Categories
Health Law Highlights

Wade’s Health Law Highlights for June 3, 2025

Emerging Tech

  • Alibaba’s healthcare AI model has achieved medical expertise comparable to senior physicians in China. The model, powered by Qwen 2.5-32B foundation technology, passed medical qualification exams at the “Deputy Chief Physician” level across 12 disciplines with 74.8% accuracy, outperforming competitors including OpenAI’s GPT-4o. Now integrated into Alibaba’s Quark AI assistant app with 200 million users, the model automatically handles health-related inquiries and has been refined through collaboration with medical institutions. Source: South China Morning Post
  • Digital health companies using AI for patient communication face significant legal exposure under the Telephone Consumer Protection Act (TCPA). While many companies focus solely on HIPAA compliance, the TCPA restricts automated calls, texts, and artificial voice messages without prior express consent, with written consent required for marketing communications. The FCC’s 2024 ruling classified AI-generated voices as “artificial voices” under the TCPA, though courts continue to wrestle with how this applies to chatbots and text-based systems. Digital health companies should conduct TCPA risk assessments, audit consent processes, obtain express written consent when in doubt, and monitor evolving litigation trends. Despite a 2021 Supreme Court decision narrowing the definition of automatic telephone dialing systems, TCPA compliance remains challenging as state regulations may differ and create legal risks even for companies without telemarketing intent. Source: Foley & Lardner LLP
  • The U.S. House of Representatives has passed legislation imposing a 10-year federal moratorium on state AI regulation. The “One Big Beautiful Bill Act” (H.R. 1) narrowly passed on May 22, 2025 by a 215-214 vote, containing a provision that would preempt state laws regulating artificial intelligence systems, potentially nullifying healthcare protections enacted in states like California, Connecticut, and Maryland. The moratorium threatens state initiatives requiring human oversight of AI in healthcare decisions, particularly those preventing insurers from using AI to autonomously deny coverage or process claims. The proposal faces significant opposition from state officials, including a bipartisan group of 35 California lawmakers and the National Conference of State Legislatures, while also potentially violating the Senate’s Byrd Rule as it may be considered extraneous to budgetary matters in a reconciliation bill. Source: Arnall Golden Gregory LLP

Data Breaches

  • WellNow Urgent Care has reached a $4.4 million settlement following a 2023 ransomware attack that compromised the protected health information of approximately 597,000 individuals. The cyberattack exposed sensitive data including names, birth dates, and for some victims, Social Security numbers, leading to consolidated lawsuits filed in March 2024 that alleged negligence and breach of implied contract. The settlement divides affected individuals into two subclasses: 541,870 people whose Social Security numbers were not compromised (eligible for up to $3.3 million in benefits) and 55,131 people whose Social Security numbers were exposed (eligible for up to $1.1 million in benefits). Class members can claim compensation for lost time and documented expenses up to $7,500, with those in the SSN subclass having the additional option of receiving a pro rata cash payment. Source: HIPAA Journal
  • Four healthcare organizations across the United States recently reported data breaches exposing sensitive patient information. Cooper Health System in New Jersey experienced the largest breach, affecting 57,412 individuals whose names and Social Security numbers were compromised after unusual network activity was detected on May 14, 2024. Union County Children and Youth Services in Pennsylvania suffered a ransomware attack on March 13, 2025, with at least 501 individuals affected, while Balance Autism in Iowa reported unauthorized access affecting 1,281 clients between March 11-17, 2025. The Carpenter Health Network in Louisiana identified a security incident between February 4-28, 2025, compromising personal and health information of 878 individuals, with all four organizations implementing additional security measures and offering credit monitoring services to affected individuals. Source: HIPAA Journal

Food & Drug Administration

Med Spas

Medicare

Private Equity

  • Private equity firms investing in healthcare face mounting legal and regulatory challenges across multiple fronts. The FTC and DOJ have intensified antitrust scrutiny of healthcare roll-up strategies, with enforcement actions targeting even smaller acquisitions that accumulate market power, as demonstrated by the recent USAP case resulting in a final consent order with notification and compliance requirements. States including New York, Massachusetts, Vermont, Rhode Island, and Connecticut have enacted laws requiring pre-transaction notice or approval for healthcare mergers and acquisitions, while the Corporate Practice of Medicine doctrine continues to restrict non-physician ownership of medical practices in states like New Jersey and New York. PE-backed healthcare entities face increased scrutiny through False Claims Act investigations related to billing practices, as seen in the $15.3 million settlement with Alliance Family of Companies, while simultaneously confronting public criticism that PE ownership prioritizes profits over patient care. Proactive legal planning and ongoing compliance monitoring have become essential for PE firms to navigate this complex environment and protect long-term investments in healthcare. Source: Greenbaum, Rowe, Smith & Davis LLP

Real Estate

  • Specialized appraisers are essential in healthcare real estate due to the sector’s unique complexities. Healthcare properties require appraisers with expertise in four critical areas: understanding healthcare operations across various facility types, navigating complex lease structures including timeshare arrangements, interpreting healthcare market trends and demographics that affect property values, and evaluating diverse property types from hospitals to specialized treatment centers with unique design requirements. These specialized appraisers can accurately determine property values by comprehending how buildings operate, evaluating unique lease structures, forecasting market trends, and recognizing the specific functional needs of different healthcare facilities. Source: VMG Health

Smart Devices

  • Smart devices are revolutionizing healthcare by shifting the industry from reactive treatment to proactive prevention through continuous monitoring technologies. These devices collect real-time physiological data including heart rate, blood oxygen levels, and glucose measurements, which AI algorithms analyze to detect patterns and predict health risks before symptoms appear. Wearable technologies like smartwatches with ECG capabilities can identify irregular heart rhythms, infectious diseases, and neurological disorders while enabling remote monitoring and integration with telehealth platforms. Emerging innovations include advanced biosensors that detect biomarkers through sweat or tears, miniaturized implantable devices for internal monitoring, and digital twins that create virtual replicas of patients to predict disease progression and optimal treatments. The transformation toward predictive healthcare faces challenges in ensuring data security, developing explainable AI systems that clinicians can trust, and providing equitable access across populations. Source: Healthcare Tech Outlook
  • Consumer health AI technologies are rapidly entering a complex regulatory environment as they shift from an unregulated space to one governed by various state privacy laws. These technologies often fall outside HIPAA’s scope but are increasingly subject to regulations like the California Consumer Privacy Act, Washington’s My Health My Data Act, and Texas’s Data Privacy and Security Act. The resulting regulatory patchwork varies by location and treats combined geolocation and healthcare data as particularly sensitive information. Tech companies using AI in consumer health applications will need to adapt to these unfamiliar privacy and security requirements that govern the collection and sharing of sensitive personal data. Source: GovInfoSecurity

Taxation

  • CMS has proposed new rules to eliminate a Medicaid financing loophole that could save the federal government $33 billion over five years. The May 15, 2025 proposal aims to prevent states from disproportionately taxing Medicaid services to draw down federal matching funds by adding stricter requirements for healthcare-related tax waivers. Seven states with existing waivers, including California, New York, Michigan, and Massachusetts, would be affected, with recently approved waivers receiving no transition period and requiring immediate compliance when the rule is finalized. The changes would prevent states from imposing higher tax rates on Medicaid-related services than on non-Medicaid services, forcing significant restructuring of state healthcare taxes. This regulatory effort parallels congressional action, as the House Energy and Commerce Committee recently advanced similar provisions in the 2025 budget reconciliation bill. Source: Sheppard Mullin Richter & Hampton LLP