Wade’s Health Law Highlights for April 1, 2025

Abortion

Senate Bill 31, known as the Life of the Mother Act, aims to clarify medical exceptions to Texas abortion laws that currently permit the procedure only when the mother’s life or major bodily function is at risk. The bill would specify that doctors need not delay treatment if doing so increases risk to the pregnant woman, broadens definitions for ectopic pregnancy and premature water breaks, and protects physician-patient discussions about abortion options from being considered “aiding and abetting.” With bipartisan support including 12 Republican senators and Lt. Gov. Dan Patrick’s backing, the legislation would require the Texas Medical Board to offer educational courses about physicians’ rights under the law. Texas doctors have reported confusion about existing laws, with 29% lacking clear understanding of abortion regulations, leading to delayed care and increased complications for pregnant women.

Artificial Intelligence

Healthcare organizations implementing LLMs face eight critical challenges including over-reliance on AI without domain expertise integration, unresolved data quality issues across fragmented systems, and ethical risks in handling sensitive healthcare data. Additional pitfalls include poor workflow integration, inadequate model validation post-deployment, neglect of regulatory requirements, overpromising AI capabilities to stakeholders, and failure to customize models for specific healthcare needs. Healthcare companies must maintain human expertise in the loop, implement robust data governance, ensure regulatory compliance, and set realistic expectations to successfully deploy LLMs that enhance rather than compromise patient care and operational efficiency.

Compliance Programs & Audits

Compliance auditing has become mandatory in today’s regulatory environment, with federal and state laws requiring companies to conduct regular reviews of their practices. The Office of Inspector General’s Compliance Program Guidance identifies auditing as a core element that helps organizations detect fraud, assess policy adherence, and mitigate risks before they escalate into enforcement actions. Recent settlements demonstrate the consequences of inadequate compliance monitoring, with companies like Pfizer, Teva, Innovasis, and Endo Health Solutions paying millions or billions in penalties for violations related to kickbacks, improper marketing, and other infractions. Companies should prioritize auditing high-risk areas including speaker programs, healthcare professional arrangements, promotional materials, and patient assistance programs using a risk-based approach.

Contracting

Healthcare AI vendor contracts require thorough pre-negotiation preparation, including comprehensive risk assessment and stakeholder engagement. Organizations must evaluate AI tools within a governance framework using resources like HEAT maps and the NIST AI Risk Management Framework to categorize risks. Contract negotiations should address data rights, with customers seeking ownership of inputs and outputs while vendors aim to retain rights to their services and products. Key contract provisions include privacy, security, regulatory compliance, indemnification, and liability limitations, with special attention to HIPAA compliance when patient health information is involved.

Cybersecurity & Privacy

Healthcare cyberattacks have increased dramatically, with annual large breaches nearly tripling from 242 (2010-2014) to 713 (2020-2024), with 81% caused by hacking or IT incidents in 2024 alone. The 2024 Change Healthcare breach affected 190 million individuals, making it the largest healthcare data breach to date. When protected health information is compromised, organizations must notify affected individuals, media outlets, state agencies, and the Office for Civil Rights, potentially facing investigations, enforcement actions, and costly settlements. Healthcare entities must strengthen defenses through annual security risk assessments, multi-factor authentication, and comprehensive incident response plans, with HHS proposing updates to the HIPAA Security Rule to mandate these protective measures.
[The Office for Civil Rights has announced a $3 million settlement with Solara Medical Supplies for HIPAA violations](HHS Settles HIPAA Security Breach Stemming from Phishing Cyberattack for $3 Million). A phishing attack compromised eight employee email accounts, exposing protected health information of over 100,000 individuals, followed by a second breach when notification letters were sent to incorrect addresses affecting 1,500 more people. OCR investigation determined Solara failed to conduct proper risk analysis, implement adequate security measures, and notify affected parties in a timely manner. The settlement includes a corrective action plan requiring risk analysis, implementation of a risk management plan, policy development, and staff training on HIPAA compliance.
The Seventh Circuit ruled in Hulce v. Zipongo that communications promoting free services do not qualify as “telephone solicitations” under the TCPA. Plaintiff Hulce received approximately 20 calls and texts from Foodsmart about services available at no cost through his healthcare plan, with payment coming from the insurer rather than Hulce. Foodsmart successfully argued that since their communications encouraged use of free services rather than purchase of services, they fell outside the TCPA’s definition of solicitation. The court determined that encouraging use of a service available at no cost to the recipient does not constitute encouraging a purchase, even when a third party pays for the service.

Fraud & Abuse

A federal court in the Northern District of Texas ruled that False Claims Act penalties totaling $299-449 million would violate the Constitution’s Eighth Amendment Excessive Fines Clause. The case involved Healthcare Associates of Texas, found liable for $2.7 million in damages across 21,844 false Medicare claims averaging $126.06 each. Instead of applying the statutory penalty range of $13,946 to $27,894 per false claim, the court imposed penalties equal to the trebled damages, resulting in a $16 million judgment. This ruling establishes a precedent for FCA defendants to invoke constitutional protections against disproportionate penalties.
A bipartisan congressional proposal aims to combat healthcare fraud by requiring states to check Social Security Death Master Files to prevent deceased physicians’ identifiers from being misused. The proposal comes amid increased scrutiny of Medicare and Medicaid programs, with Colorado reportedly paying $7.3 million to insurance companies for deceased recipients and California facing a $9.5 billion Medi-Cal price tag that exceeded initial estimates. According to the Government Accountability Office, improper payments totaled $54.3 billion for Medicare and $31.1 billion for Medicaid in fiscal year 2024.

GLP-1 Weight Loss Drugs

The FDA has removed popular GLP-1 weight-loss drugs from its shortage list, with semaglutide (Ozempic/Wegovy) removed on February 21, 2025, and tirzepatide (Mounjaro/Zepbound) on December 19, 2024. This removal means compounding pharmacies must cease producing copies of these medications, with specific deadlines: immediate cessation for tirzepatide under section 503A, March 19, 2025 for tirzepatide under section 503B, April 22, 2025 for semaglutide under 503A, and May 22, 2025 for semaglutide under 503B. The Outsourcing Facilities Association challenged the FDA’s decision in court but lost when the court ruled that requiring notice before removing drugs from the shortage list would prevent the FDA from maintaining an “up-to-date” list as mandated by Congress.

Health and Human Services

The Department of Health and Human Services plans to cut 10,000 full-time jobs as part of a larger reduction that will decrease total headcount by 20,000 employees, saving $1.8 billion annually according to HHS. The cuts will affect multiple agencies including 3,500 workers at FDA, 2,400 at CDC, 1,200 at NIH, and 300 at CMS, though HHS claims the reductions will not impact core services like Medicare, Medicaid, or food and drug reviews. The reorganization includes consolidating 28 redundant offices into 15 new divisions, reducing regional offices from 10 to five, and creating new entities like the Administration for a Healthy America, which will combine multiple existing health offices. Democratic lawmakers and health advocates have criticized the cuts, warning they could harm vulnerable populations and disrupt essential services.

Immigration

Hospitals and healthcare systems nationwide are experiencing increased random inspections by USCIS targeting H-1B visa holders. Immigration officers from the Fraud Detection and National Security Directorate conduct unannounced site visits to verify compliance with H-1B program requirements, focusing on Public Access Files, work location accuracy, and position/salary verification. Non-compliance can result in fines, program debarment, operational disruption, and reputation damage. Healthcare facilities are advised to conduct system-wide compliance reviews, train staff on inspection protocols, collaborate with immigration counsel, standardize recordkeeping, and stay informed about policy changes to maintain compliance.

Taxation

Continuing Care Retirement Communities (CCRCs) provide comprehensive senior care from independent living to skilled nursing, with entrance fees averaging $400,000 and monthly fees around $3,450. Residents can deduct portions of these fees as medical expenses on their taxes if their total medical costs exceed 7.5% of their adjusted gross income. The deductible percentage varies by facility and is calculated based on the community’s aggregate healthcare costs, not individual usage. This tax benefit applies from day one of residency regardless of current healthcare needs and requires itemizing deductions on Schedule A of Form 1040. Alternative senior living arrangements like assisted living facilities and home modifications may also qualify for similar tax advantages if they meet IRS criteria for medical necessity.

Telehealth

The DEA has further delayed the effective dates of two telemedicine prescribing rules until December 31, 2025. The rules would expand prescribing of buprenorphine for opioid use disorder and controlled substances for VA patients via telemedicine. Originally scheduled to become effective February 18, 2025, then delayed to March 21, 2025, the Department of Justice now seeks additional time to review questions of fact, law, and policy despite some commenters requesting immediate implementation. Meanwhile, practitioners can continue prescribing controlled medications via telemedicine without prior in-person visits under COVID-19 flexibilities through the end of 2025.

Texas Health and Human Services Commission

An OIG audit found that the Texas Health and Human Services Commission failed to comply with federal and state requirements in overseeing Day Activity and Health Services facilities. The investigation revealed 253 instances of noncompliance across 20 audited providers, with 19 facilities violating health and safety requirements and 19 failing to meet administrative standards. OIG recommended that Texas correct these violations, enhance oversight of providers, and help facilities improve their operations. Texas has agreed with all recommendations and outlined plans to address the issues.

Transparency

Healthcare price transparency laws implemented since 2021 require hospitals and health plans to publish pricing information online and prohibit gag clauses that restrict sharing of cost and claims data. The Consolidated Appropriations Act of 2021 codified these prohibitions, requiring annual attestation of compliance through the Gag Clause Prohibition Compliance Attestation process, with the first submission deadline on December 31, 2023. Healthcare providers can leverage these regulations by requesting comprehensive pricing data, benchmarking against competitors, and highlighting value metrics to negotiate better reimbursement rates with payers. Despite these regulatory advances, challenges remain including limited enforcement, complex data formats, and the need for stricter penalties to ensure compliance from health plans.