Wade’s Health Law Highlights for February 25, 2025

Artificial Intelligence

• A recent American Medical Association survey of 1,183 physicians shows AI usage among doctors increased from 38% in 2023 to 66% in 2024. Physicians use AI primarily for visit documentation, discharge summaries, care plans, translation services, and medical research summaries, with 68% reporting AI provides advantages in patient care. While 36% of physicians express excitement about AI, up from 30% in 2023, 47% believe increased oversight is needed to build trust in the technology. The survey reveals physicians want features like feedback channels, data privacy assurances, EHR integration, and proper training to advance AI adoption in healthcare.
• Healthcare will transform from centralized hospitals to an invisible, integrated system woven into daily life through AI and edge computing. The shift is driven by younger generations demanding personalized care, advancing biometric technology, and the convergence of diagnostic capabilities into smaller devices. By 2051, healthcare will move into homes and repurposed community spaces, with AI-powered preventive care and mental health support becoming standard features of everyday environments. Wearable technology will predict health issues decades in advance, while household items will continuously collect health data and provide real-time monitoring.
• Organizations are shifting from static AI compliance to continuous governance models as AI systems become more integrated into business operations. The EU AI Act and U.S. regulations require companies to implement real-time monitoring, vendor oversight, and cross-functional governance structures to manage AI risks. Organizations must address challenges including model drift, data provenance, third-party transparency, and AI liability through continuous auditing and risk assessment frameworks. Companies need to balance AI explainability with intellectual property protection while ensuring compliance with privacy regulations like GDPR and CCPA. Those who adopt proactive AI governance frameworks position themselves for competitive advantage in responsible AI innovation.

Data Breach

• The City of McKinney in Texas reported a cyberattack affecting 17,751 individuals’ protected health information. McKinney’s breach occurred in October 2024, with unauthorized access detected on November 14, 2024, leading to exposure of personal data including Social Security numbers, financial information, and medical records.

FDA

• Hims & Hers Health stock dropped 26% after the FDA declared the end of semaglutide shortages and announced plans to crack down on compound pharmacies within 90 days. The company has been selling compounded versions of semaglutide, the active ingredient in Wegovy and Ozempic, for $200 per month compared to the $1,000 monthly cost of branded versions. Despite this setback, Hims & Hers has expanded through acquisitions, including a U.S.-based peptide facility and Trybe Labs for at-home testing services. The company’s weight loss program is projected to generate $100 million in revenue by the end of 2025, following stock gains of over 200% last year.
• The FDA announced on February 21 that the semaglutide injection product shortage has ended, removing it from the Drug Shortage List where it had been since 2022. The medication, used for Type 2 diabetes and weight loss, will face new restrictions on compounding, with state-licensed pharmacies and physicians having until April 22, 2025, and outsourcing facilities until May 22, 2025, to comply with FDA regulations. Healthcare providers will no longer be able to compound versions of semaglutide that are copies of brand-name products, requiring patients to switch to brand-name medications. The changes will impact medical practices, pharmacies, outsourcing facilities, and telehealth companies that have been providing compounded versions of the medication at lower costs than brand-name alternatives. Healthcare providers must consult with attorneys to ensure compliance with the new regulations before the deadlines.

Fraud & Abuse

• The United States Court of Appeals for the First Circuit ruled that kickbacks must be the “but-for” cause of claim submissions to establish falsity in False Claims Act cases based on Anti-Kickback Statute violations. The ruling emerged from United States of America v. Regeneron Pharmaceuticals, Inc., which examined whether Medicare claims for Eylea influenced by kickback violations through copayment coverages constituted false claims. While Regeneron advocated for the stricter but-for causation standard already adopted by the Sixth and Eighth Circuits, the government pushed for the Third Circuit’s more lenient approach requiring only proof of a causal link between claims and AKS violations. The First Circuit’s decision to adopt the but-for standard will limit the scope of actionable FCA claims and affect how the government and whistleblowers pursue damages for AKS violations in federal healthcare programs.
• On February 18, 2025, the First Circuit Court joined the Sixth and Eighth Circuits in ruling that Anti-Kickback Statute violations must be the “but-for” cause of false claims to trigger False Claims Act liability. This decision created a split with the Third Circuit, which only requires showing that a patient was exposed to an illegal recommendation before a claim was submitted. The court rejected the government’s arguments for a lower causation standard, citing the need to limit overbroad FCA claims and require proper proof of causation. Healthcare providers still face liability through false certification theories, which don’t require proving causation. The government appears to be shifting toward using false certification arguments rather than relying on the 2010 amendments that created the causation requirement.
• The Justice Department has launched a civil fraud investigation into UnitedHealth Group’s Medicare billing practices, focusing on how the company records diagnoses that trigger extra payments from Medicare Advantage plans. The investigation follows Wall Street Journal reports that UnitedHealth received $8.7 billion in federal payments in 2021 for diagnoses added to patient records without doctor treatment, with each nurse home visit generating an average of $2,735 in additional payments. The DOJ has interviewed medical providers about UnitedHealth’s practices of promoting specific diagnoses and offering incentives to add them to patient records, while the company’s shares fell 7% on news of the investigation, erasing $30 billion in market value. This probe adds to existing scrutiny of the $400 billion company, which includes a separate antitrust investigation and a lawsuit to block its $3.3 billion acquisition of Amedisys.

Texas Legislation

• The Texas Legislature has introduced a bill requiring electronic health records to include dedicated spaces for recording biological sex and sexual development disorders. The legislation defines biological sex based on reproductive system function and mandates that medical algorithms use this recorded biological sex for treatment decisions. Health care providers can only amend the recorded biological sex to correct clerical errors or if a patient is diagnosed with a sexual development disorder. The bill, if passed, will take effect September 1, 2025. The new requirements will apply only to electronic health records created after the law’s effective date.
• A Texas State Senator filed a bill requiring explicit consent for medical research on corpses in Texas. The legislation responds to an NBC News investigation that revealed UNT Health Science Center used unclaimed bodies for experiments and leased body parts to companies without contacting families. Current Texas law allows medical institutions to use unclaimed bodies after attempting to notify relatives within 72 hours, but the new bill would require prior written consent from the deceased or next of kin. Following the investigation, UNT Health Science Center leaders were fired, the Willed Body Program was suspended, and the university president stepped down, while Tarrant County ended its relationship with the program.

HIPAA

• The U.S. Department of Health and Human Services has proposed updates to HIPAA Security Rule requirements in a new Notice of Proposed Rulemaking. The updates include mandatory implementation specifications for contingency plans, requiring exact backup copies of electronic protected health information and system restoration within 72 hours of an event. The proposal introduces a new vulnerability management standard requiring automated scanning every six months, ongoing monitoring of known vulnerabilities, annual penetration testing, and timely software patches. Business associates must notify covered entities within 24 hours of activating contingency plans, and regulated entities must maintain written security incident response procedures. The public comment period for these proposed changes ends March 7, 2025.
• The US Department of Health and Human Services issued a proposed update to the HIPAA Security Rule in June 2024 to strengthen cybersecurity requirements for electronic protected health information. Mobile healthcare apps present unique security challenges, with 79% of healthcare organizations experiencing API-related security incidents in 2023. The proposed rule needs specific requirements for mobile app security, including protection against cloned apps, device manipulation, man-in-the-middle attacks, and API key exposure.

Medicare

• Medicare Advantage plans required approximately two prior authorizations per enrollee in 2023, while Traditional Medicare required only 0.01 per beneficiary. Prior authorization requirements for Medicare Advantage plans increased to 50 million in 2023, up from 42 million in 2022, despite CMS rules aimed at reducing these requirements. A Senate report revealed that the three largest Medicare Advantage insurers intentionally denied prior authorizations to increase profits, with United Healthcare’s denial rate for skilled nursing facility stays rising 800% between 2019 and 2022. While 3.2 million prior authorization requests were denied in 2023, only 11.7% were appealed, though 81.7% of appeals resulted in overturned denials. The process impacts skilled nursing facilities through delayed admissions, reduced patient volume, and revenue loss.
• Medicare physician payments have seen only an 11% increase from 2001 to 2021 while practice costs rose 39%. The Centers for Medicare & Medicaid Services implemented a 2.83% reimbursement cut for 2025, prompting concerns about practice viability and patient access. Congress replaced the problematic Sustainable Growth Rate formula with MACRA in 2015, introducing value-based payment models through MIPS and APMs. A bipartisan bill called the Medicare Patient Access and Practice Stabilization Act was introduced in January 2025 to reverse the cuts, with a critical March 14 deadline looming for Congress to act on budget measures that could affect physician payments.