CMS proposal requires HIXs to report breaches within one hour

Laura Pedulli | | Health Exec | Policy & Regulations

The Centers for Medicare & Medicaid Services is proposing an emergency review that requires state health insurance exchanges to report suspected or confirmed incidents affecting loss or suspected loss of protected health information within one hour of discovery. The exchanges would be required to notify their Center for Consumer Information and Insurance Oversight state officer, which in turn would notify affected federal agendy data sources.

“The approval of this data collection process is essential to ensuring that Information Security (IS) incidents, which also include Personally Identifiable Information (PII) and Protected Health Information (PHI), are captured within the specified timeframe,” Martique Jones, deputy director, regulations development group, office of strategies operations and regulatory affairs, wrote in a notice published on Aug. 21 in the Federal Register. “In absence of this change, a significant number of incidents will not be detected; therefore causing harm and potential risk to the public's identity with identity fraud.”

CMS requested that the Office of Management and Budget review and approve this collection by Sept. 25 with a 180-day approval period and is seeking comments on the proposal.

To review the notice and instructions on submitting comments, go here.

Laura Pedulli

Related Content

Q&A: Proposed changes to Social Security Act would recognize pharmacists as healthcare providers
10 signs AI is ‘eating the world (of venture capital)’
Mangione now faces federal charges, death penalty in murder of UHC CEO
FDA issues Class I recall on counterfeit infusion pump batteries
FDA issues alert on PCNL sheath safety after patient death
DOJ sues CVS over unlawful opioid prescriptions and reimbursement

Around the web

Cardiovascular Business
FDA says years-long tirzepatide shortage is resolved, will give limited leeway to compounders

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

AI in Healthcare
From Capitol Hill to a hospital near you? 5 federal recommendations for healthcare AI policy

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Cardiovascular Business
Merck spends up to $2B to license new weight loss drug with potential heart benefits

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.