AI in Healthcare
- A recent survey found that healthcare professionals expect AI to have the greatest impact on administrative tasks (52.4%), followed by EHR management (47.6%) and diagnostic accuracy (41.9%). The survey of 105 professionals across 73 U.S. healthcare organizations revealed that 81.6% of physicians and 78.8% of administrators are eager to adopt AI tools to address workforce shortages and burnout. Nearly 64.8% of respondents view AI as critical for reducing workloads, while 37.1% believe it will improve decision-making in precision medicine, diagnostics, and treatment planning through real-time data insights.
- The National Academy of Medicine released a report comparing generative AI with conventional predictive AI in healthcare. The 15-page publication examines five key differences between these technologies: output evaluation methods, bias manifestation patterns, performance degradation characteristics, societal impacts, and compliance considerations. While predictive AI produces quantitative predictions with straightforward performance metrics, generative AI creates subjective content requiring monitoring for coherence and factual accuracy. The report also introduces a 4-point responsibility matrix categorizing stakeholders as “informed,” “consulted,” “accountable,” or “responsible” to guide implementation in clinical decision-making, administrative efficiency, and patient engagement contexts.
Antitrust
- States are requiring more premerger filings by enacting “baby-HSR” laws modeled after the federal Hart-Scott-Rodino Act, with Washington becoming the first state to expand beyond healthcare to cover all industries. Washington’s law requires parties to submit HSR filings to the state Attorney General if they have their principal place of business in Washington or if in-state annual sales exceed 20% of the HSR filing threshold ($126.4 million). Several other states including California, Colorado, Hawaii, Nevada, Utah, West Virginia, and DC have introduced similar legislation based on the Uniform Premerger Notification Act, while fifteen states already have laws requiring pre-transaction notification for healthcare-related mergers and acquisitions. State attorneys general are increasingly active in merger enforcement, with the National Association of Attorneys General Antitrust Committee chair warning companies to ignore state AGs “at your own peril.”
- A federal jury convicted a man for conspiring to fix wages for Las Vegas home healthcare nurses between 2016-2019 and for fraudulently concealing the investigation during his company’s sale. This marks the Department of Justice’s first antitrust jury conviction since announcing in 2016 that wage-fixing and no-poach agreements would be prosecuted criminally rather than civilly. The conviction follows three previous unsuccessful DOJ prosecutions in similar cases where juries declined to find illegal agreements. The DOJ reiterated in January 2025 that felony criminal charges remain appropriate for agreements affecting worker recruitment or wage terms.
Capital Assets
- Healthcare equipment leases come in two main types: operating leases (short-term agreements lasting 1-5 years with lower monthly payments) and capital leases (10-20 year agreements with purchase options). Healthcare organizations can benefit from leasing through improved cash flow management, avoiding large upfront costs, and gaining tax advantages as operating leases allow for interest and depreciation deductions. Leasing provides flexibility to upgrade equipment as technology evolves, with 60% of healthcare institutions reporting a 15% increase in equipment expenses over the past two years. Understanding lease structures, fair market value, and residual values helps healthcare organizations make informed decisions about equipment acquisition.
Data Privacy
- Three healthcare organizations reported data breaches affecting thousands of patients in recent months. Central Texas Pediatric Orthopedics experienced a network server hack on March 3, 2025, compromising personal and medical information of 140,000 patients, with the Qilin ransomware group claiming responsibility. Omni Healthcare Financial Holdings reported unauthorized network access between January 18-19, 2024, affecting 16,701 individuals, but only completed notifications on April 9, 2025, fifteen months after the breach. Community Dental Care in Minnesota discovered unauthorized access to their network on December 20, 2024, with confirmation on March 24, 2025 that names, addresses, Social Security numbers, and medical information were exposed, though the total number of affected individuals remains unclear.
- Six current and former employees have filed a class action lawsuit against University of Maryland Medical System Corporation and University of Maryland Medical Center. Former UMMC pharmacist Matthew Bathula allegedly installed keylogging software on approximately 400 hospital devices over a decade, obtaining credentials of at least 80 staff members and using them to access victims’ personal accounts, webcams, and home security cameras. The lawsuit claims UMMC had inadequate security that enabled Bathula to target primarily young female medical professionals, recording them in private moments including breastfeeding and intimate activities. After terminating Bathula, UMMC replaced compromised computers and implemented additional cybersecurity controls, but the lawsuit alleges the hospital was aware of potential hacking for years without identifying the perpetrator.
- Data privacy and data security represent distinct concepts that organizations often mistakenly treat as interchangeable. Data privacy focuses on individual control over personal information and regulatory compliance with laws like GDPR and HIPAA, while data security involves technical protections against unauthorized access through measures like encryption and fraud detection. The DOGE incident, where unauthorized access was gained to Treasury Department records, demonstrates how compliance with privacy regulations does not guarantee security from breaches. Organizations must establish separate teams with clear responsibilities—privacy oversight by compliance teams and security management by IT security professionals—to prevent vulnerabilities. Companies that fail to distinguish between these concepts risk regulatory penalties, consumer distrust, operational disruptions, and financial losses from both privacy violations and security breaches.
Equity
- Health care entities managed or funded by HHS face approaching deadlines for Section 1557 compliance, with requirements to review decision-making tools for bias, adopt new policies, and train employees by May 1, 2025, while providers receiving only Medicare Part B funds have until May 6. By July 5, 2025, covered entities must distribute notices about non-English assistance availability, replacing previous foreign language taglines. The enforcement outlook remains uncertain as key components of these regulations conflict with the current administration’s policy goals, particularly regarding transgender protections and foreign language assistance requirements, following executive orders that established English as the official U.S. language.
Fraud & Abuse
- The Seventh Circuit Court of Appeals overturned a landmark Anti-Kickback Statute conviction. Mark Sorensen, the owner of SyMed Inc., had been sentenced to 42 months in prison for allegedly paying kickbacks to marketing firms, a DME manufacturer, and a billing company in connection with Medicare-billed orthopedic braces. The appellate court ruled that Sorensen’s payments did not violate the law because there was insufficient evidence that any recipients influenced healthcare decisions, noting that 80% of prescriptions were rejected by physicians who maintained independent decision-making authority. This ruling clarifies that marketing recommendations are not necessarily illegal referrals and that percentage-based compensation structures are not automatically unlawful under the Anti-Kickback Statute.
Laboratories
- Recent False Claims Act litigation demonstrates critical compliance risks for medical laboratories. In Jensen ex rel. United States of America v. Genesis Laboratory, the court dismissed qui tam claims that Genesis submitted false claims to Medicare for unnecessary tests and violated the Anti-Kickback Statute by waiving copayments to induce referrals, citing insufficient evidence. The takeaway is that laboratories must exercise independent judgment on medical necessity despite physician certifications, ensure requisition forms comply with Medicare regulations, review copayment waiver policies, and maintain documentation of compliance efforts. Laboratories should implement robust compliance programs, provide staff training, document processes thoroughly, and consult legal counsel to mitigate regulatory risks.
Medicare
- CMS issued the fiscal year 2026 Medicare Hospital Inpatient Prospective Payment System proposed rule on April 11, 2025, with comments due by June 10, 2025. The rule proposes a 2.4% increase in operating payment rates for qualifying acute care hospitals, creates several new MS-DRG categories while deleting others, and increases uncompensated care payments to $7.29 billion for FY 2026. Special rural designations including the Medicare-dependent hospital program and low-volume hospital payment adjustment are set to expire on September 30, 2025, with hospitals previously qualifying for MDH status to be paid based on the federal rate thereafter. The rule also proposes updates to the Transforming Episode Accountability Model, which will begin as a five-year mandatory model on January 1, 2026.
- The Trump administration released two final regulatory documents for Medicare Advantage (MA) for 2026, with CMS finalizing a basic payment update of +5.06% that will increase MA payments by $25 billion. CMS did not finalize proposals to expand coverage of anti-obesity medications or implement health equity requirements for utilization management policies, but did codify IRA provisions requiring $0 cost sharing for ACIP-recommended vaccines and $35 monthly caps for insulin. The final rule also includes provisions for Dual Eligible Special Needs Plans, inpatient setting protections, and guardrails for supplemental benefits, while the new risk model will be fully implemented in 2026, saving Medicare trust funds approximately $13 billion.
Pharmacy Benefit Managers
- Arlington-based Texas Health Resources is suing six drugmakers and pharmacy benefit managers, alleging they colluded to raise insulin prices by up to 1,000% over two decades while collecting secret rebates and fees. The nonprofit system filed the federal lawsuit on March 26 in New Jersey District Court against Express Scripts, CVS Caremark, Optum Rx, Sanofi, Eli Lilly, and Novo Nordisk, claiming violations of the RICO Act and Texas consumer protection laws. Texas Health Resources, which covers about 40,000 beneficiaries through its self-funded insurance plan, joins more than 400 other entities that have filed similar lawsuits against these companies. All defendants have denied the allegations, with CVS Caremark, Sanofi, Novo Nordisk, Optum Rx, and Eli Lilly each issuing statements calling the lawsuit baseless or meritless and defending their pricing practices.
Private Equity
- Texas’ Corporate Practice of Medicine doctrine prohibits corporations and non-physicians from practicing medicine or employing physicians to provide medical services. Private equity firms use Management Service Organization models to invest in healthcare while attempting to comply with CPOM restrictions, but many management service agreements contain provisions that transfer excessive control to non-physician entities. Courts have identified several red flags that indicate CPOM violations, including excessive fee structures, control over medical personnel, financial control, influence over clinical decision-making, and restrictive clauses that limit physicians’ ability to terminate relationships. Contracts that violate the CPOM doctrine are likely unenforceable under Texas law, giving physicians potential legal grounds to terminate problematic MSO relationships without penalty.ata Privacy
- Three healthcare organizations reported data breaches affecting thousands of patients in recent months. Central Texas Pediatric Orthopedics experienced a network server hack on March 3, 2025, compromising personal and medical information of 140,000 patients, with the Qilin ransomware group claiming responsibility. Omni Healthcare Financial Holdings reported unauthorized network access between January 18-19, 2024, affecting 16,701 individuals, but only completed notifications on April 9, 2025, fifteen months after the breach. Community Dental Care in Minnesota discovered unauthorized access to their network on December 20, 2024, with confirmation on March 24, 2025 that names, addresses, Social Security numbers, and medical information were exposed, though the total number of affected individuals remains unclear.
Ransomware
- Ransomware group Qilin posted 42 gigabytes of data stolen from Central Texas Pediatric Orthopedics on the dark web in February, with the practice now notifying 140,121 affected individuals. The unauthorized access occurred between January 23-26, 2025, compromising patient information including names, government IDs, medical data, insurance details, birth dates, and X-ray images of minors. CTPO has reported the breach to the FBI and implemented security enhancements including endpoint detection software, password resets, and server rebuilding. Experts warn that pediatric healthcare records are particularly valuable targets due to children’s pristine credit histories, with several law firms already investigating the incident for potential class action litigation.
Reimbursement
- An estimated 450 million medical claims are denied annually in the US, with Texas having a 22% denial rate for in-network ACA claims. The American Medical Association reports that AI tools used by insurers can produce denial rates up to 16 times higher than typical. The Texas Senate has advanced bill SB 815 to restrict insurers from using AI for claim decisions, while new AI platforms like Claimable and Fight Health Insurance have emerged to help patients appeal denials. These AI appeal tools aim to level the playing field against insurers who have established an early advantage in using technology for claims processing.
Skilled Nursing Facilities
- CMS has extended the deadline for Skilled Nursing Facilities (SNFs) to submit Medicare revalidations to August 1, 2025, following a previous extension from the original deadline to May 1, 2025. The extension comes as AHCA/NACL reports less than 20% of SNFs had submitted applications by mid-March, with many applications being returned with requests for additional information. The revalidation process now includes Attachment 1, which collects new categories of information on ownership, management, organization, and administration. CMS updated its guidance on April 9, 2025, with additions to Section IV and FAQs regarding requirements for reporting Additional Disclosable Parties.