Skip to the contentFalse Claims Act
FDA
- A U.S. District Court has allowed Novo Nordisk to intervene in a case between the FDA and compounding pharmacies. Compounders sued the FDA for removing weight loss drugs from its shortage list, which had previously allowed them to produce copycat versions of Novo’s semaglutide products. The compounders claim the agency’s decisions were arbitrary and that shortages persist. Novo Nordisk cited safety concerns and investment protection in its motion to intervene, which was unopposed by both the FDA and the compounders. Eli Lilly has also filed a motion to intervene in the ongoing legal proceedings.
Medicare
- CMS has revised its Medicare overpayment rule, replacing the “reasonable diligence” standard with a “knowingly” standard that only requires action when providers are aware of overpayments. The update extends the investigation timeline, giving healthcare organizations 180 days to conduct investigations before the 60-day repayment clock begins. Organizations must keep documentation of compliance efforts and implement processes for identifying, reporting, and returning overpayments. Healthcare providers who fail to address identified overpayments risk penalties under the False Claims Act, which can include treble damages and civil penalties. The new framework tries to streamline compliance while maintaining accountability through structured investigation protocols and documentation requirements.
- Medicare reimbursement rates for radiologists have declined by 24.9% from 2005 to 2021 after inflation adjustments, while the average starting salary for radiologists reached $472,000 in 2023, representing a 17.7% increase since 2020. The workforce faces significant pressures with 56.4% of diagnostic radiologists being 55 or older, while new trainees are only increasing by 2.5% annually. The implementation of the No Surprises Act has complicated reimbursements for out-of-network services, and healthcare cybersecurity costs have reached $10.93 million per data breach in 2023. These challenges are pushing independent radiology groups to seek financial subsidies from hospital partners to maintain operations.
Nonprofits
- Nonprofit healthcare organizations are increasingly pursuing mergers to address economic challenges and improve care delivery. These mergers can take the form of either member substitutions, where one organization becomes a controlling member while both entities remain separate, or true mergers that combine organizations into a single legal entity. The consolidations try to achieve cost efficiencies, increase bargaining power with insurance companies, and improve access to capital for technology investments and facility improvements. Mergers also enable organizations to expand their geographic reach, enhance quality of care, and invest in innovations like telemedicine and data analytics. The process requires careful consideration of mission alignment, organizational culture, and governance structures to ensure the merged entity can effectively serve its community while maintaining financial stability.
Physician-Patient
- Healthcare providers who wish to terminate a patient relationship must follow specific protocols to avoid patient abandonment claims. The process requires providers to notify patients in writing of the termination, explain the reasons professionally, and give patients reasonable time (typically 30 days) to find new care. During the transition period, providers must continue necessary care and facilitate the transfer of medical records to the new provider. While providers can terminate patient relationships for valid reasons like non-compliance or non-payment, they must follow applicable laws regarding discrimination and emergency care, with exceptions only for situations posing immediate safety risks.
Ransomware
- Cybersecurity firm Cyble reports 599 new ransomware victims in February 2025, up from 518 in January, with U.S. organizations experiencing a 149% increase in attacks compared to 2024. North American targets face increased attacks due to their perceived likelihood of paying ransoms, despite overall ransom payments declining by 35% year-over-year according to Chainalysis. The ransomware landscape has shifted as LockBit’s dominance waned following law enforcement intervention, while Cl0p now leads with 81 attacks, followed by Akira, Lynx, and Qilin. Construction, professional services, and healthcare remain primary targets, with construction experiencing 50 attacks, professional services 47, and healthcare 33 attacks in 2025. IT services companies continue to face attacks due to their potential as gateways to downstream clients.
Security
- The U.S. Department of Health and Human Services has proposed new HIPAA Security Rule requirements for healthcare organizations using artificial intelligence systems that interact with electronic protected health information. The proposed rules would require organizations to maintain technology asset inventories, conduct risk assessments of AI systems, and monitor for vulnerabilities. Healthcare entities would need to incorporate Business Associate Agreement risk assessments when contracting with AI developers and ensure vendors meet security requirements. A HIMSS survey reveals that most healthcare organizations currently allow AI use but lack formal approval processes, with only 31% actively monitoring AI systems, while HHS has also finalized rules requiring providers to address discrimination risks in AI-powered decision support tools.
- Healthcare organizations have sent a letter to President Trump and HHS requesting the withdrawal of proposed HIPAA Security Rule updates. The healthcare sector has experienced 5,887 large data breaches since 2009, with hacking incidents increasing by 239% between 2018 and 2023, now accounting for 79.7% of all breaches. Healthcare groups cite concerns about financial burdens, conflicts with the HITECH Act, and implementation timeline challenges in their opposition to the proposed security updates. The Office for Civil Rights currently has 857 data breaches under investigation, with limited progress in clearing the backlog due to funding constraints. While earlier breaches primarily resulted from lost or stolen records, the current threat landscape shows a shift toward hacking and ransomware attacks as primary security challenges.
Stark Law
- The Centers for Medicare & Medicaid Services settled 314 Stark Law self-disclosures in 2024, collecting $24.7 million in settlements. The number of settlements in 2024 exceeded the combined total of the previous two record years and represented over one-third of all settlements in the program’s 14-year history. The average settlement amount was $78,781.39, consistent with trends from recent years, while 51 submissions were withdrawn during 2024. CMS has increased its processing speed for settlements, with some cases now resolved within the same calendar year as submission, marking a significant improvement from previous processing times. The smallest settlement in 2024 was $4, while the largest settlement on record remains $1,196,188 from 2018.
Transparency
- On February 25, 2025, President Trump signed an executive order focusing on healthcare price transparency. The order instructs the secretaries of Treasury, Labor, and Health and Human Services to implement new requirements within 90 days, mandating disclosure of actual prices rather than estimates. The directive tries to standardize pricing information across hospitals and health plans while updating enforcement policies for transparent reporting. Under current rules, hospitals must publish machine-readable files of standard charges using Centers for Medicare & Medicaid Services templates and provide price estimator tools for shoppable services.
