Emerging Tech
- Alibaba’s healthcare AI model has achieved medical expertise comparable to senior physicians in China. The model, powered by Qwen 2.5-32B foundation technology, passed medical qualification exams at the “Deputy Chief Physician” level across 12 disciplines with 74.8% accuracy, outperforming competitors including OpenAI’s GPT-4o. Now integrated into Alibaba’s Quark AI assistant app with 200 million users, the model automatically handles health-related inquiries and has been refined through collaboration with medical institutions. Source: South China Morning Post
- Digital health companies using AI for patient communication face significant legal exposure under the Telephone Consumer Protection Act (TCPA). While many companies focus solely on HIPAA compliance, the TCPA restricts automated calls, texts, and artificial voice messages without prior express consent, with written consent required for marketing communications. The FCC’s 2024 ruling classified AI-generated voices as “artificial voices” under the TCPA, though courts continue to wrestle with how this applies to chatbots and text-based systems. Digital health companies should conduct TCPA risk assessments, audit consent processes, obtain express written consent when in doubt, and monitor evolving litigation trends. Despite a 2021 Supreme Court decision narrowing the definition of automatic telephone dialing systems, TCPA compliance remains challenging as state regulations may differ and create legal risks even for companies without telemarketing intent. Source: Foley & Lardner LLP
- The U.S. House of Representatives has passed legislation imposing a 10-year federal moratorium on state AI regulation. The “One Big Beautiful Bill Act” (H.R. 1) narrowly passed on May 22, 2025 by a 215-214 vote, containing a provision that would preempt state laws regulating artificial intelligence systems, potentially nullifying healthcare protections enacted in states like California, Connecticut, and Maryland. The moratorium threatens state initiatives requiring human oversight of AI in healthcare decisions, particularly those preventing insurers from using AI to autonomously deny coverage or process claims. The proposal faces significant opposition from state officials, including a bipartisan group of 35 California lawmakers and the National Conference of State Legislatures, while also potentially violating the Senate’s Byrd Rule as it may be considered extraneous to budgetary matters in a reconciliation bill. Source: Arnall Golden Gregory LLP
Data Breaches
- WellNow Urgent Care has reached a $4.4 million settlement following a 2023 ransomware attack that compromised the protected health information of approximately 597,000 individuals. The cyberattack exposed sensitive data including names, birth dates, and for some victims, Social Security numbers, leading to consolidated lawsuits filed in March 2024 that alleged negligence and breach of implied contract. The settlement divides affected individuals into two subclasses: 541,870 people whose Social Security numbers were not compromised (eligible for up to $3.3 million in benefits) and 55,131 people whose Social Security numbers were exposed (eligible for up to $1.1 million in benefits). Class members can claim compensation for lost time and documented expenses up to $7,500, with those in the SSN subclass having the additional option of receiving a pro rata cash payment. Source: HIPAA Journal
- Four healthcare organizations across the United States recently reported data breaches exposing sensitive patient information. Cooper Health System in New Jersey experienced the largest breach, affecting 57,412 individuals whose names and Social Security numbers were compromised after unusual network activity was detected on May 14, 2024. Union County Children and Youth Services in Pennsylvania suffered a ransomware attack on March 13, 2025, with at least 501 individuals affected, while Balance Autism in Iowa reported unauthorized access affecting 1,281 clients between March 11-17, 2025. The Carpenter Health Network in Louisiana identified a security incident between February 4-28, 2025, compromising personal and health information of 878 individuals, with all four organizations implementing additional security measures and offering credit monitoring services to affected individuals. Source: HIPAA Journal
Food & Drug Administration
- The FDA is expanding the use of artificial intelligence across all product centers following a successful pilot program that dramatically improved application review times. After years of providing AI guidance to industry, the FDA is deploying AI-based review programs targeting full integration by June 30, 2025. One reviewer reported completing tasks in minutes that previously took three days, with AI systems helping to summarize clinical trials, flag anomalies, identify safety signals, and support benefit-risk assessments. While promising efficiency gains, the FDA acknowledges risks requiring careful management, including maintaining scientific rigor, preventing algorithmic bias, and ensuring transparency to stakeholders. The agency’s AI implementation raises important questions about potential impacts on approval timelines, user fees, market readiness for accelerated approvals, and the value of Priority Review Vouchers. Source: Loeb & Loeb Quick Takes
Med Spas
- Texas House Bill 3749 has been revised to focus solely on regulating elective IV therapies administered outside traditional medical settings, abandoning its original scope that would have increased oversight of med spas. The bill, which originally sought to establish comprehensive regulations for med spas including additional physician supervision requirements, now exclusively addresses IV therapy protocols and delegation of authority. Under the revised legislation, physicians may delegate IV therapy prescriptive authority to physician assistants and nurse practitioners, while administration can be performed by these professionals or registered nurses under adequate physician supervision. The bill has passed the Texas House and awaits Senate review, with potential implementation scheduled for September 1, 2025. Med spa operators not offering IV therapies will see no immediate regulatory changes, though industry observers note that future legislative sessions may revisit med spa regulations. Source: McQuire Woods
- Medical spa owners face critical decisions when selling their businesses, with private equity partnerships and broker engagement representing two primary pathways. Private equity firms offer substantial capital, industry expertise, and growth acceleration but come with potential downsides including loss of control, high performance expectations, predetermined exit strategies, and capital costs. Brokers provide valuable market knowledge, industry connections, confidentiality protection, negotiation skills, and time savings, though their services include commission fees and require careful selection. The optimal approach depends on individual goals, risk tolerance, and long-term vision. Source: VMG Health
Medicare
- The Center for Medicare and Medicaid Innovation has pivoted to a market-based approach that prioritizes prevention, patient choice, and competition. Announced on May 13, 2025, the new strategy includes preventive care measures in all models, provides patients with health data to support decision-making, and incentivizes participation from independent physician practices outside of larger health systems. This direction differs from the previous Biden administration focus on health equity, multi-payer alignment, and person-centered care, though some goals like expanding accountable care relationships remain. CMMI Director Abe Sutton emphasized the organization’s commitment to fiscally responsible models that protect taxpayer dollars while preserving quality of care. The strategy will likely result in new models that increase provider financial risk and discontinue programs that fail to meet cost-saving criteria. Source: Mintz
- The Centers for Medicare and Medicaid Services (CMS) implemented the Accountable Care Prospective Trend (ACPT) in 2024 as part of changes to how benchmarks are set in the Medicare Shared Savings Program (MSSP). The ACPT growth rate (4.9%) falls significantly below the 7.5-9.0% growth reported by Accountable Care Organizations (ACOs) and independent analysts, creating financial challenges for organizations entering new agreements in 2024. The ACPT aims to address the “collective success problem” by separating benchmark updates from actual spending growth, potentially making participation more attractive long-term while creating short-term disincentives. CMS established guardrails for when gaps occur between projected and actual spending, including the option to reduce the ACPT weight, which the author recommends implementing for 2024 to mitigate financial impacts on participating ACOs. Source: Health Affairs
Private Equity
- Private equity firms investing in healthcare face mounting legal and regulatory challenges across multiple fronts. The FTC and DOJ have intensified antitrust scrutiny of healthcare roll-up strategies, with enforcement actions targeting even smaller acquisitions that accumulate market power, as demonstrated by the recent USAP case resulting in a final consent order with notification and compliance requirements. States including New York, Massachusetts, Vermont, Rhode Island, and Connecticut have enacted laws requiring pre-transaction notice or approval for healthcare mergers and acquisitions, while the Corporate Practice of Medicine doctrine continues to restrict non-physician ownership of medical practices in states like New Jersey and New York. PE-backed healthcare entities face increased scrutiny through False Claims Act investigations related to billing practices, as seen in the $15.3 million settlement with Alliance Family of Companies, while simultaneously confronting public criticism that PE ownership prioritizes profits over patient care. Proactive legal planning and ongoing compliance monitoring have become essential for PE firms to navigate this complex environment and protect long-term investments in healthcare. Source: Greenbaum, Rowe, Smith & Davis LLP
Real Estate
- Specialized appraisers are essential in healthcare real estate due to the sector’s unique complexities. Healthcare properties require appraisers with expertise in four critical areas: understanding healthcare operations across various facility types, navigating complex lease structures including timeshare arrangements, interpreting healthcare market trends and demographics that affect property values, and evaluating diverse property types from hospitals to specialized treatment centers with unique design requirements. These specialized appraisers can accurately determine property values by comprehending how buildings operate, evaluating unique lease structures, forecasting market trends, and recognizing the specific functional needs of different healthcare facilities. Source: VMG Health
Smart Devices
- Smart devices are revolutionizing healthcare by shifting the industry from reactive treatment to proactive prevention through continuous monitoring technologies. These devices collect real-time physiological data including heart rate, blood oxygen levels, and glucose measurements, which AI algorithms analyze to detect patterns and predict health risks before symptoms appear. Wearable technologies like smartwatches with ECG capabilities can identify irregular heart rhythms, infectious diseases, and neurological disorders while enabling remote monitoring and integration with telehealth platforms. Emerging innovations include advanced biosensors that detect biomarkers through sweat or tears, miniaturized implantable devices for internal monitoring, and digital twins that create virtual replicas of patients to predict disease progression and optimal treatments. The transformation toward predictive healthcare faces challenges in ensuring data security, developing explainable AI systems that clinicians can trust, and providing equitable access across populations. Source: Healthcare Tech Outlook
- Consumer health AI technologies are rapidly entering a complex regulatory environment as they shift from an unregulated space to one governed by various state privacy laws. These technologies often fall outside HIPAA’s scope but are increasingly subject to regulations like the California Consumer Privacy Act, Washington’s My Health My Data Act, and Texas’s Data Privacy and Security Act. The resulting regulatory patchwork varies by location and treats combined geolocation and healthcare data as particularly sensitive information. Tech companies using AI in consumer health applications will need to adapt to these unfamiliar privacy and security requirements that govern the collection and sharing of sensitive personal data. Source: GovInfoSecurity
Taxation
- CMS has proposed new rules to eliminate a Medicaid financing loophole that could save the federal government $33 billion over five years. The May 15, 2025 proposal aims to prevent states from disproportionately taxing Medicaid services to draw down federal matching funds by adding stricter requirements for healthcare-related tax waivers. Seven states with existing waivers, including California, New York, Michigan, and Massachusetts, would be affected, with recently approved waivers receiving no transition period and requiring immediate compliance when the rule is finalized. The changes would prevent states from imposing higher tax rates on Medicaid-related services than on non-Medicaid services, forcing significant restructuring of state healthcare taxes. This regulatory effort parallels congressional action, as the House Energy and Commerce Committee recently advanced similar provisions in the 2025 budget reconciliation bill. Source: Sheppard Mullin Richter & Hampton LLP
