🚫New CFPB Rule Prohibits Medical Debt in Credit Decisions
The Consumer Financial Protection Bureau (CFPB) is issuing a final rule amending Regulation V, which implements the Fair Credit Reporting Act (FCRA), concerning medical information. The FCRA prohibits creditors from considering medical information in credit eligibility determinations. The CFPB is removing a regulatory exception that had permitted creditors to obtain and use information on medical debts notwithstanding this statutory limitation. The final rule also provides that a consumer reporting agency generally may not furnish to a creditor a consumer report containing information on medical debt that the creditor is prohibited from using.
Learn More🏥Medicare and Medicaid Payment System Corrections for 2025
This document corrects technical and typographical errors in the final rule with comment period that appeared in the November 27, 2024 Federal Register titled "Medicare and Medicaid Programs: Hospital Outpatient Prospective Payment and Ambulatory Surgical Center Payment Systems; Quality Reporting Programs, including the Hospital Inpatient Quality Reporting Program; Health and Safety Standards for Obstetrical Services in Hospitals and Critical Access Hospitals; Prior Authorization; Requests for Information; Medicaid and CHIP Continuous Eligibility; Medicaid Clinic Services Four Walls Exceptions; Individuals Currently or Formerly in Custody of Penal Authorities; Revision to Medicare Special Enrollment Period for Formerly Incarcerated Individuals; and All-Inclusive Rate Add-On Payment for High-Cost Drugs Provided by Indian Health Service and Tribal Facilities".
Learn More🔒DHS Proposes Changes to Social Security Number Regulations and Compliance
The Department of Homeland Security (DHS or Department) is proposing to amend its regulations under the Privacy Act of 1974 consistent with the Social Security Number Fraud Prevention Act of 2017. In addition, DHS is proposing to amend the rules regarding including a Social Security number on physical mail only when necessary to further define "necessary" and provide instructions on redaction of social security numbers when feasible.
Learn More🔒USDA Revises Privacy Act Regulations Affecting Business Compliance
The U.S. Department of Agriculture (USDA) is amending its Privacy Act regulations to exempt a system of records, Smuggling Interdiction and Trade Compliance (SITC) National Information Communication Activity System (SNICAS), USDA/APHIS-21, from certain provisions of the Privacy Act. USDA is further amending its Privacy Act regulations to reflect an administrative change to the list of system of records that are exempt from certain provisions of the Privacy Act.
Learn More⚖️USDA APHIS Modifies SNICAS System Under Privacy Act Regulations
The Animal and Plant Health Inspection Service (APHIS) is modifying a system of records in its inventory of records systems subject to the Privacy Act of 1974, as amended. The system of records being modified is the Smuggling Interdiction and Trade Compliance (SITC) National Information Communication Activity System (SNICAS), USDA/APHIS-21. SNICAS maintains a record of activities conducted by the agency pursuant to its mission and authorized responsibilities. The purpose of the system is to record data and information about APHIS' SITC activities nationwide. We are modifying the system to exempt the system from certain provisions of the Privacy Act.
Learn More🔒Implications of Regulations on U.S. Sensitive Data Transactions
The Department of Justice is issuing a final rule to implement Executive Order 14117 of February 28, 2024 (Preventing Access to Americans' Bulk Sensitive Personal Data and United States Government- Related Data by Countries of Concern), by prohibiting and restricting certain data transactions with certain countries or persons.
Learn More🔐Proposed HIPAA Security Rule Enhancements for Cybersecurity Compliance
The Department of Health and Human Services (HHS or "Department") is issuing this notice of proposed rulemaking (NPRM) to solicit comment on its proposal to modify the Security Standards for the Protection of Electronic Protected Health Information ("Security Rule") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The proposed modifications would revise existing standards to better protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). The proposals in this NPRM would increase the cybersecurity for ePHI by revising the Security Rule to address: changes in the environment in which health care is provided; significant increases in breaches and cyberattacks; common deficiencies the Office for Civil Rights has observed in investigations into Security Rule compliance by covered entities and their business associates (collectively, "regulated entities"); other cybersecurity guidelines, best practices, methodologies, procedures, and processes; and court decisions that affect enforcement of the Security Rule.
Learn More📄Electronic Immigration Bond Notifications - Business Compliance Insights
On August 8, 2023, DHS issued an interim final rule which amended the regulations to authorize ICE to serve bond-related notices to obligors electronically. The rule allowed DHS to electronically serve demand and other immigration bond notices for delivery, order of supervision, or voluntary departure bonds to obligors who consent to electronic service. DHS is now issuing this final rule that introduces no substantive changes from the interim final rule.
Learn More