April 4, 2025: National Advocacy Update

Last week, Representatives Mark Green, MD (R-TN) and Kim Schrier, MD (D-WA), reintroduced H.R. 2433, the Reducing Medically Unnecessary Delays in Care Act of 2025. This bipartisan legislation seeks to reform prior authorization requirements in Medicare, Medicare Advantage, and Part D prescription drug plans by ensuring that only specialty board-certified physicians review treatment decisions.  

A 2024 AMA survey (PDF) revealed that 94% of physicians believe prior authorization requirements negatively impact patient care, while 23% reported that these requirements have directly led to patient hospitalizations. 

“The overuse of prior authorization is a persistent obstacle that prevents patients from receiving quality care from their physicians. Often, prior authorization requests are reviewed–and denied – by insurance company representatives who lack the medical expertise to appropriately judge what level of care is necessary for a patient. This welcome legislation would require the reviewers to be physicians with actual experience in the field of medicine they are passing judgment over. Our patients deserve no less,” said AMA President Bruce A. Scott, MD. 

AMA appreciates (PDF) the leadership of both Congressman Green, a former Army emergency room physician, and Congresswoman Schrier, a pediatrician, who bring firsthand experience to this issue. H.R. 2433 has already garnered bipartisan support, including backing from the GOP Doctors Caucus and 10 cosponsors.

There are multiple reports about a possible breach of patient data at Oracle Health. Although Oracle Health has not yet publicly confirmed a breach, multiple sources indicate an older, legacy Cerner system (which Oracle Health acquired in 2022) was breached and data was exposed from hospital customers being migrated into the Oracle Health platform. The breach occurred sometime after Jan. 22, 2022, and reports indicate that Oracle Health first detected an intruder in their systems on Feb. 20. 

The AMA encourages physician practices to reach out to their representatives from Oracle Health/Cerner to determine if their patient data is included as part of the breach and will continue to provide updates as more information becomes available. 

The AMA offered comments (PDF) on the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) Health Insurance Portability and Accountability Act (HIPAA) Security Proposed Rule emphasizing that cybersecurity is a national priority for physicians and a patient safety issue. Physician practices prioritize cybersecurity to better serve their patients, and physicians want to take appropriate actions to secure patient data and do their part to ensure that their information technology systems are delivering proper protections.  

The AMA recommended that the Proposed Rule needs significant revisions and cannot move forward in its current iteration and must be reworked to recognize the significant role that physician practices occupy in care delivery and the extraordinary burden that practices would incur from the stringent requirements in the Proposed Rule. Absent major revisions, the AMA advised that these proposals must be withdrawn. 

The letter also recommends that OCR focus the Security Rule’s proposed standards on the regulation of larger health care entities that pose the greatest threat to industry disruption if their cybersecurity defenses are breached, rendering their services non-functional. A data breach experienced by an individual provider poses nearly zero risk of industry disruption; however, the sheer size and volume of data loss by industry giants—such as national health plans and clearinghouses—can lead to crucial disruptions that endanger patients. The Security Rule’s structure should take into account the potential attack surface of a regulated entity, and the possible impact of a breach on industry disruption. 

In addition, the AMA asks OCR to retain the current built-in flexibilities for regulated entities based on an organization’s specific situation and risk assessment. The AMA urges OCR to reinstate addressable implementation specifications to provide regulated entities, particularly small- to medium-sized physician practices, with the flexibilities that they need to develop an appropriate cybersecurity posture that suits their practice environment and the resources that are available. 

The AMA has long supported positive financial incentives for physician practices to adopt cybersecurity best practices and help secure bidirectional information sharing. Overall, comments underscored how practices need resources to implement cybersecurity best practices that are affordable, attainable, and approachable for physicians without extensive health IT knowledge, experience, or budgets. 

The AMA sent a letter (PDF) expressing support for the Connected Maternal Online Monitoring Act (“Connected MOM Act”), reintroduced in the 119^th Congress by Senators Bill Cassidy, MD (R-LA) and Maggie Hassan (D-NH). This legislation would require CMS to send a report to Congress identifying barriers to coverage of remote physiologic devices (e.g., pulse oximeters, blood pressure cuffs, scales, blood glucose monitors) under state Medicaid programs to improve maternal and child health outcomes for pregnant and postpartum women. The bipartisan legislation would also require CMS to update state resources, such as state Medicaid telehealth toolkits, to align with evidence-based recommendations to help decrease maternal mortality and morbidity. 

The AMA strongly supports this legislation, which would make a meaningful difference in improving maternal and infant health outcomes for pregnant and postpartum women across the U.S., especially for women from underserved populations and rural areas. 

A meeting of the Advisory Committee on Immunization Practices (ACIP) has now been scheduled for April 15 following a letter from the Partnership to Fight Infectious Disease that was joined by the AMA and other leading health organizations. The joint letter to the Department of Health and Human Services (HHS) Secretary, Centers for Disease Control and Prevention (CDC) acting director, and Senator Bill Cassidy, MD, followed the cancellation of an ACIP meeting that had been scheduled to occur in February which the organizations urged be rescheduled. Like the previously scheduled meeting, the agenda for the April meeting includes discussions on chikungunya, COVID-19, cytomegalovirus, human papillomavirus, influenza, Lyme disease, meningococcal, mpox, pneumococcal and Respiratory Syncytial Virus vaccines. An update on the current measles outbreak has been added to the agenda. In recommending that the CDC reschedule the ACIP meeting, the joint letter stated that infectious diseases are constantly evolving opponents, and vaccines are among the best tools for constantly adapting and responding to the latest public health threats. 

• April 4, 2025: Advocacy Update spotlight on more flexibility to avoid MIPS penalties
• April 4, 2025: Medicare Payment Reform Advocacy Update
• April 4, 2025: State Advocacy Update
• April 4, 2025: Judicial Advocacy Update