Health Law Advisor

On June 12, 2025, the Children’s Hospital of Philadelphia (“CHOP”) received a subpoena issued by the Department of Justice (“DOJ”) requesting highly sensitive patient health and procedure information related to gender-affirming care. These subpoenas, issued to multiple hospitals, doctors, and clinics, were directly related to the Trump Administration’s January 28, 2025, Executive Order entitled, “Protecting Children from Chemical and Surgical Mutilation” (“EO 14187”).  The subpoena to CHOP has resulted in recent court activity over its purpose and enforceability. 

New from the Diagnosing Health Care Podcast: By early 2026, substance use disorder (SUD) providers, health plans, clinicians, health information exchanges (HIEs), and vendors must meet new federal privacy standards for SUD treatment records or face Health Insurance Portability and Accountability Act (HIPAA)-level enforcement and penalties.

On this episode, Epstein Becker Green attorneys Lisa Pierce Reisz, David Shillcutt, and Laura DePonio join Nichole Sweeney, General Counsel and Chief Privacy Officer at CRISP, to break down the 42 CFR Part 2 final rule: what’s changing, what’s staying the same, and what organizations often miss.

The group explains how the final rule aligns with (but does not replace) HIPAA, why patient consent remains central, and what new operational risks are emerging.

Tune in to learn about the changes that matter most and the risks you can’t ignore.

The United States just made its latest move regarding Medicare telehealth flexibilities, which expired on September 30, 2025.

On November 9, the Senate voted 60-40 to end the then-nearly 40-day U.S. government shutdown, hammering out a continuing resolution (CR) that would extend the telehealth flexibilities extended in the Consolidated Appropriations Act of 2023 through January 30, 2026. The House vote on November 12, 222-209, clinched the deal.

It’s a welcome development. A research brief updated on November 10, 2025, by the Center for Advancing Health Policy Through Research (CAHPR) and the Brown University School of Public Health reports that telemedicine visits declined by 24 percent in the first 17 days of October for Medicare fee-for-service beneficiaries, and by 13 percent for Medicare Advantage beneficiaries. This is compared to visits from the start of July to the end of September, when the U.S. government’s failure to extend Medicare telehealth coverage sent practitioners and patients alike over what is now commonly termed a telehealth policy “cliff.”

On October 21, 2025, the acting administrator of the Office of Information and Regulatory Affairs (OIRA) in the Office of Management and Budget issued Memorandum M-25-36, which contains guidance for federal agencies on “how to bolster, streamline, and speed” the deregulatory agenda prioritized by the Trump administration in 2025 (“the Memorandum” or “M-25-36”).

The Memorandum furthers two Executive Orders (EOs) issued earlier in the year. EO 14192, entitled “Unleashing Prosperity Through Deregulation,” requires that for every new regulation issued, ten must be repealed. EO 14219 seeks to ensure “Lawful Governance” to implement the president’s Department of Government Efficiency Deregulatory Initiative. M-25-36 also furthers a Presidential Memorandum of April 9, 2025, entitled “Directing the Repeal of Unlawful Regulations.”

The Memorandum, which establishes timelines and guidelines for OIRA review, focuses on: 1) speeding up the OIRA review process; 2) repealing facially unlawful regulations; and 3) developing better deregulatory records. We discuss each of these sections in turn before providing some thoughts in the health care context.

In Summer 2025, the U.S. Court of Appeals for the Sixth Circuit issued a strongly worded decision in In Re: FirstEnergy Corporation (No. 24-3654)—confirming the core concept that internal investigations conducted by counsel and in anticipation of litigation are privileged and protected from disclosure. When securities plaintiffs in the case sweepingly sought all documents “related to the internal investigation,” the district court incorrectly ordered their production. After much legal wrangling, the Sixth Circuit rebuked the district court on August 7, 2025, and reaffirmed in a per curiam opinion filed October 3, 2025. 

New from the Diagnosing Health Care Podcast: Why is now the moment for women’s health?

On this episode, Epstein Becker Green attorneys Rachel Snyder Good, Beth Scarola, and Laura DePonio sit down with Sheila Biggs, Vice President of Jarrard, to explore how women’s health is evolving from a niche focus into a mainstream industry priority. They discuss the forces accelerating growth, the opportunities for change, and the challenges that still need to be addressed across outcomes, access, and patient experience.

This episode unpacks several key topics, including:

• what “women’s health” really means today—far beyond fertility and reproductive care;
• how decades of underinvestment created new opportunities for innovation, equity, and growth;
• why investors and policymakers are turning their attention to this space, and what’s driving the momentum;
• the biggest gaps still to close in outcomes, access, and patient experience;
• how storytelling and strategy can help reshape the public narrative around women’s health; and
• where the industry is headed next—including insights related to the upcoming Women’s Health Innovation Summit.

Tune in to find out what’s driving unprecedented momentum across policy, investment, and innovation in the women’s health space.

Imagine going online to chat with someone and finding an account with a profile photo, a description of where the person lives, and a job title . . .  indicating she is a therapist. You begin chatting and discuss the highs and lows of your day among other intimate details about your life because the conversation flows easily.  Only the “person” with whom you are chatting is not a person at all; it is a “companion AI.”

Recent statistics indicate a dramatic rise in adoption of these companion AI chatbots, with 88% year-over-year growth, over $120 million in annual revenue, and 337 active apps (including 128 launched in 2025 alone).  Further statistics about pervasive adoption among youth indicate three of every four teens have used companion AI at least once, and two out of four use companion AI routinely.  In response to these trends and the potential negative impacts on mental health in particular, state legislatures are quickly stepping in to require transparency, safety and accountability to manage risks associated with this new technology, particularly as it pertains to children. 

In September 2025, the U.S. Attorneys’ Office for the Eastern District of Pennsylvania (EDPA) announced that it would be implementing a White-Collar Justice Program to strengthen its white- collar enforcement framework. Among other things, the program will “empower Assistant United States Attorneys to aggressively pursue complex investigations and significant new matters on their own initiative.”

This announcement demonstrates another step in federal districts ramping up their white-collar enforcement efforts while encouraging robust procedures for compliance and self-disclosure. This is a trend several years in the making: in September 2022, then-Deputy Attorney General Lisa Monaco directed U.S. attorneys and others within the DOJ to review their policies on corporate voluntary self-disclosure, and to draft and share a formal written policy to incentivize such self-disclosure, if one was lacking.

On October 11, California Governor Gavin Newsom signed AB 1415, which regulates private equity and hedge fund activity by expanding the Office of Health Care Affordability’s (OHCA) jurisdiction and notice requirements. Though the law is a compromise from last session’s AB 3129—which the Governor vetoed on September 28, 2024—it nevertheless represents a significant change for private equity groups, hedge funds, and management services organizations (MSOs) in the state.

Well before the latest government shutdown, the U.S. Department of Justice’s National Security Division (DOJ NSD) issued a final rule at 28 CFR Part 202 (“2025 Final Rule” or “Rule”) to help prevent “countries of concern” or “covered persons” from accessing U.S. government-related data and Americans’ bulk sensitive personal data. The 2025 Final Rule took effect in April—and after a 90-day safe harbor period, the DOJ began enforcement on July 8.

Six months after implementation—with the U.S. Senate now passing the BIOSECURE Act restricting certain biotech business with China—compliance remains the key for affected stakeholders, including those exchanging personal health data. As we reported in July, the 2025 Final Rule implemented the prior administration’s Executive Order 14117 of February 28, 2024, by prohibiting and restricting “bulk” data transactions with countries that could threaten U.S. national security through the use of Americans’ sensitive personal data.

While the 2025 Final Rule remains largely untested, federal agencies and stakeholders alike have taken action to test the bounds of the Rule and, in some instances, expand applicability beyond 28 CFR Part 202. Below is a brief refresher of the key elements of the Rule and some recent developments.