Hospital price transparency requirements and compliance challenges

The Centers for Medicare & Medicaid Services (CMS) hospital price transparency rules demand that healthcare providers offer consumer-friendly tools for patients to shop for services, while the Health Insurance Portability and Accountability Act (HIPAA) requires strict protection of patient health information. The challenge lies in meeting each requirement independently and ensuring that efforts to enhance price transparency don't create HIPAA violations. As the American Hospital Association (AHA) noted in their July 2025 letter to CMS Administrator Oz, "The guiding principle of price transparency policies should be providing patients with clear and accurate information to help them prepare for care." This principle becomes challenging when implementing consumer-friendly interfaces that encourage patient engagement while safeguarding sensitive health information.

The federal commitment to price transparency has been reinforced with President Trump's February 2025 executive order "Making America Healthy Again by Empowering Patients with Clear, Accurate, and Actionable Healthcare Pricing Information." The order establishes that "it is the policy of the United States to put patients first and ensure they have the information they need to make well-informed healthcare decisions". According to the executive order, "One economic analysis from 2023 estimated the impact of these regulations, if fully implemented, could result in as much as $80 billion in healthcare savings for consumers, employers, and insurers by 2025."

CMS leadership reported a "substantial increase in hospitals meeting website assessment criteria from 27 percent to 70 percent between 2021 and 2022" in their analysis titled Hospital Price Transparency: Progress And Commitment To Achieving Its Potential. However, more recent analysis suggests ongoing challenges, with the Patient Rights Advocate's Seventh Semi-Annual Hospital Price Transparency Report finding that "only 21.1% of them (421) to be fully compliant with all requirements of the rule" as of November 2024.

The February 2025 executive order acknowledges these enforcement gaps, noting that "Hospitals and health plans were not adequately held to account when their price transparency data was incomplete or not even posted at all." This recognition shows a shift toward more enforcement, as healthcare organizations invest in patient-facing pricing tools and shoppable service platforms while carefully balancing accessibility with privacy protection. This balance becomes even more challenging given that enforcement activity has been extensive, with "between Jan. 7, 2021, and March 31, 2025, CMS engaged in over 6,000 audits and enforcement actions related to hospital price transparency compliance as part of over 3,000 unique cases," according to the AHA letter to CMS Administrator Oz.

The enforcement landscape has continued to change, with CMS demonstrating efficiency in its compliance efforts. According to a CMS fact sheet published in April 2023, "By using automation to group complaints based on file types and hospital systems, CMS has increased the number of comprehensive reviews conducted from 30-40 per month to over 200 comprehensive reviews per month." As of that time, "CMS has issued more than 730 warning notices and 269 requests for CAPs," though notably "CMS has imposed CMPs on four hospitals for noncompliance, which are posted and made publicly available on the CMS website."

Understanding shoppable services requirements

The CMS hospital price transparency requirements, which took effect in January 2021, mandate that hospitals provide clear, accessible pricing information for services that patients can reasonably shop for in advance. These "shoppable services" include both services that can be scheduled by patients and those that are commonly provided together during a single patient encounter.

CMS requires hospitals to make pricing information for at least 300 shoppable services available in a consumer-friendly manner. This goes beyond the technical machine-readable files that hospitals must also maintain. The consumer-friendly format must present pricing information in a way that helps patients understand their expected costs before receiving care. This includes not just the hospital's standard charges, but also payer-specific negotiated rates, de-identified minimum and maximum negotiated charges, and cash prices.

The February 2025 executive order signals changes ahead for these requirements. Within 90 days, federal agencies are directed to "require the disclosure of the actual prices of items and services, not estimates," representing a change from current practices that often rely on pricing estimates and averages.

The regulation emphasizes that these tools should help patients make informed decisions about where to receive care. This means the information must be presented in plain language, organized intuitively, and accessible through the hospital's website without requiring users to create accounts or provide personal information just to view general pricing data..

However, creating accurate pricing data presents challenges. The AHA Fact Sheet explains that "the nature of hospital pricing and rate negotiations does not translate easily into a single, fixed rate per service," a complexity echoed in the Patient Rights Advocate's Seventh Semi-Annual Hospital Price Transparency Report, which confirms this assessment. Additionally, "The data required in the machine-readable files, specifically the estimated allowed amount data, does not exist outside of what hospitals and insurers create to input into the files." This means that "hospitals effectively must create new rates specific for this purpose" because "the files require hospitals to break down services in a manner that is not common for how rates are negotiated or stored in hospital or insurer internal systems."

The consumer-friendly nature of these tools creates challenges when considering HIPAA compliance. The more user-friendly and personalized these tools become, the greater the potential for collecting and processing protected health information. However, as CMS leadership noted in "Hospital Price Transparency: Progress And Commitment To Achieving Its Potential," "while a hospital may be complying with CMS' requirements, it still may be challenging for an individual to find hospital pricing information that is useful." This tension between regulatory compliance and true consumer utility becomes even more difficult when HIPAA privacy protections are layered on top, as understanding where the line exists between helpful personalization and HIPAA-regulated PHI collection is important for compliant implementation.

Future outlook and evolving regulations

The regulations for both price transparency and healthcare privacy continue to change, requiring organizations to maintain flexibility in their compliance approaches. The February 2025 executive order represents an acceleration of these requirements, with agencies directed to "issue updated guidance or proposed regulatory action ensuring pricing information is standardized and easily comparable across hospitals and health plans" and "issue guidance or proposed regulatory action updating enforcement policies designed to ensure compliance with the transparent reporting of complete, accurate, and meaningful data."

The value of price transparency initiatives continues to expand, as CMS leadership documented in "Hospital Price Transparency: Progress And Commitment To Achieving Its Potential": "Consumers have accessed prices to shop for care and save money; researchers and industry experts have uncovered potential savings." However, recent enforcement actions by CMS have demonstrated focus on the quality and usability of consumer-friendly pricing information, with "As of January 2023, CMS had issued nearly 500 warning notices and over 230 requests for corrective action plans since the initial implementing regulation went into effect in 2021," while OCR continues to emphasize HIPAA compliance in all healthcare activities.

The Patient Rights Advocate's Seventh Semi-Annual Hospital Price Transparency Report highlights ongoing concerns about data quality and accessibility, noting that "CMS permits hospitals to obfuscate their prices behind estimates, averages, and algorithms" while still being deemed compliant. This suggests that organizations must remain vigilant about both transparency and privacy requirements as things continue to change. The new executive order's requirement for "actual prices" rather than estimates directly addresses this concern.

Emerging trends suggest that price transparency requirements may become more sophisticated, potentially requiring more personalized and interactive tools. This will likely increase the complexity of HIPAA compliance considerations, as more personalized tools typically require more patient information collection and processing.

State-level privacy regulations also create additional compliance considerations. As states implement their own healthcare privacy requirements, organizations must ensure their pricing transparency tools comply with applicable state laws in addition to federal HIPAA requirements. This multi-jurisdictional compliance challenge requires ongoing monitoring and adaptation.

FAQs

What are “shoppable services” in hospital price transparency rules?

Shoppable services are medical services or procedures that patients can schedule in advance and compare prices for, such as imaging scans or elective surgeries.

What is the difference between a “machine-readable file” and a “consumer-friendly” display?

A machine-readable file is a structured data file intended for computer processing, while a consumer-friendly display is a human-readable format designed for patients to easily understand pricing.

What is a “payer-specific negotiated rate”?

A payer-specific negotiated rate is the agreed price for a service between a hospital and a particular insurance company.

What is a Corrective Action Plan (CAP) in CMS enforcement?

A CAP is a formal requirement from CMS for a hospital to fix compliance problems and meet transparency regulations.

Why do hospitals sometimes list “estimates” instead of exact prices?

Hospitals use estimates because actual costs can vary based on individual cases, negotiated rates, and bundled services.