Health Law Advisor

On June 22, 2025, Texas Governor Greg Abbott signed into the law the Texas Responsible Artificial Intelligence Governance Act (TRAIGA) or (the Act). The Act, which goes into effect January 1, 2026, “seeks to protect public safety, individual rights, and privacy while encouraging the safe advancement of AI technology in Texas.”

Formerly known as HB 149, the Act requires a government agency to disclose to consumers that they are interacting with AI—no matter how obvious this might appear—through plain language, clear and conspicuous wording requirements, and more. The same disclosure requirement also applies to providers of health care services or treatment, when the service or treatment is first provided or, in cases of emergency, as soon as reasonably possible.

The Act further prohibits the development or deployment of AI systems intended for behavioral manipulation, including AI intended to encourage people to harm themselves, harm others, or engage in criminal activity (see a post by our colleagues on Utah’s regulation of mental health chatbots).

On June 30, 2025, the Office of Inspector General (OIG) of the U.S. Department of Health and Human Services posted Advisory Opinion 25-05 (AO 25-05) to its website. AO 25-05 is a favorable opinion that allows a medical device manufacturer to reimburse purchasers of its device for actual costs up to $2,500 incurred from needle stick injuries caused by failure of the device without running afoul of the federal Anti-Kickback Statute (AKS).

According to AO 25-05, the device at issue is used to administer immunizations and other drugs to patients via injections and is more expensive than typical needles. The device has a safety mechanism to protect the user that covers the needle except when the needle penetrates patient tissue during the injection. When users experience a needle stick injury, their employers usually cover the associated costs, including retraining staff, staff absences and replacement, counseling for injured workers, and possible additional costs in the event of a lawsuit or higher insurance premiums or workers compensation premiums.

Now in its sixth month, the second Trump administration has made clear that the False Claims Act (FCA) will remain a central tool in its efforts to combat fraud, waste, and abuse across federal programs.

On July 2, 2025, the U.S. Department of Justice (DOJ) and the U.S. Department of Health and Human Services (HHS) jointly announced that they will be strengthening their collaboration to advance priority enforcement areas through a DOJ-HHS False Claims Act Working Group (“FCA Working Group”). Originally formed in December 2020 during President Trump’s first term, the FCA Working Group is now being reestablished with renewed vigor to address key FCA enforcement priorities.

As we report annually, FCA settlements and judgments return billions of dollars to the federal treasury, with the health care and life sciences sectors accounting for the majority of those recoveries. While health care FCA statistics dipped last year, we predicted in January a “continued focus”—particularly given that the first Trump administration saw DOJ file a record number of health care-related FCA cases in a single year.

On June 25, 2025, the Office of the Inspector General (“OIG”) of the U.S. Department of Health and Human Services (“HHS”) released a short video containing the highlights of the Medicaid Fraud Control Units (“MFCUs”) Annual Report for Fiscal Year 2024 (“2024 Annual Report”). While the 2024 Annual Report was released in March 2025, HHS OIG just released the two-minute video summarizing the key aspects of the report.

MFCUs—which investigate and prosecute statewide Medicaid provider fraud, and beneficiary abuse and neglect—recovered $1.4 billion in FY 2024, which equates to $3.46 for every $1 spent. Criminal recoveries were the highest amount in the past 10 years, $961 million, and more than double the rolling 5-year average. HHS OIG attributes this massive increase to the California MFCU, which recovered $513 million on its own.

On June 20, 2025, the Department of Health and Human Services’ Office of Inspector General (“OIG”) issued an unfavorable advisory opinion - OIG Advisory Opinion 25-04 (“AO 25-04”). AO 25-04 discusses a proposal by a medical device company (the “Requestor”) to cover the costs for its customers—hospitals, health systems, and ambulatory surgery centers—to have a third-party company screen and monitor the Requestor for exclusion from federal healthcare programs. The OIG concluded that the proposed arrangement would potentially generate prohibited remuneration under the federal Anti-Kickback Statute (“AKS”).

According to the advisory opinion, some of the Requestor’s customers were either requesting or requiring, as a condition of doing business, that the Requestor pay a third-party company (the “Company”) to screen and monitor them for exclusion from federal healthcare programs. Under the proposed arrangement, the Company would charge the Requestor (and not its customers) an annual subscription fee for each customer receiving these screening and monitoring reports. The Requestor estimated this would amount to approximately $450,000 in annual fees, paid directly to the Company. The Requestor would not be a party to any agreements between its customers and the Company.

On June 11, 2025, Assistant Attorney General Brett A. Shumate issued an internal memorandum (the “Shumate memo”) to all Civil Division employees of the U.S. Department of Justice (“DOJ”), describing the Division’s enforcement priorities.

The four-page Shumate memo promises an aggressive investigation and use of the federal False Claims Act (“FCA”) against “entities that receive federal funds but knowingly violate civil rights laws.” The Shumate memo follows the announcement on May 19, 2025, of a new Civil Rights Fraud Initiative (the “May 19 announcement”), which shares similar aims. The May 19 announcement cited, in particular, universities and federal contractors engaging in discriminatory conduct (see our related blog posts here and here).

As we wrote in February, Executive Order 14173 of January 21, 2025, entitled “Ending Illegal Discrimination and Restoring Merit-Based Opportunity” (“EO 14173”) indicated that the Trump administration was eyeing the FCA as an anti-discrimination tool, though the statute has not traditionally been used as such. The Shumate memo prioritizes FCA investigations and enforcement actions against those who receive federal funds but knowingly violate federal civil rights laws, particularly by participating in or allowing antisemitism. The DOJ strongly indicated its intent to use the FCA to combat antisemitism and other instances of discrimination when it announced the Civil Rights Fraud Initiative.

As we noted in our previous blog post, HealthBench, an open-source benchmark developed by OpenAI, measures model performance across realistic health care conversations, providing a comprehensive assessment of both capabilities and safety guardrails that better align with the way physicians actually practice medicine. In this post, we discuss the legal and regulatory questions HealthBench addresses, the tool’s practical applications within the health care industry, and its significance in shaping the future of artificial intelligence (AI) in medicine.

Hospitals and health systems are familiar with traditional medical malpractice cases, but as healthcare is increasingly seen as a business, healthcare providers need to understand the potential for, and limitations of claims brought under the guise of consumer protection laws. 

Consumer protection laws can be tempting causes of action for individuals who believe they have been wronged by the healthcare system. Unlike medical malpractice claims, which require expert testimony and may include damages caps, consumer protection statutes often include treble damages, punitive damages, and attorneys’ fees. Consumer protection laws may also offer injunctive relief as a remedy, do not require a plaintiff to prove causation or damages, and have the potential for class action lawsuits. To prevent plaintiffs from reframing a negligence case to sidestep the limitations of medical malpractice cases, some courts and states have drawn boundaries between consumer protection and medical malpractice cases.

Oregon Governor Tina Kotek has signed SB 951—which, as we noted on June 4, 2025, disrupts historically accepted corporate practice of medicine (CPOM) structures by banning arrangements that are inherent to friendly PC models and placing limitations on Management Service Organizations (MSOs). SB 951 is now Oregon law, with staggered effective dates. 

The new law will be the strictest in the nation when it comes to limiting health care ownership and influence, and it seems certain to affect corporate investment in the state’s medical sector.

Yet in an unusual twist, the Oregon legislature is now poised to pass related legislation, HB 3410A, that would amend portions of SB 951 in the course of the same legislative session.

On May 21, 2025, the Centers for Medicare & Medicaid Services (CMS) announced^[1] an aggressive plan (Plan) to expand its efforts to address fraud, waste, and abuse in Medicare Advantage (MA). By engaging with enhanced technology and significantly expanding its workforce, CMS states that it intends to audit every eligible MA contract for Payment Years (PY) 2018 through 2024 and recover on all prior audits conducted by CMS and the Office of Inspector General (OIG).  Historically, CMS has only selected a small subset of contracts (approximately sixty) for each PY audited. CMS is currently completing PY2018 Risk Adjustment Data Validation (RADV) audit but has yet to issue findings or payment recovery demands for any audit completed. CMS has similarly not taken material action regarding the so called “OIG audits”.

Background

CMS Audit Methodology. CMS officially launched its RADV audit program in 2008. The audit methodology employed by CMS has evolved over the years through various rule making efforts and sub-regulatory issuances. CMS’s proposed rule in 2010 set forth an audit methodology to review a risk stratified 201-member sample, where all risk adjusted Hierarchical Condition Categories (HCCs) for each member would be reviewed and checked for errors.^[2] Finalizing this methodology in 2012[3], CMS then conducted audits on PY2012 and 2013 utilizing this approach. The presumption was that CMS would extrapolate and recoup such amounts. However, CMS did not issue final agency actions requiring substantial repayments or extrapolation.