Antitrust
- The DOJ Antitrust Division awarded its first whistleblower payout of $1 million to an individual who exposed a bid rigging and fraud scheme at EBlock Corp.’s online vehicle auction platform. The payment stems from the DOJ Whistleblower Rewards Program, which launched in July 2025 in partnership with the U.S. Postal Service to incentivize reporting of criminal antitrust conduct. The whistleblower’s information led to a $3.28 million criminal fine and deferred prosecution agreement against EBlock Corp. DOJ officials reported that the financial incentive has generated a surge in individuals coming forward to report misconduct. Healthcare organizations face heightened scrutiny as employees now have financial motivation to report antitrust violations externally rather than through internal channels. Source: Holland & Knight LLP
- Hyperscaler concentration in healthcare and life sciences creates antitrust risks and patient safety concerns as electronic health records, telehealth platforms, imaging archives, clinical trial systems, and research workflows consolidate among a small number of cloud providers. U.S. and European agencies have begun scrutinizing the market as healthcare organizations face structural price pressure for compliant storage, compute, security tooling, and analytics that become difficult to substitute at scale. Switching providers proves particularly difficult in healthcare because regulated data must remain safeguarded and auditable through migration, and downtime creates patient care and operational disruptions. When major EHR hosting, imaging platforms, telehealth services, and healthcare vendors cluster on the same hyperscaler, a provider disruption can create correlated operational failures across many organizations simultaneously. Organizations face pressure through expensive data migration costs, limited ability to negotiate audit rights and incident reporting terms, and bundling practices that increase switching costs over time. Source: Mogin Law LLP
Compounding Pharmacies
- Novo Nordisk and Eli Lilly are sending cease-and-desist letters to compounding pharmacies, weight loss clinics, and physicians who compound, prescribe, or dispense semaglutide or tirzepatide. The enforcement campaign escalated after the FDA removed semaglutide from the drug shortage list in February 2025, triggering federal prohibitions against compounding drugs that are “essentially a copy” of commercially available products under Sections 503A and 503B of the Food, Drug, and Cosmetic Act. Recipients of the letters receive 10-14 days to respond and certify cessation of activities, with noncompliance resulting in litigation and referral to regulatory authorities. As of mid-2025, Novo Nordisk has filed more than 130 lawsuits across 40 states against telehealth companies and compounding pharmacies, and on February 6, 2026, the FDA announced its intent to use all available enforcement tools against non-FDA-approved GLP-1 drugs. Compounding is permissible only in cases of documented medical necessity, such as a true allergy to an inactive ingredient in the FDA-approved version. Source: HCH Lawyers
Devices
- The FDA exempted wellness trackers from medical device regulations, but these products remain subject to FTC and state data protection laws. Products that meet two criteria—intended only for general wellness use and presenting low risk to user safety—fall outside FDA oversight and are not subject to cybersecurity requirements under the agency’s June 2025 guidance on medical devices. The FTC’s Health Breach Notification Rule applies to wellness trackers that operate outside HIPAA coverage, and the agency charged a fertility app developer in May 2023 with violating the rule, resulting in a $100,000 penalty. State data breach laws remain in effect regardless of FDA classification, as demonstrated by a September 2020 settlement in which a fertility-tracking app paid $250,000 to the California Department of Justice for security violations. HIPAA governs wellness products only when they function as business associates handling protected health information on behalf of covered entities. Source: Troutman Pepper Locke
Emerging Tech
- Houston Methodist deployed an AI platform from Ambience Healthcare across its ambulatory, emergency, and inpatient settings for clinical documentation and revenue integrity. The health system selected the platform after evaluating multiple ambient AI technologies and measuring clinician adoption and improvements in efficiency. Houston Methodist initially deployed the technology in ambulatory settings before expanding it to emergency and inpatient environments. The organization reported a 27% increase in patient face time, with 80% of patient visits across specialties using the platform, and a 40% reduction in documentation time. Clinicians averaged 1.3 additional visits per day, and the health system saw a 33% reduction in after-hours documentation time and a 13% decrease in time to close encounters. Source: Becker’s Hospital Review
- AI systems now operate throughout healthcare, from clinical decision-making to medical documentation. Researchers at Texas A&M’s Institute for Healthcare Access warn that algorithmic bias in AI tools used for Medicaid determinations, prior authorization, and child welfare cases could widen gaps in access for disadvantaged groups. Ambient listening tools that generate medical records in real-time carry legal weight in disability claims and court proceedings, yet automated records can contain errors that create obstacles to care and legal redress. The institute, created in 2022 and based in Fort Worth, notes AI enables advances such as radiology tools that detect interpersonal violence and systems that identify candidates for deep brain stimulation. Patients increasingly interact with generative AI systems before clinicians, which complicates consent when automated tools shape decisions about care. Source: Texas A&M Stories
Fraud & Abuse
- Two healthcare executives pleaded guilty to federal charges in a fraud conspiracy involving COVID-19 testing and athletic training billing schemes. Mouzon Bass, III, 60, of Highland Park, and Lance Wilson, 57, of Allen, both plead guilty to conspiracy to commit wire fraud. Bass served as sole owner and president of Vivature, a healthcare billing company, and Wilson worked as a senior executive at the firm. Per court documents, they were involved in conspiracies to defraud others in connection with COVID-19 testing and an athletic training billing scheme. Both defendants face a maximum sentence of up to 20 years in federal prison, along with potential fines and restitution. Source: U.S. Department of Justice, Eastern District of Texas
- Texas Attorney filed a lawsuit against Children’s Health System of Texas and Dr. Jason Jarin for performing transition procedures on minors and committing Medicaid fraud. The lawsuit alleges that Children’s Health, the country’s seventh-largest pediatrics hospital, and Jarin, a pediatric gynecologist and Division Director at the hospital, billed Texas Medicaid and CHIP for gender interventions on children as young as 9 years old since 2017. After Senate Bill 14 took effect on September 1, 2023, banning gender interventions on minors, the defendants continued billing Texas Medicaid for testosterone, estrogen, and puberty blockers for children. The lawsuit claims violations of the Texas Health Care Program Fraud Prevention Act, including changing patients’ gender in claims to secure payment and falsifying medical records and billing submissions. Paxton is seeking over $1,000,000 in penalties. Source: Office of the Attorney General
- The Office of Inspector General denied a home care agency’s request to offer sign-on bonuses to in-home caregivers in a Medicaid-funded program. The agency planned to recruit caregivers who would often be family members of Medicaid clients and serve as decision-makers selecting the agency for their relatives. The OIG determined the bonus arrangement created an “inextricable link” between employment and referrals because the agency certified the purpose was to entice prospective caregivers to choose their agency over competitors. The arrangement did not qualify for the employment exception to the federal Anti-Kickback Statute and also violated the civil monetary penalty provision prohibiting inducements to beneficiaries. The OIG concluded the bonus would inappropriately steer provider selection based on cash incentives rather than quality, training, or program integrity. Source: Sheppard
HIPAA
- The U.S. Department of Health and Human Services Office for Civil Rights has intensified enforcement of HIPAA’s Right of Access rule, imposing $200,000 in penalties against an academic medical center in March 2025 for delays spanning from April 2019 to August 2021. HIPAA requires healthcare providers to deliver patient medical records within 30 days of a request, with one 30-day extension permitted. In 2023, OCR issued 13 enforcement actions totaling $4.18 million, nearly double the penalties from the prior year, while 2024 saw $170,000 in penalties against dental and mental health providers. Violations carry penalties ranging from $145 to $2,190,294 per violation across four tiers based on culpability. Proposed rule updates may reduce the response time requirement from 30 days to 15 days. Source: Healthcare Law Insights
Mergers & Acquisitions
- Early collaboration agreements determine whether MedTech companies can secure financing and exit successfully. Governance issues emerge when investors ask about control over product direction, pricing, and market expansion, with advisory committees sometimes evolving into approval bodies that create deal risk. Concentration risk appears in contracts when companies grant broad field exclusivity or approval rights to partners, limiting migration to additional partners and expansion into new markets. Data rights drive value in transactions, particularly for AI tools that require defined rights to use and improve datasets, while royalties and pricing constraints that cut into margins become diligence risks. Teams that preserve reuse rights, limit exclusivity to defined fields, and negotiate buy-outs or change-of-control mechanics maintain flexibility for scaling and exits. Source: Healthcare Law Insights
Personnel
- A federal court in Pennsylvania ruled that Amazing Care Home Healthcare Services LLC and its owner and manager misclassified licensed practical nurses and home health aides as independent contractors instead of employees. The U.S. Department of Labor filed the lawsuit in 2024, and on February 13, 2026, the court entered summary judgment on liability after applying a six-part test under the Fair Labor Standards Act that found five of six factors favored employee status. The court noted that Amazing Care dictated wage rates, supervised workers by monitoring patient care notes and visiting job sites, required adherence to care plans, and gave LPNs performance reviews and employee handbooks. The court also held the company’s Director of Nursing personally liable as an employer because she participated in worker classification decisions, supervised LPNs, reviewed their notes, disciplined them, and conducted performance reviews. The DOL seeks nearly $12 million in unpaid overtime and liquidated damages, with the damages issue to be submitted to a jury. Source: Independent Contractor Misclassification & Compliance
Ransomware
- Enhabit Home Health & Hospice notified 22,552 patients of a data breach at its business associate, Doctor Alliance. The platform operated by My 485, Inc. (Doctor Alliance) was accessed by an unauthorized individual using valid credentials between October 31 and November 6, 2025, and again between November 14 and November 17, 2025. The compromised data included names, addresses, dates of birth, gender, physician names, medical record numbers, clinical information, and health plan numbers, but not financial information or Social Security numbers. Doctor Alliance implemented authentication mechanisms and notified regulators, though the incident has not yet appeared on the OCR breach portal. The Kazu ransomware group claimed responsibility for the attack. Source: HIPAA Journal
Reimbursement
- The HHS Office of Inspector General issued Medicare Advantage Industry Segment-Specific Compliance Program Guidance, marking the first update to MA compliance guidance since 1999. The guidance, released alongside the General Compliance Program Guidance from November 2023, addresses fraud, waste, and abuse risks in the MA program as enrollment shifts toward managed care delivery models. OIG identified seven compliance risk areas: access to care through provider networks and utilization management tools, marketing and enrollment practices involving financial incentives and deceptive practices, risk adjustment concerns including unsupported diagnoses, quality of care data integrity for Star Ratings, third-party oversight where MAOs may face liability beyond CMS accountability, vertically integrated organizations, and submission of claims certifications to CMS. The guidance recommends MA organizations establish monitoring systems, conduct audits, review algorithm-based decision tools, track complaints, and verify enrollment eligibility during special enrollment periods. OIG warned that MA parties face potential liability under the False Claims Act, Federal Anti-Kickback Statute, and Civil Monetary Penalties Law for violations in these areas. Source: Sheppard
- Off-campus hospital outpatient departments must obtain separate National Provider Identifiers and submit attestations by January 1, 2028, or lose Medicare reimbursement under the Outpatient Prospective Payment System. The Consolidated Appropriations Act, passed on February 3, 2026, requires off-campus provider-based hospital outpatient departments to obtain NPIs separate from their hospitals’ NPIs and bill all items and services using those distinct identifiers. The law mandates that providers submit an initial provider-based attestation before January 1, 2028, demonstrating compliance with regulations under 42 C.F.R. § 413.65, followed by subsequent attestations on a timeline the Centers for Medicare & Medicaid Services will establish. The requirements apply to outpatient hospital departments located more than 250 yards from the hospital’s main buildings. Providers that fail to meet the deadline will not receive OPPS reimbursement for any items or services billed on or after January 1, 2028. Source: Husch Blackwell
- CMS recently finalized a rule that prohibits states from imposing higher tax rates on Medicaid business than on non-Medicaid business. The rule blocks indirect designs that target Medicaid utilization and implements Section 71117 of the One Big Beautiful Bill Act through new provisions at 42 C.F.R. § 433.68(e)(3). CMS estimates the rule will require seven states—California, Illinois, Massachusetts, Michigan, New York, Ohio, and West Virginia—to restructure their taxes within two years and will reduce federal Medicaid spending by $78 billion over 10 years. The regulation adds restrictions preventing states from taxing providers based on Medicaid enrollment levels or utilization rates while including an anti-circumvention provision to block designs that omit explicit Medicaid references. States retain authority to use provider taxes to finance Medicaid but cannot differentially burden Medicaid business. Source: King & Spalding
Substance Abuse Disorder (Part 2)
- The U.S. Department of Health and Human Services Office for Civil Rights launched a civil enforcement program for substance use disorder patient records under 42 CFR Part 2 on February 16, 2026. OCR is now accepting complaints alleging Part 2 violations and breach notifications involving SUD patient records, implementing a HIPAA-style enforcement regime with investigations, corrective action commitments, resolution agreements, monetary settlements, and civil money penalties. The program operationalizes the February 2024 Part 2 Final Rule, which became effective in April 2024 and set February 16, 2026 as the compliance date. Part 2 compliance applies not only to SUD treatment facilities but also to organizations that handle Part 2 data through operations such as referrals, record ingestion, care coordination, population health platforms, or health information exchange connectivity. OCR published a Model Part 2 Patient Notice and updated model HIPAA Notices of Privacy Practices to help organizations comply with the requirements. Source: Health Law Attorney Blog
Valuations
- Physician compensation structures grounded in fair market value drive health system success by affecting federal law compliance, service line economics, and organizational stability. Organizations face pressures from shifting productivity patterns, expanding administrative responsibilities, increasing regulatory expectations, and reimbursement changes that compress margins. The Stark Law and Anti-Kickback Statute require physician compensation be commercially reasonable and consistent with fair market value. Performance analytics enable organizations to validate fair market value, monitor performance, predict risk, and intervene before problems become significant. Source: Medical Economics
- Healthcare businesses present challenges in eminent domain cases due to regulations like Stark Law and the Anti-Kickback Statute, reimbursement structures involving Medicare and Medicaid, physician goodwill, and contractual agreements. Courts rely on fair market value, defined as the price a willing buyer would pay a willing seller in an arm’s-length transaction, though disputes can occur when owners focus on investment value instead. Eminent domain can affect hospitals, physician practices, surgery centers, and diagnostic facilities beyond land and buildings. Source: VMG Health
Reproductive Rights
- Health plans and insurers must comply with updated HIPAA privacy notice requirements that align with federal substance use disorder record protections as of February 16, 2026. The changes stem from amendments aligning HIPAA with 42 C.F.R. Part 2, which imposes heightened confidentiality protections on substance use disorder treatment records. Group health plan sponsors must update their Notices of Privacy Practices to include Part 2-aligned language, accurately describe legal duties for handling substance use disorder records, and remove language addressing reproductive health care provisions that were vacated by a federal court. Health insurers bear responsibility for ensuring their notices and operations comply with the requirements, including aligning vendor contracts and updating business associate agreements to address handling of substance use disorder records. The U.S. Department of Health and Human Services Office for Civil Rights can now accept complaints, conduct investigations, and assess civil monetary penalties for Part 2 violations. Source: Quarles Law Firm
- Maria Rojas, a Houston-area midwife indicted on 15 felony charges, appeared in appeals court Thursday seeking to reverse a temporary restraining order that closed her three clinics in Cypress, Spring, and Waller. Rojas became the first person arrested under Texas’ near-total abortion ban after Attorney General Ken Paxton’s office investigated allegations that she performed abortions and operated the facilities without licenses. The Fifteenth Court of Appeals justices raised questions about the state’s evidence used to secure the temporary injunction from Waller County District Judge Gary Chaney, who ordered the clinics closed. Rojas’ attorney Marc Hearron argued the order lacked details and evidence, while the state’s attorney Jeffrey Stephens maintained the findings were clear. Even if the appeals court reverses the injunction, Rojas likely cannot reopen the clinics because her bond conditions prevent her from being near the facilities and her midwifery license was suspended after her arrest. Source: Houston Public Media