Fraud & Abuse Enforcement
- The Justice Department charged 455 defendants, including 90 doctors and licensed medical professionals, in the 2026 National Health Care Fraud Takedown tied to more than $6.5 billion in false claims. The action spanned 56 federal districts and 45 states and territories, with 50 state Medicaid Fraud Control Units participating and 295 defendants charged in over $518 million of Medicaid fraud, both Department records. Authorities seized more than $182 million in cash, vehicles, jewelry, and other assets, while CMS suspended 1,079 providers and revoked billing privileges for 1,403, and the DEA pursued 928 administrative cases since October 1, 2025. International cooperation produced arrests abroad, including Ibrahim Hilmi in Kyrenia over a $3.7 billion catheter scheme, two defendants extradited from Estonia, and Herb Kimble apprehended in the Philippines in a $1.2 billion telemedicine scheme. Individual cases included a Texas nurse practitioner charged in a $906 million wound-allograft scheme and a Florida cardiovascular practice director charged in an $89 million scheme in which a student athlete died after his abnormal heart test was approved as normal. Source: United States Department of Justice
- Thirteen defendants in the Northern District of Texas face charges across seven cases tied to more than $365 million in fraudulent billing submitted to Medicare, TRICARE, and other federally funded programs. The charges form part of the 2026 National Health Care Fraud Takedown, which produced charges against 455 defendants nationwide, including 90 doctors and licensed medical professionals, over schemes involving more than $6.5 billion in false claims. Michael McMillan of Las Vegas accounts for the largest local case, charged over approximately $268 million in claims for wound care products through kickbacks disguised as rebates, with about $35 million in assets seized. Other defendants face charges spanning a $73 million COVID-19 test kit kickback scheme, a $65 million laboratory testing scheme, a $26.8 million TRICARE billing scheme for transcranial magnetic stimulation, a $25 million EEG testing conspiracy, a $3.1 million hospice scheme, and a $2.3 million durable medical equipment scheme. The government seized over $35 million in cash, luxury vehicles, and other assets locally, and all defendants are presumed innocent until proven guilty. Source: United States Department of Justice
Anti-Kickback & Physician Contracting
- The HHS Office of Inspector General reiterated that an arrangement may violate the Anti-Kickback Statute even when the compensation is fair market value. The guidance states that fair market value is not a dispositive defense and notes that the statute does not use the term “fair market value.” The firm expects the Commercial Reasonableness and Bona Fide Business Purpose tests to play a larger role in analyzing arrangements that fall outside safe harbors. Under the One Purpose Rule, if one purpose of a payment is to induce referrals, the entire arrangement is illegal regardless of other legitimate purposes. The firm also anticipates greater scrutiny of percentage-based fees that fluctuate with the volume or value of referrals. Source: Spencer Fane
- A federal court in Tennessee has refused to dismiss False Claims Act allegations against Erlanger Health System, allowing claims that its physician compensation arrangements violated the Stark Law to proceed. Erlanger’s former Chief Compliance Officer and former Chief Financial Officer brought the qui tam action, and the United States partially intervened on claims that Erlanger submitted Medicare claims for services referred by physicians whose employment terms breached the Stark Law. The Department of Justice alleges Erlanger paid certain physicians two to three times the median salary for their specialties, tolerated losses exceeding professional collections, and based compensation on tracked downstream revenue reaching as high as $21 million for a single physician, while independent fair market value analyses omitted physicians’ actual total pay. Additional allegations include inflated E/M coding that increased uncapped wRVU productivity bonuses, undocumented medical director and academic stipends, pass-through payments through a medical school to fund non-employed physician salaries, payments for nonexistent call coverage, and the elimination of the Chief Compliance Officer position after a Corporate Integrity Agreement expired. Hospitals should evaluate total compensation holistically, separate referral analytics from pay decisions, audit compensation and coding accuracy against benchmarks, document services performed, scrutinize indirect arrangements, maintain independent compliance governance with board reporting, and act on red flags including self-disclosure and refund obligations under the 60-day repayment rule. Source: Akerman LLP
Reimbursement & Payment
- A final rule overhauls the No Surprises Act Federal Independent Dispute Resolution process with staggered applicability dates. The administrative fee per party drops from $115 to $15 for disputes initiated on or after June 11, 2026. The rule formalizes the open negotiation process with required written notices through the Federal portal and mandates standardized claim adjustment reason codes and remittance advice remark codes so providers can identify which claims are subject to the Act. It replaces the “same or similar item or services” batching standard with a broader “treatment of a similar condition” test and caps batched determinations at 50 items. Self-insured group health plans, FEHB carriers, and issuers must register with a new IDR registry and obtain a designated registration number. Source: Holland & Hart Health Law Blog
- Express Scripts sued Texas Attorney General Ken Paxton seeking a declaratory judgment to prevent the Texas A&M University System from releasing an unredacted version of its contract. The company had proposed redactions to shield trade secrets and confidential commercial information, including pricing and programmatic details, along with personal information such as signatures. The Texas Office of the Attorney General concluded that the contract must be released in its entirety, citing a state law requiring agencies and institutions of higher education to post vendor contracts. Express Scripts argues the ruling renders statutory disclosure exceptions meaningless and that the commercial information qualifies as protected trade secrets. The authors advise pharmacy benefit managers and health plans contracting with public entities to segregate and label confidential information and to secure prompt notice of public records requests. Source: Mintz
HIPAA, Privacy & AI Vendor Compliance
- A product marketed as “HIPAA compliant” carries no government endorsement, because there is no federal HIPAA certification, seal, or registry and the Office for Civil Rights does not certify products. A vendor’s claim is a self-assessment, and the Federal Trade Commission has treated such representations as deceptive under Section 5 of the FTC Act. A signed business associate agreement does not authorize a vendor to train its own commercial model on protected health information, and protected health information passing to downstream model providers requires a business associate agreement with each. Attestations such as SOC 2 Type II or HITRUST are not determinations of HIPAA compliance, and the regulated entity retains direct liability, contractual exposure, and its own FTC exposure if it repeats unverified claims. The firm recommends inventorying AI tools that touch protected health information, making the business associate agreement control over vendor terms, and documenting each tool in the Security Rule risk analysis. Source: Fisher Phillips
- Blue Fish Pediatrics notified 41,485 Texas residents of a July 2025 cyberattack that exposed personal and protected health information. The Houston-based pediatric network identified unauthorized access to its systems on or around July 17, 2025, and a forensic investigation confirmed a threat actor had access to files between July 11 and July 17, 2025. Exposed data included names, dates of birth, driver’s license or state ID numbers, Social Security numbers, medical record numbers, diagnoses, lab results, medications, and claims information. The company began mailing notification letters and offered credit monitoring to individuals whose Social Security numbers were exposed. The incident was reported to the Texas Attorney General, and the total number of affected individuals nationwide has not been disclosed. Source: The HIPAA Journal
- Employers that sponsor self-funded health plans can trigger full HIPAA obligations, because the plan itself is generally a covered entity if it has 50 or more participants or uses an external administrator. Third-party administrators that handle protected health information are classified as business associates and are directly liable for violations, while the plan sponsor manages compliance on the plan’s behalf. Before sharing protected health information, the plan must have a signed business associate agreement specifying permitted uses, security measures, and breach notification within 60 days of discovery. Sponsors that rely solely on a TPA’s systems face legal risk. The authors recommend appointing privacy and security officers, conducting risk analyses, issuing a Notice of Privacy Practices, amending plan documents, and auditing vendors. Source: Constangy
Artificial Intelligence & Health IT
- Defensible AI medical record review requires page-level citations, human review of every output, and a HIPAA-eligible agreement before any protected health information is processed. The software ingests medical records, billing files, independent medical examination reports, and correspondence, then sorts, deduplicates, and summarizes them into a chronology that links each entry to its source page. General-purpose models such as ChatGPT lack source attribution, are not HIPAA-eligible by default, and can misread long, co-mingled records. The article states that Wisedocs is trained on more than 100 million documents across 1,500 medical record types and applies human review to each output. It reports that one property and casualty carrier cut review cost from 60 cents to 20 cents per page and turnaround from 14 days to 2 days. Source: Claims Journal
- AI-powered geomapping can identify areas without nearby maternal care services and locate where high-risk mothers live. Researchers at the University of Texas at Arlington are using the technology to determine where in-person maternal care is realistic and where telehealth can best serve patients in maternal care deserts. Source: Healthcare IT News
Transactions, Valuation & Strategy
- Value-based care valuations have moved away from membership-growth multiples toward performance and execution as the market recalibrates. Following the Affordable Care Act, investment in accountable care organizations, risk-bearing groups, and Medicare Advantage drove a surge of growth in the early 2020s in which “lives” and revenue multiples set valuations regardless of demonstrated capability. Aggregators have since struggled to show sustainable profitability, compressing earnings and valuation multiples. In January 2026, Optum shifted from membership growth toward margin recovery and network optimization, while VillageMD, Walgreens Boots Alliance, and Agilon Health pursued restructuring and divestitures. Humana’s CenterWell and Privia Health have maintained steadier performance through measured, asset-light strategies, and the article concludes that success in value-based care will depend on execution, selective participation, and cost savings rather than scale. Source: VMG Health
- The migration of cardiovascular procedures from hospitals to ambulatory surgery centers is reshaping cardiology investment and M&A strategy. Industry leaders expect up to 80% of cardiology services currently performed in hospitals to move to outpatient settings by 2030, a shift that accelerated after Medicare expanded the cardiovascular procedures eligible for ASC payment, including coronary interventions and, in January 2026, new electrophysiology procedures. Because most cardiology volume has historically been hospital-based, the migration adds new procedural volume to ASCs rather than redistributing existing activity. The article notes that the hybrid office-based laboratory and ASC model is expected to decline as ASC reimbursement converges with or exceeds OBL rates. Cardiology consolidation remains harder than in other specialties because most cardiologists are employed by hospitals, leading some operators to develop ASCs physically aligned with hospitals. Source: VMG Health
- VMG Health combined Community Link Consulting and Burrows Consulting into a single FQHC and Community Health Optimization Practice for federally qualified health centers and community health centers. Community Link Consulting, founded in 1999, serves more than 190 clients and provides revenue cycle, financial management, FQHC compliance, HRSA site visit preparation, and interim leadership services. Burrows Consulting brings 19 years of FQHC experience and has secured more than $600 million in grant awards across more than 930 proposals, along with 340B consulting and Look-Alike designation work. The combined teams have created 28 Look-Alike systems with 400 service delivery sites and currently support more than 85 Look-Alikes. The practice adds VMG Health valuation, transaction advisory, and analytics resources. Source: VMG Health
