Categories
Health Law Highlights

Wade’s Health Law Highlights for April 1, 2025

Abortion

  • Senate Bill 31, known as the Life of the Mother Act, aims to clarify medical exceptions to Texas abortion laws that currently permit the procedure only when the mother’s life or major bodily function is at risk. The bill would specify that doctors need not delay treatment if doing so increases risk to the pregnant woman, broadens definitions for ectopic pregnancy and premature water breaks, and protects physician-patient discussions about abortion options from being considered “aiding and abetting.” With bipartisan support including 12 Republican senators and Lt. Gov. Dan Patrick’s backing, the legislation would require the Texas Medical Board to offer educational courses about physicians’ rights under the law. Texas doctors have reported confusion about existing laws, with 29% lacking clear understanding of abortion regulations, leading to delayed care and increased complications for pregnant women.

Artificial Intelligence

  • Healthcare organizations implementing LLMs face eight critical challenges including over-reliance on AI without domain expertise integration, unresolved data quality issues across fragmented systems, and ethical risks in handling sensitive healthcare data. Additional pitfalls include poor workflow integration, inadequate model validation post-deployment, neglect of regulatory requirements, overpromising AI capabilities to stakeholders, and failure to customize models for specific healthcare needs. Healthcare companies must maintain human expertise in the loop, implement robust data governance, ensure regulatory compliance, and set realistic expectations to successfully deploy LLMs that enhance rather than compromise patient care and operational efficiency.

Compliance Programs & Audits

  • Compliance auditing has become mandatory in today’s regulatory environment, with federal and state laws requiring companies to conduct regular reviews of their practices. The Office of Inspector General’s Compliance Program Guidance identifies auditing as a core element that helps organizations detect fraud, assess policy adherence, and mitigate risks before they escalate into enforcement actions. Recent settlements demonstrate the consequences of inadequate compliance monitoring, with companies like Pfizer, Teva, Innovasis, and Endo Health Solutions paying millions or billions in penalties for violations related to kickbacks, improper marketing, and other infractions. Companies should prioritize auditing high-risk areas including speaker programs, healthcare professional arrangements, promotional materials, and patient assistance programs using a risk-based approach.

Contracting

Cybersecurity & Privacy

  • Healthcare cyberattacks have increased dramatically, with annual large breaches nearly tripling from 242 (2010-2014) to 713 (2020-2024), with 81% caused by hacking or IT incidents in 2024 alone. The 2024 Change Healthcare breach affected 190 million individuals, making it the largest healthcare data breach to date. When protected health information is compromised, organizations must notify affected individuals, media outlets, state agencies, and the Office for Civil Rights, potentially facing investigations, enforcement actions, and costly settlements. Healthcare entities must strengthen defenses through annual security risk assessments, multi-factor authentication, and comprehensive incident response plans, with HHS proposing updates to the HIPAA Security Rule to mandate these protective measures.
  • [The Office for Civil Rights has announced a $3 million settlement with Solara Medical Supplies for HIPAA violations](HHS Settles HIPAA Security Breach Stemming from Phishing Cyberattack for $3 Million). A phishing attack compromised eight employee email accounts, exposing protected health information of over 100,000 individuals, followed by a second breach when notification letters were sent to incorrect addresses affecting 1,500 more people. OCR investigation determined Solara failed to conduct proper risk analysis, implement adequate security measures, and notify affected parties in a timely manner. The settlement includes a corrective action plan requiring risk analysis, implementation of a risk management plan, policy development, and staff training on HIPAA compliance.
  • The Seventh Circuit ruled in Hulce v. Zipongo that communications promoting free services do not qualify as “telephone solicitations” under the TCPA. Plaintiff Hulce received approximately 20 calls and texts from Foodsmart about services available at no cost through his healthcare plan, with payment coming from the insurer rather than Hulce. Foodsmart successfully argued that since their communications encouraged use of free services rather than purchase of services, they fell outside the TCPA’s definition of solicitation. The court determined that encouraging use of a service available at no cost to the recipient does not constitute encouraging a purchase, even when a third party pays for the service.

Fraud & Abuse

GLP-1 Weight Loss Drugs

Health and Human Services

  • The Department of Health and Human Services plans to cut 10,000 full-time jobs as part of a larger reduction that will decrease total headcount by 20,000 employees, saving $1.8 billion annually according to HHS. The cuts will affect multiple agencies including 3,500 workers at FDA, 2,400 at CDC, 1,200 at NIH, and 300 at CMS, though HHS claims the reductions will not impact core services like Medicare, Medicaid, or food and drug reviews. The reorganization includes consolidating 28 redundant offices into 15 new divisions, reducing regional offices from 10 to five, and creating new entities like the Administration for a Healthy America, which will combine multiple existing health offices. Democratic lawmakers and health advocates have criticized the cuts, warning they could harm vulnerable populations and disrupt essential services.

Immigration

  • Hospitals and healthcare systems nationwide are experiencing increased random inspections by USCIS targeting H-1B visa holders. Immigration officers from the Fraud Detection and National Security Directorate conduct unannounced site visits to verify compliance with H-1B program requirements, focusing on Public Access Files, work location accuracy, and position/salary verification. Non-compliance can result in fines, program debarment, operational disruption, and reputation damage. Healthcare facilities are advised to conduct system-wide compliance reviews, train staff on inspection protocols, collaborate with immigration counsel, standardize recordkeeping, and stay informed about policy changes to maintain compliance.

Taxation

Telehealth

  • The DEA has further delayed the effective dates of two telemedicine prescribing rules until December 31, 2025. The rules would expand prescribing of buprenorphine for opioid use disorder and controlled substances for VA patients via telemedicine. Originally scheduled to become effective February 18, 2025, then delayed to March 21, 2025, the Department of Justice now seeks additional time to review questions of fact, law, and policy despite some commenters requesting immediate implementation. Meanwhile, practitioners can continue prescribing controlled medications via telemedicine without prior in-person visits under COVID-19 flexibilities through the end of 2025.

Texas Health and Human Services Commission

Transparency