Health Law Advisor

As we noted in our previous blog post, HealthBench, an open-source benchmark developed by OpenAI, measures model performance across realistic health care conversations, providing a comprehensive assessment of both capabilities and safety guardrails that better align with the way physicians actually practice medicine. In this post, we discuss the legal and regulatory questions HealthBench addresses, the tool’s practical applications within the health care industry, and its significance in shaping the future of artificial intelligence (AI) in medicine.

Hospitals and health systems are familiar with traditional medical malpractice cases, but as healthcare is increasingly seen as a business, healthcare providers need to understand the potential for, and limitations of claims brought under the guise of consumer protection laws. 

Consumer protection laws can be tempting causes of action for individuals who believe they have been wronged by the healthcare system. Unlike medical malpractice claims, which require expert testimony and may include damages caps, consumer protection statutes often include treble damages, punitive damages, and attorneys’ fees. Consumer protection laws may also offer injunctive relief as a remedy, do not require a plaintiff to prove causation or damages, and have the potential for class action lawsuits. To prevent plaintiffs from reframing a negligence case to sidestep the limitations of medical malpractice cases, some courts and states have drawn boundaries between consumer protection and medical malpractice cases.

Oregon Governor Tina Kotek has signed SB 951—which, as we noted on June 4, 2025, disrupts historically accepted corporate practice of medicine (CPOM) structures by banning arrangements that are inherent to friendly PC models and placing limitations on Management Service Organizations (MSOs). SB 951 is now Oregon law, with staggered effective dates. 

The new law will be the strictest in the nation when it comes to limiting health care ownership and influence, and it seems certain to affect corporate investment in the state’s medical sector.

Yet in an unusual twist, the Oregon legislature is now poised to pass related legislation, HB 3410A, that would amend portions of SB 951 in the course of the same legislative session.

On May 21, 2025, the Centers for Medicare & Medicaid Services (CMS) announced^[1] an aggressive plan (Plan) to expand its efforts to address fraud, waste, and abuse in Medicare Advantage (MA). By engaging with enhanced technology and significantly expanding its workforce, CMS states that it intends to audit every eligible MA contract for Payment Years (PY) 2018 through 2024 and recover on all prior audits conducted by CMS and the Office of Inspector General (OIG).  Historically, CMS has only selected a small subset of contracts (approximately sixty) for each PY audited. CMS is currently completing PY2018 Risk Adjustment Data Validation (RADV) audit but has yet to issue findings or payment recovery demands for any audit completed. CMS has similarly not taken material action regarding the so called “OIG audits”.

Background

CMS Audit Methodology. CMS officially launched its RADV audit program in 2008. The audit methodology employed by CMS has evolved over the years through various rule making efforts and sub-regulatory issuances. CMS’s proposed rule in 2010 set forth an audit methodology to review a risk stratified 201-member sample, where all risk adjusted Hierarchical Condition Categories (HCCs) for each member would be reviewed and checked for errors.^[2] Finalizing this methodology in 2012[3], CMS then conducted audits on PY2012 and 2013 utilizing this approach. The presumption was that CMS would extrapolate and recoup such amounts. However, CMS did not issue final agency actions requiring substantial repayments or extrapolation.

The Evolution of Health Care AI Benchmarking

Artificial Intelligence (AI) foundation models have demonstrated impressive performance on medical knowledge tests in recent years, with developers proudly announcing their systems had “passed” or even “outperformed” physicians on standardized medical licensing exams. Headlines touted AI systems achieving scores of 90% or higher on the United States Medical Licensing Examination (USMLE) and similar assessments. However, these multiple-choice evaluations presented a fundamentally misleading picture of AI readiness for health care applications. As we previously noted in our analysis of AI/ML growth in medicine, a significant gap remains between theoretical capabilities demonstrated in controlled environments and practical deployment in clinical settings.

These early benchmarks—predominantly structured as multiple-choice exams or narrow clinical questions—failed to capture how physicians actually practice medicine. Real-world medical practice involves nuanced conversations, contextual decision-making, appropriate hedging in the face of uncertainty, and patient-specific considerations that extend far beyond selecting the correct answer from a predefined list. The gap between benchmark performance and clinical reality remains largely unexamined.

“ERISA, you’ll need a lawyer for that.” Our practice group’s tagline is meant to be a shorthand for the alphabet soup of laws that apply to employee benefits, including the Employee Retirement Income Security Act (ERISA). Employee benefits compliance has many traps for the unwary and is ever evolving. Below, we have provided a primer on current issues of importance in the employee benefits area to help in-house attorneys identify potential risks, mitigate them, and know when to call an outside ERISA lawyer.

1. What Is Old Is New: Get Your Health Plan Governance in Order

Employers that sponsor self-funded health plans have a host of complicated obligations. There are greater potential legal, regulatory, and fiduciary risks than in years past with managing health plans because of increased congressional legislation, increased Department of Labor (DOL) focus on group health plan compliance, and increased group health plan litigation, often by the same plaintiffs’ firms that have been suing 401(k) plans in fee litigation the past 20 years or more.

As the song goes, the Food and Drug Administration’s (“FDA’s”) 2024 Final Rule regulating laboratory-developed tests (“LDTs”) as medical devices (“Final Rule”), is not merely dead—it’s really most sincerely dead.

Perhaps not for good, but for the foreseeable future, at least.

The FDA has let the clock run out on the 60-day time period to appeal the March 31, 2025, decision by the U.S. District Court for the Eastern District of Texas concluding that: 1) the FDA overstepped its authority, and 2) the LDT Final Rule of May 6, 2024, was unlawful. As we explained at that time, the Final Rule would have required virtually all clinical laboratories offering their own LDTs to comply with FDA expectations for medical device manufacturers in phases over a four-year period—with the first compliance deadlines set for May 2025.

The March 2025 opinion by Judge Sean D. Jordan vacated the controversial Final Rule a little more than a month before the first implementation deadlines were to take effect, and remanded the issue back to the FDA.

SB 951, which bolsters existing Oregon law prohibiting the corporate practice of medicine (CPOM), passed the state House of Representatives on May 28 and now awaits the signature of Governor Tina Kotek.

As EBG noted in a recent blog, the majority of states have some form of CPOM restriction. Oregon’s doctrine stretches back to 1947, when the state supreme court in State ex. rel. Sisemore v. Standard Optical Co. of Or. banned corporations from owning medical practices, practicing medicine, or employing physicians.^[1]

Since then, however, Oregon has sought to strengthen its CPOM rules legislatively, as entities have “sought to circumvent the ban through complex ownership structures, contracting practices, and other means,” as SB 951 states.

On May 19, 2025, the U.S. Department of Justice (DOJ) announced a new Civil Rights Fraud Initiative that will leverage the federal False Claims Act (FCA) to investigate and litigate against universities, contractors, health care providers, and other entities that accept federal funds but allegedly violate federal civil rights laws.

The initiative will be led jointly by the DOJ Civil Division’s Fraud Section and the Civil Rights Division—with support from the Criminal Division, federal civil rights agencies, and state partners. 

The initiative implements President Donald Trump’s Executive Order 14173, “Ending Illegal Discrimination and Restoring Merit-Based Opportunity” (January 21, 2025), directing agencies to combat unlawful discrimination through the FCA, and complements Attorney General (AG) Bondi’s February 5 memorandum, “Ending Illegal DEI and DEIA Discrimination and Preferences.”

Those in the tech world and in medicine alike see potential in the use of AI chatbots to support mental health—especially when human support is unavailable, or therapy is unwanted. Others, however, see the risks—especially when chatbots designed for entertainment purposes can disguise themselves as therapists.

So far, some lawmakers agree with the latter. In April, U.S. Senators Peter Welch (D-Vt.) and Alex Padilla (D-Calif.) sent letters to the CEOs of three leading artificial intelligence (AI) chatbot companies asking them to outline, in writing, the steps they are taking to ensure that the human interactions with these AI tools “are not compromising the mental health and safety of minors and their loved ones.”

The concern was real: in October 2024, a Florida parent filed a wrongful death lawsuit in federal district court, alleging that her son committed suicide with a family member’s gun after interacting with an AI chatbot that enabled users to interact with “conversational AI agents, or ‘characters.’” The boy’s mental health allegedly declined to the point where his primary relationships “were with the AI bots which Defendants worked hard to convince him were real people.”