Skip to the content330 Grants
Data Breach
- HCA Healthcare agreed to settle class action litigation stemming from a July 2023 data breach that affected 11,270,000 patients across 20 states. Hackers accessed an external storage location and stole a database containing 27.7 million records, including names, contact information, dates of birth, and appointment information. The breach prompted 27 class action lawsuits that were consolidated in Tennessee federal court, with the company denying wrongdoing but negotiating a settlement estimated to exceed $9 million based on attorney fees. Class members can claim credit monitoring services and reimbursement for documented losses up to $5,000 per person. The settlement requires claims submission by September 25, 2025, with a final hearing scheduled for October 27, 2025. Source: HIPAA Journal
Data Privacy
- Healthcare organizations face consent system failures as platforms like WhatsApp introduce advertising models that expose patient data to monetization. Laws like HIPAA protect healthcare providers but fail to cover the expanding ecosystem of data collectors including wearable manufacturers and messaging platforms that now monetize health information through advertisements. When patients use free health tracking applications, their data becomes the product being sold, with information flowing from devices to smartphones and eventually to proprietary servers where third parties can gain access. Big Tech companies including Apple, Amazon, and Microsoft are racing to capture and commercialize health data at scale through their healthcare platforms and services. Healthcare organizations must implement four strategies to address these risks: clarify consent practices, audit data flows, engage in vendor risk management, and invest in privacy-by-design approaches. Source: Built In
Emerging Tech
- Texas enacted comprehensive AI governance legislation that will take effect January 1, 2026, regulating businesses and government entities that develop or deploy artificial intelligence systems in the state. The Act prohibits using AI systems to promote self-harm or violence, bars government entities from implementing social scoring systems, and requires transparency notices when consumers interact with AI systems, including in healthcare settings. The legislation establishes a 36-month sandbox program allowing companies to test AI systems without standard licensing requirements and creates the Texas Artificial Intelligence Council to oversee ethical AI development. The Texas Attorney General will enforce the law with civil penalties ranging from $10,000 to $200,000 depending on violation severity, though violators receive a 60-day cure period after written notice. The Act does not create private rights of action for individuals and nullifies local AI ordinances across Texas. Source: Healthcare Law Blog
- University hospitals are adopting automated software testing to address burnout and safety issues in electronic health record systems. Since 2020, university medical systems have prioritized EHR modernization following the COVID-19 pandemic, but over 70% of physicians at academic hospitals report burnout due to poor usability and workflow disruption. Nurses have identified EHR design flaws as sources of patient harm through data entry errors, alert fatigue, and automation failures. The Department of Veterans Affairs’ EHR rollout experienced problems with incomplete records and pharmacy order failures due to inadequate testing and weak end-user validation. University hospitals face distinct challenges because their EHR systems must support clinical workflows, research data capture, student training, and compliance requirements while operating with limited resources compared to private networks. Source: Healthcare IT Today
- AI reduces manual medical record screening workload by 83% in emergency department injury surveillance systems. Natural language processing algorithms using transformer models automate detection of injured patients and generate injury event summaries from triage notes. AI models demonstrate accuracy rates between 86% and 97% for tasks including patient triage, injury information extraction, and child abuse detection. Implementation requires addressing data privacy concerns through anonymization techniques, secure access systems, and patient consent protocols. The World Health Organization promotes injury surveillance for systematic data collection to enable injury prevention priorities and intervention effectiveness evaluation. Source: JAMA Network
Fraud & Abuse
- The First Circuit Court of Appeals affirmed dismissal of a whistleblower’s complaint against dialysis provider Fresenius, applying a strict “but-for” causation standard for False Claims Act cases involving alleged kickbacks. Relator Martin Flanagan, who worked for Fresenius for 29 years, filed a qui tam complaint in March 2014 alleging the company violated the Anti-Kickback Statute and False Claims Act by providing financial incentives to hospitals and physicians to induce patient referrals. The alleged kickbacks included limiting costs to hospitals, hiring hospital nephrologists as medical directors, providing free services, and entering into lease and joint venture agreements with physicians. The First Circuit applied the causation standard from United States v. Regeneron Pharmaceuticals and held that Flanagan failed to adequately plead that the government claims would not have occurred “but-for” the alleged kickbacks. The decision aligns the First Circuit with the Sixth and Eighth circuits in requiring whistleblowers to meet demanding pleading requirements demonstrating direct causation between kickbacks and false claims. Source: King & Spalding
- The Eleventh Circuit ruled that a physician’s False Claims Act qui tam action was barred by res judicata due to a prior employment retaliation lawsuit in Milner v. Baptist Health Montgomery. The physician had sued his former employer-hospital, claiming he was terminated for whistleblowing on opioid overprescribing, but the district court dismissed the case with prejudice after finding he had not engaged in protected conduct under the FCA. Following that dismissal, the physician filed a qui tam action, which the district court also dismissed as barred by his prior retaliation case. The Eleventh Circuit affirmed the dismissal, determining that both lawsuits involved the same parties and arose from the same factual predicate of the physician’s reporting of overprescriptions. The court held that relators have “unrestricted participation” in litigation, making the physician individually a party in both cases, and that employment retaliation actions and FCA qui tam actions generally arise from the same nucleus of operative fact. Source: Eleventh Circuit Business Blog
Gender Care
- The Department of Justice issued more than 20 subpoenas to physicians and clinics providing gender-affirming care to minors on July 9, 2025, as part of investigations into healthcare fraud and misconduct. The subpoenas signal the government’s intent to pursue False Claims Act cases against providers who bill federal healthcare programs for gender-affirming care for minors, including puberty blockers, hormone therapy and surgeries. The government appears to be building three theories of liability: miscoding or misbilling procedures, lack of informed consent from minors and parents, and lack of medical necessity for the treatments. These enforcement actions follow a series of government measures in 2025, including a January executive order directing federal agencies to stop supporting gender transitions for individuals under 19, an April Attorney General memo directing DOJ to investigate providers, and May letters from CMS requesting financial data from hospitals. The False Claims Act provides for treble damages and penalties of up to $28,619 per claim. Source: Healthcare Law Blog
Litigation
- Multiple healthcare entities compete for recovery rights from the same settlement funds, leaving injured claimants with reduced compensation. Medicare Parts A, B, C, and D, the Department of Veterans Affairs, Medicaid, and private insurers all assert recovery rights from settlement amounts. The VA issued new guidance in 2023 under the Federal Medical Care Recovery Act to exercise its recovery rights, while private insurers operate under different regulations including FEHB and ERISA frameworks. Insurers attempt to recover full treatment costs without considering payments made by other carriers or out-of-pocket expenses by claimants. Lien resolution administrators with expertise in healthcare recovery can negotiate with these entities to maximize settlement amounts for injured parties. Source: Epiq
Physician Compensation
- Healthcare organizations are implementing value-based compensation models to move physician payment structures away from traditional fee-for-service arrangements toward incentives tied to quality outcomes and cost efficiency. VMG Health outlines a five-step framework for implementing these models, starting with defining program goals, participants, and target populations, followed by determining funding sources. The framework emphasizes selecting five to ten outcome-focused metrics over process measures, ensuring physicians have demonstrable impact on results, and avoiding compensation “stacking” issues. Third-party funded programs typically offer more flexibility and lower compliance risk compared to internally funded models. Organizations must structure these incentive programs to align with regulatory requirements while driving improvements in care quality and physician engagement. Source: VMG Health
- A federal district court in Ohio allowed whistleblower claims to proceed against TriHealth, finding that physician compensation arrangements violated federal anti-kickback and self-referral laws. On July 28, the Southern District of Ohio issued orders in two related False Claims Act cases, Murphy and Shahbabian, where whistleblowers alleged that a physician group overpaid employed doctors beyond their productivity to incentivize referrals to affiliated hospitals. The court determined these arrangements violated both the Anti-Kickback Statute and Stark Law because the compensation took into account the volume and value of physician referrals, and defendants could not claim protection under employment safe harbors. The court also certified for appeal the question of whether the FCA’s qui tam provisions violate Article II of the Constitution, noting that three Supreme Court justices have expressed concerns about the constitutionality of allowing private citizens to file lawsuits on behalf of the government. The cases highlight risks for healthcare providers in structuring physician compensation that could be tied to referral patterns. Source: Warner Norcross + Judd LLP
Value-Based Reimbursement
- Value-based care programs in the United States remain limited in scope despite nearly two decades of development since their 2006 introduction. A review of 50 global value-based care initiatives published in the Journal of the American Medical Association Health Forum found most programs, particularly in the United States, operate in isolation within departments or individual hospitals rather than as part of system-wide transformations. National programs like the Comprehensive Care for Joint Replacement and Bundled Payments for Care Improvement function at the provider level instead of integrating into broader regional or national strategies. The healthcare system faces barriers including structural fragmentation with multiple payers, disconnected data systems, fee-for-service incentives, and lack of digital infrastructure for tracking outcomes and costs. Organizations like CHESS Health Solutions demonstrate that physician-led models can scale when clinical transformation combines with strategic contracting and data analytics, while community settings, primary care, and Medicaid programs show promise for national expansion. Source: bakersfield.com
