{"description":"Documents matching 'security forms compliance hipaa privacy requirements'","count":877,"total_pages":44,"next_page_url":"https://www.federalregister.gov/api/v1/documents?conditions%5Bterm%5D=security+forms+compliance+hipaa+privacy+requirements&format=json&page=2","results":[{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"In accordance with the Privacy Act of 1974, as amended, the Department of Health and Human Services (HHS) is partially modifying an existing system of records maintained by the Office for Civil Rights (OCR), \"Program Information Management System (PIMS),\" System No. 09- 90-0052. The modifications include changing the system of records name to \"HHS Civil Rights and Health Information Privacy Program Records\" and affect only certain sections of the System of Records Notice (SORN), so HHS is not republishing the SORN in full. The system of records contains records about individual members of the public who submit or are named or otherwise involved in civil rights, conscience and religious freedom, and health information privacy-related complaints received by and compliance reviews conducted by OCR, and individuals who submit reports to OCR about breaches of unsecured protected health information (PHI) experienced by covered entities and business associates subject to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, Breach Notification, and Enforcement Rules. OCR is modifying it to include information that programs subject to 42 CFR part 2 (\"Part 2\") (and, as applicable, a qualified service organization on a Part 2 program's behalf) report to the Secretary with respect to a breach of unsecured substance use disorder (SUD) patient records maintained by a Part 2 program (\"Part 2 records\") and complaints and compliance reviews involving potential violations of Part 2.","document_number":"2026-03003","html_url":"https://www.federalregister.gov/documents/2026/02/17/2026-03003/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-02-17/pdf/2026-03003.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-03003.pdf?1770930912","publication_date":"2026-02-17","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"}],"excerpts":"enforcement of Part 2 <span class=\"match\">requirements</span> governing confidentiality of SUD patient records through, among other activities, conducting complaint investigations and <span class=\"match\">compliance</span> reviews and collecting (and publicly posting, as applicable) reports of breaches of unsecured Part 2 records. A Part 2 breach report <span class=\"match\">form</span> approved by OMB for collection of information will be accessible from OCR's website at \n https://www.hhs.gov/<span class=\"match\">hipaa</span>/for-professionals/breach-notification/index.html. \n This <span class=\"match\">form</span> must be filed through the HHS website. A Part 2 complaint <span class=\"match\">form</span> approved by OMB"},{"title":"HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information","type":"Proposed Rule","abstract":"The Department of Health and Human Services (HHS or \"Department\") is issuing this notice of proposed rulemaking (NPRM) to solicit comment on its proposal to modify the Security Standards for the Protection of Electronic Protected Health Information (\"Security Rule\") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The proposed modifications would revise existing standards to better protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). The proposals in this NPRM would increase the cybersecurity for ePHI by revising the Security Rule to address: changes in the environment in which health care is provided; significant increases in breaches and cyberattacks; common deficiencies the Office for Civil Rights has observed in investigations into Security Rule compliance by covered entities and their business associates (collectively, \"regulated entities\"); other cybersecurity guidelines, best practices, methodologies, procedures, and processes; and court decisions that affect enforcement of the Security Rule.","document_number":"2024-30983","html_url":"https://www.federalregister.gov/documents/2025/01/06/2024-30983/hipaa-security-rule-to-strengthen-the-cybersecurity-of-electronic-protected-health-information","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-06/pdf/2024-30983.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-30983.pdf?1735334119","publication_date":"2025-01-06","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"Entities' <span class=\"match\">Compliance</span> With the <span class=\"match\">Requirements</span> of the <span class=\"match\">Security</span> Rule Is Inconsistent \n D. It Is Reasonable and Appropriate To Strengthen the <span class=\"match\">Security</span> Rule To Address the Changes in the Health Care Environment and Clarify the <span class=\"match\">Compliance</span> Obligations of Regulated Entities \n \n 1. Congress and the Department Anticipated That <span class=\"match\">Security</span> Standards \n \n Safeguards Would Evolve To Address Changes in the Health Care Environment\n \n 2. NCVHS Believes That the <span class=\"match\">Security</span> Standards Evolve To Address Changes in the Health Care Environment \n 3. A Strengthened <span class=\"match\">Security</span> Rule Would"},{"title":"HIPAA Privacy Rule To Support Reproductive Health Care Privacy","type":"Rule","abstract":"The Department of Health and Human Services (HHS or \"Department\") is issuing this final rule to modify the Standards for Privacy of Individually Identifiable Health Information (\"Privacy Rule\") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The Department is issuing this final rule after careful consideration of all public comments received in response to the notice of proposed rulemaking (NPRM) for the HIPAA Privacy Rule to Support Reproductive Health Care Privacy (\"2023 Privacy Rule NPRM\") and public comments received on proposals to revise provisions of the HIPAA Privacy Rule in the NPRM for the Confidentiality of Substance Use Disorder (SUD) Patient Records (\"2022 Part 2 NPRM\").","document_number":"2024-08503","html_url":"https://www.federalregister.gov/documents/2024/04/26/2024-08503/hipaa-privacy-rule-to-support-reproductive-health-care-privacy","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-04-26/pdf/2024-08503.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-08503.pdf?1713816919","publication_date":"2024-04-26","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"of 1996 (<span class=\"match\">HIPAA</span>).\n 1 \n \n The <span class=\"match\">Privacy</span> Rule \n 2 \n \n is one of several rules, collectively known as the <span class=\"match\">HIPAA</span> Rules,\n 3 \n \n that protect the <span class=\"match\">privacy</span> and <span class=\"match\">security</span> of individuals' protected health information \n 4 \n \n (PHI), which is individually identifiable health information \n 5 \n \n (IIHI) transmitted by or maintained in electronic media or any other <span class=\"match\">form</span> or medium, with certain exceptions.\n 6 \n \n \n \n \n 1 \n  Subtitle F of title II of <span class=\"match\">HIPAA</span> (Pub. L. 104-191, 110 Stat. 1936 (Aug. 21, 1996)) added a new part C to title XI of the Social <span class=\"match\">Security</span> Act of 1935"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"In accordance with the Privacy Act of 1974, the DoD is modifying and reissuing a current system of records notice (SORN) titled, \"Department of Defense Suicide Event Report (DoDSER) System, EDHA 20 DoD.\" This system of records was originally established to collect and maintain records on Reportable Events involving Active Duty and Reserve personnel to support ongoing population-based health surveillance and activities within DoD, analyze and evaluate Reportable Events to identify risk factors and trends; prevent suicide behaviors, and implement Reportable Events within the DoD. This notice updates the system identifier, system's location, expands reporting to the Space Force and Coast Guard, clarifies its purpose, and revises the routine uses. The DoD is also modifying various other sections within the SORN to improve clarity or update information that has changed.","document_number":"2026-13367","html_url":"https://www.federalregister.gov/documents/2026/07/02/2026-13367/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-07-02/pdf/2026-13367.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-13367.pdf?1782909914","publication_date":"2026-07-02","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"INFORMATION CONTACT \n or at the Oversight and <span class=\"match\">Compliance</span> Directorate, <span class=\"match\">Privacy</span> and Civil Liberties Division website at \n https://pclt.defense.gov/DIRECTORATES/<span class=\"match\">Privacy</span>-and-Civil-Liberties-Directorate/<span class=\"match\">Privacy</span>/SORNS/. \n \n II. <span class=\"match\">Privacy</span> Act \n \n Under the <span class=\"match\">Privacy</span> Act, a “system of records” is a group of records under the control of an agency from which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. In the <span class=\"match\">Privacy</span> Act, an individual is defined \n \n as a U"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"Pursuant to the provisions of the Privacy Act of 1974, as amended, the Department of the Housing and Urban Development (HUD), Office of the Chief Information Officer (OCIO) and Infrastructure and Operations (IOO), is issuing a public notice of its intent to modify the Privacy Act System of Records Notice (SORN) titled \"Voice of the Customer (VoC)\". The Voice of the Customer (VoC) system of records, originally maintained by the Office of the Chief Financial Officer (OCFO), has been transferred to the OCIO. The VoC platform supports HUD's implementation of the Government Service Delivery Improvement Act and the Executive Order 14058, Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government, issued on December 13, 2021. It enables customers to provide feedback on HUD's services and allows the Department to analyze customer interactions to identify opportunities for service improvement and to build public trust. This modification updates the System Location, Authority for Maintenance of the System, Purpose, Categories of Records in the System, Record Source Categories, and Technical and Physical Safeguards. Details of these modifications are outlined in the Supplementary Information section.","document_number":"2026-13969","html_url":"https://www.federalregister.gov/documents/2026/07/10/2026-13969/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-07-10/pdf/2026-13969.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-13969.pdf?1783601114","publication_date":"2026-07-10","agencies":[{"raw_name":"DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT","name":"Housing and Urban Development Department","id":228,"url":"https://www.federalregister.gov/agencies/housing-and-urban-development-department","json_url":"https://www.federalregister.gov/api/v1/agencies/228","parent_id":null,"slug":"housing-and-urban-development-department"}],"excerpts":"number or by one of the following methods: \n \n Federal e-Rulemaking Portal: http://www.regulations.gov \n . Follow the instructions provided on that site to submit comments electronically.\n \n \n Fax: \n 202-619-8365.\n \n \n Email: <span class=\"match\">privacy</span>@hud.gov \n .\n \n \n Mail: \n Attention: <span class=\"match\">Privacy</span> Office; Kimberly Morton, Acting Chief <span class=\"match\">Privacy</span> Officer; The Executive Secretariat, 451 7th Street SW, Room 10139; Washington, DC 20410-0001.\n \n \n Instructions: \n All submissions received must include the agency name and docket number for this rulemaking. All comments received"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"In accordance with the Privacy Act of 1974, the Department of the Navy is modifying and reissuing a current system of records titled, \"Millennium Cohort Study, N06500-1. This system of records was originally established to collect and maintain records on service members and veterans who have, or have not, deployed overseas so that various longitudinal health and research studies may be conducted over a 67-year period. This system of records notice (SORN) is being updated to change the system name and system ID, expand the \"Purpose\" section, and to incorporate the DoD standard routine uses and support additional information sharing of these records outside of the Department. The Navy is also modifying various other sections within the SORN to improve clarity or update information that has changed.","document_number":"2026-08431","html_url":"https://www.federalregister.gov/documents/2026/04/30/2026-08431/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-04-30/pdf/2026-08431.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-08431.pdf?1777466716","publication_date":"2026-04-30","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Department of the Navy","name":"Navy Department","id":378,"url":"https://www.federalregister.gov/agencies/navy-department","json_url":"https://www.federalregister.gov/api/v1/agencies/378","parent_id":103,"slug":"navy-department"}],"excerpts":"necessary to accomplish the purpose for which the disclosure is being made is releasable; (3) must adhere to the <span class=\"match\">privacy</span> and <span class=\"match\">security</span> <span class=\"match\">requirements</span> applicable to protected health information under 45 CFR parts 160 and 164, Health Insurance Portability and Accountability Act (<span class=\"match\">HIPAA</span>) <span class=\"match\">Privacy</span>, <span class=\"match\">Security</span> and Breach Notification Rules, (4) must adhere to <span class=\"match\">privacy</span> <span class=\"match\">requirements</span> applicable to personally identifiable information under the <span class=\"match\">Privacy</span> Act of 1974 in accordance with DoD guidance; and (5) must follow strict guidelines established in the Memorandum"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"In accordance with the Privacy Act of 1974, the Office of Personnel Management (OPM) proposes to modify and republish in full a system of records previously titled \"OPM/Central-15, Health Claims Data Warehouse Records\" which will be renamed \"OPM/Central-15, Health Benefits Claims and Cost Records.\" The modification is necessary to include Postal Service Health Benefits Program records in the system, to provide notice of additional data fields collected to support the Federal Employees Health Benefits (FEHB) Program, as well as to provide notice of additional routine uses to the system. The system of records contains health benefits service use and cost data about enrollees and their family members, who are or have been covered under the FEHB Program. As in previous notices for this system of records, the term \"service use and cost data\" includes, but is not limited to, medical claims data, pharmacy claims data, encounter data, and provider data. The system of records also includes Medicare service use and cost data about FEHB- covered individuals who are enrolled in Medicare. This notice clarifies that references in the system of records to the \"FEHB Program\" or \"FEHB\" include the Postal Service Health Benefits Program (\"PSHB Program\" or \"PSHB\") within the FEHB Program.","document_number":"2026-12596","html_url":"https://www.federalregister.gov/documents/2026/06/23/2026-12596/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-06-23/pdf/2026-12596.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-12596.pdf?1782132319","publication_date":"2026-06-23","agencies":[{"raw_name":"OFFICE OF PERSONNEL MANAGEMENT","name":"Personnel Management Office","id":406,"url":"https://www.federalregister.gov/agencies/personnel-management-office","json_url":"https://www.federalregister.gov/api/v1/agencies/406","parent_id":null,"slug":"personnel-management-office"}],"excerpts":"modify this system of records notice to indicate that references to the “FEHB Program” or “FEHB” include the “PSHB Program” or “PSHB.” \n \n OPM is a “health oversight agency” under the Health Insurance Portability and Accountability Act of 1996 (<span class=\"match\">HIPAA</span>) <span class=\"match\">Privacy</span> Rule definition at 45 CFR 164.501. The <span class=\"match\">HIPAA</span> <span class=\"match\">Privacy</span> Rule permits covered entities, including carriers, to disclose protected health information (PHI), including service use and cost data, to health oversight agencies, such as OPM, for “oversight activities authorized by law.” \n 1 \n \n Therefore"},{"title":"Administrative Simplification; Adoption of Standards for Health Care Claims Attachments Transactions and Electronic Signatures","type":"Rule","abstract":"This final rule implements requirements of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the Patient Protection and Affordable Care Act, as amended by the Health Care and Education Reconciliation Act of 2010, enacted on March 30, 2010--collectively, the Affordable Care Act. Specifically, this final rule adopts standards for health care claims attachments transactions, which will support health care claims transactions, and a standard for electronic signatures to be used in conjunction with health care claims attachments transactions.","document_number":"2026-05676","html_url":"https://www.federalregister.gov/documents/2026/03/24/2026-05676/administrative-simplification-adoption-of-standards-for-health-care-claims-attachments-transactions","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-03-24/pdf/2026-05676.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-05676.pdf?1774037709","publication_date":"2026-03-24","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"statute as the “original” <span class=\"match\">HIPAA</span> provisions. \n Section 1172(a) of the Act provides that any standard adopted by the Secretary under the <span class=\"match\">HIPAA</span> Administrative Simplification provision shall apply, in whole or in part, to the following persons, referred to as “covered entities”: (1) a health plan; (2) a health care clearinghouse; and (3) a health care provider who transmits any health information in electronic <span class=\"match\">form</span> in connection with a <span class=\"match\">HIPAA</span> transaction. In general, section 1172 of the Act provides that any standard adopted under <span class=\"match\">HIPAA</span> is to be developed,"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"Pursuant to the Privacy Act of 1974, notice is hereby given that the VA is modifying the system of records titled, \"Veteran, Patient, Employee, and Volunteer Research and Development Project Records-VA\" (34VA10). This system of records is used to determine eligibility for research funding, to determine handling of intellectual properties, to manage proposed and/or approved research endeavors, and to evaluate the research and development program. This system may also be used for data analysis to address specific questions and gain generalizable knowledge and deepen understanding of a topic or issue.","document_number":"2025-15588","html_url":"https://www.federalregister.gov/documents/2025/08/15/2025-15588/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-08-15/pdf/2025-15588.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-15588.pdf?1755175532","publication_date":"2025-08-15","agencies":[{"raw_name":"DEPARTMENT OF VETERANS AFFAIRS","name":"Veterans Affairs Department","id":520,"url":"https://www.federalregister.gov/agencies/veterans-affairs-department","json_url":"https://www.federalregister.gov/api/v1/agencies/520","parent_id":null,"slug":"veterans-affairs-department"}],"excerpts":"information systems is protected by an approved <span class=\"match\">form</span> of two factor authentication and communications are encrypted at rest and in transit. \n Access to a contractor's records and their system of computers used with the particular project are available to authorized personnel only. Records on investigators stored on automated storage media are accessible by authorized VA personnel via VA computers or computer systems. They are required to take annual VA mandatory data <span class=\"match\">privacy</span> and <span class=\"match\">security</span> training. <span class=\"match\">Security</span> complies with applicable Federal Information"},{"title":"Agency Information Collection Request; 30-Day Public Comment Request","type":"Notice","abstract":"In compliance with the requirement of the Paperwork Reduction Act of 1995, the Office of the Secretary (OS), Department of Health and Human Services, submitted an Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and approval. OMB will accept further comments from the public during the review and approval period.","document_number":"2026-00499","html_url":"https://www.federalregister.gov/documents/2026/01/13/2026-00499/agency-information-collection-request-30-day-public-comment-request","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-01-13/pdf/2026-00499.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-00499.pdf?1768225520","publication_date":"2026-01-13","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"}],"excerpts":"Aid, Relief, and Economic <span class=\"match\">Security</span> Act, which applies section 1176 of the Social <span class=\"match\">Security</span> Act (“the Act”), 45 U.S.C. 1320d-5, to a violation of Part 2 in the same manner as it applies to a violation of part C of title XI of the Act, Administrative Simplification. The Administrative Simplification provisions were added to the Act by the Health Insurance Portability and Accountability Act of 1996 (<span class=\"match\">HIPAA</span>). OCR currently exercises its enforcement authority under section 1176 of the Act to enforce the <span class=\"match\">HIPAA</span> <span class=\"match\">Privacy</span>, <span class=\"match\">Security</span>, and Breach Notification Rules"},{"title":"Agency Information Collection Request; 60-Day Public Comment Request","type":"Notice","abstract":"In compliance with the requirement of the Paperwork Reduction Act of 1995, the Office of the Secretary (OS), Department of Health and Human Services, is publishing the following summary of a proposed collection for public comment.","document_number":"2025-17557","html_url":"https://www.federalregister.gov/documents/2025/09/11/2025-17557/agency-information-collection-request-60-day-public-comment-request","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-09-11/pdf/2025-17557.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-17557.pdf?1757508321","publication_date":"2025-09-11","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"}],"excerpts":"information from individuals using the <span class=\"match\">form</span>, Confidentiality of Substance Use Disorder Patient Records Complaint, to allow OCR to collect the minimum information needed from individuals who file complaints with OCR to <span class=\"match\">form</span> the basis for the initial processing of such complaints to satisfy the right for an individual to file a complaint under 42 CFR 2.4(b).\n \n I. Authority \n OCR has delegated civil enforcement authority under 42 U.S.C. 290dd-2(f), as amended by section 3221 of the Coronavirus Relief, Aid, and Economic <span class=\"match\">Security</span> Act, that applies section 1176"},{"title":"Announcement of Requirements and Registration for “EHIgnite Challenge”","type":"Notice","abstract":"The EHIgnite Challenge addresses data usability challenges in single patient electronic health information (EHI) exports. This challenge seeks to incentivize the development of tools, platforms, and workflows that transform single patient EHI exports into usable, readable, and actionable information that supports clinical care, patient engagement, and informed decision-making.","document_number":"2026-10068","html_url":"https://www.federalregister.gov/documents/2026/05/20/2026-10068/announcement-of-requirements-and-registration-for-ehignite-challenge","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-05-20/pdf/2026-10068.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-10068.pdf?1779117307","publication_date":"2026-05-20","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"}],"excerpts":"implementation and adoption. \n • Scalability to multiple patients, providers, and EHR systems. \n • Interoperability across multiple EHR systems. \n <span class=\"match\">Privacy</span> and <span class=\"match\">Security</span> <span class=\"match\">Compliance</span> (Up to 15 pts) \n • Adherence to the Health Insurance Portability and Accountability Act of 1996 (<span class=\"match\">HIPAA</span>) rule, <span class=\"match\">Privacy</span>, <span class=\"match\">Security</span>, and Breach Notification Rules (45 CFR parts 160 and 164), and other applicable <span class=\"match\">privacy</span>, <span class=\"match\">security</span>, and consent laws is required. \n • Effectiveness and innovation in enabling users to customize data sharing settings when sharing data and information"},{"title":"Medicare and Medicaid Programs; Patient Protection and Affordable Care Act; Interoperability Standards and Prior Authorization for Drugs for Medicare Advantage Organizations, Medicaid Managed Care Plans, State Medicaid Agencies, Children's Health Insurance Program (CHIP) Agencies and CHIP Managed Care Entities, and Issuers of Qualified Health Plans on the Federally-Facilitated Exchanges","type":"Proposed Rule","abstract":"These proposals are intended to improve the electronic exchange of health care data and streamline processes related to prior authorization by increasing the interoperability of systems used across the health care industry. We are proposing new requirements for Medicare Advantage (MA) organizations, state Medicaid fee-for-service (FFS) programs, state Children's Health Insurance Program (CHIP) FFS programs, Medicaid managed care plans, CHIP managed care entities, and Qualified Health Plan (QHP) issuers on the Federally-facilitated Exchanges (FFEs), including issuers that offer small group market QHPs on the Federally-facilitated Small Business Health Options Program (FF- SHOP) Exchanges (hereinafter referred to as \"small group market QHP issuers on the FF-SHOPs\") (collectively \"impacted payers\"), to make available electronic prior authorization for drugs. We are also proposing to extend many existing interoperability requirements for the prior authorization of non-drug items and services to include prior authorizations for drugs to further reduce patient and provider burden. We are also proposing to require impacted payers to report their application programming interfaces (API) endpoints and related information for the Patient Access, Provider Directory, Provider Access, Payer-to-Payer, and Prior Authorization APIs to CMS. To help assess the impact of our policies, we are proposing to collect API usage metrics. In addition, we are proposing to apply the existing interoperability requirements to small group market QHP issuers on the FF-SHOPs as impacted payers. To improve impacted payers' ability to exchange health information while continuing CMS's drive toward interoperability, we are proposing to require certain Health Level Seven (HL7[supreg]) Fast Healthcare Interoperability Resources (FHIR[supreg]) implementation guides (IGs) that are currently recommended. In addition, HHS is proposing to adopt the HL7 FHIR base standard and certain associated specifications and IGs as the Health Insurance Portability and Accountability Act of 1996 (hereinafter referred to as \"HIPAA\") (Pub. L. 104-191, enacted Aug. 21, 1996) standards for dental, professional, and institutional \"referral certification and authorization\" transactions and \"eligibility for a health plan\" transactions associated with prior authorization. We are proposing to add a definition for \"failure to report,\" which would allow CMS to impose a civil monetary penalty (CMP) on applicable manufacturers or applicable group purchasing organizations (GPOs) if those entities fail to grant CMS timely access to documents for the purposes of an audit. Finally, ONC is using this rulemaking to propose to adopt updated versions of certain health information technology (health IT) standards and specifications for HHS use, such as CMS's interoperability requirements, to support a more robust health IT infrastructure.","document_number":"2026-07205","html_url":"https://www.federalregister.gov/documents/2026/04/14/2026-07205/medicare-and-medicaid-programs-patient-protection-and-affordable-care-act-interoperability-standards","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-04-14/pdf/2026-07205.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-07205.pdf?1775852111","publication_date":"2026-04-14","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Centers for Medicare & Medicaid Services","name":"Centers for Medicare & Medicaid Services","id":45,"url":"https://www.federalregister.gov/agencies/centers-for-medicare-medicaid-services","json_url":"https://www.federalregister.gov/api/v1/agencies/45","parent_id":221,"slug":"centers-for-medicare-medicaid-services"},{"raw_name":"Office of the Secretary"}],"excerpts":"request extensions to the <span class=\"match\">compliance</span> date for that <span class=\"match\">requirement</span>. We are proposing that those extensions would only be available until the <span class=\"match\">compliance</span> date for the <span class=\"match\">HIPAA</span> Administrative Simplification proposals in this rule, if the proposals are finalized. In addition, we are proposing a process for state Medicaid and CHIP FFS programs to request from CMS extensions to allow additional time to meet the proposed <span class=\"match\">requirement</span> to incorporate drugs covered under a medical benefit into the Prior Authorization API and the proposed <span class=\"match\">requirement</span> to support the NCPDP"},{"title":"Medicaid Program; Community Engagement Requirement for Certain Individuals","type":"Rule","abstract":"This interim final rule with comment period (IFC) interprets and implements the community engagement requirement in Medicaid under section 1902(xx) of the Social Security Act. States are required to implement the new requirement no later than January 1, 2027. This IFC specifies the requirements and expectations for States, including the Medicaid applicants and beneficiaries who must demonstrate community engagement as a condition of their eligibility, the types of qualifying activities that satisfy the community engagement requirement, the criteria to meet an exception from the requirement (that is, be deemed compliant), and the criteria to meet a specified exclusion from the requirement. It also specifies requirements for verification of qualifying activities, outreach to affected populations, steps States must take if they determine individuals are noncompliant, and additional operational considerations for States. Finally, this IFC specifies implementation timing and establishes new State reporting requirements.","document_number":"2026-11094","html_url":"https://www.federalregister.gov/documents/2026/06/03/2026-11094/medicaid-program-community-engagement-requirement-for-certain-individuals","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-06-03/pdf/2026-11094.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-11094.pdf?1780346707","publication_date":"2026-06-03","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Centers for Medicare & Medicaid Services","name":"Centers for Medicare & Medicaid Services","id":45,"url":"https://www.federalregister.gov/agencies/centers-for-medicare-medicaid-services","json_url":"https://www.federalregister.gov/api/v1/agencies/45","parent_id":221,"slug":"centers-for-medicare-medicaid-services"}],"excerpts":"implements the community engagement <span class=\"match\">requirement</span> in Medicaid under section 1902(xx) of the Social <span class=\"match\">Security</span> Act. States are required to implement the new <span class=\"match\">requirement</span> no later than January 1, 2027. This IFC specifies the <span class=\"match\">requirements</span> and expectations for States, including the Medicaid applicants and beneficiaries who must demonstrate community engagement as a condition of their eligibility, the types of qualifying activities that satisfy the community engagement <span class=\"match\">requirement</span>, the criteria to meet an exception from the <span class=\"match\">requirement</span> (that is, be deemed compliant)"},{"title":"Agency Information Collection Activities: Submission for OMB Review; Comment Request","type":"Notice","abstract":"The Centers for Medicare & Medicaid Services (CMS) is announcing an opportunity for the public to comment on CMS' intention to collect information from the public. Under the Paperwork Reduction Act of 1995 (PRA), federal agencies are required to publish notice in the Federal Register concerning each proposed collection of information, including each proposed extension or reinstatement of an existing collection of information, and to allow a second opportunity for public comment on the notice. Interested persons are invited to send comments regarding the burden estimate or any other aspect of this collection of information, including the necessity and utility of the proposed information collection for the proper performance of the agency's functions, the accuracy of the estimated burden, ways to enhance the quality, utility, and clarity of the information to be collected, and the use of automated collection techniques or other forms of information technology to minimize the information collection burden.","document_number":"2025-18506","html_url":"https://www.federalregister.gov/documents/2025/09/24/2025-18506/agency-information-collection-activities-submission-for-omb-review-comment-request","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-09-24/pdf/2025-18506.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-18506.pdf?1758631515","publication_date":"2025-09-24","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Centers for Medicare & Medicaid Services","name":"Centers for Medicare & Medicaid Services","id":45,"url":"https://www.federalregister.gov/agencies/centers-for-medicare-medicaid-services","json_url":"https://www.federalregister.gov/api/v1/agencies/45","parent_id":221,"slug":"centers-for-medicare-medicaid-services"}],"excerpts":"collection; \n Title of Information Collection: \n <span class=\"match\">HIPAA</span> Administrative Simplification (Non-<span class=\"match\">Privacy</span>/<span class=\"match\">Security</span>) Complaint <span class=\"match\">Form</span>; \n Use: \n The Secretary of Health and Human Services (HHS), hereafter known as “The Secretary,” codified 45 CFR parts 160 and 164 Administrative Simplification provisions that apply to the enforcement of the Health Insurance Portability and Accountability Act of 1996 Public Law 104-191 (<span class=\"match\">HIPAA</span>). The provisions address rules relating to the investigation of non-<span class=\"match\">compliance</span> of the <span class=\"match\">HIPAA</span> Administrative Simplification code sets, unique"},{"title":"Agency Information Collection Activities: Proposed Collection; Comment Request","type":"Notice","abstract":"The Centers for Medicare & Medicaid Services (CMS) is announcing an opportunity for the public to comment on CMS' intention to collect information from the public. Under the Paperwork Reduction Act of 1995 (PRA), federal agencies are required to publish notice in the Federal Register concerning each proposed collection of information (including each proposed extension or reinstatement of an existing collection of information) and to allow 60 days for public comment on the proposed action. Interested persons are invited to send comments regarding our burden estimates or any other aspect of this collection of information, including the necessity and utility of the proposed information collection for the proper performance of the agency's functions, the accuracy of the estimated burden, ways to enhance the quality, utility, and clarity of the information to be collected, and the use of automated collection techniques or other forms of information technology to minimize the information collection burden.","document_number":"2025-11980","html_url":"https://www.federalregister.gov/documents/2025/06/27/2025-11980/agency-information-collection-activities-proposed-collection-comment-request","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-06-27/pdf/2025-11980.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-11980.pdf?1750941925","publication_date":"2025-06-27","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Centers for Medicare & Medicaid Services","name":"Centers for Medicare & Medicaid Services","id":45,"url":"https://www.federalregister.gov/agencies/centers-for-medicare-medicaid-services","json_url":"https://www.federalregister.gov/api/v1/agencies/45","parent_id":221,"slug":"centers-for-medicare-medicaid-services"}],"excerpts":"collection; \n Title of Information Collection: \n <span class=\"match\">HIPAA</span> Administrative Simplification (Non-<span class=\"match\">Privacy</span>/<span class=\"match\">Security</span>) Complaint <span class=\"match\">Form</span>; \n Use: \n The Secretary of Health and Human Services (HHS), hereafter known as “The Secretary,” codified 45 CFR parts 160 and 164 Administrative Simplification provisions that apply to the enforcement of the Health Insurance Portability and Accountability Act of 1996 Public Law 104-191 (<span class=\"match\">HIPAA</span>). The provisions address rules relating to the investigation of non-<span class=\"match\">compliance</span> of the <span class=\"match\">HIPAA</span> Administrative Simplification code sets, unique"},{"title":"Confidentiality of Substance Use Disorder (SUD) Patient Records","type":"Rule","abstract":"The United States Department of Health and Human Services (HHS or \"Department\") is issuing this final rule to modify its regulations to implement section 3221 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act. The Department is issuing this final rule after careful consideration of all public comments received in response to the notice of proposed rulemaking (NPRM) for the Confidentiality of Substance Use Disorder (SUD) Patient Records. This final rule also makes certain other modifications to increase alignment with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to improve workability and decrease burden on programs, covered entities, and business associates.","document_number":"2024-02544","html_url":"https://www.federalregister.gov/documents/2024/02/16/2024-02544/confidentiality-of-substance-use-disorder-sud-patient-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-02-16/pdf/2024-02544.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-02544.pdf?1707408916","publication_date":"2024-02-16","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"Stat. 226 (Feb. 17, 2009).\n \n \n \n \n 5 \n  \n See \n the <span class=\"match\">HIPAA</span> <span class=\"match\">Privacy</span> Rule, 45 CFR parts 160 and 164, subparts A and E; the <span class=\"match\">HIPAA</span> <span class=\"match\">Security</span> Rule, 45 CFR parts 160 and 164, subparts A and C; the <span class=\"match\">HIPAA</span> Breach Notification Rule, 45 CFR part 164, subpart D; and the <span class=\"match\">HIPAA</span> Enforcement Rule, 45 CFR part 160, subparts C, D, and E. Breach notification <span class=\"match\">requirements</span> were added by the HITECH Act.\n \n \n \n \n 6 \n  PHI is individually identifiable health information maintained or transmitted by or on behalf of a <span class=\"match\">HIPAA</span> covered entity. \n See \n 45 CFR 160.103 (definitions"},{"title":"Health Data, Technology, and Interoperability: Trusted Exchange Framework and Common Agreement (TEFCA)","type":"Rule","abstract":"This final rule has finalized certain proposals from a proposed rule published in August 2024 and in doing so advances interoperability and supports the access, exchange, and use of electronic health information. Specifically, this final rule amends the information blocking regulations by including definitions related to the Trusted Exchange Framework and Common Agreement (TEFCA) Manner Exception. It also implements provisions related to the TEFCA, which will support the reliability, privacy, security, and trust within TEFCA. Lastly, this final rule includes corrections and updates to current regulatory provisions of the Office of the National Coordinator for Health Information Technology (ONC) Health IT Certification Program.","document_number":"2024-29163","html_url":"https://www.federalregister.gov/documents/2024/12/16/2024-29163/health-data-technology-and-interoperability-trusted-exchange-framework-and-common-agreement-tefca","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-12-16/pdf/2024-29163.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-29163.pdf?1733924732","publication_date":"2024-12-16","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"TEFCA complements other Federal <span class=\"match\">requirements</span> to reduce complexity and encourage more seamless nationwide exchange. For example, as explained in more detail above, entities are able to comply with both <span class=\"match\">HIPAA</span> (<span class=\"match\">HIPAA</span> <span class=\"match\">Privacy</span>, <span class=\"match\">Security</span>, and Breach Notification Rules) and TEFCA. While ASTP/ONC may develop definitions and <span class=\"match\">requirements</span> within TEFCA that are narrower or broader than corresponding definitions and <span class=\"match\">requirements</span> within the <span class=\"match\">HIPAA</span> Rules, ASTP/ONC does try to align TEFCA <span class=\"match\">requirements</span> with the <span class=\"match\">requirements</span> in the <span class=\"match\">HIPAA</span> Rules when possible.\n \n \n \n 11"},{"title":"NIH Controlled-Access Data Policy and Proposed Revisions to NIH Genomic Data Sharing Policy","type":"Notice","abstract":"The National Institutes of Health (NIH) is requesting public input on its proposal to establish harmonized and transparent policy requirements for protecting human participant research data. Specifically, NIH proposes (1) establishing policy requirements for which data should be controlled-access under NIH data sharing policies, and (2) revising the NIH Genomic Data Sharing Policy to simplify and harmonize requirements.","document_number":"2025-23246","html_url":"https://www.federalregister.gov/documents/2025/12/18/2025-23246/nih-controlled-access-data-policy-and-proposed-revisions-to-nih-genomic-data-sharing-policy","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-12-18/pdf/2025-23246.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-23246.pdf?1765979122","publication_date":"2025-12-18","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"National Institutes of Health","name":"National Institutes of Health","id":353,"url":"https://www.federalregister.gov/agencies/national-institutes-of-health","json_url":"https://www.federalregister.gov/api/v1/agencies/353","parent_id":221,"slug":"national-institutes-of-health"}],"excerpts":"human face or head regions \n <span class=\"match\">Requirements</span> for Controlled-Access Data Sharing \n \n Controlled-access data repositories sharing human participant data types identified in this Policy must adhere to <span class=\"match\">security</span> and operational standards appropriate for safeguarding of human data. NIH Controlled-Access Data Repositories (CADRs) subject to the “Required <span class=\"match\">Security</span> and Operational Standards for NIH Controlled-Access Data Repositories” are fully compliant with the <span class=\"match\">requirements</span> of this Policy (\n https://grants.nih.gov/policy-and-<span class=\"match\">compliance</span>/policy-topics/sharing-p"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"Under the Privacy Act of 1974, as amended, the Department of the Housing and Urban Development (HUD), Office of the Chief Financial Officer (OCFO), is issuing a public notice of its intent to create a new system of records, Voice of the Customer (VoC). HUD has developed VoC system of records to satisfy the Executive Order 14058, on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government, issued on December 13, 2021. The VoC platform provides customers with the ability to share their likes and dislikes about HUD's products or services. Customers feedback lets HUD focus on improving areas that would result in customer satisfaction and improve trust in the federal government.","document_number":"2024-17051","html_url":"https://www.federalregister.gov/documents/2024/08/02/2024-17051/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-08-02/pdf/2024-17051.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-17051.pdf?1722516326","publication_date":"2024-08-02","agencies":[{"raw_name":"DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT","name":"Housing and Urban Development Department","id":228,"url":"https://www.federalregister.gov/agencies/housing-and-urban-development-department","json_url":"https://www.federalregister.gov/api/v1/agencies/228","parent_id":null,"slug":"housing-and-urban-development-department"}],"excerpts":"of the following methods: \n \n Federal e-Rulemaking Portal: http://www.regulations.gov. \n Follow the instructions provided on that site to submit comments electronically.\n \n \n Fax: \n 202-619-8365.\n \n \n Email: www.privacy@hud.gov. \n \n \n Mail: \n Attention: <span class=\"match\">Privacy</span> Office; LaDonne White, Chief <span class=\"match\">Privacy</span> Officer; The Executive Secretariat; 451 Seventh Street SW, Room 10139; Washington, DC 20410-0001.\n \n \n Instructions: \n All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without"}]}