Header: CMS Publishes Request for Information: Let's Update CLIA, But How?
Find it here: July 16, 2026, 91 FR 43586. Six pages. Comment 60 days, September 14.
Christine Bump summarizes highlights at Linked In, here.
A key factor of high importance to digital pathology is CMS's assertions (in OPPS and PFS rulemaking recently) that pure-play digital pathology is not a CLIA service at all, and should not be on the CLFS. CMS directly addresses this on page 43588, section 6 & 7, on "post analytic interpretation and AI."
Writing, "Facilities that only process analytical data or provide specialized data interpretation, some of which may be manufacturers of medical device software, have emerged. CMS has received inquiries on whether these types of data-only facilities require a CLIA certificate. These inquiries have in part focused on facilities that review and interpret genetic data, digital images, and perform calculations of risk factors. CMS and the CDC seek public comments on data-only facilities..."
AI CORNER
# # #
Brief Summary
CMS and CDC have opened a broad CLIA modernization inquiry, not yet a proposed rule. The July 16 RFI asks whether the 1992-era regulations should be updated for breath tests, molecular methods, AI and data-only interpretation, remote competency reviews, cybersecurity, emergency preparedness, specimen handling, and evolving laboratory specialties. Comments are due September 14, 2026; responses may inform later notice-and-comment rulemaking.
CMS and CDC Open a Broad Review of CLIA Modernization
On July 16, 2026, CMS and CDC published a six-page Request for Information on possible modernization of the Clinical Laboratory Improvement Amendments regulations. The agencies emphasize that laboratory technology has advanced substantially since the principal CLIA regulations were issued in 1992.
The document is an RFI, not a proposed rule. It creates no immediate new requirements and does not commit the agencies to issuing regulations. Instead, CMS and CDC are gathering operational experience, technical evidence, and policy recommendations that may support future notice-and-comment rulemaking. Comments on file CMS-3485-NC are due September 14, 2026.
New Technologies and the Boundaries of CLIA
The first question concerns clinical breath testing. Breath was not a clinically established specimen type when the CLIA regulations were written, but breath-based technologies have since been developed for gastrointestinal disorders, infectious disease, microbial identification, and potentially cancer detection.
CMS and CDC ask what breath tests are being performed, what technologies they use, where testing occurs, and how breath specimens are collected, transported, and stored. Beneath those operational questions lies a basic jurisdictional issue: when does analysis of breath constitute examination of material “derived from the human body” and therefore fall under CLIA?
Two other sections raise similarly important boundary questions.
First, the agencies ask about postanalytic interpretation using algorithms and artificial intelligence. They seek information on AI used with NGS, pharmacogenomics, histopathology, and other testing; how laboratories verify software, imaging resolution, computers, and monitors; and whether CLIA should address automation, cloud analytics, and AI more explicitly.
Second, CMS asks about data-only facilities that do not handle the original specimen but analyze genetic data, digital pathology images, or other patient-specific laboratory information. The central question is whether and when these facilities participate sufficiently in generating a final result to require their own CLIA certificates. This is particularly important for distributed molecular testing, cloud-based interpretation, and digital pathology.
Preanalytic and Analytical Laboratory Practices
A substantial portion of the RFI concerns ordinary laboratory operations that have evolved faster than the regulations.
Pathology block retention. CLIA presently requires pathology specimen blocks to be retained for at least two years. Molecular profiling and retrospective biomarker testing often create clinical value well beyond that period. CMS asks how frequently laboratories receive requests for testing older blocks, potentially laying the groundwork for a longer retention requirement.
Specimen preparation. The agencies ask which activities constitute preparation rather than testing—centrifuging, aliquoting, tissue processing, slide staining, culture inoculation, and DNA or RNA extraction—and what qualifications, training, and competency assessment should apply to personnel performing them. Although facilities that merely collect or prepare specimens are generally outside the current definition of a laboratory, the RFI stresses that preanalytic errors can materially affect patient results.
Suboptimal specimens. CMS asks when laboratories proceed with testing despite specimens failing formal acceptability criteria, how such exceptions are documented and reported, what warnings are communicated to clinicians, and what quality controls are used.
Calibration verification. The current requirements can be awkward when applied to factory-calibrated, cartridge-based, or otherwise closed systems that laboratory users cannot adjust. CMS asks about the technical and operational problems created by applying conventional calibration-verification rules to these newer instruments.
Performance Specifications—and a Possible Clinical-Validity Question
One of the most consequential sections addresses the establishment and verification of performance specifications for laboratory-developed tests, modifications of FDA-authorized systems, and other tests that are not FDA-cleared or approved.
CMS asks laboratories to describe difficulties establishing suitable specifications and acceptance criteria for technologies such as toxicology and NGS. It specifically identifies applications including somatic and germline sequencing, minimal residual disease, methylation, antimicrobial-resistance mutations, viral identification, and HLA matching.
The agencies also ask whether these technologies require additional performance characteristics not clearly covered by existing CLIA regulations or guidance, offering examples such as stability, carryover, internal standards, ionization—and clinical validity. That reference should not be mistaken for a proposal to impose a new clinical-validity standard. Nevertheless, it signals that CMS and CDC are at least exploring how far modern CLIA oversight might extend beyond traditional analytical performance.
Remote Competency Assessment
Current CLIA rules require direct observation of routine testing, maintenance, and instrument checks as part of personnel competency assessment. Laboratories, particularly those serving rural and geographically dispersed sites, have asked CMS to recognize remote observation.
The RFI asks about the use of smartphones, tablets, dedicated video systems, and even virtual-reality devices. It also asks about limitations and safeguards. This follows a 2024 recommendation from the Clinical Laboratory Improvement Advisory Committee supporting remote technology for the direct-observation component of competency assessment.
This appears to be one of the more mature modernization proposals in the RFI: the agencies are not asking whether remote observation exists, but how it is already being used and how it might be regulated.
Emergency Preparedness, Biosafety, and Cybersecurity
The COVID-19 pandemic exposed gaps in laboratory preparedness that were not fully addressed by CMS’s 2016 emergency-preparedness regulations. Those regulations covered many Medicare and Medicaid providers but did not generally include independent laboratories.
CMS and CDC now ask whether laboratories should maintain more formal plans for pandemics, natural disasters, facility emergencies, power failures, and interruptions in testing capacity. They also seek information about biosafety and biosecurity protocols, risk assessment, employee training, and the handling of infectious materials.
The cybersecurity questions are unusually specific. CMS asks about user identity and access controls, access from outside the United States, restrictions on ports and IP addresses, incident-response plans, staff responsibilities, and workforce training. These questions suggest that future CLIA modernization might treat cybersecurity not simply as an information-privacy matter, but as part of the reliability and continuity of laboratory testing itself.
Updating CLIA’s Specialty Structure
The RFI asks whether CLIA’s existing specialties and subspecialties still reflect modern laboratory medicine. CMS mentions possible areas such as molecular testing, Mohs testing, and andrology, and asks whether additional categories are needed.
It then focuses on three examples:
Clinical cytogenetics: whether existing rules adequately address the transition from conventional chromosome studies to FISH and molecular cytogenomics.
Immunohematology: how CLIA should account for electronic rather than physical serologic crossmatching, including associated quality-assurance issues.
Microbiology: whether laboratories should be required to monitor blood-culture contamination rates and implement corrective actions.
The specialty discussion is less glamorous than AI or genomics, but it may produce some of the most concrete regulatory changes. CLIA remains organized around categories established for the laboratory technologies and professional structures of an earlier era.
Overall Significance
Taken as a whole, the RFI is broader than an inquiry about laboratory-developed tests. It ranges from specimen blocks and blood-culture contamination to cloud algorithms and cybersecurity. The unifying theme is that CLIA’s basic structure remains functional, but many of its detailed assumptions date from the early 1990s.
The RFI also illustrates CMS’s likely method of modernization: identify discrete regulatory gaps, collect evidence from laboratories and professional organizations, and then proceed through one or more targeted proposed rules. It does not yet offer a unified new model for regulating modern laboratory medicine.
Concise Comparison With Representative Dunn’s H.R. 8890
H.R. 8890, the Enhancing CLIA Act of 2026, is much more ambitious and much more focused on laboratory-developed tests. The CMS/CDC RFI asks what should be changed under existing authority; the Dunn bill would rewrite the governing statute and settle the jurisdictional dispute between FDA and CMS.
| Issue | CMS/CDC RFI | H.R. 8890 |
|---|---|---|
| Legal status | Information gathering only | Statutory overhaul |
| Primary scope | Broad laboratory operations and technology | Primarily LDT oversight and the FDA-CLIA boundary |
| LDT jurisdiction | Does not resolve it | Places laboratory operations and LDTs under CLIA, not the FDCA |
| Validity standards | Asks about performance specifications and clinical validity | Requires reasonable assurance of analytical and clinical validity |
| Oversight system | No specific new system proposed | LDT database, test-error reporting, targeted HHS review, and optional third-party affirmation |
| Digital testing | Asks about AI and data-only facilities | Expressly includes patient-specific digital laboratory data and externally executed software |
| Continuing modernization | One present-day RFI | Requires a CLIA review and RFI at least every five years |
Under H.R. 8890, laboratories would remain principally responsible for establishing that their LDTs meet analytical- and clinical-validity standards. Independent “supplemental affirmation” would generally be optional, although HHS could investigate tests presenting credible scientific concerns and require testing to stop. New York approval and favorable MolDX technical assessments could be treated as deemed affirmations. The bill would also establish a public LDT database, require reporting of serious test errors, recognize LDT pathways for companion diagnostics, and require updated specialties for molecular diagnostics, digital pathology, and NGS.
The closest connection between the two documents is H.R. 8890’s Section 4. It would require new CLIA specialty regulations, advance notice and comment on important subregulatory changes, annual laboratory open-door forums, and a formal modernization RFI at least once every five years. In that sense, the July 2026 CMS/CDC RFI looks much like the periodic review process the Dunn bill would make mandatory—but without the bill’s central LDT framework, deadlines, or statutory transfer of authority away from FDA.