds

Around the web

Cardiovascular Business
Payment cuts and beyond: Key takeaways for cardiologists from the 2025 Medicare Physician Fee Schedule

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

AI in Healthcare
A modest proposal to rally AI regulators around a simple game plan

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

Cardiovascular Business
FDA commissioner urges clinicians to join fight against medical misinformation

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Design by Adaptive Theme
Trimed Popup
Trimed Popup