Wade’s Health Law Highlights for September 23, 2025

Advertising

• The FDA announced a crackdown on direct-to-consumer pharmaceutical advertising on September 9, following a presidential memorandum directing action against misleading advertising practices. The agency issued thousands of template letters to pharmaceutical companies warning them to remove misleading advertising and sent hundreds of cease-and-desist letters to companies violating advertising rules. FDA plans to increase enforcement actions from the current 10-20 untitled letters annually to hundreds per year, with focus on social media and digital advertising content. The agency targets violations of “fair balance” requirements between drug risks and benefits, with attention to how seniors access risk information and influencer posts that fail to follow regulations. FDA also intends to eliminate the “adequate provision” rule that currently allows drug manufacturers to avoid listing all safety risks in broadcast advertisements if they direct consumers to additional information sources. Source: Loeb & Loeb LLP

Cybersecurity

• Healthcare organizations must understand cloud lifecycle management beyond initial migration to achieve cost optimization and security compliance. Healthcare systems have increased cloud adoption over the past five to seven years, with providers like Amazon Web Services offering compliance and security features that reduce concerns about hosting protected health information in the cloud. Organizations face challenges including stakeholder buy-in, security concerns around PHI, selecting appropriate cloud architecture, and maintaining HIPAA compliance throughout the cloud lifecycle. Cloud lifecycle management begins with planning and determining what to host in the cloud, followed by migration, operationalizing with a FinOps approach for financial responsibility, continuous workload optimization, and eventual decommissioning or modernization. Technology partners such as Mission Cloud Services can guide healthcare organizations through each stage of cloud lifecycle management, with cloud infrastructure serving as a foundation for accessing AI and machine learning tools. Source: HealthTech Magazine

Data Privacy

• Texas mandates electronic health records must be stored within the United States starting January 1, 2026. Senate Bill 1188 requires all electronic health records under the control of covered entities to be physically maintained in the United States or U.S. territories, regardless of whether the records are stored by the covered entity or a third party. The law defines “covered entity” more broadly than HIPAA, encompassing nearly any entity that assembles, collects, analyzes, uses, evaluates, stores, or transmits protected health information, including healthcare providers, payors, schools, researchers, and business associates. Violations can result in civil penalties between $5,000 and $250,000, and regulatory agencies may revoke or suspend licenses, registrations, or certifications. The Texas Health and Human Services Commission and the Texas Attorney General are authorized to investigate and penalize non-compliance with the storage requirements. Source: Katten Muchin Rosenman LLP

Economics

• Hospitals in economically disadvantaged areas adopt health information technologies at lower rates than those in affluent regions, according to a study of 16,646 hospital observations from 2018-2023. Hospitals in the most deprived areas were less likely to implement treatment-stage telehealth, postdischarge telehealth, electronic data query systems, and data availability functions compared to hospitals in the least deprived areas. The research found that hospital participation in accountable care organizations was associated with higher adoption rates across all technology types, with ACO-participating hospitals showing adoption probabilities 2-7 percentage points higher than non-participating facilities. Despite persistent gaps, health information technology adoption increased over time across all hospitals regardless of area deprivation level, with adoption rates rising from 2018 to 2023. Hospital characteristics including bed size, urban versus rural location, and ACO participation explained 60-104% of the observed disparities in technology adoption between advantaged and disadvantaged areas. Source: JAMA Health Forum

Fraud & Abuse

• Healthcare whistleblowers now use AI algorithms to analyze public datasets and flag statistical anomalies that signal potential fraud. The Department of Justice recorded 979 qui tam actions in 2024, marking the second-highest number of False Claims Act cases in program history, with many initiated through mathematical outliers rather than insider tips. The Centers for Medicare & Medicaid Services pioneered this approach in 2011 with their Fraud Prevention System, which prevented or caught $820 million in inappropriate payments within three years by running predictive analytics on 100% of Medicare fee-for-service claims. Analysis of nearly 3,500 analytics-driven audits reveals an 18% error rate, roughly double what traditional probe audits detect, while traditional audits examine only 10 encounters per provider and miss over 90% of potential issues. Healthcare organizations can now use tools like VMG Health’s Compliance Risk Analyzer to identify the same billing patterns and anomalies before external investigators spot them. Source: VMG Health
• The federal government made $162 billion in improper payments during fiscal year 2024, representing a $74 billion decrease from the $236 billion recorded in 2023. The decline occurred primarily due to the termination of pandemic-related programs, with the Department of Labor’s Pandemic Unemployment Assistance program alone accounting for a $44 billion reduction. Of the total improper payments, $135 billion (84%) were overpayments to recipients, while the remainder included underpayments, unknown payment errors, and procedural violations. Five programs concentrated 75% of all improper payments: Medicare, Medicaid, the Earned Income Tax Credit, SNAP, and the Restaurant Revitalization Fund. Since 2003, the federal government has made an estimated $2.8 trillion in improper payments across various programs and agencies. Source: U.S. GAO

IV Hydration

• Texas enacted House Bill 3749, known as “Jenifer’s Law,” to regulate IV therapy services outside traditional medical facilities following a death at a Texas spa in 2023. The law, effective September 1, 2025, requires physicians to prescribe or order all elective IV therapy in non-facility locations such as spas, mobile units, and homes. Only physician assistants, advanced practice registered nurses, and registered nurses may administer IVs under physician supervision, ending the practice of unlicensed staff providing these services. The law mandates written prescriptive authority agreements between physicians and delegated clinicians, with registration required through the Texas Medical Board. Source: Healthcare Empowered

Litigation

• Healthcare tech companies face mounting class action lawsuits that threaten investor confidence and stock stability. The sector has become a target for litigation due to digitization, data privacy concerns, and regulatory scrutiny, with UnitedHealth Group settling for $69 million in 2024 after accusations of prioritizing business relationships over 401(k) fund performance. Data breach lawsuits surged in 2024, with plaintiffs filing more cases than in any prior year, despite amendments to privacy laws that reduced per-scan damages. Companies that demonstrate transparency and strategic pivots during legal disputes recover faster than those with poor leadership, while servant and transformational leadership styles help mitigate risks through proactive compliance. Investors should monitor leadership actions such as cybersecurity spending increases as indicators of a company’s ability to manage legal challenges and maintain long-term stability. Source: AInvest

Medical Devices

• The FDA has escalated enforcement against AI health apps by issuing warning letters to SeniorLife Technologies and Whoop for marketing diagnostic features without proper authorization. SeniorLife received an August 21, 2025 warning letter for its AI app that assesses mobility and cognitive health, predicts fall risk, and detects Alzheimer’s signs without premarket clearance, while also lacking basic quality system controls like complaint handling and employee training procedures. Whoop received a July 14, 2025 warning letter for its Blood Pressure Insights feature that estimates systolic and diastolic blood pressure, which FDA determined to be inherently diagnostic and tied to hypertension conditions. Both companies violated regulations by falsely claiming FDA approval in their marketing materials and failing to submit required 510(k) applications for their diagnostic software functions. The enforcement actions signal FDA’s position that AI-enabled health software performing diagnostic functions must undergo premarket review regardless of how companies frame the features as “wellness” tools. Source: Hogan Lovells
• The Office of Inspector General approved physician ownership in a medical device company through Advisory Opinion 25-09 while maintaining scrutiny of such arrangements. The opinion involved an emergency stroke treatment device company where physician investors owned 35 percent of the company and could order or recommend the device to hospitals. OIG found no Federal Anti-Kickback Statute violation because the arrangement met all requirements of the small entity investment safe harbor, including keeping physician ownership under 40 percent and providing equal investment terms to all investors. Despite the approval, OIG reaffirmed that physician-owned medical device companies remain “inherently suspect” and warned that such arrangements can create incentives to overutilize services and distort clinical judgment. The opinion confirms that compliance pathways exist for physician investment in medical device companies when structures align with safe harbor requirements. Source: Orrick

Non-Competes

• FTC Chairman Ferguson sent letters to healthcare employers and staffing companies warning them to review and eliminate anticompetitive noncompete agreements. The letters emphasize that enforcement against unreasonable noncompetes remains a top FTC priority, with the agency targeting provisions that limit clinician job opportunities and reduce patient choice, particularly in rural areas. The FTC focused on large healthcare employers and staffing firms, noting that enforcement will target roles including nurses, physicians, and other medical professionals. This outreach follows the FTC’s withdrawal from defending its nationwide noncompete ban and the creation of a Joint Labor Task Force in February 2025 to prosecute anticompetitive labor practices. While the FTC cannot seek damages for overbroad noncompetes, it can issue cease-and-desist orders and seek civil remedies in federal court. Source: McDermott Will & Emery
• Texas Senate Bill 1318 imposed strict new limits on healthcare non-compete agreements that took effect September 1, 2025, requiring immediate compliance from employers whose contracts renew automatically. The law applies to physicians, dentists, nurses, and physician assistants and restricts geographic limitations to a maximum five-mile radius from the practitioner’s primary practice location, while capping duration at one year from termination. Buyout provisions must now be limited to the practitioner’s total annual salary and wages at termination, and contract terms must be written in plain language. Non-compete agreements become void if physicians are discharged without good cause, defined as conduct, job performance, or employment record issues. Healthcare employers face potential liability for attorney fees if they attempt to enforce non-compliant agreements that were renewed or entered into after the September 1 effective date. Source: Hendershot Cowart P.C.

Qui Tam Actions

• A federal judge rejected TriHealth’s constitutional challenge to the False Claims Act but certified the case for appeal to the Sixth Circuit Court. On July 28, 2025, U.S. District Judge Douglas Russell Cole stayed the False Claims Act lawsuit in United States of America et al. v. TriHealth Inc. et al. while the constitutional challenge proceeds. TriHealth argued that the FCA’s qui tam provisions violate the Constitution’s Article II Appointments and Take Care Clauses and that whistleblowers Thomas Murphy and Dr. Set Shahbabian lack standing under Article III. The court ruled that relators are not officers under the Appointments Clause and that the Executive Branch retains control over relator conduct, rejecting TriHealth’s constitutional arguments. This case represents the third federal court of appeals to examine the constitutionality of qui tam provisions, with legal experts predicting the issue will eventually reach the Supreme Court. Source: Whistleblowers Blog

Reimbursement

• CMS is conducting more frequent and targeted RADV audits to increase oversight of risk adjustment programs. These audits pressure healthcare organizations and payers to ensure precise Hierarchical Condition Category (HCC) coding and documentation, as coding errors can trigger repayment demands and penalties. For payers, RADV audits validate risk-adjusted payments and can uncover financial discrepancies leading to recoupment of overpayments, while providers face repayment demands and penalties for documentation or coding errors. Organizations must implement internal controls, conduct regular coding validations, and invest in provider education to reduce audit exposure. Clinical documentation serves as evidence that validates diagnoses, requiring specificity, clarity, and completeness to avoid claims being flagged during audits. Source: VMG Health

Telehealth

• Telehealth delivers financial benefits to healthcare organizations through increased revenue, reduced losses, and decreased operational costs. The technology helps prevent patient attrition by offering virtual visits and self-scheduling capabilities that meet consumer expectations for convenience and access. Healthcare organizations can avoid government penalties through remote physiological monitoring programs, with 2,499 hospitals facing Medicare readmission penalties averaging $208,000 per hospital in 2022. Telehealth reduces recruitment costs by improving clinician satisfaction and combating burnout, which decreases staff turnover rates. Organizations can also lower facility costs since telehealth work can be performed from clinicians’ homes, allowing multiple providers to share exam rooms and expanding geographic reach without additional physical space. Source: Telehealth.org
• The telehealth obesity market has experienced explosive growth, reaching $57.75 billion in 2024 and projected to hit $392.89 billion by 2033 with a 24% compound annual growth rate. The U.S. telehealth weight-loss market saw a 300% year-over-year increase in patient consultations for GLP-1 prescriptions in 2025, with platforms like Noom and LifeMD bundling these medications with AI-driven coaching services. The FDA has issued over 100 warning letters to telehealth providers for promoting compounded GLP-1 drugs as equivalents to FDA-approved medications, creating opportunities for compliant companies like Weight Watchers (WW), which has attracted 87,000+ subscribers with its hybrid model combining FDA-approved medications and behavioral support. An estimated 40 million people will use GLP-1 medications by 2029, generating $126 billion in sales. Source: Ainvest