DOWNLOAD PDF

Health IT Highlights from the President’s Budget Request – Fiscal Year (FY) 2025

The Biden administration released its annual budget request for fiscal year (FY) 2025 on March 11, 2024 which you can find here . Additional information for funding under the U.S. Department of Health and Human Services (HHS) can be found in a supplemental document called “ HHS Budget in Brief.” Below you will find health IT highlights from the budget request that may be of interest to CHIME members.

Please note that the President’s budget request outlines the administration’s policy priorities. Spending decisions are ultimately up to Congress.

Cybersecurity- HHS

$1.3 billion for a Medicare Incentive Program to encourage hospitals to adopt essential and enhanced cybersecurity practices and penalties for non-compliance. Essential practices: $800 million from the Medicare Hospital Insurance (HI) Trust Fund over FY 2027 and FY 2028 to approximately 2,000 high-needs hospitals to implement essential cybersecurity practices.

* Enhanced practices : $500 million from the Medicare Hospital Insurance (HI) Trust Fund for all hospitals to implement enhanced cybersecurity practices, available for FY 2029 and FY 2030.

* More information on HHS’ Cybersecurity Performance Goals (CPGs), including information on what are considered essential and enhanced goals, can be found here .

$141 million for cybersecurity initiatives in the Office of the Chief Information Officer (OCIO), an increase of $41 million above FY 2023. $20 million to maintain Department cybersecurity operations activity including threat analytics, assessment, and intelligence.

* $37 million, an increase of $5 million above FY 2023, to continue funding for the infrastructure, licenses, and maintenance of Department-level cybersecurity tools and enterprise solutions.

* $7 million for maturing cybersecurity public and private health sector activities.

* $36 million, an increase of $1 million above FY 2023, to maintain a Department cybersecurity strategy and continue engagement, risk, governance, compliance, and privacy management activities.

* $15 million, an increase of $7 million above FY 2023, to support continuation of the Department’s Zero Trust initiative.

* $15 million, an increase of $12 million above FY 2023, to support the continuation of the Department’s security event logging and data sharing initiative.

* $11 million to modernize the Department’s Health Insurance Portability and Accountability Act breach prevention and response efforts.

$12 million for Administration of Strategic Preparedness and Response (ASPR) for Sector Risk Management Agency (SRMA) functions. ASPR is the agency designated to coordinate cybersecurity incident prevention and response in the Healthcare and Public Health (HPH) Sector.

Office of the National Coordinator for Health IT (ONC)

The FY 2025 President’s Budget requests $86 million for ONC, an increase of $20 million above FY 2023. $10 million for ONC’s Policy Development and Coordination work, $5 million for ONC’s Standards, Interoperability, and Certification work, and $5 million to support pay and non-pay inflationary costs for operational and administrative functions.

* Legislative Proposal: As in previous years, the FY 2025 budget re-proposes legislation that would allow ONC to issue advisory opinions for information blocking, which would permit HHS to issue public, legally binding advisory opinions for the information blocking regulations.

HHS Office for Civil Rights (OCR)

The FY 2025 President’s Budget requests $57 million for OCR, an increase of $17 million above FY 2023 to address OCR’s increased caseload. OCR received a 101% increase in large breach reports from FY 2018 to FY 2022.

* OCR will also use $10 million in civil monetary settlement funds to support Health Insurance Portability and Accountability Act of 1996 (HIPAA) enforcement activities.

* Legislative Proposal: To strengthen OCR’s enforcement of the HIPAA rules, the FY 2025 budget includes a legislative proposal that would increase civil monetary caps for breaches and would authorize OCR to work with the U.S. Department of Justice to seek injunctive relief in federal court for HIPAA violations.

Please email [email protected] with questions.