Dueling Democrat, Republican ACA subsidy plans fail in Senate

By Paige Minemyer – Dueling partisan proposals to address the expiry of the Affordable Care Act subsidies both failed to advance in the Senate on Thursday. Democrats secured during the recent shutdown a promised vote on a "clean" extension of the tax credits that ultimately failed 51-48. Several Republicans, including Sens. Susan Collins, R-Maine, and Lisa Murkowski, R-Alaska, voted with Democrats on the extension that still fell short of the required 60 votes. Read Full Article... ^{_{(Subscription required)}}

HVBA Article Summary

1. Democratic Proposal to Extend Subsidies for Three Years Fails: A Democratic-led proposal, released late last week, aimed to extend the Affordable Care Act’s premium tax credits in their current form for three more years. The goal was to prevent significant premium hikes scheduled to take effect on January 1 and to provide immediate financial relief while lawmakers worked toward longer-term healthcare reform. Senate Minority Leader Chuck Schumer emphasized the urgency, calling it a “huge crisis” that would impact millions. However, the measure did not advance, leaving the issue unresolved.

2. Republican Health Savings Account Plan Also Rejected: An alternative healthcare proposal put forth by Republican Senators Bill Cassidy of Louisiana and Mike Crapo of Idaho was also voted down in the Senate, 51-48. Their plan would have replaced the subsidies with Health Savings Accounts (HSAs) for those purchasing bronze-level or catastrophic insurance plans on the exchanges. Under this proposal, the federal government would contribute $1,000 annually for younger individuals and $1,500 for older enrollees. No Democrats voted in favor, and only one Republican—Senator Rand Paul of Kentucky—voted against it, leading to its failure.

3. Healthcare Coverage Uncertainty as Enrollment Deadline Approaches: With both the Democratic and Republican proposals defeated and no unified legislative solution in place, uncertainty looms for consumers facing higher premiums in the new year. The Trump administration had been preparing to unveil a healthcare plan that reportedly included some extension of the subsidies, but internal party disagreements led to its withdrawal. As of now, individuals still have until December 15 to enroll through Healthcare.gov or their state-based exchange to secure coverage that begins on January 1, amid ongoing concerns about affordability and access.

Bipartisan bill aims to combat record health care cyberattacks

By Alan Goforth - “Cyberattacks in the health care sector can have a wide range of devastating consequences, from exposing private medical information to disrupting care in ERs,” Sen. Maggie Hassan, D-N.H., said in a statement. “It can be particularly difficult for medical providers in rural communities with fewer resources to prevent and respond to these attacks. Our bipartisan working group came together to develop this legislation based on the most pressing needs for medical providers and patients, and I urge my colleagues to support it.” Read Full Article… ^{_{(Subscription required)}}

HVBA Article Summary

1. Bipartisan Bill Seeks to Bolster Cybersecurity for Healthcare Providers: Senators Mark Warner (D-Va.), Bill Cassidy (R-La.), John Cornyn (R-Texas), and Maggie Hassan introduced legislation to improve cybersecurity resilience across the U.S. healthcare system. The bill offers guidance, grants, and educational resources, specifically tailored for rural health entities and clinics, to adopt best practices in breach prevention and to improve coordination with federal agencies during cyberattacks. The bipartisan effort reflects a growing concern over the vulnerability of healthcare infrastructure to cyber threats.

2. Healthcare Identified as the Most Targeted U.S. Critical Infrastructure Sector: John Riggi of the American Hospital Association cited an FBI report revealing 444 healthcare breaches in 2025, confirming that the sector experienced the highest combined total of ransomware and data theft attacks among all U.S. critical infrastructure sectors. Additionally, in 2024, the Department of Health and Human Services (HHS) received 592 regulatory filings from healthcare organizations reporting hacks of protected health information—affecting a record 259 million Americans. This sharp rise in cyber incidents underscores the urgency for improved cybersecurity measures.

3. Legislation Proposes Modern Cybersecurity Standards and Federal Incident Response Plan: In response to increasing threats, the bill would update how the HHS reports cybersecurity issues, establish a federal incident response framework, and amend HIPAA regulations to require covered entities to adopt "modern, up-to-date" cybersecurity practices. These reforms aim to protect patients’ sensitive health data and prevent disruptions in care delivery. The push comes in the wake of major breaches such as the Change Healthcare cyberattack in 2024, which alone exposed the data of an estimated 190 million people—the largest known healthcare data breach in U.S. history.

GOP prepares vote on competing bill addressing ACA subsidy expiration

By Seth Glickman – The new year will bring new hurdles for doctors and patients thanks to the Centers for Medicare & Medicaid Services (CMS)’s Wasteful and Inappropriate Service Reduction (WISeR) Model set to launch on January 1, 2026. The program will, for the first time in traditional Medicare’s 60-year history, outsources critical coverage decisions to private, for-profit contractors using artificial intelligence-enabled prior authorization (PA). Read Full Article...

HVBA Article Summary

1. WISeR Centralizes Control with Private Vendors, Sidelines Providers: The WISeR model introduces a major shift in traditional Medicare by delegating decision-making power over 17 medical services — which have historically not required prior authorization (PA) — to six private vendors, many of whom are financed by insurers or venture capital tied to them. This represents an unprecedented level of privatization in fee-for-service Medicare. Despite the scale of the change, physicians are not considered participants in the model, and CMS has provided minimal guidance. A recent CMS webinar meant to inform providers was described as vague and insufficient, raising more questions than it answered. CMS has admitted it prioritized vendors based on their “success” in Medicare Advantage PA — a model widely criticized for delays and denials of medically necessary care.

2. Financial Incentives May Favor Denials, Contradicting CMS Assurances: A central concern is that WISeR may replicate Medicare Advantage’s financial structure, where vendors earn more by denying more care. While CMS claims there are no incentives to deny services, it simultaneously ties vendor payments to reductions in approved procedures, raising a clear contradiction. CMS has not publicly disclosed the details of the payment model, and provider incentives — a staple of all previous Center for Medicare & Medicaid Innovation (CMMI) models — are completely absent in WISeR. Experts warn that for-profit vendors, now equipped with AI tools, are capable of exploiting such systems, potentially at the expense of patients’ access to care.

3. Lack of Transparency, Data, and Time Threatens Effective Rollout: With a January 1, 2026 implementation date, providers still have no access to baseline data on costs, utilization, PA submissions, or denials. In contrast to previous CMMI models, there’s been no early data sharing or transparency about performance expectations, making it difficult for providers to prepare. CMS has stated that it is only “exploring the potential inclusion” of measures to evaluate patient outcomes and provider experience, making WISeR uniquely thin in quality and safety metrics. Adding to the confusion, if a provider fails to submit prior authorization under the new system, all claims for the impacted services will undergo prepayment review, leading to likely delays or surprise denials — effectively making WISeR mandatory for providers despite CMS’s suggestion otherwise.

Common health plan administration pitfalls

By Tim Brechtel - Employee benefits compliance is notoriously complicated and gets more challenging each year. Some lapses go undetected and are non-events, but others can result in significant legal liability and penalties, even when an employer is trying to "do the right thing." It is best to identify compliance issues before a plan is audited, before employees raise concerns, and before a potential sale or merger transaction involving the employer (all of which result in employers having to scramble). Read Full Article… ^{_{(Subscription required)}}

HVBA Article Summary

1. Health Plan Eligibility Post-Leave Requires Careful Compliance Review: When an employee’s FMLA leave ends but they do not return to work, employers must carefully evaluate whether the employee still qualifies for health plan coverage. This determination should be based on the specific terms of the health plan, the employee’s hours of service, and applicable ACA rules. Simply keeping an inactive employee on the plan without a clear eligibility basis can lead to insurer or stop-loss claim denials and may trigger COBRA obligations, where failure to issue a timely notice can result in significant penalties.

2. Mental Health Parity Rules Remain Enforceable Despite Partial Suspension: Although enforcement of some newly introduced 2024 MHPAEA regulatory requirements is currently paused due to legal and administrative actions, employers are still obligated to comply with existing parity rules. This includes maintaining a detailed Non-Quantitative Treatment Limitation (NQTL) analysis to demonstrate that mental health and substance use disorder benefits are offered on equal terms with medical and surgical benefits. Federal agencies continue to conduct audits, and employers must provide NQTL documentation promptly upon request to avoid noncompliance penalties.

3. Self-Insured Employers Face Added Responsibility in Compliance Efforts: Employers that sponsor self-insured health plans bear greater responsibility for regulatory compliance, particularly regarding MHPAEA requirements. Since third-party administrators (TPAs) typically do not prepare NQTL analyses, employers must engage qualified consultants to develop and update these reports when health plan changes occur or when new regulatory guidance is issued. Due diligence in selecting service providers and maintaining up-to-date documentation is essential to avoid enforcement risks and ensure ongoing plan compliance.

Provider groups urge Trump administration to drop proposed HIPAA update

By Emily Olsen - The letter, led by the College of Healthcare Information Management Executives and signed by organizations like Advocate Health, Yale New Haven Health System and the American Medical Association, argue the HIPAA proposal clashes with the Trump administration’s deregulatory plans. Since taking office, Trump has moved to halt Biden-era rules and limit the creation of new regulations without removing existing rules in a bid to cut red tape for industry. Read Full Article…

HVBA Article Summary

1. Provider Organizations Oppose Proposed HIPAA Update Due to Financial and Logistical Concerns: Over 100 healthcare provider groups have formally requested the Trump administration withdraw a proposed HIPAA security rule update, citing concerns over significant financial costs and what they describe as unrealistic implementation timelines. The rule, originally proposed under the Biden administration in 2024, would mandate written security policies, regular testing and updating, and compliance within 180 days of finalization.

2. Call for Collaborative and Flexible Cybersecurity Standards: While supporting the need for stronger cybersecurity protections, the provider organizations advocate for a more collaborative process to create standards. They argue that cybersecurity rules should be adaptable to the diverse capacities of healthcare organizations, balancing robust protections with the flexibility needed for innovation and effective responses to evolving threats.

3. Cybersecurity Threats Are Escalating in Healthcare Sector: The proposed rule marks the first HIPAA security update since 2013 and includes stricter requirements such as maintaining a technology asset inventory and improving incident response planning. These efforts are in response to increasing cyberattacks in healthcare — including a massive 2024 breach involving Change Healthcare, which impacted nearly 193 million people and highlighted the urgent need for improved data protection.

Blue Cross pushes state regulators to narrow scope of AI oversight

By Allison Bell – The Blue Cross and Blue Shield Association is trying to shape how state insurance regulators will oversee the AI systems operated by association member companies and other insurance companies.as well as by other insurance organizations. The Chicago-based group is asking a team at the National Association of Insurance Commissioners to take steps such as narrowing requests for information about AI systems and respecting the confidentiality provisions in insurers' agreements with AI system vendors. Read Full Article... ^{_{(Subscription required)}}

HVBA Article Summary

1. NAIC’s AI Tool Aims to Enhance Regulatory Oversight of Insurance AI Systems: The National Association of Insurance Commissioners (NAIC) is developing an evaluation tool to help state regulators assess the risks associated with insurers’ use of artificial intelligence. The tool, still in draft form, is being built by the NAIC’s Big Data and Artificial Intelligence Working Group and was discussed during its in-person meeting in Hollywood, Florida. It includes components such as a chart to track AI system applications, a glossary, and guidance on AI governance, testing, and board oversight. The tool is designed to address both financial and consumer protection risks, particularly in high-impact areas like automated health insurance claims decisions.

2. Broad Industry Participation from Insurers Covering 118 Million People: The Blue Cross Blue Shield Association, representing 33 U.S. insurance organizations including Elevance and Health Care Service Corp., is actively involved in reviewing the draft tool. These organizations collectively provide or administer health coverage for 118 million Americans, giving their input significant weight in the regulatory process. Their comments range from minor editorial suggestions to more impactful proposals affecting disclosure practices and regulatory data access. Their participation reflects the broader industry's interest in shaping how AI oversight will be implemented in insurance.

3. Insurers Express Legal and Contractual Concerns Over Disclosure Requirements: One of the key concerns raised by the Blues is the requirement to disclose third-party data sources and vendors, which they argue could violate confidentiality agreements. They suggested making this disclosure optional to avoid conflicts with nondisclosure obligations commonly found in vendor contracts. The Blues also proposed clarifying that insurers should only report formal legal or regulatory actions related to AI models, and only if legally permitted. These concerns highlight the tension between regulatory transparency and contractual or legal confidentiality in the context of modern AI systems used in healthcare coverage.

Trump leans toward reclassifying marijuana

By Alex Isenstadt – President Trump is likely to loosen still-tough federal restrictions on marijuana use early next year, Axios has learned. Why it matters: While conservatives have long expressed a degree of discomfort with pot, Trump has shown an openness to it. Under the plan, Trump would reclassify marijuana, which under federal law is banned and faces the same restrictions as heroin, as a less-dangerous drug. That would ease regulations and make it easier for pot-related medicinal research to be done and create tax breaks for cannabis companies. Read Full Article...

HVBA Article Summary

1. Trump is Weighing Marijuana Reclassification, but Not Federal Legalization: President Donald Trump is considering a proposal to reclassify marijuana from a Schedule I to a Schedule III drug, which would recognize its medical use and suggest lower abuse potential. Currently, marijuana is classified alongside substances like heroin, under Schedule I, which assumes high abuse potential and no accepted medical use. Reclassification would ease federal restrictions, allow cannabis companies to operate more freely across state lines, and reduce their federal tax burdens. However, this move would not make marijuana federally legal for recreational use, which remains a separate legal and political issue.

2. Public Support and Political Funding for Cannabis Reform Are Growing: Support for marijuana legalization has steadily increased over the past 50 years, with 64% of Americans now in favor, compared to 58% in 2015 and 36% in 2005, according to a recent Gallup poll. At the same time, cannabis industry groups and donors have been investing in Trump’s political network. The American Rights and Reform PAC, a pro-cannabis group, recently contributed $1 million to a Trump-aligned super PAC, and several cannabis companies previously donated to Trump’s inaugural fund. Trump’s strategist Tony Fabrizio has also worked directly with the pro-cannabis lobby, signaling increased political interest from industry stakeholders.

3. Reform Efforts Are Politically Charged as States and Activists Watch Closely: While a final decision has not yet been made—according to a White House official—Trump’s potential support for reclassification has prompted concern among some liberal groups. The Progressive Turnout Project recently warned that Trump could "steal marijuana reform right out from under us", suggesting that he may be attempting to leverage the issue for political gain in future elections. Meanwhile, cannabis reform continues at the state level, with 24 states, three U.S. territories, and Washington D.C. having already legalized marijuana, reflecting ongoing momentum independent of federal action.