Sign up to save your podcasts
Or
Share Telehealth Extensions & 2026 Compliance Priorities: A Compliance Cliffs Update
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Telehealth Extensions & 2026 Compliance Priorities: A Compliance Cliffs Update
In this episode of 1st Talk Compliance, Kevin Chmura is joined by Robyn Johns, as they discuss recent updates to their November live webinar, Compliance Cliffs: Navigating Telehealth Waivers and Reimbursement Changes.
Learn how the policy landscape has shifted in recent months—especially around telehealth flexibilities, controlled substance prescribing, and the 2026 CMS payment rules.
Kevin Chmura
Welcome to 1st Talk Compliance. I’m Kevin Chmura, CEO of Panacea Healthcare Solutions. Today we’re bringing you a timely update on our November live webinar, Compliance Cliffs: Navigating Telehealth Waivers and Reimbursement Changes.
Since that webinar, several policy changes have moved quickly, especially in telehealth flexibilities. Controlled substance prescribing and 2026 CMS payment rules. Before we jump in, just a quick note. 1st Talk Compliance is brought to you by 1st Healthcare Compliance, a part of Panacea Healthcare Solutions. We help healthcare organizations strengthen their compliance programs with practical education tools and compliance management support. So teams can reduce risk, keep pace with regulatory change and operate with confidence.
Now I’m pleased to welcome back Robyn Johns from Med USA.
Robyn, thanks for coming back.
Robyn Johns
Thanks, Kevin. I’m happy to be here.
Kevin Chmura
Great. So, let’s jump in. So, in November on the webinar, we spent a lot of time on what people were calling the telehealth cliff, which was creating a tremendous amount of uncertainty on whether flexibilities would expire. Can you catch us
up on what the status is now?
Robyn Johns
Yeah. The major update is that the spending package released on January 20th includes extensions of the telehealth flexibilities all the way through December 31st of 2027.
Kevin Chmura
So that’s a pretty meaningful runway. That’s great, but I guess doesn’t eliminate compliance obligations, but it is reducing near-term uncertainty which give everybody some time to standardize workflows. So, it’s in the news, but maybe you could tell. So, what’s in the spending package at a high level and what should healthcare leaders like us be paying attention to?
Robyn Johns
Right. So, it was the one from the 20th was a $1.2 trillion spending package released by the House Appropriations Committee and it was just passed yesterday on the 22nd in two separate votes by the full House. So, those bills included the remaining six of the twelve appropriations necessary to avert a government shutdown. So that’s good news for everyone. If we can get them across the finish line, they funded many of the federal government agencies such as HHS, Labor, Defense, HUD, and also Homeland Security. That was a contentious one. That’s why they had to do two separate votes. It funds them through fiscal year 2026, which ends on September 30th of this year.
Kevin Chmura
So, OK, so we have a funding package with multiple healthcare policy riders. Not, I guess not too surprising in today’s day and age. So, besides the telehealth through 2027, what else is included in there that compliance and operational leaders should know about?
Robyn Johns
So the writers also include PBM reform and it extends hospital at home actually through 2030, which is another one that hit a lot of facilities hard with the government shutdown. It extends Medicare dependent hospital and low volume hospital programs, which is really beneficial for our rural providers and it delays the Medicaid disproportionate share cut again until fiscal year 2028. Notably, for a lot of people, it does not include an extension of the ACA subsidies, which were such a sticking point in the government shutdown last fall.
Kevin Chmura
Yeah, that that that last point is operationally really important and coverage instability often turns into eligibility churn and puts real pair mix pressures on the you know same patients, different coverage, right.? And that’s just you know probably increases downstream compliance and documentation stress. Yeah that’s a that’s a tough one. So what’s the timing of congressional action now?
Robyn Johns
So with the House passing all of the bills, they now send the full appropriations package to the Senate. The Senate will take all of that up when they return from recess on Monday the 26th, and will hopefully pass them all ahead of the January 30th deadline. And hopefully without any significant changes which might require them to go back to the house because the house will be on recess next week.
Kevin Chmura
Wow. So split schedule, it’s why we should keep ourselves in a monitoring posture. I guess we should always be monitoring, but things are moving pretty quickly right now and you sort of get into that world of what is expected is not what’s in effect.
Which is always, always a tough place to operate, but hey, that’s healthcare, isn’t it? So, given the extension to 2027, in your opinion, what should compliance teams be doing now? Like what’s some practical next steps?
Robyn Johns
First, you’ll want to make sure that your internal policies and educational materials reflect what’s currently in effect. No major changes since most of those telehealth things were extended, but it’s always good to double check because lots of things change around the beginning of the year. Also validate your payer specific rules. Medicare policy direction is influential, but commercial payers and state laws differ. So, you got to make sure that you are matching up with those differences. And then third, we should we talk about strengthening your auditing of documentation, the modifiers, your place of service, medical necessity, all of those things that can vary depending on the payer and the specific situation of the patient.
Kevin Chmura
Yeah, that that payer variation point is where a lot of organizations end up being exposed, I guess, right? Telehealth’s not really governed by one rule. You’ve got federal policy, state overlays, and then you have commercial policy updates really coming at you a number of different ways. So, I guess a good controls to maintain maybe a payer policy matrix and try to align it into your documentation and coding guidance. Probably a solid piece of advice.
Robyn Johns
Absolutely.
Kevin Chmura
Yeah. So, let’s move on to probably one of the highest risk areas that we covered in the webinar, and that’s controlled substance prescribing via telehealth. What’s the latest there?
Robyn Johns
Good news there as well. At the end of the year, DEA and HHS extended the telehealth flexibilities for prescribing controlled substances through this year, December 31st of 2026. There are a few rules that can apply, but because they extended the flexibilities, it’s pretty much status quo until they change it again at the end of the year.
Kevin Chmura
Cool, so that’s a critical compliance area because of the high risk profile and it that really includes some regulatory scrutiny and enforcement, not really just a reimbursement issue.
Robyn Johns
Yes, it’s highly watched.
Kevin Chmura
Yeah. And I guess as well, it should be. So given that, what control should organizations prioritize right now to reduce risk in that area?
Robyn Johns
Definitely you’ll want to have clear prescribing policies, good documentation standards, and role-based training. Also, usually they want to include identity verification and required checks when they’re applicable, and consistent auditing to ensure that your process is followed, not just written down. This is another area where state regulations can vary, so you would want to make sure that you are compliant in every state where you see patients.
Kevin Chmura
Yes and you’re the expert, not me. But I guess I’d add if you expand health to if you expand the telehealth quickly, take time now to ensure your governance is mature. And I’m thinking credentialing, supervision, documentation and audit trails always the basics that can help you pulled up under scrutiny.
Robyn Johns
Definitely. When you expand quickly, sometimes you sacrifice certain things for speed. So, you have a minute now to go back now that you’re sure that those policies aren’t changing anytime soon to just go back and make sure that everything’s in place, all of those areas.
Kevin Chmura
Yeah, I mean like any business runs better and with certainty, but at healthcare we rarely have that. So, great. So, moving on to the 2026 CMS updates that that we talked about a little bit.
So, there’s been some changes in payment policy that are driving operational changes and it’s where those operational changes come in, where we introduce compliance risks if teams can’t keep pace and often they can’t. So, what are the 2026 physician fee schedule highlights?
Robyn Johns
Yeah. So, we talked about these back in November and of course they went into place at the beginning of this year. So, a little bit of good news there with the conversion factor. It included the 2.5% increase that had been mandated by Congress. It also included a .75% increase for clinicians in advanced APMs or a
.25% increase for clinicians who participate in MIPS or who are exempt. And then there was also a .49 budget neutrality increase.
Kevin Chmura
So, so the real impact varies by payer mix, site of service and quality of participation. What about RVU related changes?
Robyn Johns
So that’s kind of the devil in the details there. It also implemented a -2.5% efficiency adjustment on certain non-time based services to the physician work RVU and there is also a + or -50% practice expense RVU adjustment for facility based services. So, it’s -50% if it’s facility based services or a +50% for non-facility based services.
Kevin Chmura
Wow. So site of service is increasingly strategic and it’s where we see compliance issues often arise, right? You get inconsistent documentation, coding and policy adoptions across different departments and locations. Certainly not easy.
Robyn Johns
No. Something you definitely need to watch closely because it is different depending on where you are and what services you’re providing.
Kevin Chmura
Yeah. So, one other hotspot or another hotspot that that we often see is incident to. What’s going on there?
Robyn Johns
So the physician fee schedule in that they updated the definition of direct supervision for incident to billing to permanently allow supervision through real-time audio video communication except for services that have a 10 or a 90-day global surgery period. So, the supervising physician no longer has to be physically present in the office suite, they just have to be immediately available through real time audio video communication.
Kevin Chmura
OK, so that’s operationally pretty significant, right? But I guess the compliance take away is relatively simple. If you’re using remote supervision, your incident to workflows must be precise. I guess who supervises, how it’s documented, and where the exceptions apply as precise as you can make all of those, huh?
Robyn Johns
Yes, absolutely. Because you are relying on remote supervision, you’ll want to make sure that that is documented very effectively.
Kevin Chmura
Yeah, cool. So, what about the OPPS and ASC final rule highlights for 2026?
Robyn Johns
Yeah. For those that these apply to, there was a 2.6% increase as well in the payment rates. They also expanded hospital price transparency requirements and we’re seeing a lot more attention and probably enforcement in that as well. There was a three-year phase out of the inpatient only list. Site neutral payments were expanded to include Drug Administration Services and the ASC covered procedures list is expanded much in relation to the inpatient only list Phase out.
Kevin Chmura
Yeah, that that that that’s an interesting one. So the phase out of the inpatient only list is a real operational shift and it’s one of those opportunities for providers to move volume to better cost locations, but really your compliance needs to follow those patients, right and where you’re having them. And so, when your volume moves, audits and education have to move with it, which is probably a challenge and what we know and we at our parent company, at Panacea, price transparency just remains a compliance and reputational priority because failures lead to penalties, but bad data also leads to a lot of scrutiny. So, good that there’s some, you know some guidance there, but it’s clear that those are going to be things that really need to be paid attention to from a compliance perspective.
Robyn Johns
Yes, for sure.
Kevin Chmura
So it was hard to watch the news over the last, I don’t know, six to twelve months without talking about the One Big Beautiful Bill Act. So, we’ve been tracking it. I know you’ve been tracking it. So, what’s the timing on practice impacts that you expect?
Robyn Johns
So most of those One Big Beautiful Bill Act Medicaid requirements that are likely to impact practices, they don’t actually begin until January of 2027. So, practices still have some time to continue their assessment and preparation for those. The immigrant eligibility changes do take effect on October 1st of this year, 2026. So that’s a little bit shorter period of time, but you do have a little bit of time to continue to figure out how that may affect your practice if you have a high number of Medicaid patients, and prepare for the ways that you can offset those eligibility changes and payment requirements.
Kevin Chmura
Yeah, that clarity on the effective dates really can help teams allocate resources correctly and that’s often a challenge especially when you’re tracking proposed rules versus final rules and not sure when things will go into effect. So that’s good. So, as you’re looking out on the landscape in 2026, what are some of your top compliance priorities that you’re advising organizations to focus on?
Robyn Johns
Yeah, we’re currently focused on probably five or so top priorities for 2026, not in any specific order, but we are watching data privacy and security. Part of that is because HIPAA updates are underway to both the privacy and security rules, though timelines are unclear. We’re not sure when or i f we’ll see any final rules on those, but we do know that healthcare remains a prime target of cyber-attacks, so we have to constantly be vigilant to that and related to that, but also separately, is AI and other emerging technologies.
AI is changing the landscape for the types of attacks we receive, but also the way we have to respond to them. It also is changing the landscape of healthcare generally, both in the provider office and at the payers and at the government. Those other emerging technologies like digital tools, those can increase the compliance risk in your environment, and we need to remember that both government and commercial payers are using AI to identify outlier claims faster and increase their auditing.
Then we also have the fraud, waste and abuse enforcement. CMS we know has currently been focused a lot on Medicare Advantage, but that scrutiny can shift oversight over to providers as well because that’s where so much of the data that the Medicare Advantage plans use comes from. The OID also continues to focus on telehealth. There are other focuses are drug device and biologics and program integrity areas such as DME, Hospice and Drug Administration. So, want to make sure that you’re watching all of those if you practice there.
Fourth one we have is vendor and third-party oversight. Many of the largest breaches that have we’ve seen have originated with third parties. So, organizations really need to make sure that you have careful oversight and maintain good monitoring on your third-party vendors and others who may have access to your systems and data.
And finally, we know we’re going to continue to see those rapid regulatory updates. Federal and state changes often conflict. We have lots of states that are currently in their legislative period. So that will bring out some changes. And then in addition to that, commercial payers are tightening their policies and auditing in response to the pressures that are being put on that on them, whether from the government or just from a financial perspective.
Kevin Chmura
Yeah, it is something the pace of acceleration of some of the advances in technology and how they how they’re going to impact us. But I guess you know that’s really the reality of 2026 and beyond. You’re going to see an uptick in in in speed to policy changes, faster detection, which will be something and probably more third-party exposure as we rely on more and more vendors and others to help us do what we need to do every day, but I’m sure you know the advice I’ve heard you give many times and we have to agree with it. A strong compliance program has to be built to adapt. That means clear governance, repeatable monitoring and targeted auditing tied to the current risk with an eye on the future and where everything’s going.
Robyn Johns
Yeah, definitely. It’s an exciting time, lots of opportunities for improving our programs and really tightening things up to make sure that we’re protecting ourselves and all the information that we are responsible for.
Kevin Chmura
Yeah, great. So, Robyn, thank you for the update and for helping our listeners translate policy movement into practical compliance actions. To everyone listening, if you want the full context and deeper discussion, you can access the webinar on demand at 1st Healthcare Compliance’s website. It’s called Compliance Cliffs:
Navigating Telehealth Waivers and Reimbursement Changes.
Thank you for listening to 1st Talk Compliance and we’ll see you next time. Thanks, Robyn.
Robyn Johns
Thanks, Kevin.
View all episodes
By First Healthcare Compliance
4.8
1616 ratings
In this episode of 1st Talk Compliance, Kevin Chmura is joined by Robyn Johns, as they discuss recent updates to their November live webinar, Compliance Cliffs: Navigating Telehealth Waivers and Reimbursement Changes.
Learn how the policy landscape has shifted in recent months—especially around telehealth flexibilities, controlled substance prescribing, and the 2026 CMS payment rules.
Kevin Chmura
Welcome to 1st Talk Compliance. I’m Kevin Chmura, CEO of Panacea Healthcare Solutions. Today we’re bringing you a timely update on our November live webinar, Compliance Cliffs: Navigating Telehealth Waivers and Reimbursement Changes.
Since that webinar, several policy changes have moved quickly, especially in telehealth flexibilities. Controlled substance prescribing and 2026 CMS payment rules. Before we jump in, just a quick note. 1st Talk Compliance is brought to you by 1st Healthcare Compliance, a part of Panacea Healthcare Solutions. We help healthcare organizations strengthen their compliance programs with practical education tools and compliance management support. So teams can reduce risk, keep pace with regulatory change and operate with confidence.
Now I’m pleased to welcome back Robyn Johns from Med USA.
Robyn, thanks for coming back.
Robyn Johns
Thanks, Kevin. I’m happy to be here.
Kevin Chmura
Great. So, let’s jump in. So, in November on the webinar, we spent a lot of time on what people were calling the telehealth cliff, which was creating a tremendous amount of uncertainty on whether flexibilities would expire. Can you catch us
up on what the status is now?
Robyn Johns
Yeah. The major update is that the spending package released on January 20th includes extensions of the telehealth flexibilities all the way through December 31st of 2027.
Kevin Chmura
So that’s a pretty meaningful runway. That’s great, but I guess doesn’t eliminate compliance obligations, but it is reducing near-term uncertainty which give everybody some time to standardize workflows. So, it’s in the news, but maybe you could tell. So, what’s in the spending package at a high level and what should healthcare leaders like us be paying attention to?
Robyn Johns
Right. So, it was the one from the 20th was a $1.2 trillion spending package released by the House Appropriations Committee and it was just passed yesterday on the 22nd in two separate votes by the full House. So, those bills included the remaining six of the twelve appropriations necessary to avert a government shutdown. So that’s good news for everyone. If we can get them across the finish line, they funded many of the federal government agencies such as HHS, Labor, Defense, HUD, and also Homeland Security. That was a contentious one. That’s why they had to do two separate votes. It funds them through fiscal year 2026, which ends on September 30th of this year.
Kevin Chmura
So, OK, so we have a funding package with multiple healthcare policy riders. Not, I guess not too surprising in today’s day and age. So, besides the telehealth through 2027, what else is included in there that compliance and operational leaders should know about?
Robyn Johns
So the writers also include PBM reform and it extends hospital at home actually through 2030, which is another one that hit a lot of facilities hard with the government shutdown. It extends Medicare dependent hospital and low volume hospital programs, which is really beneficial for our rural providers and it delays the Medicaid disproportionate share cut again until fiscal year 2028. Notably, for a lot of people, it does not include an extension of the ACA subsidies, which were such a sticking point in the government shutdown last fall.
Kevin Chmura
Yeah, that that that last point is operationally really important and coverage instability often turns into eligibility churn and puts real pair mix pressures on the you know same patients, different coverage, right.? And that’s just you know probably increases downstream compliance and documentation stress. Yeah that’s a that’s a tough one. So what’s the timing of congressional action now?
Robyn Johns
So with the House passing all of the bills, they now send the full appropriations package to the Senate. The Senate will take all of that up when they return from recess on Monday the 26th, and will hopefully pass them all ahead of the January 30th deadline. And hopefully without any significant changes which might require them to go back to the house because the house will be on recess next week.
Kevin Chmura
Wow. So split schedule, it’s why we should keep ourselves in a monitoring posture. I guess we should always be monitoring, but things are moving pretty quickly right now and you sort of get into that world of what is expected is not what’s in effect.
Which is always, always a tough place to operate, but hey, that’s healthcare, isn’t it? So, given the extension to 2027, in your opinion, what should compliance teams be doing now? Like what’s some practical next steps?
Robyn Johns
First, you’ll want to make sure that your internal policies and educational materials reflect what’s currently in effect. No major changes since most of those telehealth things were extended, but it’s always good to double check because lots of things change around the beginning of the year. Also validate your payer specific rules. Medicare policy direction is influential, but commercial payers and state laws differ. So, you got to make sure that you are matching up with those differences. And then third, we should we talk about strengthening your auditing of documentation, the modifiers, your place of service, medical necessity, all of those things that can vary depending on the payer and the specific situation of the patient.
Kevin Chmura
Yeah, that that payer variation point is where a lot of organizations end up being exposed, I guess, right? Telehealth’s not really governed by one rule. You’ve got federal policy, state overlays, and then you have commercial policy updates really coming at you a number of different ways. So, I guess a good controls to maintain maybe a payer policy matrix and try to align it into your documentation and coding guidance. Probably a solid piece of advice.
Robyn Johns
Absolutely.
Kevin Chmura
Yeah. So, let’s move on to probably one of the highest risk areas that we covered in the webinar, and that’s controlled substance prescribing via telehealth. What’s the latest there?
Robyn Johns
Good news there as well. At the end of the year, DEA and HHS extended the telehealth flexibilities for prescribing controlled substances through this year, December 31st of 2026. There are a few rules that can apply, but because they extended the flexibilities, it’s pretty much status quo until they change it again at the end of the year.
Kevin Chmura
Cool, so that’s a critical compliance area because of the high risk profile and it that really includes some regulatory scrutiny and enforcement, not really just a reimbursement issue.
Robyn Johns
Yes, it’s highly watched.
Kevin Chmura
Yeah. And I guess as well, it should be. So given that, what control should organizations prioritize right now to reduce risk in that area?
Robyn Johns
Definitely you’ll want to have clear prescribing policies, good documentation standards, and role-based training. Also, usually they want to include identity verification and required checks when they’re applicable, and consistent auditing to ensure that your process is followed, not just written down. This is another area where state regulations can vary, so you would want to make sure that you are compliant in every state where you see patients.
Kevin Chmura
Yes and you’re the expert, not me. But I guess I’d add if you expand health to if you expand the telehealth quickly, take time now to ensure your governance is mature. And I’m thinking credentialing, supervision, documentation and audit trails always the basics that can help you pulled up under scrutiny.
Robyn Johns
Definitely. When you expand quickly, sometimes you sacrifice certain things for speed. So, you have a minute now to go back now that you’re sure that those policies aren’t changing anytime soon to just go back and make sure that everything’s in place, all of those areas.
Kevin Chmura
Yeah, I mean like any business runs better and with certainty, but at healthcare we rarely have that. So, great. So, moving on to the 2026 CMS updates that that we talked about a little bit.
So, there’s been some changes in payment policy that are driving operational changes and it’s where those operational changes come in, where we introduce compliance risks if teams can’t keep pace and often they can’t. So, what are the 2026 physician fee schedule highlights?
Robyn Johns
Yeah. So, we talked about these back in November and of course they went into place at the beginning of this year. So, a little bit of good news there with the conversion factor. It included the 2.5% increase that had been mandated by Congress. It also included a .75% increase for clinicians in advanced APMs or a
.25% increase for clinicians who participate in MIPS or who are exempt. And then there was also a .49 budget neutrality increase.
Kevin Chmura
So, so the real impact varies by payer mix, site of service and quality of participation. What about RVU related changes?
Robyn Johns
So that’s kind of the devil in the details there. It also implemented a -2.5% efficiency adjustment on certain non-time based services to the physician work RVU and there is also a + or -50% practice expense RVU adjustment for facility based services. So, it’s -50% if it’s facility based services or a +50% for non-facility based services.
Kevin Chmura
Wow. So site of service is increasingly strategic and it’s where we see compliance issues often arise, right? You get inconsistent documentation, coding and policy adoptions across different departments and locations. Certainly not easy.
Robyn Johns
No. Something you definitely need to watch closely because it is different depending on where you are and what services you’re providing.
Kevin Chmura
Yeah. So, one other hotspot or another hotspot that that we often see is incident to. What’s going on there?
Robyn Johns
So the physician fee schedule in that they updated the definition of direct supervision for incident to billing to permanently allow supervision through real-time audio video communication except for services that have a 10 or a 90-day global surgery period. So, the supervising physician no longer has to be physically present in the office suite, they just have to be immediately available through real time audio video communication.
Kevin Chmura
OK, so that’s operationally pretty significant, right? But I guess the compliance take away is relatively simple. If you’re using remote supervision, your incident to workflows must be precise. I guess who supervises, how it’s documented, and where the exceptions apply as precise as you can make all of those, huh?
Robyn Johns
Yes, absolutely. Because you are relying on remote supervision, you’ll want to make sure that that is documented very effectively.
Kevin Chmura
Yeah, cool. So, what about the OPPS and ASC final rule highlights for 2026?
Robyn Johns
Yeah. For those that these apply to, there was a 2.6% increase as well in the payment rates. They also expanded hospital price transparency requirements and we’re seeing a lot more attention and probably enforcement in that as well. There was a three-year phase out of the inpatient only list. Site neutral payments were expanded to include Drug Administration Services and the ASC covered procedures list is expanded much in relation to the inpatient only list Phase out.
Kevin Chmura
Yeah, that that that that’s an interesting one. So the phase out of the inpatient only list is a real operational shift and it’s one of those opportunities for providers to move volume to better cost locations, but really your compliance needs to follow those patients, right and where you’re having them. And so, when your volume moves, audits and education have to move with it, which is probably a challenge and what we know and we at our parent company, at Panacea, price transparency just remains a compliance and reputational priority because failures lead to penalties, but bad data also leads to a lot of scrutiny. So, good that there’s some, you know some guidance there, but it’s clear that those are going to be things that really need to be paid attention to from a compliance perspective.
Robyn Johns
Yes, for sure.
Kevin Chmura
So it was hard to watch the news over the last, I don’t know, six to twelve months without talking about the One Big Beautiful Bill Act. So, we’ve been tracking it. I know you’ve been tracking it. So, what’s the timing on practice impacts that you expect?
Robyn Johns
So most of those One Big Beautiful Bill Act Medicaid requirements that are likely to impact practices, they don’t actually begin until January of 2027. So, practices still have some time to continue their assessment and preparation for those. The immigrant eligibility changes do take effect on October 1st of this year, 2026. So that’s a little bit shorter period of time, but you do have a little bit of time to continue to figure out how that may affect your practice if you have a high number of Medicaid patients, and prepare for the ways that you can offset those eligibility changes and payment requirements.
Kevin Chmura
Yeah, that clarity on the effective dates really can help teams allocate resources correctly and that’s often a challenge especially when you’re tracking proposed rules versus final rules and not sure when things will go into effect. So that’s good. So, as you’re looking out on the landscape in 2026, what are some of your top compliance priorities that you’re advising organizations to focus on?
Robyn Johns
Yeah, we’re currently focused on probably five or so top priorities for 2026, not in any specific order, but we are watching data privacy and security. Part of that is because HIPAA updates are underway to both the privacy and security rules, though timelines are unclear. We’re not sure when or i f we’ll see any final rules on those, but we do know that healthcare remains a prime target of cyber-attacks, so we have to constantly be vigilant to that and related to that, but also separately, is AI and other emerging technologies.
AI is changing the landscape for the types of attacks we receive, but also the way we have to respond to them. It also is changing the landscape of healthcare generally, both in the provider office and at the payers and at the government. Those other emerging technologies like digital tools, those can increase the compliance risk in your environment, and we need to remember that both government and commercial payers are using AI to identify outlier claims faster and increase their auditing.
Then we also have the fraud, waste and abuse enforcement. CMS we know has currently been focused a lot on Medicare Advantage, but that scrutiny can shift oversight over to providers as well because that’s where so much of the data that the Medicare Advantage plans use comes from. The OID also continues to focus on telehealth. There are other focuses are drug device and biologics and program integrity areas such as DME, Hospice and Drug Administration. So, want to make sure that you’re watching all of those if you practice there.
Fourth one we have is vendor and third-party oversight. Many of the largest breaches that have we’ve seen have originated with third parties. So, organizations really need to make sure that you have careful oversight and maintain good monitoring on your third-party vendors and others who may have access to your systems and data.
And finally, we know we’re going to continue to see those rapid regulatory updates. Federal and state changes often conflict. We have lots of states that are currently in their legislative period. So that will bring out some changes. And then in addition to that, commercial payers are tightening their policies and auditing in response to the pressures that are being put on that on them, whether from the government or just from a financial perspective.
Kevin Chmura
Yeah, it is something the pace of acceleration of some of the advances in technology and how they how they’re going to impact us. But I guess you know that’s really the reality of 2026 and beyond. You’re going to see an uptick in in in speed to policy changes, faster detection, which will be something and probably more third-party exposure as we rely on more and more vendors and others to help us do what we need to do every day, but I’m sure you know the advice I’ve heard you give many times and we have to agree with it. A strong compliance program has to be built to adapt. That means clear governance, repeatable monitoring and targeted auditing tied to the current risk with an eye on the future and where everything’s going.
Robyn Johns
Yeah, definitely. It’s an exciting time, lots of opportunities for improving our programs and really tightening things up to make sure that we’re protecting ourselves and all the information that we are responsible for.
Kevin Chmura
Yeah, great. So, Robyn, thank you for the update and for helping our listeners translate policy movement into practical compliance actions. To everyone listening, if you want the full context and deeper discussion, you can access the webinar on demand at 1st Healthcare Compliance’s website. It’s called Compliance Cliffs:
Navigating Telehealth Waivers and Reimbursement Changes.
Thank you for listening to 1st Talk Compliance and we’ll see you next time. Thanks, Robyn.
Robyn Johns
Thanks, Kevin.