Samwise Healthcare IT Newsletter
Monday, May 18, 2026
CMS Enlists Epic, Oracle and Cleveland Clinic in Electronic Prior Authorization Push
CMS Administrator Mehmet Oz announced that 29 healthcare organizations have joined the agency’s electronic prior authorization initiative, committing to cut administrative friction ahead of 2027 federal mandates. Participants include nine major insurers — UnitedHealthcare, Cigna and Aetna among them — alongside health systems such as Cleveland Clinic, Sanford Health and Ochsner Health, EHR vendors Epic, Oracle and athenahealth, and data networks including eHealth Exchange. The early adopters agreed to integrate ePrior Auth into clinical and administrative workflows, reduce reliance on fax-based manual processes, and improve real-time authorization status tracking. CMS frames the voluntary cohort as a model for the broader industry ahead of impending interoperability mandates.
Sources: Healthcare Dive
May HIPAA Security Rule Deadline Expected to Slip as Industry Pushback Mounts
Federal regulators set a May 2026 target for finalizing a long-awaited HIPAA Security Rule overhaul, but cybersecurity attorneys now consider that deadline more aspirational than firm. The proposed rule would mandate encryption of electronic protected health information at rest and in transit, require multi-factor authentication across covered entities, and eliminate the distinction between required and addressable implementation specifications. HHS Office for Civil Rights Director Paula Stannard has signaled reluctance to reject the proposal given ongoing ransomware pressure on healthcare, but significant industry pushback over cost and complexity makes a full-scope final rule unlikely before late 2026 or early 2027.
Sources: GovInfoSecurity
ShinyHunters Ransomware Wave Targets Healthcare After Medtronic Breach
The ShinyHunters cybercrime collective is driving a surge in healthcare data leaks as the group escalates extortion campaigns across sectors including medtech. The ransomware gang — which claimed the April breach of Medtronic that may have exposed 9 million corporate records — has shifted to rapid-cycle campaigns that release stolen data publicly when ransoms go unpaid. Troy Hunt, founder of Have I Been Pwned, noted breached personal data volumes have risen sharply. Healthcare organizations are advised to harden cloud storage configurations, particularly Salesforce Experience Cloud instances, which ShinyHunters has repeatedly exploited as an entry point into large enterprise environments.
Sources: GovInfoSecurity
Patients Trust AI for Scheduling but Reject It for Diagnosis, Survey Finds
A new survey shows patient trust in healthcare AI is highly conditional and tied to both use case and age. While 52 percent of respondents were comfortable with AI handling administrative tasks such as scheduling, acceptance fell to 37 percent for AI-supported diagnosis. Younger patients showed considerably higher tolerance for AI involvement in clinical care than those over 65. Researchers noted a trust deficit for diagnostic applications could create friction at exactly the points where health systems expect the highest return on AI investment. Experts recommend proactive patient communication about AI governance and clinical supervision before health systems move beyond pilot programs.
Sources: Healthcare IT News
Chromie Health Launches SMS AI Staffing Agent to Fill Open Nursing Shifts
San Francisco-based Chromie Health raised $2 million in pre-seed funding and launched Chromie Dispatch, an SMS-driven AI staffing agent designed to reduce the time and cost of filling open nursing and allied health shifts. The platform contacts available workers by text, matches credentials and availability against open shifts, and confirms placements without human scheduler involvement. Health systems currently fill most open shifts through phone calls and third-party staffing agencies — a workflow Chromie estimates costs hundreds of millions annually across the industry. The company says the tool is aimed primarily at hospitals and large ambulatory networks managing high daily shift volumes.
Sources: Fierce Healthcare
Omada, Hinge and Teladoc Sit Out Medicare’s New Digital Chronic Care Pilot
Major digital health platforms including Omada Health, Hinge Health and Teladoc declined to join CMS’s ACCESS model, a new Medicare chronic care management pilot offering reimbursement for remote monitoring and virtual coaching. Despite agency outreach, the program launched with smaller, regional participants rather than large platforms that have lobbied hardest for sustained telehealth coverage. Industry observers cite payment rates below commercial benchmarks and restrictive data-sharing requirements as deterrents. The absence of major players raises questions about whether ACCESS will generate outcomes data sufficient to support permanent digital health reimbursement in the Medicare program.
Sources: STAT News
Curated by JD · samwise.agency