Categories
Health Law Highlights

Wade’s Health Law Highlights for March 31, 2026

Fraud & False Claims Act Enforcement

  • The U.S. Department of Justice recovered more than $6.8 billion in False Claims Act settlements and judgments in fiscal year 2025, marking the largest annual total in the statute’s history. The DOJ reported 1,297 qui tam actions filed by whistleblowers and 401 government investigations during the year. Health care matters accounted for more than $5.7 billion of the total recoveries, with the DOJ focusing on managed care, prescription drugs, and substandard care. The agency recovered more than $52 million in cybersecurity-related settlements and more than $230 million through 200 settlements resolving pandemic-related fraud. The DOJ created a Market, Government, and Consumer Fraud Unit and a Trade Fraud Task Force to address customs and trade fraud, including customs and trade fraud, including country-of-origin errors, tariff misclassification, and forced labor issues. Source: Foley & Lardner
  • Robert “Bobby” Leon Smith III received a 150-month prison sentence for orchestrating a $61.5 million health care fraud scheme that targeted Medicare beneficiaries. Smith, 50, of Archer City, Texas, owned and operated seven durable medical equipment supply companies in Florida, Texas, and Maryland that submitted false Medicare claims for orthotic braces, foot baths, and genetic tests that beneficiaries did not need. He ran telemarketing campaigns through a call center in the Philippines and obtained doctors’ orders by paying kickbacks to telemedicine companies, later selling those orders to other medical suppliers. Smith pleaded guilty in March 2025 after four days of trial, then absconded before sentencing and remained at large for over a month until the U.S. Marshals Service apprehended him. The court ordered Smith to pay $30,158,608.25 in restitution, forfeit $9,215,225, and surrender real estate in Texas, in addition to serving two years of supervised release. Source: United States Department of Justice
  • AI billing and coding tools pose False Claims Act risks for healthcare providers as the Department of Justice recovered $6.8 billion in settlements during FY 2025, with $5.7 billion from healthcare. Kaiser Permanente paid $556 million in January 2026—the largest Medicare Advantage False Claims Act settlement in history—for chart mining to boost diagnoses and risk scores. The Office of Inspector General identified AI-enabled billing processes as an enforcement priority in February 2026 guidance, specifically naming AI-generated coding prompts as a risk adjustment abuse vector. AI billing tools that scan for undercoding without identifying overcoding create what the DOJ terms “one-way chart reviews,” which can constitute fraud. Other settlements include DaVita at $270 million (2018), Cigna at $172 million (2023), Independent Health/DxID at $100 million (2024), and UCHealth at $23 million (2024). Source: Health Law Attorney Blog

Anti-Kickback Statute & Physician Compliance

  • The U.S. Department of Health and Human Services Office of Inspector General issued a favorable advisory opinion on March 9, 2026, regarding a physician’s three-phase retirement plan to transfer ownership interests in a Medicare-certified ambulatory surgical center. The plan involved gifting an ownership interest to the physician’s non-physician wife, allowing two physician children to purchase interests at fair market value, and later offering ownership to outside physician investors at fair market value. Upon the physician and his wife’s deaths, remaining ownership interests would transfer as gifts to their children. The OIG concluded it would not impose administrative sanctions under the federal Anti-Kickback Statute, despite certain transfers not satisfying safe harbor requirements, because the transactions involved fair market value purchases, documented estate planning strategies through trust documents and family business plans, and the non-physician wife held no position to influence referrals to the facility. The physician committed to provide written certification that he would not directly or indirectly influence referrals to the ASC after retirement and would not formally transition his patient panel to his children. Source: Akerman LLP
  • Physician compensation plans create compliance risks when they reward referrals or internal facility use rather than clinical work performed. Problems arise when productivity becomes a substitute for business performance, particularly in orthopedic groups seeking more cases in ambulatory surgery centers or predictable hospital joint venture volume. Two questions drive regulatory analysis: what behavior the plan rewards in practice and where exceptions exist in the form of strategic initiative pools, growth bonuses, or year-end adjustments. Buyers examine whether compensation changes based on site of service, how discretionary payments are documented, and whether physician payments tie to facility performance. Organizations that maintain defensible plans keep productivity linked to personally performed services, use defined quality metrics, limit discretionary adjustments, and test models against real physician data before implementation. Source: Healthcare Law Insights
  • Texas Attorney General filed suit against Sanofi-Aventis US LLC for violations of the Texas Health Care Program Fraud Prevention Act. The state alleges Sanofi’s “Free Nurse Program” and “Support Services Program” constitute kickbacks to providers by reducing their costs and administrative burdens to induce them to prescribe Sanofi products. Paxton seeks monetary relief exceeding $1,000,000 and an injunction to suspend both programs. Sanofi has rejected the characterization, stating the services comply with federal and state law and support patients rather than influence prescribing. The suit follows a case filed against Eli Lilly in August 2025 over programs with the same names and marks the continuation of Paxton’s enforcement actions against pharmaceutical companies including Johnson & Johnson, Bristol Myers Squibb, and insulin manufacturers. Source: Sheppard

Data Privacy & Cybersecurity

  • Threat actors reduced their dwell time in compromised systems to 22 days in 2025, down from 36 days two years prior, according to BakerHostetler’s analysis of over 1,250 data security incidents. Attackers now prioritize data theft over encryption, with healthcare accounting for 27% of incidents, followed by finance and insurance at 18%. Organizations pay ransoms to prevent data publication rather than obtain decryption keys, as backup practices have improved. Hackers exploit weak identity security and use AI to create phishing and social engineering scams, while help desk manipulation remains a threat vector. Ransom negotiations typically last two weeks or longer, resulting in discounts from threat actors. Source: HealthcareInfoSecurity
  • Texas plastic surgery practice disclosed data breaches that exposed patient information. Austin Plastic and Reconstructive Surgery in Texas experienced unauthorized network access between June 30 and July 1, 2025, that compromised names, addresses, dates of birth, financial account information, driver’s license numbers, passport numbers, Social Security numbers, medical information, and health insurance information. The practice engaged a cybersecurity firm to investigate the incident and is offering credit monitoring and identity theft protection services to affected individuals. The number of patients affected by the Texas breach remains unknown as the incident has not appeared on federal or state breach portals. Source: HIPAA Journal
  • Hospital websites and mobile apps pose privacy risks by collecting health-related data through tracking technologies that operate outside electronic health records. State laws like Washington’s My Health, My Data Act now regulate “consumer health data” that can be inferred from location, browsing, and app use, even when traditional HIPAA rules may not apply. A Health Affairs study found that nearly every US acute care hospital website transmits data to third parties through tracking technologies, while HHS Office for Civil Rights has warned that information collected by pixels and tracking tools can qualify as protected health information. Patient portals, scheduling tools, and mobile apps collect IP addresses, device identifiers, clickstreams, page categories, and location data through third-party cloud services and SDKs. Location tracking raises particular concerns because it runs continuously in the background, connects physical visits to digital advertising systems, and can reveal information about others in a patient’s network. Source: Hinshaw & Culbertson LLP

Healthcare Technology & Artificial Intelligence

  • Amazon leverages its ownership of One Medical clinics to differentiate its healthcare AI strategy from competitors like Microsoft and Google. The company purchased the clinic network in 2023 and has since released an agent platform for administrative tasks and a Health AI assistant for consumers, both connected through One Medical’s electronic health record system. Amazon uses an LLM-as-a-judge technique to evaluate chatbot responses and escalate flagged answers to human evaluators. The company focuses on providing underlying infrastructure through AWS rather than workflow-level tools, though this approach faces challenges as healthcare systems increasingly prefer multi-cloud strategies to avoid vendor lock-in. Amazon Connect Health platform features only work for hospitals already using AWS infrastructure. Source: Healthcare Brew
  • AI tools are being integrated into medical aesthetics practices for skin diagnostics, facial analysis, treatment planning, and operations. The technology tracks facial features, creates 3D simulations for procedures, personalizes treatment protocols, and automates tasks like scheduling, clinical scribing, and inventory management. Practices face risks including AI accuracy errors, HIPAA compliance requirements for tools handling protected health information, and disclosure obligations to patients. Colorado’s AI Act takes effect February 1, 2026, requiring risk management processes and impact assessments for high-risk AI systems, while 47 states introduced healthcare AI legislation in 2025. Practices must maintain human oversight of all AI outputs and ensure patients can switch from AI to human staff. Source: VMG Health

Pharmacy & Drug Pricing

  • Independent pharmacies in Texas are operating cattle businesses and gift shops to offset financial losses caused by pharmacy benefit managers. A pharmacy owners in Wheeler County pharmacies in Wheeler County and uses revenue from her Red Angus cattle operation in Oklahoma to keep her pharmacies open, while another in owner in Spur sells hair products, clothing and gifts alongside prescriptions. Pharmacists blame pharmacy benefit managers, which control 80% of prescription claims in the United States, for setting reimbursement rates that force them to sell medications at a loss. In 2025, more than 4.3 million Texans lived in pharmacy deserts, and 60% of Texas counties had no pharmacy in 2023, according to the Texas Pharmacy Association. Lt. Gov. Dan Patrick charged the Texas Senate with investigating whether pharmacy benefit managers contribute to rising health care costs. Source: The Texas Tribune
  • CMS extended the deadline for hospitals to respond to the Outpatient Prospective Payment System Drug Acquisition Cost Survey from March 31, 2026 to April 7, 2026 at 11:59 PM ET. CMS is conducting the survey to meet its statutory obligation before reducing reimbursement to hospitals for separately payable drugs, particularly those under the 340B Drug Pricing Program, but can only proceed if the survey results in a “statistically significant estimate” of drug costs. The extension indicates CMS may not be receiving the response rate it deems necessary to implement lower OPPS reimbursement rates. If hospitals do not respond in sufficient numbers, CMS cannot use the survey results to cut reimbursement to 340B-covered entities, though CMS has suggested without legal authority that it may treat non-responses as indication of low acquisition costs. The US Supreme Court previously denied CMS the reimbursement cuts it seeks to implement through this survey. Source: K&L Gates

Regulatory & Government Oversight

  • CMS established standards for electronic transfer of healthcare claims documentation and electronic signatures under a final rule published in the Federal Register on March 24, 2026. The rule takes effect on May 26, 2026, with compliance required by May 26, 2028, for all HIPAA-covered entities including health plans, healthcare providers, and healthcare clearinghouses. The standards enable electronic exchange of medical records, images, clinical notes, telemedicine documentation, and laboratory results, and adopt X12N standards for data exchange and HL7 standards for clinical data sharing. CMS estimates the standards will save the healthcare sector up to $782 million annually. The final rule omitted prior authorization standards due to conflicts with mandated standards. Source: HIPAA Journal
  • FTC Chairman Andrew Ferguson announced the formation of a Healthcare Task Force on March 20, 2026, to coordinate antitrust and consumer protection enforcement across the healthcare sector. Ferguson stated that consolidation and anticompetitive conduct have distorted healthcare markets. The Task Force will coordinate efforts across the Bureau of Competition, Bureau of Consumer Protection, Bureau of Economics, Office of Policy Planning, and Office of Technology, and will collaborate with the Department of Health and Human Services and the Department of Justice. The memorandum cited two merger challenges (Alcon/Lensar and Edwards/JenaValve) and a February 2026 consent order with Express Scripts as examples of enforcement under the Trump administration. Healthcare companies should expect increased scrutiny of transactions and commercial arrangements. Source: Goodwin
  • States are incorporating health equity impact assessments into Certificate of Need programs to reduce healthcare disparities. New York requires many CON applications to include a health equity impact assessment prepared by an independent entity with community engagement, covering scoping, potential impacts, mitigation, and monitoring. North Carolina implemented a policy in 2025 requiring CON applicants to demonstrate how projects will provide care that reduces health disparities in underserved communities. Connecticut approved an emergency CON application for a hospital acquisition but imposed conditions related to community engagement, service maintenance, and access gaps. These assessments add complexity to healthcare transactions by requiring coordination across compliance, clinical operations, community relations, and finance, which affects deal timelines and economics. Source: Sheppard

Litigation & Expert Witnesses

  • Attorneys must evaluate expert witnesses against Daubert admissibility standards before engaging them in health care litigation cases. Expert testimony must be both relevant and reliable under standards established by the U.S. Supreme Court in Daubert v. Merrell Dow Pharmaceuticals Inc., which requires that theories or techniques be tested, subjected to peer review, have known error rates with governing standards, and enjoy general acceptance within the relevant scientific community. Attorneys must verify that expert candidates possess genuine credentials in the specific specialty at issue, as a general surgeon cannot opine on neurosurgical care and a dentist cannot opine on orthodontia. The expert’s publications, speaking engagements, and prior testimony must be reviewed to identify potential contradictions, and any disciplinary record or prior exclusions of testimony can undermine credibility. For jury trials, attorneys must assess whether the expert can articulate complex issues clearly and whether jurors will perceive the expert as credible or potentially biased. Source: Foley & Lardner

Intellectual Property & Medical Devices