On July 2, 2025, the Departments of Justice and Health & Human Services announced a joint working group aimed at “strengthening their ongoing collaboration to advance priority enforcement areas” under the False Claims Act (FCA) – described in the announcement as “one of the government’s most effective and successful tools” for fighting fraud. In Fiscal Year 2024, the Department of Justice recovered more than $2.9 billion through settlements and judgments under the FCA, with $1.6 billion (57%) coming from healthcare-related matters.Continue Reading DOJ and HHS Announce Joint False Claims Act Working Group and Enforcement Priorities

Since the Dobbs v. Jackson Women’s Health Organization decision (which overturned the landmark Roe v. Wade decision), the healthcare industry has continued to grapple with renewed concerns over patient privacy and reproductive healthcare. Legislators and regulators have not been idle, establishing a patchwork of authorities which require careful navigation and consideration. It is worth noting that reproductive healthcare privacy is not a concern exclusive to women. Rather, such privacy concerns also apply to services traditionally received by men, such as testosterone replacement and male fertility treatments.Continue Reading The State of Reproductive Healthcare Privacy

On June 24, HRSA announced that it had issued new grant award terms to its HRSA-funded health centers to provide insulin and injectable epinephrine at or below the 340B price paid by the health center for the drugs. HRSA encouraged health centers to “begin implementing these updated award terms immediately to ensure full compliance and maximize patient benefit.” The announcement comes in response to the Trump Administration’s April 14, 2025 Executive Order on “Lowering Drug Prices by Once Again Putting Americans First” (the “Executive Order”).[1] The Executive Order had instructed the Secretary of the Department of Health and Human Services to, within 90 days, ensure grants available under section 330(e) of the Public Health Services Act are conditioned upon health centers establishing practices to make insulin and injectable epinephrine available to low-income patients at or below the 340B price paid by the health center.Continue Reading HRSA Announces New Requirements for FQHCs to Provide Insulin and Epinephrine at or below 340B Price

A federal judge in D.C. recently ruled in favor of the U.S. Health Resources and Services Administration (“HRSA”), an administrative agency under the U.S. Department of Health and Human Services (“HHS”), by finding that drug manufacturers must obtain pre-approval from HRSA before implementing rebate models under the 340B Program. Specifically, U.S. District Judge Friedrich (“Friedrich”) found that HHS and HRSA did not exceed their authority when they required Eli Lilly & Co., Bristol Myers Squibb Co., Sanofi-Aventis U.S. LLC, Novartis Pharmaceuticals Corp. (“Novartis”) and Kalderos Inc., a health care tech company (together, the “Companies”) to seek pre-approval of the rebate plans they offered.[i]Continue Reading Federal District Court Upholds Authority of HHS to Pre-Approve 340B Rebate Programs; HRSA Submits Proposed 340B Rebate Guidance

On May 15, 2025, the U.S. Departments of Labor (“DOL”), Health and Human Services (“HHS”), and Treasury (“Departments”) issued a Statement announcing that they will not enforce portions of a final rule relating to the Mental Health Parity and Addiction Equity Act (“MHPAEA”), which was adopted in 2024. This non-enforcement policy will likely be well received by plan sponsors, employers and health plans, many of whom have been critical of additional reporting obligations and unclear guidance from the Departments. Perhaps more significantly, the statement provides that the Departments will reconsider broader issues related to mental health parity, including the Departments’ approach to enforcement of MHPAEA as amended by legislation passed in 2021. The history below provides more context on this recent development.Continue Reading Enforcement of Mental Health Parity Rules Paused with Further Changes Anticipated

The Department of Health and Human Services (“HHS”) Centers for Medicare & Medicaid Services (“CMS”) recently issued the final “HHS Notice of Benefit and Payment Parameters for 2026” (hereinafter referred to as the “Rule”) setting new and updated standards for Health Insurance Marketplaces and health insurance issuers, brokers, and agents who help connect millions of consumers to health insurance coverage. Effective January 15, 2025,[1] the Rule finalizes additional safeguards for marketplace coverage beginning plan year 2026, protecting consumers from unauthorized changes to their health care coverage, ensuring the integrity of the federally facilitated Marketplaces, and making it easier for consumers to understand their costs and enroll in coverage through HealthCare.gov. The changes in this Rule aim to minimize administrative burden, ensure program integrity, advance health equity, and mitigate health disparities.Continue Reading May the Coverage Be With You: Navigating CMS’s Changes to the Health Insurance Marketplace

Cyberattacks on healthcare organizations are on the rise, with the number of affected individuals nearly tripling between 2022 and 2024, according to data compiled by the Department of Health and Human Services Office for Civil Rights (“OCR”).[1] OCR data also reveals a 239% and 278% increase in hacking incidents and ransomware attacks, respectively, between January 2018 and September 2023.Continue Reading New York Adopts Comprehensive Hospital Cybersecurity Requirements

The U.S. Department of Health and Human Services (“HHS”) issued a Notice of Proposed Rulemaking (the “Proposed Rule”) on December 27, 2024, to significantly amend HIPAA’s Security Rule, which sets forth the security standards for the protection of protected health information by covered entities and their business associates. The Proposed Rule’s issuance was expected, especially in light of the growing number of health data breaches and disclosures of large scale foreign cyberattacks.Continue Reading HHS’ Last-Minute Holiday Gift: Proposed Changes to the HIPAA Security Rule

The Centers for Medicare & Medicaid Services (“CMS”) and its contractor, Wisconsin Physicians Service Insurance Corporation (“WPS”), recently notified over 940,000 Medicare beneficiaries of a data breach that has potentially exposed their protected health information (“PHI”) and personally identifiable information (“PII”). CMS reported on the breach portal of the U.S. Department of Health and Human Services (“HHS”) that the total number of impacted people was 3,112,815 individuals.Continue Reading Over 940,000 Medicare Beneficiaries Impacted by Data Breach

On August 2, 2024, the United States Fifth Circuit affirmed the rulings in the No Surprises Act litigation brought by the Texas Medical Association and other plaintiffs[1] challenging the August 2022 Final Rule that has been issued by the Departments of Labor, Treasury, and Health and Human Services (the “Departments”) that applied to the Independent Dispute Resolution (“IDR”) process created by the No Surprises Act (the “Act”).[2]Continue Reading No Surprises Here – Providers Win Again in No Surprises Act TMA II Litigation Vacating Independent Dispute Resolution Rule

On June 27, 2024, the U.S. Supreme Court dismissed Idaho v. United States on procedural grounds and sent the case back to the Ninth Circuit. By doing so, the Supreme Court reinstated the preliminary injunction issued by the district court and temporarily allows abortions to be performed when necessary to preserve the health of the pregnant woman. Mike Moyle, et al., v. United States, No. 23-726, and Idaho v. United States, No. 23-727. However, by failing to rule on the merits of the case and the core question of whether the Emergency Medical Treatment and Labor Act (EMTALA) preempts Idaho law, confusion and uncertainty are likely to continue for healthcare providers and hospitals seeking to provide care for pregnant women.Continue Reading SCOTUS Punts on EMTALA Preemption Question