This audio is auto-generated. Please let us know if you have feedback.
The Biden administration released its proposed budget for the HHS for fiscal year 2025 on Monday, including funds — and potential penalties — to boost cybersecurity in the healthcare sector and make enhanced premium tax credits for Affordable Care Act marketplace plans permanent.
The budget request asks for $130.7 billion in discretionary spending and $1.7 trillion for mandatory expenditures, which includes funding for programs required by existing law.
“This budget strengthens Medicare beyond our lifetimes. This budget continues our shift from a healthcare system that treats illness to one that sustains wellness,” HHS Secretary Xavier Becerra said during a press conference Monday.
The proposal covered a range of healthcare programs and investments, including funds to boost cyber safeguards as well as plans that aim to expand coverage and speed the pace of Medicare drug price negotiations.
Cybersecurity
The proposed budget aims to bolster cyber protections among healthcare organizations and at the HHS, a key challenge for the industry as attacks increase. From 2018 to 2022, the department tracked a 95% increase in large data breaches, including ransomware attacks.
The industry is currently grappling with a cyberattack at UnitedHealth Group’s Change Healthcare, which has disrupted typical provider and pharmacy operations for weeks.
The budget includes $141 million for cybersecurity initiatives in the Office of the Chief Information Officer and $12 million for the Administration of Strategic Preparedness and Response.
The department also plans to establish a Medicare incentive program that would push hospitals to adopt cyber protections. The plan would invest $800 million to about 2,000 high-need hospitals in fiscal years 2027 and 2028.
In 2029, hospitals could face penalties of up to 100% of the annual market basket increase for failing to follow essential cybersecurity practices. The move comes after the HHS recently rolled out a strategy to support cybersecurity and voluntary goals divided into essential and enhanced safeguards.
“It is our hope through what we have proposed in this budget, and working with Congress, that we can infuse those across the department using our levers to move from a voluntary system to one that requires adoption of those practices,” HHS Deputy Secretary Andrea Palm said.
The proposal also includes $500 million in fiscal years 2029 and 2030 for all hospitals to put enhanced cyber practices in place. Starting in 2031, the CMS could add those enhanced protections to cybersecurity requirements. If they fail to adopt the essential practices and specified enhanced practices at that time, hospitals could face penalties up to 100% of the annual market basket increase and up to 1% off the base payment.
Penalties could come from rulemaking or through Congress, depending on how quickly the legislature could move, Becerra said during the conference. Though it can be challenging for small, rural or underserved providers to adopt cybersecurity standards, the requirements are necessary, he said.
“We’re ready to provide support, to a good partner, to help you make the investments you need to adapt to this new cybersecurity world,” he said. “But at some point, we will transition from supporting to saying, ‘You had your chance. Now you’re making it difficult for everyone by not being protected.’”
ACA tax credits and ‘Medicaid-like’ coverage
The budget proposal would permanently extend enhanced premium tax credits for ACA marketplace plans, which would cost $273 billion over 10 years.
The administration had pointed to the subsidies, which had previously extended into 2025 to protect beneficiaries from premium increases, as a driver behind record-breaking enrollment. More than 21 million people chose an ACA plan during open enrollment for 2024, according to the CMS.
The budget would also provide “Medicaid-like” coverage to low-income people in states that haven’t yet expanded access to the safety-net program under the ACA, at a cost of $200 billion in government-wide costs over a decade. Ten states have yet to expand Medicaid, according to health policy research firm KFF.
Under this proposal, another 1.5 million Americans would gain coverage, Becerra said Monday.
Medicare drug negotiation
The budget calls for expanding Medicare’s drug price negotiation program, which the administration said would save $200 billion over a decade and boost the Medicare Part A trust fund. Under the Inflation Reduction Act, Medicare was allowed to negotiate directly with drugmakers in an attempt to lower the price of the most expensive name-brand medications.
The administration released a list of the first 10 drugs selected for negotiation in August, including medications for blood clots, diabetes, cancer and arthritis. The law allows Medicare to choose 15 more Part D drugs for 2027 and 2028, and 20 more Part B or Part D drugs for each year after.
The proposal would bring drugs into negotiation more quickly after they launch and expand inflation rebates and the $2,000 out-of-pocket prescription drug cost cap into the commercial market.
“While we are in the process of implementing the law that has been passed, the president is asking Congress to continue to build on that work to make sure that more Americans across this country can benefit from the life-changing provisions that are in the law,” CMS Administrator Chiquita Brooks-LaSure said.
Ricky Zipp 
Susanna Vogel