Wade’s Health Law Highlights for October 28, 2025

Artificial Intelligence

Insurance companies face lawsuits alleging AI algorithms denied patient care without human oversight. UnitedHealth Group, Cigna, and Humana are defending against claims that their AI programs led to denied care, though the companies deny using AI for coverage denials. A May survey from the National Association of Insurance Commissioners found 84% of 93 insurers used AI, with 68% using it for prior authorization approvals, though only 12% reported using it to deny authorization requests. Healthcare providers are deploying their own AI tools to automate prior authorization requests and appeals, with physicians spending an average of 13 hours per week on these requests and the industry spending nearly $13 billion on prior authorization in 2023. Providers have adopted AI faster than insurers, creating agent wars between the two sides. Source: Healthcare Brew
California has banned AI systems from using healthcare licensing terms that could mislead consumers about professional qualifications. Assembly Bill No. 489, enacted on October 11, 2025, prohibits AI and generative AI technologies from using terms like “doctor” or “M.D.” in advertising or functionality that falsely suggest operation by licensed healthcare professionals. The legislation extends existing prohibitions on unauthorized use of healthcare licensure terms to cover entities that develop or deploy AI systems in healthcare contexts. Healthcare professional licensing boards can enforce violations through injunctions and other remedies, with each instance of prohibited term usage constituting a separate violation. Companies operating AI systems in healthcare must implement compliance measures and disclaimers to avoid enforcement action under the law. Source: Orrick

Civil Investigative Demands

The U.S. Department of Justice announced in 2025 it will increase its focus on False Claims Act cases targeting organizations that defraud the government, following a record number of cases in 2024 with emphasis on healthcare. Civil Investigative Demands authorize the DOJ to request documents, written answers, or testimony from individuals and entities as part of investigations. Recipients should immediately contact an attorney rather than directly contacting the DOJ, as attorneys can negotiate the scope and timeline of responses. After an organization responds to a CID, the government may end the investigation, request more information, negotiate a settlement, or proceed with civil or criminal action under statutes such as the False Claims Act or Anti-Kickback Statute. The timeline from response to government decision ranges from two months to over two years. Source: Balch & Bingham LLP

Compliance

Healthcare organizations that bill government payers must establish formalized compliance programs through a six-step process. Organizations should first designate a compliance officer and form a committee, then begin drafting a compliance manual using OIG General Compliance Program Guidance as a framework, with completion targeted within 6-12 months. During the manual development phase, organizations should implement an anonymous reporting mechanism and code of conduct, conduct a risk assessment to identify vulnerabilities, and create a first-year work plan that addresses priorities identified through the assessment. Once the manual is complete, organizations should develop compliance training for all employees. Source: Dentons On Call

Data Privacy

Healthcare organizations can leverage minimum viable data governance (MVDG) to overcome data management challenges and accelerate AI adoption. MVDG provides a framework built on five pillars: Data Stewardship, Data Quality, Data Privacy, Data Security, and Metadata Management. The approach integrates governance processes into operational workflows, reducing the time required to move projects from concept to execution. MVDG breaks down data silos by unifying information into a consistent source of truth and establishes the data quality processes needed for AI-powered solutions. This method is “smart scaling” in that it adapts governance to business needs rather than creating bottlenecks. Source: HealthTech Magazine
Healthcare providers must reconcile data accessibility with patient privacy as cybersecurity threats intensify. Industry leaders recommend role-based access controls, encryption, and integrated EHR systems as solutions. The Department of Health and Human Services is proposing updates to the HIPAA Security Rule for the first time in more than two decades. The proposed changes eliminate “addressable” implementation specifications, requiring organizations to fully implement, document, and enforce every safety feature from encryption to incident response. Technologies such as privacy-preserving data enclaves, AI-powered monitoring, and centralized HIPAA-compliant platforms can enable data sharing while protecting patient information. Source: Healthcare IT Today

Fraud & Abuse

A federal health care fraud prosecution in Dallas collapsed after a prosecutor and defense attorney deleted court-ordered text messages, leading to charges against both legal professionals. Former federal prosecutor Carlos A. Lopez, 48, and Dallas defense attorney Barrett R. Howell, 50, face misdemeanor charges for deleting government text messages in April 2023 that a judge had ordered them to produce. The misconduct forced the Justice Department to dismiss all charges with prejudice against three defendants who were accused of operating a $107 million Medicare fraud scheme through Trinity Clinical Laboratories LLC between 2018 and 2019. Both Lopez and Howell are expected to sign plea agreements and face up to one year in prison and $100,000 fines each. U.S. District Judge Barbara M. G. Lynn rebuked the Justice Department during a May 2023 hearing after learning of the deleted messages. Source: wfaa.com
The Department of Justice created the Enforcement & Affirmative Litigation Branch within its Civil Division on September 25, 2025. The Branch consists of two sections: the Enforcement Section, which will pursue cases under the Federal Food, Drug, and Cosmetic Act, Consumer Product Safety Act, and Federal Trade Commission Act; and the Affirmative Litigation Section, which will bring lawsuits against states, municipalities, and private actors that allegedly obstruct administration policies. The reorganization does not create statutory powers but consolidates affirmative litigation functions. The Branch will focus on health care providers, drug and device marketing, and consumer product labeling, with False Claims Act enforcement related to gender-affirming care designated as a priority area. Companies in health care, pharmaceutical, and consumer-products sectors should review their marketing, labeling, and promotional protocols for compliance with federal standards. Source: Polsinelli

GLP-1

Costco began selling Novo Nordisk’s GLP-1 medications Wegovy and Ozempic for $499 per month as of Oct. 3, offering discounts from list prices of $1,349.02 and $997.58 for out-of-pocket patients. Experts predict the move will not shift the market because pharmacies including Walmart, Sam’s Club, CVS, and GoodRx already offer the medications at the same price point. The partnership may increase awareness among Costco’s 81 million members, though 54% of US adults who have taken GLP-1s have struggled to afford them according to KFF. Companies like Hims & Hers sell compounded versions for $199 per month, driving Novo Nordisk and Eli Lilly to reduce prices to compete. The FDA is investigating compounding companies for their advertising methods. Source: Healthcare Brew

Marketing

Texas implemented amendments to its telemarketing law on September 1, 2025, that now explicitly cover text messages and impose registration and bonding requirements on businesses making solicitations from or to the state. The amendments, known as S.B. 140, require businesses to register each location with the Texas Secretary of State and post a $10,000 security bond per entity. Violations trigger automatic liability under the Texas Deceptive Trade Practices Act, allowing consumers to seek $500 to $1,500 per unlawful call or text, while the Texas Attorney General can impose penalties up to $5,000 per violation. The law exempts certain entities including nonprofits, banks, insurance companies, and businesses soliciting current or former customers. Businesses that call or text individuals in Texas must comply regardless of whether they are registered to do business in the state. Source: Epstein Becker Green

Medicare Reimbursement

The HHS Office of Inspector General released a report calling for heightened oversight of Medicare billing for remote patient monitoring services. Medicare payments for RPM surpassed $500 million in 2024, serving nearly one million enrollees, despite Medicare coverage for RPM having been established only in 2019. OIG’s 2024 report found that nearly half of enrollees who received RPM services did not receive all three components: education and setup, device supply, and treatment management. The report recommends CMS monitor providers billing for enrollees with no prior practice history, new enrollees receiving RPM for the first time, enrollees never receiving treatment management, enrollees already receiving RPM at another practice, or multiple monitoring devices per month for a single enrollee. Providers should reinforce training and processes to ensure RPM services are medically necessary and compliant with Medicare requirements. Source: Morgan Lewis Health Law Scan

Mergers & Acquisitions

Healthcare buyers must conduct AI due diligence during mergers and acquisitions as organizations expand artificial intelligence use without governance frameworks. Many healthcare organizations deploy AI applications ranging from clinical decision-support interventions to patient communications without comprehensive monitoring strategies, creating compliance and liability risks for potential buyers. New state regulations compound these risks, with California’s Assembly Bill 489 prohibiting AI systems from suggesting medical advice comes from licensed professionals and Illinois banning AI use in mental health decision-making processes. Buyers should examine target companies’ AI oversight structures, governance programs, vendor contracts, and develop post-closing integration strategies to manage HIPAA violations and other legal exposures. The process requires collaboration between legal, IT, and clinical teams to assess risks and ensure compliance in this evolving regulatory landscape. Source: Sheppard Mullin Healthcare Law Blog

Value-Based Care

Value-based care strategies can address four challenges facing health systems: improving access, enhancing physician alignment, generating revenue, and reducing physician enterprise losses. Clinically integrated networks free up inpatient capacity by managing low-acuity Medicare and Medicaid cases outside hospitals, creating space for patients with higher margins. Medicare Shared Savings Program accountable care organizations that generated savings in 2024 achieved median shared savings revenue of 3.1% of total medical spend. CINs allow private practices to participate in value-based care contracts while retaining independence, reducing the need for physician employment that costs health systems over $160,000 per employed physician. The Centers for Medicare & Medicaid Services has advanced value-based programs including TEAM and AHEAD regardless of party control. Source: VMG Health
Primary care physician practices assuming financial risk for patient outcomes face growing scrutiny as the U.S. healthcare system transitions to value-based care models. The U.S. physician services industry is projected to reach $438.1 billion in 2025, with only 6% of physician groups currently backed by private equity. Starting in 2025, the CMS RADV Audit will audit 100% of Medicare Advantage contracts annually, focusing on the 10% of enrollees with the highest risk and extrapolating results for financial recoupment. The transition to CMS-HCC Version 28 reduces the number of hierarchical condition categories and recalibrates coefficients, potentially lowering risk adjustment factor scores for certain patient populations. Source: Ankura

Wearables

The global wearable technology market reached $218.27 billion in 2024, prompting companies to pursue partnerships with health clubs, insurers, fitness brands, and wellness providers to remain competitive. These collaborations include co-marketing arrangements, incentives to utilize wearables, cross discounts, and resale agreements. Lawyers advising on these partnerships focus on three areas: branding terms that define trademark usage and marketing guidelines, data provisions that establish ownership and compliance with HIPAA, GDPR, and CCPA, and liability structures that allocate responsibility for product failures, data breaches, and disputes. The agreements require coordination between marketing, privacy, security, and product teams to address data flows and risks. Strategic partnerships offer growth opportunities for established companies seeking diversification and new entrants building brand traction. Source: Loeb & Loeb LLP