Categories
Health Law Highlights

Wade’s Health Law Highlights for October 21, 2025

AI Governance

  • Joint Commission and the Coalition for Health AI released the first national guidance for responsible AI implementation in U.S. healthcare systems. The guidance establishes policies for local validation, monitoring, and use that healthcare organizations can integrate into existing or new processes. The organizations plan to release governance playbooks later this year and in 2026, followed by a voluntary AI certification program for Joint Commission’s more than 22,000 accredited healthcare organizations. The partnership, launched in June 2025, combines Joint Commission’s standards and reach with CHAI’s technical expertise to help health systems utilize AI while improving patient outcomes. CHAI membership includes nearly 3,000 organizations across healthcare and technology sectors. Source: Joint Commission
  • Healthcare providers are generating return on investment from AI in tech support and patient experience applications, according to a Google survey of more than 600 senior leaders in healthcare and life sciences. The survey found 80% reported better patient engagement metrics and 70% saw higher patient satisfaction scores, with both tech support and patient experience showing ROI for 34% of respondents. Meanwhile, 44% of organizations now use agentic AI agents, though data privacy and security remains the top concern for healthcare executives evaluating AI suppliers. A separate NYU study of 55,000 portal messages revealed clinicians use AI for patient communication 20% of the time, reducing composition time by 7% but requiring additional time for reviewing and editing AI-generated drafts. Source: AI in Healthcare

Biotech

  • The biotech industry confronts a convergence of financial and regulatory pressures while showing signs of recovery in select funding areas. A patent cliff threatens $300 billion in biologics revenue from 2023 through 2028, while the Inflation Reduction Act and potential tariff policies create pricing uncertainties for pharmaceutical companies. Venture capital funding rebounded in 2024 to $23.1 billion total, exceeding pre-pandemic levels, though fewer companies received funding with larger average round sizes. The IPO market remains weak with only 30 companies raising $4 billion in 2024, and 39% of smaller biotech firms hold less than one year of operating cash. Alliance deals reached $144 billion in potential value during 2024, representing the highest level in a decade as companies pursue partnerships over traditional mergers and acquisitions. Source: DCAT Value Chain Insights

Cybersecurity

  • Healthcare organizations face escalating cyber threats that directly compromise patient safety and care delivery. A Ponemon Institute survey of 677 healthcare IT professionals found that 93% of organizations experienced cyberattacks in the past year, with 72% reporting disruptions to patient care including delayed procedures, extended hospital stays, and complications that led to increased mortality rates in 29% of cases. Organizations experienced an average of 43 attacks each, up from 40 the previous year, while supply chain attacks proved most damaging with 87% of victims reporting negative patient care impacts. The average cost of the most expensive cyberattack reached $3.9 million, though this represents a decrease from 2024’s $4.7 million average, with operational disruption accounting for the largest expense at $1.2 million per incident. Human error contributed to 35% of data breaches, with employees failing to follow security policies, while 75% of organizations plan to migrate clinical applications to cloud platforms and 30% have adopted AI security tools. Source: HIPAA Journal
  • The EU Data Act establishes a framework requiring companies to provide users access to data from connected products and related services, with obligations that became applicable September 12, 2025. The regulation applies to manufacturers of connected products placed on the EU market and service providers, regardless of their location, covering Internet of Things devices that collect data about their use or environment. Users gain rights to access personal and non-personal data their devices generate, and companies must make this data available on fair, non-discriminatory terms while allowing transfer to third parties upon request. Medical and health devices fall within scope, including wearables and digital health platforms, requiring manufacturers to build mechanisms for patients to retrieve operational data in portable formats. Non-compliance can result in fines, regulatory investigations, and civil liability, with the regulation working alongside the European Health Data Space Regulation that entered force in 2025. Source: White & Case LLP

Federal Drug Administration

Fraud & Abuse

  • The Trump Administration continued False Claims Act enforcement in healthcare during fiscal year 2025. Healthcare enforcement continued with settlements exceeding $1 billion, including a $350 million settlement with Walgreens for filling invalid opioid prescriptions and a $98 million Medicare Advantage settlement for inflated risk scores. The DOJ also maintained focus on cybersecurity compliance violations among government contractors, securing multiple settlements totaling over $20 million. Paycheck Protection Program fraud cases continue due to Congress extending the statute of limitations to 10 years in 2022. Source: Mayer Brown
  • ASCs operate under federal anti-kickback law enforcement risk despite exemption from Stark law restrictions. The federal Anti-Kickback Statute prohibits offering or receiving remuneration in exchange for patient referrals reimbursed by Medicare or Medicaid, requiring physicians who invest in ASCs to disclose their ownership interests and ensure investment opportunities are not based on referral volume. Safe harbor protections shield ASCs from prosecution when physician-owners personally perform procedures at the center and meet specific thresholds, including requirements that at least one-third of a physician-investor’s income comes from ASC-eligible procedures and physicians perform at least one-third of their procedures at the ASC. ASC ownership transactions must occur at fair market value to avoid referral-based inducements, with independent third-party valuations recommended to validate pricing and mitigate risk. Operating an ASC requires Medicare certification, state registration, and facility inspections, with restrictions that prevent space-sharing with hospitals or Medicare diagnostic facilities and prohibit passive ownership. Source: Becker’s ASC

GLP-1

  • The Fifth Circuit Court of Appeals ruled that companies can now sue competitors under state laws that mirror federal FDA regulations, breaking from the tradition that only the federal government can enforce violations of the Federal Food, Drug, and Cosmetic Act. In Zyla Life Sciences, LLC v. Wells Pharma of Houston, LLC, the court reversed a district court dismissal and held that state laws mirroring the FDCA are not preempted by federal law. Zyla Life Sciences had sued Wells Pharma under unfair competition laws in six states, claiming Wells’ sales of compounded indomethacin suppositories violated state laws that mirror FDA premarket approval requirements. The decision relied on California v. Zook (1949) and could impact the ongoing legal battles between traditional drug manufacturers and compounding pharmacies, particularly involving GLP-1 weight loss drugs. Companies operating in FDA-regulated industries now face increased risk of civil lawsuits from competitors under state law, marking a shift in regulatory enforcement beyond federal oversight. Source: Foley & Lardner LLP

Intellectual Property

  • Healthcare startups utilize software and intellectual property licensing to overcome development costs and regulatory barriers while accelerating time-to-market. Three primary licensing models exist: proprietary licensing with strict usage conditions, open source licensing that permits modification and distribution, and custom agreements tailored to specific needs. Healthcare companies must ensure licensing agreements address regulatory compliance with laws like HIPAA and GDPR, define scope of rights and ownership of improvements, and specify exclusivity terms and liability protections. Beyond licensing, startups need comprehensive IP strategies that include filing patents, trademarking assets, and protecting trade secrets to attract investors and increase company valuation. These licensing arrangements enable partnerships with universities, pharmaceutical companies, and technology vendors for research collaboration and market expansion. Source: Healthcare Law Insights
  • Life sciences and medtech companies risk compromising patent rights during conferences through premature disclosure of technical details. Companies should file provisional patent applications before public disclosures and focus patent protection resources on inventions tied to core business objectives rather than pursuing patents for every idea. Teams should prepare two pitch decks—a non-confidential version and a confidential deck for NDA settings—since global patent rights depend on what companies disclose publicly. While the U.S. provides a one-year grace period after public disclosure to file for patent protection, many other jurisdictions do not offer this protection. Investors expect companies to maintain clean IP documentation, conduct freedom-to-operate scans, and protect trade secrets, particularly for software-enabled devices and AI systems. Source: Healthcare Law Insights

Private Equity & Startups

  • Physician-founded healthcare companies require structured equity plans, regulatory compliance, and disciplined funding approaches to succeed. Founders should implement standard four-year vesting schedules with one-year cliffs, while advisors need written agreements with defined scope, deliverables, and milestone-based equity that reflects fair market value rather than referral-based compensation. Early-stage funding typically uses SAFE agreements with valuation caps and discounts, progressing to clean preferred stock with 1x non-participating liquidation preferences for priced rounds. Due diligence examines corporate structure integrity, deal economics clarity, and regulatory compliance, particularly for companies delivering direct care through physician-owned professional corporation and management services organization models. Companies should form immediately when intellectual property, data, personnel, or pilot programs are involved, as delays complicate ownership and rights assignments. Source: Healthcare Law Insights
  • The California Governor signed SB 351, restricting private equity and hedge fund control over medical and dental practices. The law, which takes effect January 1, 2026, mandates that only physicians and dentists can own medical records, make employment decisions, negotiate payor agreements, make billing decisions, and approve medical equipment and supplies. SB 351 prohibits practice management contracts from including non-compete clauses that would bar providers from competing after termination or from commenting on quality of care issues and revenue strategies. The legislation grants the California Attorney General authority to seek injunctive relief and attorney’s fees from investors who violate corporate practice of medicine laws. The law applies exclusively to physician and dental practices backed by private equity or hedge funds and excludes government-owned healthcare entities from its restrictions. Source: The National Law Review

Medicaid Reimbursement

Telehealth

  • Key telehealth flexibilities from the COVID-19 public health emergency expired on October 1, 2025, after Congress failed to extend them beyond the September 30 deadline. The expired provisions include allowing telehealth services from patients’ homes, expanding practitioner definitions to include occupational therapists and physical therapists, permitting audio-only telehealth sessions, and waiving in-person visit requirements for mental health services. The Centers for Medicare & Medicaid Services published then removed guidance instructing Medicare contractors to implement temporary claims holds for affected services. Medicare will now revert to pre-pandemic restrictions that limit telehealth services to designated rural areas and require in-person hospice recertifications. While bipartisan support exists for extending these flexibilities, the timing of any future extension and whether it might apply retroactively remains uncertain. Source: Healthcare Law Blog

Texas Medical Board

  • The Texas Medical Board reprimanded Houston doctor for prescribing ivermectin to a COVID-19 patient at a Fort Worth hospital where she lacked treatment privileges. Administrative law judges determined Bowden engaged in unprofessional conduct when she prescribed the medication to a Tarrant County Sheriff’s Deputy in October 2021 without completing the required privilege application. The incident escalated when the physician sent a nurse to administer the medication, creating what the hospital called a “disruptive scene” that required police intervention. The doctor, an ear, nose and throat specialist, stated she does not regret her actions and plans to appeal the reprimand while filing a lawsuit against the medical board. The reprimand carries no fines or suspension. She has gained national attention for her opposition to COVID-19 vaccine mandates and support for ivermectin treatment. Source: Houston Chronicle