Health Law Advisor

The digital transformation has led to significant advancements in authentication and identity verification technologies and other cyber defenses. From biometrics to multi-factor authentication (MFA) to use of Artificial Intelligence (AI) enhanced detection and response tools, these systems are the first line of critical defense against unauthorized access in critical sectors such as finance, healthcare, manufacturing and government. However, with the rapid development of Multi-Modal AI and agentic AI, a new challenge has emerged—one that may compromise the very systems designed to protect us. By integrating multiple forms of data (e.g., voice, video, text) in multi-modal AI and use of agentic AI (automated decision-making with little or no human intervention), malicious actors are increasingly capable of bypassing authentication and identity verification security and other defenses, thereby posing a new level of cybersecurity threat. The rapid deployment of AI integrated into a wide variety of commercial products, platforms and workflows has dramatically expanded the potential attack surface.

Practices related to enrollment in Medicare Advantage plans continue to draw scrutiny from government regulators. Over the last few weeks, and simultaneous with Medicare’s Annual Open Enrollment Period, six states issued statements regarding recent Medicare Advantage and MedSupp (or “Medigap”) carrier actions related to enrollment and marketing accessibility.  Specifically, regulators from state insurance departments in the states of Delaware, Idaho, Montana, New Hampshire, North Dakota and Oklahoma, have indicated that the following acts, if taken by MA and MedSupp carriers, are considered unfair and deceptive under state law:

On June 12, 2025, the Children’s Hospital of Philadelphia (“CHOP”) received a subpoena issued by the Department of Justice (“DOJ”) requesting highly sensitive patient health and procedure information related to gender-affirming care. These subpoenas, issued to multiple hospitals, doctors, and clinics, were directly related to the Trump Administration’s January 28, 2025, Executive Order entitled, “Protecting Children from Chemical and Surgical Mutilation” (“EO 14187”).  The subpoena to CHOP has resulted in recent court activity over its purpose and enforceability. 

New from the Diagnosing Health Care Podcast: By early 2026, substance use disorder (SUD) providers, health plans, clinicians, health information exchanges (HIEs), and vendors must meet new federal privacy standards for SUD treatment records or face Health Insurance Portability and Accountability Act (HIPAA)-level enforcement and penalties.

On this episode, Epstein Becker Green attorneys Lisa Pierce Reisz, David Shillcutt, and Laura DePonio join Nichole Sweeney, General Counsel and Chief Privacy Officer at CRISP, to break down the 42 CFR Part 2 final rule: what’s changing, what’s staying the same, and what organizations often miss.

The group explains how the final rule aligns with (but does not replace) HIPAA, why patient consent remains central, and what new operational risks are emerging.

Tune in to learn about the changes that matter most and the risks you can’t ignore.

[UPDATE: This post has been updated to reflect the Drug Enforcement Administration’s November 10, 2025, notice of the upcoming Fourth Temporary Extension of COVID-19 Telemedicine Flexibilities for Prescription of Controlled Medications.]

The United States just made its latest move regarding Medicare telehealth flexibilities, which expired on September 30, 2025.

On November 9, the Senate voted 60-40 to end the then-nearly 40-day U.S. government shutdown, hammering out a continuing resolution (CR) that would extend the telehealth flexibilities extended in the Consolidated Appropriations Act of 2023 through January 30, 2026. The House vote on November 12, 222-209, clinched the deal.

It’s a welcome development. A research brief updated on November 10, 2025, by the Center for Advancing Health Policy Through Research (CAHPR) and the Brown University School of Public Health reports that telemedicine visits declined by 24 percent in the first 17 days of October for Medicare fee-for-service beneficiaries, and by 13 percent for Medicare Advantage beneficiaries. This is compared to visits from the start of July to the end of September, when the U.S. government’s failure to extend Medicare telehealth coverage sent practitioners and patients alike over what is now commonly termed a telehealth policy “cliff.”

On October 21, 2025, the acting administrator of the Office of Information and Regulatory Affairs (OIRA) in the Office of Management and Budget issued Memorandum M-25-36, which contains guidance for federal agencies on “how to bolster, streamline, and speed” the deregulatory agenda prioritized by the Trump administration in 2025 (“the Memorandum” or “M-25-36”).

The Memorandum furthers two Executive Orders (EOs) issued earlier in the year. EO 14192, entitled “Unleashing Prosperity Through Deregulation,” requires that for every new regulation issued, ten must be repealed. EO 14219 seeks to ensure “Lawful Governance” to implement the president’s Department of Government Efficiency Deregulatory Initiative. M-25-36 also furthers a Presidential Memorandum of April 9, 2025, entitled “Directing the Repeal of Unlawful Regulations.”

The Memorandum, which establishes timelines and guidelines for OIRA review, focuses on: 1) speeding up the OIRA review process; 2) repealing facially unlawful regulations; and 3) developing better deregulatory records. We discuss each of these sections in turn before providing some thoughts in the health care context.

In Summer 2025, the U.S. Court of Appeals for the Sixth Circuit issued a strongly worded decision in In Re: FirstEnergy Corporation (No. 24-3654)—confirming the core concept that internal investigations conducted by counsel and in anticipation of litigation are privileged and protected from disclosure. When securities plaintiffs in the case sweepingly sought all documents “related to the internal investigation,” the district court incorrectly ordered their production. After much legal wrangling, the Sixth Circuit rebuked the district court on August 7, 2025, and reaffirmed in a per curiam opinion filed October 3, 2025. 

New from the Diagnosing Health Care Podcast: Why is now the moment for women’s health?

On this episode, Epstein Becker Green attorneys Rachel Snyder Good, Beth Scarola, and Laura DePonio sit down with Sheila Biggs, Vice President of Jarrard, to explore how women’s health is evolving from a niche focus into a mainstream industry priority. They discuss the forces accelerating growth, the opportunities for change, and the challenges that still need to be addressed across outcomes, access, and patient experience.

This episode unpacks several key topics, including:

• what “women’s health” really means today—far beyond fertility and reproductive care;
• how decades of underinvestment created new opportunities for innovation, equity, and growth;
• why investors and policymakers are turning their attention to this space, and what’s driving the momentum;
• the biggest gaps still to close in outcomes, access, and patient experience;
• how storytelling and strategy can help reshape the public narrative around women’s health; and
• where the industry is headed next—including insights related to the upcoming Women’s Health Innovation Summit.

Tune in to find out what’s driving unprecedented momentum across policy, investment, and innovation in the women’s health space.

Imagine going online to chat with someone and finding an account with a profile photo, a description of where the person lives, and a job title . . .  indicating she is a therapist. You begin chatting and discuss the highs and lows of your day among other intimate details about your life because the conversation flows easily.  Only the “person” with whom you are chatting is not a person at all; it is a “companion AI.”

Recent statistics indicate a dramatic rise in adoption of these companion AI chatbots, with 88% year-over-year growth, over $120 million in annual revenue, and 337 active apps (including 128 launched in 2025 alone).  Further statistics about pervasive adoption among youth indicate three of every four teens have used companion AI at least once, and two out of four use companion AI routinely.  In response to these trends and the potential negative impacts on mental health in particular, state legislatures are quickly stepping in to require transparency, safety and accountability to manage risks associated with this new technology, particularly as it pertains to children. 

In September 2025, the U.S. Attorneys’ Office for the Eastern District of Pennsylvania (EDPA) announced that it would be implementing a White-Collar Justice Program to strengthen its white- collar enforcement framework. Among other things, the program will “empower Assistant United States Attorneys to aggressively pursue complex investigations and significant new matters on their own initiative.”

This announcement demonstrates another step in federal districts ramping up their white-collar enforcement efforts while encouraging robust procedures for compliance and self-disclosure. This is a trend several years in the making: in September 2022, then-Deputy Attorney General Lisa Monaco directed U.S. attorneys and others within the DOJ to review their policies on corporate voluntary self-disclosure, and to draft and share a formal written policy to incentivize such self-disclosure, if one was lacking.