Health Law Advisor

In September 2025, the U.S. Attorneys’ Office for the Eastern District of Pennsylvania (EDPA) announced that it would be implementing a White-Collar Justice Program to strengthen its white- collar enforcement framework. Among other things, the program will “empower Assistant United States Attorneys to aggressively pursue complex investigations and significant new matters on their own initiative.”

This announcement demonstrates another step in federal districts ramping up their white-collar enforcement efforts while encouraging robust procedures for compliance and self-disclosure. This is a trend several years in the making: in September 2022, then-Deputy Attorney General Lisa Monaco directed U.S. attorneys and others within the DOJ to review their policies on corporate voluntary self-disclosure, and to draft and share a formal written policy to incentivize such self-disclosure, if one was lacking.

On October 11, California Governor Gavin Newsom signed AB 1415, which regulates private equity and hedge fund activity by expanding the Office of Health Care Affordability’s (OHCA) jurisdiction and notice requirements. Though the law is a compromise from last session’s AB 3129—which the Governor vetoed on September 28, 2024—it nevertheless represents a significant change for private equity groups, hedge funds, and management services organizations (MSOs) in the state.

Well before the latest government shutdown, the U.S. Department of Justice’s National Security Division (DOJ NSD) issued a final rule at 28 CFR Part 202 (“2025 Final Rule” or “Rule”) to help prevent “countries of concern” or “covered persons” from accessing U.S. government-related data and Americans’ bulk sensitive personal data. The 2025 Final Rule took effect in April—and after a 90-day safe harbor period, the DOJ began enforcement on July 8.

Six months after implementation—with the U.S. Senate now passing the BIOSECURE Act restricting certain biotech business with China—compliance remains the key for affected stakeholders, including those exchanging personal health data. As we reported in July, the 2025 Final Rule implemented the prior administration’s Executive Order 14117 of February 28, 2024, by prohibiting and restricting “bulk” data transactions with countries that could threaten U.S. national security through the use of Americans’ sensitive personal data.

While the 2025 Final Rule remains largely untested, federal agencies and stakeholders alike have taken action to test the bounds of the Rule and, in some instances, expand applicability beyond 28 CFR Part 202. Below is a brief refresher of the key elements of the Rule and some recent developments.

On October 6, 2025, California Governor Gavin Newsom signed SB 351, aimed at limiting the involvement of private equity groups and hedge funds in health care practices. While the new law does create new statutory requirements governing hedge fund and private equity group involvement in the management of physician and dental practices, those requirements largely reflect existing California case law and Medical Board of California guidance. Specifically, the new law:

• prohibits a private equity group or hedge fund that is involved—including as an investor or owner—with a physician or dental practice doing business in the state, from interfering with the professional judgment of physicians and dentists in making health care decisions;
• prohibits these entities from exercising power over specified actions, including hiring practices and coding and billing procedures for patient services, and
• prohibits contracts between a private equity group or hedge fund or an entity controlled by a private equity group or a hedge fund and a physician or dental practice, if the contract would allow the conduct described above or impose a noncompete or nondisparagement clause.

The law will take effect on January 1, 2026. The state attorney general is empowered to enforce the new law through injunctive relief and other equitable remedies. It is the latest in a national trend among states to strengthen corporate practice of medicine (CPOM) doctrines by limiting the influence of non-licensed entities in clinical decision-making. The bill, introduced by California State Senator Christopher Cabaldon, passed the state legislature in September with bipartisan support.

In the latest in a series of recent cases involving the “but-for” causation standard for Anti-Kickback Statute (“AKS”) claims, Judge Waverly D. Crenshaw in the U.S. District Court for the Middle District of Tennessee has dismissed United States, et al., ex rel. Nolan, et al. v. HCA Healthcare, Inc., 2025 WL 2713747 (M.D. Tenn. Sept. 22, 2025) pursuant to Rules 12(b)(6) and 9(b).

Judge Crenshaw weighed in Nolan whether the relators, co-owners of Pathologists Laboratory P.C. (“PLPC”), had plausibly alleged that: 1) defendant HCA Healthcare Inc. (“HCA”) solicited or received “remuneration” for purposes of an AKS violation; and 2) PLPC or the second lab submitted claims “resulting from” an illegal kickback for purposes of a False Claims Act (FCA). He ultimately determined that the relators had not, in fact, plausibly alleged that HCA either solicited or received “remuneration” for purposes of the AKS.

In the wake of a lawsuit filed in federal district court in California in August—alleging that an artificial intelligence (AI) chatbot encouraged a 16-year-old boy to commit suicide—a similar suit filed in September is now claiming that an AI chatbot is responsible for death of a 13-year-old girl.

It’s the latest development illustrating a growing tension between AI’s promise to improve access to mental health support and the alleged perils of unhealthy reliance on AI chatbots by vulnerable individuals. This tension is evident in recent reports that some users, particularly minors, are becoming addicted to AI chatbots, causing them to sever ties with supportive adults, lose touch with reality and, in the worst cases, engage in self-harm or harm to others.

While not yet reflected in diagnostic manuals, experts are recognizing the phenomenon of “AI psychosis”—distorted thoughts or delusional beliefs triggered by interactions with AI chatbots. According to Psychology Today, the term describes cases in which AI models have amplified, validated, or even co-created psychotic symptoms with individuals. Evidence indicates that AI psychosis can develop in people with or without a preexisting mental health issue, although the former is more common.

On September 25, 2025, the Department of Justice announced a new office within the Civil Division—the Enforcement & Affirmative Litigation Branch—“dedicated to safeguarding public health and safety through proactive enforcement and high-impact affirmative litigation.” The creation of this new office restructures and consolidates affirmative litigation into a specialized branch to “hold powerful actors accountable, protect public health and safety, and enforce critical national policies.”

The telehealth cliff that we warned you about on March 3 and March 25, 2025, is now more fact than fiction—and we need a parachute.

Current Medicare telehealth flexibilities expired on September 30, 2025. This expiration has come to be called a “cliff,” since millions of beneficiaries who have used telehealth as a means for receiving health care services since the COVID-19 pandemic could lose coverage for this benefit. Now, they may have to travel to a health care provider’s office or a health care facility to receive most telehealth services, as opposed to simply logging on at home.

Without question, this is a move backward. Since restrictions for Medicare beneficiaries were eased at the start of the global pandemic in March 2020, many Americans—including seniors, those in rural areas, and those with mobility problems—have learned not only to use telehealth but to embrace it and in fact rely upon it.

As featured in #WorkforceWednesday®: This week, we examine the Federal Trade Commission’s (FTC’s) decisions to drop its appeal of a federal court ruling striking down its proposed non-compete ban and to issue warnings to health care employers about using unreasonable restrictive covenants in employment agreements.

Although the FTC’s decision to abandon its non-compete ban appeal may appear to favor employers, its recent warning letters to health care organizations make clear that regulatory scrutiny is far from over.

In this episode, Epstein Becker Green attorneys E. John Steren and David J. Clark discuss the FTC’s concerns for health care employers, offer guidance on revising non-compete agreements to withstand legal challenges, and explore alternative strategies to protect business interests.

On September 16, 2025, the U.S. Food and Drug Administration (FDA) released more than 60 warning letters sent to specific pharmaceutical manufacturers, alleging misbranding of a particular drug through direct-to-consumer (DTC) advertisements in violation of the federal Food, Drug, and Cosmetic Act (FDCA). The warning letters issued largely from the Center for Drug Evaluation and Research (CDER) and the Center for Biologics Evaluation and Research (CBER).

The FDA also released nearly 40 untitled letters sent to specific drug manufacturers from its Office of Prescription Drug Promotion on September 9 and 23, similarly informing them that one or more direct-to-consumer TV ads misbrands a specific drug.

These actions follow the September 9th announcement that the U.S. Department of Health and Human Services (HHS) and the FDA would be targeting “misleading” DTC pharmaceutical advertisements—the same day that a presidential memorandum directed HHS Secretary Robert F. Kennedy Jr. and FDA Commissioner Martin A. Makary to act.

The letters also reflect a broader shift in the FDA’s oversight of pharmaceutical advertising, particularly in DTC channels. With regulators taking a more aggressive posture across both broadcast and social media platforms, companies should be prepared for shifting regulatory requirements and heightened enforcement risk.