GuardWell Compliance
Regulatory Intelligence

Compliance Updates & Regulatory News

Auto-fed daily from GuardWell's regulatory intelligence engine — Federal Register agency feeds, OCR enforcement, CMS rules, OSHA, DEA, FDA, and more. Below: the most recent items the engine flagged as relevant to small medical practices.

February 2026

February 16, 2026HIPAA

42 CFR Part 2 Aligns with HIPAA — Substance Use Disorder Records

The final rule aligning 42 CFR Part 2 with HIPAA took effect February 16, 2026. Substance use disorder (SUD) treatment records can now be disclosed under the same framework as other protected health information, reducing the separate-consent burden for providers while maintaining patient protections against use in legal proceedings.

What this means for your practice

Practices that handle SUD records should update their Notice of Privacy Practices and train staff on the streamlined disclosure rules.

Source: SAMHSA / HHS
February 4, 2026HIPAACMSMACRALive

Advancing the Future of Behavioral Health Data Exchange 

Patients with behavioral health conditions are often dually-burdened with chronic physical health conditions. Consequently, providers caring for these patients must coordinate their care to get the best possible health outcomes. The lack of reliable health information exchange a…

Sign in to GuardWell to see how this impacts your specific practice — the in-app analyzer scores per-framework relevance and suggests concrete actions.
Source: HealthIT.gov Buzz Blog

January 2026

January 29, 2026HIPAACMSCLIAMACRALive

Picture This: Improved Access, Exchange, and Use of Diagnostic Images

As a radiologist, I rely on diagnostic images to guide decisions about patients’ health. Imaging […] The post Picture This: Improved Access, Exchange, and Use of Diagnostic Images appeared first on ONC Blog.

Sign in to GuardWell to see how this impacts your specific practice — the in-app analyzer scores per-framework relevance and suggests concrete actions.
Source: HealthIT.gov Buzz Blog

December 2025

December 16, 2025HIPAACMSMACRALive

The Tide and the Speedboats: TEFCA and CMS-Aligned Networks 

In July our colleagues at the Centers for Medicare & Medicaid Services (CMS) launched an ambitious Health Technology Ecosystem pledge program. The groundswell of energy and enthusiasm for the program has been remarkable, and we’re glad to be their partner. The post The Tide and…

Sign in to GuardWell to see how this impacts your specific practice — the in-app analyzer scores per-framework relevance and suggests concrete actions.
Source: HealthIT.gov Buzz Blog
December 9, 2025HIPAACMSMACRALive

TEFCA Government Benefits Determination Implementation is Here!

We all know what it’s like to get forms completed with all the right information (and to get it done quickly!), and patients seeking determinations on their eligibility for Social Security Disability Insurance know this all too well. Patients and providers often spend significan…

Sign in to GuardWell to see how this impacts your specific practice — the in-app analyzer scores per-framework relevance and suggests concrete actions.
Source: HealthIT.gov Buzz Blog
December 1, 2025HIPAALive

Why TEFCA’s Hardest Problem Isn’t Tech, It’s Trust

It wasn’t always so, but today we have technology available to exchange health information anywhere […] The post Why TEFCA’s Hardest Problem Isn’t Tech, It’s Trust appeared first on ONC Blog.

Sign in to GuardWell to see how this impacts your specific practice — the in-app analyzer scores per-framework relevance and suggests concrete actions.
Source: HealthIT.gov Buzz Blog

November 2025

November 1, 2025CMS

CMS Finalizes 2026 MIPS Performance Thresholds and MVPs

CMS released the 2026 Medicare Physician Fee Schedule final rule with updated MIPS performance thresholds. The performance threshold increased to 82 points (from 75), and additional MIPS Value Pathways (MVPs) are now available for specialty-focused reporting.

What this means for your practice

Review your MIPS reporting strategy, especially if you use traditional MIPS. Consider transitioning to an MVP that aligns with your specialty.

Source: Centers for Medicare & Medicaid Services

September 2025

September 16, 2025HIPAACMSLive

TEFCA: Accelerating Government Benefits Determination for a Better Tomorrow

It currently takes roughly 200 days for an initial Social Security Disability claim to be processed. However, by leveraging the scale and connectivity of TEFCA, government agencies will be able to get the information they need faster to improve key services such as Social Securi…

Sign in to GuardWell to see how this impacts your specific practice — the in-app analyzer scores per-framework relevance and suggests concrete actions.
Source: HealthIT.gov Buzz Blog
September 5, 2025HIPAACMSCLIAMACRALive

Laboratory Data Standards for Interoperability

In response to a requirement in the Consolidated Appropriations Act, 2023, the ASTP/ONC prepared a report on the use of data standards for laboratory data exchange. The report explores data standards adoption and impact at each step of the laboratory workflow, from ordering thro…

Sign in to GuardWell to see how this impacts your specific practice — the in-app analyzer scores per-framework relevance and suggests concrete actions.
Source: HealthIT.gov Buzz Blog

January 2025

January 15, 2025OIG

OIG Releases 2025 Work Plan: Healthcare Fraud Priorities

The HHS Office of Inspector General published its 2025 Work Plan highlighting enforcement priorities for healthcare providers — telehealth billing oversight, Medicare Advantage risk adjustment audits, opioid prescribing patterns, and laboratory test utilization reviews.

What this means for your practice

Review your billing practices for telehealth services and ensure documentation supports medical necessity. Audit high-risk CPT codes flagged in the plan.

Source: HHS Office of Inspector General
January 6, 2025HIPAA

HHS Proposes Major HIPAA Security Rule Overhaul

HHS published a Notice of Proposed Rulemaking to modernize the HIPAA Security Rule for the first time since 2013. Key proposals include mandatory encryption of ePHI at rest and in transit, required multi-factor authentication, annual compliance audits, and more prescriptive technical safeguard standards. The comment period has closed and a final rule is anticipated in 2026.

What this means for your practice

Start preparing now: assess current encryption practices, evaluate MFA readiness, and review your Security Risk Analysis process.

Source: HHS Office for Civil Rights

June 2024

June 25, 2024HIPAA

HIPAA Privacy Rule Update: Reproductive Health Information Protections

The final rule adding protections for reproductive health information under HIPAA took effect June 25, 2024. Covered entities and business associates are now prohibited from disclosing PHI related to lawful reproductive healthcare for non-healthcare purposes such as investigations or legal proceedings in states where the care was legally provided.

What this means for your practice

Update your Notice of Privacy Practices to reflect new reproductive health attestation requirements and train staff on permissible disclosures.

Source: HHS Office for Civil Rights

Never miss a compliance change

GuardWell automatically monitors regulatory sources, analyzes changes, and updates your compliance program — so you don't have to.

See how it works

All-in-one healthcare compliance, finally simple

HIPAA, OSHA, OIG, DEA, MACRA, allergen safety, state law — purpose-built for small and mid-size medical practices. Start your 7-day free trial today.

$199/mo with annual billing · 7-day free trial · Cancel anytime

GuardWell

Healthcare Compliance Assistant

Hi! I'm GuardWell's sales assistant.

I can answer questions about our healthcare compliance platform, pricing, and features. How can I help?

Powered by GuardWell AI