Categories
Health Law Highlights

Wade’s Health Law Highlights for August 5, 2025

330 Grants

Data Breach

  • HCA Healthcare agreed to settle class action litigation stemming from a July 2023 data breach that affected 11,270,000 patients across 20 states. Hackers accessed an external storage location and stole a database containing 27.7 million records, including names, contact information, dates of birth, and appointment information. The breach prompted 27 class action lawsuits that were consolidated in Tennessee federal court, with the company denying wrongdoing but negotiating a settlement estimated to exceed $9 million based on attorney fees. Class members can claim credit monitoring services and reimbursement for documented losses up to $5,000 per person. The settlement requires claims submission by September 25, 2025, with a final hearing scheduled for October 27, 2025. Source: HIPAA Journal

Data Privacy

  • Healthcare organizations face consent system failures as platforms like WhatsApp introduce advertising models that expose patient data to monetization. Laws like HIPAA protect healthcare providers but fail to cover the expanding ecosystem of data collectors including wearable manufacturers and messaging platforms that now monetize health information through advertisements. When patients use free health tracking applications, their data becomes the product being sold, with information flowing from devices to smartphones and eventually to proprietary servers where third parties can gain access. Big Tech companies including Apple, Amazon, and Microsoft are racing to capture and commercialize health data at scale through their healthcare platforms and services. Healthcare organizations must implement four strategies to address these risks: clarify consent practices, audit data flows, engage in vendor risk management, and invest in privacy-by-design approaches. Source: Built In

Emerging Tech

  • Texas enacted comprehensive AI governance legislation that will take effect January 1, 2026, regulating businesses and government entities that develop or deploy artificial intelligence systems in the state. The Act prohibits using AI systems to promote self-harm or violence, bars government entities from implementing social scoring systems, and requires transparency notices when consumers interact with AI systems, including in healthcare settings. The legislation establishes a 36-month sandbox program allowing companies to test AI systems without standard licensing requirements and creates the Texas Artificial Intelligence Council to oversee ethical AI development. The Texas Attorney General will enforce the law with civil penalties ranging from $10,000 to $200,000 depending on violation severity, though violators receive a 60-day cure period after written notice. The Act does not create private rights of action for individuals and nullifies local AI ordinances across Texas. Source: Healthcare Law Blog
  • University hospitals are adopting automated software testing to address burnout and safety issues in electronic health record systems. Since 2020, university medical systems have prioritized EHR modernization following the COVID-19 pandemic, but over 70% of physicians at academic hospitals report burnout due to poor usability and workflow disruption. Nurses have identified EHR design flaws as sources of patient harm through data entry errors, alert fatigue, and automation failures. The Department of Veterans Affairs’ EHR rollout experienced problems with incomplete records and pharmacy order failures due to inadequate testing and weak end-user validation. University hospitals face distinct challenges because their EHR systems must support clinical workflows, research data capture, student training, and compliance requirements while operating with limited resources compared to private networks. Source: Healthcare IT Today
  • AI reduces manual medical record screening workload by 83% in emergency department injury surveillance systems. Natural language processing algorithms using transformer models automate detection of injured patients and generate injury event summaries from triage notes. AI models demonstrate accuracy rates between 86% and 97% for tasks including patient triage, injury information extraction, and child abuse detection. Implementation requires addressing data privacy concerns through anonymization techniques, secure access systems, and patient consent protocols. The World Health Organization promotes injury surveillance for systematic data collection to enable injury prevention priorities and intervention effectiveness evaluation. Source: JAMA Network

Fraud & Abuse

Gender Care

Litigation

  • Multiple healthcare entities compete for recovery rights from the same settlement funds, leaving injured claimants with reduced compensation. Medicare Parts A, B, C, and D, the Department of Veterans Affairs, Medicaid, and private insurers all assert recovery rights from settlement amounts. The VA issued new guidance in 2023 under the Federal Medical Care Recovery Act to exercise its recovery rights, while private insurers operate under different regulations including FEHB and ERISA frameworks. Insurers attempt to recover full treatment costs without considering payments made by other carriers or out-of-pocket expenses by claimants. Lien resolution administrators with expertise in healthcare recovery can negotiate with these entities to maximize settlement amounts for injured parties. Source: Epiq

Physician Compensation

Value-Based Reimbursement

  • Value-based care programs in the United States remain limited in scope despite nearly two decades of development since their 2006 introduction. A review of 50 global value-based care initiatives published in the Journal of the American Medical Association Health Forum found most programs, particularly in the United States, operate in isolation within departments or individual hospitals rather than as part of system-wide transformations. National programs like the Comprehensive Care for Joint Replacement and Bundled Payments for Care Improvement function at the provider level instead of integrating into broader regional or national strategies. The healthcare system faces barriers including structural fragmentation with multiple payers, disconnected data systems, fee-for-service incentives, and lack of digital infrastructure for tracking outcomes and costs. Organizations like CHESS Health Solutions demonstrate that physician-led models can scale when clinical transformation combines with strategic contracting and data analytics, while community settings, primary care, and Medicaid programs show promise for national expansion. Source: bakersfield.com