civil rights – Page 9

OCR Announces Settlement with Neurology Practice Following Ransomware Attack

In April 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a HIPAA enforcement settlement with Comprehensive Neurology, PC, a New York-based neurology practice, in connection with a ransomware incident that compromised the electronic protected health information (“ePHI”) of approximately 6,800 individuals.
This case marks OCR’s 12th ransomware-related enforcement action and its 8th under the agency’s Risk Analysis Initiative – an enforcement effort focused on driving compliance with the HIPAA Security Rule’s risk analysis provision.
According to the OCR, Comprehensive Neurology failed to conduct an accurate and thorough risk analysis to assess potential risks to the confidentiality, integrity and availability of ePHI. This failure came to light following a December 2020 breach report stating that Comprehensive Neurology’s IT network had been encrypted and rendered inaccessible due to a ransomware attack. The affected data included patient names, clinical and insurance information, demographic information, Social Security numbers and government-issued IDs.
Under the terms of the settlement, Comprehensive Neurology agreed to pay $25,000 and adopt a two-year corrective action plan. Required steps include conducting a comprehensive risk analysis, implementing a risk management plan, updating HIPAA policies and procedures and training staff on HIPAA Security Rule requirements.
This latest settlement reinforces OCR’s continued focus on ensuring covered entities assess and manage cybersecurity risks before incidents occur.

An Update on the DEI Certification Provision of Executive Order 14173

On May 2, 2025, the United States District Court for the District of Columbia denied Plaintiffs’ Motion for a Preliminary Injunction in National Urban League et al. v. Trump, et al., 25-471, a case that seeks to halt enforcement of President Trump’s executive orders (“EOs”) related to diversity, equity, and inclusion (“DEI”), EO 14151 and EO 14173, as well as EO 14168, regarding so-called “Gender Ideology.” At this point two tribunals have ruled that the DEI-related EOs should not be enjoined pending legal challenges. (The other tribunal to take this position is the U.S. Court of Appeals for the Fourth Circuit which stayed a nationwide preliminary injunction of the DEI-related EOs issued by the District Court of Maryland.)
Government contractors are particularly interested in the DEI Certification provision in Section 3(b)(iv)(A) and (B) of EO 14173, which requires each agency of the government to include two terms in every contract or grant award: one requiring the counterparty “to certify that it does not operate any programs promoting DEI that violate any applicable Federal antidiscrimination laws,” and another requiring it to agree that compliance with those laws “is material to the government’s payment decisions for purposes of” the False Claims Act (“FCA”), 31 U.S.C. § 3729(b)(4). (We have previously done a deep dive on FCA liability premised on DEI programs.)
District Court: The DEI Certification Is Not Unconstitutionally Vague, Does Not Chill Protected Speech
The Court addressed Plaintiffs’ fear that the Trump administration will take a novel and overly broad view of “illegal discrimination” that will expose them to liability for DEI initiatives that are lawful under current judicial precedent but which the government might nevertheless target under existing antidiscrimination law. The Court said that this is “a concern with the interpretation of underlying antidiscrimination law—which Plaintiffs do not challenge—rather than the Certification Provision.” The Court said that an entity whose DEI program the government targets can, at that time, “contest whether their DEI programs fall within the scope” of applicable antidiscrimination laws.
The Court also stated that the DEI Certification provision does not chill protected speech because it only targets DEI programs that violate federal antidiscrimination law, and there is no First Amendment right to “operate such programs.” Thus, the Court aligned with the Fourth Circuit, which also noted that EO 14173 does not purport to establish the illegality of all efforts to advance DEI, only illegal efforts to advance DEI. In response to the argument that no one knows what illegal DEI means, the judge stated that the First Amendment does not require the government to preemptively identify programs or provide hypothetical examples of action that violates antidiscrimination law. In reaching this conclusion, the Court stated that it “respectfully disagrees” with the Northern District of Illinois which, in Chicago Women in Trades v. Trump et al., 1:25-cv-02005, partially granted a preliminary injunction and in so doing “faulted” EO 14173’s DEI Certification requirement for not clarifying “what might make any given DEI program violate Federal antidiscrimination laws.”
As for what it means to “promote” illegal DEI, the District Court for the District of Columbia simply looked to the Merriam-Webster dictionary, which clarifies that “[t]o ‘promote’ something is to contribute to its growth or prosperity.”
District Court: Good Faith Compliance with Antidiscrimination Law Diminishes FCA Risk
Given the potential for treble damages and civil penalties under the FCA, contractors and grantees are particularly concerned about the concession of materiality required by the DEI Certification. Plaintiffs argued that signing the DEI Certification could expose them to significant FCA liability for minor or technical violations, especially given that the government appears poised to adopt an aggressive and broad view of what counts as illegal discrimination.
The judge viewed this risk with skepticism. He pointed to the FCA’s scienter requirement, under which liability only attaches if a defendant submitting a false claim acted with knowledge, deliberate ignorance, or reckless disregard of the falsity of the claim. The Court specifically stated: “The False Claims Act…does not create liability for good-faith but mistaken beliefs that DEI programs comply with Federal law.” (Notably, this is the result we reached in our earlier analysis of this issue: “Where contractors are required already to comply with federal anti-discrimination laws, it seems likely that they hold a good faith belief that their DEI programs are consistent with, and not contrary, to those laws. We expect that the government will face significant hurdles in proving that contractors ‘knowingly’ engaged in ‘illegal’ DEI programs.”)
Key Takeaways for Federal Contractors

Expect to See the DEI Certification:

At the moment, only the Department of Labor is enjoined from asking its contractors and grantees to sign the DEI Certification requirement.

Confer with Counsel:

It is a good idea to confer with counsel about how to respond to the DEI Certification, particularly given that the certification language is not standard and can be customized by Contracting Officers.

DEI Programs Are Not Per Se Illegal:

Even in decisions denying relief to plaintiffs, courts are making clear that not all DEI programs and not all efforts to promote diversity are illegal. Signing the DEI Certification does not compel an entity to end all DEI activities—the certification only targets DEI efforts that are already illegal under existing, applicable antidiscrimination law.

Good Faith:

Contractors and grantees that act in good faith and have a good faith belief that their DEI programs comply with applicable antidiscrimination law may avoid liability under the FCA.

Conduct a Privileged Review of All Existing DEI Programs:

The DEI Certification covers all DEI programs that an entity operates, even those outside of an entity’s federally funded programs. Therefore, now is a good time for a comprehensive, privileged review of DEI programs to ensure they comport with current anti-discrimination laws. Evaluating these programs through the more critical lens of the current administration can identify any aspects that should be amended to mitigate misunderstanding and risk. This review can also help establish good faith belief in the truthfulness of the DEI certification.

States Shifting Focus on AI and Automated Decision-Making

Since January, the federal government has moved away from comprehensive legislation on artificial intelligence (AI) and adopted a more muted approach to federal privacy legislation (as compared to 2024’s tabled federal legislation). Meanwhile, state legislatures forge ahead – albeit more cautiously than in preceding years.
As we previously reported, the Colorado AI Act (COAIA) is set to go into effect on February 1, 2026. In signing the COAIA into law last year, Colorado Governor Jared Polis (D) issued a letter urging Congress to develop a “cohesive” national approach to AI regulation preempting the growing patchwork of state laws. In the letter, Governor Polis noted his concern that the COAIA’s complex regulatory regime may drive technology innovators away from Colorado. Eight months later, the Trump Administration announced its deregulatory approach to AI regulation making federal AI legislation unlikely. At that time, the Trump Administration seemed to consider existing laws – such as Title VI and Title VII of the Civil Rights Act and the Americans with Disabilities Act which prohibit unlawful discrimination – as sufficient to protect against AI harms. Three months later, a March 28th Memorandum issued by the federal Office of Management and Budget directs federal agencies to implement risk management programs designed for “managing risks from the use of AI, especially for safety-impacting and rights impacting AI.”
On April 28, two of the COAIA’s original sponsors, Senator Robert Rodriguz (D) and Representative Brianna Titone (D) introduced a set of amendments in the form of SB 25-318 (AIA Amendment). While the AIA Amendment seems targeted to address the concerns of Governor Polis, with the legislative session ending May 7, the Colorado legislature has only a few days left to act.
If the AIA Amendment passes and is approved by Governor Polis, the COAIA would be modified as follows:

The definition of “algorithmic discrimination” would be narrowed to mean only use of an AI system that results in violation of federal or Colorado’s state or local anti-discrimination laws.

The current definition is much broader – prohibiting any condition in which use of an AI system results in “unlawful differential treatment or impact that disfavors an individual or group of individuals on the basis of their actual or perceived age, color, disability, ethnicity, genetic information, limited proficiency in the English language, national origin, race, religion, reproductive health, sex, veteran status, or other classification protected under the laws of this state or federal law.” (Colo. Rev. Stat. § 6-1-1701(1).)

Obligations on developers, deployers and vendors that modify high-risk AI systems would be materially lessened.
An exception for a developer of an AI system offered with “open model weights” (i.e., placed in the public domain along with specified documentation), as long as the developer takes certain technical and administrative steps to prevent the AI system from making, or being a substantial factor in making, consequential decisions.
The duty of care imposed on a developer or deployer to use reasonable care to protect consumers from any known or foreseeable risks of algorithmic discrimination of a high-risk AI System would be removed.

This is a significant change from the focus on procedural risk reduction duties and away from a general duty to avoid harm.

Developer reporting obligations would be reduced.
Deployer risk assessment record-keeping obligations would be removed.
A deployer’s notice (transparency) requirements for a consumer who is subject to an adverse consequential decision from use of a high-risk AI system would be combined into a single notice.
An additional affirmative defense for violations that are “inadvertent”, affect fewer than 100,000 consumers and are not the result of negligence on the part of the developer, deployer or other party asserting the defense would be added
Effective dates would be extended to January 1, 2027, with some obligations pushed back to April 1, 2028, for a business employing fewer than 250 employees, and April 1, 2029, for a business employing fewer than 100 employees.

Even if the AIA Amendment is passed, COAIA will remain the most comprehensive U.S. law regulating commercial AI development and deployment. Nonetheless, the proposed AIA Amendment is one example of how the innovate-not-regulate mindset of the Trump Administration may be starting to filter down to state legislatures.
Another example: in March, Virginia Governor Glenn Yougkin (R) vetoed HB 2094, the High-Risk Artificial Intelligence Developer and Deployer Act, which was based on the COAIA, and a model bill developed by the Multistate AI Policymaker Working Group (MAP-WG), a coalition of lawmakers from 45 states. In a statement explaining his veto, Governo Youking noted that “HB 2094’s rigid framework fails to account for the rapidly evolving and fast-moving nature of the AI industry and puts an especially onerous burden on smaller firms and startups that lack large legal compliance departments.” Last year California Governor Gavin Newsom (D) vetoed SB 1047, which would have focused only on large-scale AI models, calling on the legislature to further explore comprehensive legislation and states that “[a] California-only approach may well be warranted – especially absent federal action by Congress.”
Meanwhile, on April 23, California Governor Newson warned the California Privacy Protection Agency (CPPA) (the administration agency that enforces the California Consumer Privacy Act (CCPA)) to reconsider its draft automated decision-making technology (“ADMT”) regulations to leave AI regulation to the legislature to consider. His letter echoes a letter from the California Legislature, chiding the CPPA for its lack of the authority “to regulate any AI (generative or otherwise) under Proposition 24 or any other body of law.” At its May 1st meeting, the CPPA Board considered and approved staff’s proposed changes to the ADMT draft regulations, which include deleting the definitions and mentions of “artificial intelligence” and “deep fakes.” The revised ADMT draft regulations also include these revisions (along others):

Deleting the definition “extensive profiling” (monitoring employees, students or publicly available spaces or use for behavioral advertising) and shifting focusing on use to make a significant decision about consumers. Reducing regulation of ADMT training. However, risk assessments would still be required for profiling based on systemic observation and training of ADMT to make significant decisions or to verify identity or for biological or physical profiling.
Streamlining the definition of ADMT to “mean any technology that processes personal information and uses computation to replace … or substantially replace human decision-making [which] means a business uses the technology output to make a decision without human involvement.”
Streamlining the definition significant decisions to remove decisions regarding “access to,” and limited to “provision or denial of” the following more narrow types of goods and services: “financial or lending services, housing, education enrollment or opportunities, employment or independent contracting opportunities or compensation, or healthcare services,” and clarifying that use for advertising is not a significant decision.
Deleting the obligation to conduct specific risk of error and discrimination evaluations for physical or biological identification or profiling, but the general risk assessment obligations were largely kept.
Pre-use notice obligations were streamlined.
Opt-out rights were limited to uses to make a significant decision.
Giving businesses until January 1, 2027, to comply with the ADMT regulations.

(A more detailed analysis of the CCPA’s rule making, including regulation unrelated to ADMT, will be posted soon.)
MAP-WG inspired bills also are under consideration by several other states, including California. Comprehensive AI legislation proposed in Texas, known as the Texas Responsible AI Governance Act, was recently substantially revised (HB 149) to shift the focus from commercial to government implementation of AI systems. (The Texas legislature has until June 2 to consider the reworked bill.) Other states have more narrowly tailored laws focused on Generative AI – such as the Utah Artificial Intelligence Policy Act which requires any business or individual that “uses, prompts, or otherwise causes [GenAI] to interact with a person” to “clearly and conspicuously disclose” that the person is interacting with GenAI (not a human) “if asked or prompted by the person” and, for persons in “regulated occupations” (generally, need a state license or certification), disclosure must “prominently” disclose that a consumer is interacting with generative AI in the provision of the regulated services.
What happens next in the state legislatures and how Congress may react is yet to be seen. Privacy World will keep you updated.

EEO-1 Reporting (Maybe) — Get Ready Nonetheless!!

On April 15, 2025, the Equal Employment Opportunity Commission (EEOC) sought approval of its 2024 EEO-1 Component 1 data collection. The EEOC’s new proposed 2024 EEO Component 1 Instruction Booklet (the “Booklet”) changes some reporting obligations for employers. If approved, employers will have from May 20, 2025, to June 24, 2025, to file their reports. Private employers with at least 100 employees must file the EEO-1 report annually. In addition, federal government contractors with 50 employees previously were required to file EEO-1 reports. What is less clear is whether government contractors with less than 100 employees will have to file their EEO-1 report. The EEOC’s proposed Instruction Booklet still requires federal contractors to file. The Booklet does not address whether President Trump’s Executive Order 14173, eliminating Executive Order 11246, changes these reporting obligations.
One major proposed change to the EEO-1 report is the removal of the option for employers to report employees who identify as nonbinary. Employers previously could report nonbinary employees in a separate comment box. If approved, that option would not be available. The instruction booklet does not require employers to collect or report pay data.
Next Steps
We will monitor whether the 2024 Instruction Booklet is approved. In the meantime, employers should collect data by employee job category, as well as by sex and race/ethnicity, now so they are ready to report in May or June.

Environmental Justice Update

Federal
In the first few months of the second Trump presidency, the Administration has taken steps to roll back environmental justice (EJ) considerations in federal decision making. This included a flurry of executive orders (EOs) issued in his first hours and days in office, which effectively rescinded all federal EJ initiatives. A more in-depth review of these EOs can be found here. The Trump Administration followed these EOs by moving to terminate the Environmental Protection Agency’s (EPA) Office of Environmental Justice and External Civil Rights (OEJECR) after placing 160 employees on paid administrative leave at the beginning of February.
On 5 February, the Department of Justice (DOJ) issued a memo implementing EO: Ending Illegal Discrimination and Restoring Merit-Based Opportunity. Specifically, Pam Bondi, the new US Attorney General, stated that by 15 March, each DOJ Department needed to submit a report including the following:

Confirming the termination, to the maximum extent allowed by law, of all DEI, DEIA, and “environmental justice” programs, offices, and positions;
Identifying agency or department DEI, DEIA, or “environmental justice” positions, committees, programs, services, activities, budgets, and expenditures in existence on 4 November 2024, and providing an assessment of whether these positions, committees, programs, services, activities, budgets, and expenditures have been misleadingly relabeled in an attempt to preserve their pre-November 4, 2024, function;
Identifying federal grantees who received federal funding to provide or advance DEI, DEIA, or “environmental justice” programs, services, or activities since 20 January 2021; and
Assessing the operational impact (e.g., the new of new DEI hires) and the cost of the prior administration’s DEI, DEIA, and “environmental justice” programs and policies.

In response, Senator Alex Padilla (D-CA) and Representative Nanette Diaz Barragan (D-CA) introduced the Empowering and Enforcing Environmental Justice Act, which would “permanently codify the Office of Environment Justice within [DOJ’s] Environment and Natural Resources Division (ENRD).” Meanwhile, the EPA (and the Department of Government Efficiency) announced the cancellation of nine contracts “related to DEI, environmental justice, and more” and the cancellation of an additional 20 grants as “the EPA puts a stop to wasteful DEI and environmental justice programs being funded by taxpayers.”
On 12 March 2025, EPA issued an internal memorandum announcing that it would shut down all EJ offices and officially end other EJ-related initiatives. Leading up to this announcement, the agency had taken down EJ-related tools such as EJScreen, an “open-source mapping and screening tool” that allowed the public to map “EJ Indexes” by combining metrics for environmental burdens with demographic indexes derived from US Census data on poverty and racial demographics.
States
Despite federal efforts to roll back Biden-era EJ initiatives, many states continue to focus on EJ. Importantly, states’ EJ laws will not be immediately impacted by the actions of the Trump administration; instead, it is expected the rollback of EJ at the federal level will likely encourage many states, particularly Democratically controlled states, to more aggressively enact and enforce EJ standards and policies. Below is a highlight of EJ updates on the state level.
Colorado
On 14 January 2025, Colorado announced the launch of its updated screening tool, “Colorado EnviroScreen 2.0.” The new EnviroScreen provides updated quantifiable measurements of combined environmental stressors, taking into account environmental exposures, environmental effects, climate vulnerability, sensitive populations, and demographics. Colorado’s EnviroScreen tool is used in a variety of contexts within the state’s regulatory programs, such as in oil and gas permitting actions. The launch of the updated tool is in tandem with the rollout of Colorado’s new tool known as the Disproportionately Impacted Communities Map, which highlights areas that meet criteria for disproportionately impacted communities, as defined by Colorado law. Permittees must include plans with their application materials that indicate whether the proposed operations are within disproportionately impacted communities, conduct outreach activities to disproportionately impacted communities, and identify potential impacts in the operators’ prepared cumulative impact evaluations for the oil and gas operators’ comprehensive area plans.
On 26 February 2025, the Colorado Department of Public Health and Environment held its final public meeting regarding the proposed Landfill Methane Rule and on 17 April 2025, the Colorado Air Quality Control Commission set a rulemaking hearing for August on the proposed rule.1 The proposed rule encompasses several modifications to landfill gas emissions requirements, to include earlier installation of gas collection and control systems than what federal requirements currently mandate, the inclusion of aerial monitoring and biofilters, and phasing out open flares. These modifications, in particular the phase out of open flares, are expected to have positive implications for protecting “fenceline” or EJ communities, that may otherwise be disproportionately impacted. However, even if the rule is adopted, its successful implementation remains tenuous, as Colorado was previously selected to receive from the EPA US$23 million in funding for the Air Pollution Control Division’s methane monitoring efforts, a grant that is now uncertain due to the Administration’s recent funding actions.
Illinois
On 24 March 2025, EPA’s OEJECR determined that the Illinois Environmental Protection Agency met its obligations under an Informal Resolution Agreement, dated 14 February 2024, which was issued to resolve allegations that Illinois EPA engaged in racial and national origin discrimination in its permitting process. This dispute arose following Illinois EPA’s approval of a construction permit that would have moved a scrap metal recycling facility from the Lincoln Park neighborhood of Chicago, a primarily white and wealthy area, to a low-income primarily minority community in southeast Chicago. The settlement required Illinois EPA to expand access to public participation across the full permitting lifecycle and affirmatively consider a permit applicant’s history of violations under the Illinois Environmental Protection Act and potentially implement permit restrictions based on same. On 13 January 2025, Illinois EPA notified OECRC that it had fulfilled its final obligations upon publishing a finalized Enhanced Public Participation Plan on its website.
In addition, following a yearslong battle with Illinois environmental public interest groups, the US Army Corps of Engineers recently announced it was rescinding a planned expansion of a toxic waste disposal site on the Southeast Side of Chicago, an overburdened EJ community. The proposed expansion along the Lake Michigan shoreline would have taken in an additional one million cubic yards of contaminated sediment dredged from the Calumet River. Opponents of the expansion said the area is already overburdened with toxic pollution, and they also cited the long-held promise of a lakefront park once the site was decommissioned. Leading up to withdrawing its plans, Illinois EPA sent a letter to the Corps in January stating that the expansion would violate state law, which prohibits construction or expansion of landfills in Cook County.
Maryland
On 7 February 2025, House Delegate Jazz Lewis introduced the CHERISH (Cumulative Harms to Environmental Restoration for Improving our Shared Health) Our Communities Act. The Act creates new permit application requirements for a broad spectrum of permits for “covered projects” issued by the Maryland Department of the Environment (MDE). Among other things, the bill requires a permit applicant for a covered project to submit an environmental impact analysis, and, under specified circumstances, an existing burden report with their permit application. The Act gives MDE authority to reject a permit application if it determines that the proposed project would cause or contribute to an increased potential for adverse environmental and public health impacts within a specified surrounding area. MDE may also grant conditions to a permit to reduce pollution impacts. The bill also expands the applicability of existing public participation requirements to projects identified as having an increased potential for adverse community environmental and public health impacts. Census tracts covered under the CHERISH Act are identified based on the Maryland EJ Screening tool.
New Jersey
Two appeals are pending before the Superior Court of New Jersey, Appellate Division, challenging many aspects of New Jersey’s first of its kind environmental justice rules (EJ Rules) published by the New Jersey Department of Environmental Protection (NJDEP) on 17 April 2023. These EJ Rules seek to implement Governor Murphy’s landmark environmental justice legislation, which was aimed at reducing pollution in historically overburdened communities that the Murphy administration says have been disproportionately impacted by environmental and public health stressors. The appeals challenge the EJ Rules as going beyond the scope of NJDEP’s statutory authority or as otherwise being arbitrary, capricious, and unreasonable. The appeals also challenge the EJ Rules and the Environmental Justice Mapping, Assessment and Protection Tool (EJMAP) on the grounds that they were promulgated in violation of the Administrative Procedure Act. The appeals are currently awaiting the scheduling of oral argument.
On 30 January 2025, the Department updated EJMAP, New Jersey’s tool that maps overburdened communities as defined by the EJ law and environmental and public health stressors impacting those communities. The updates incorporate new overburdened community determinations based on the 2023 American Community Survey and new stressor data made publicly available since the map’s previous release last year. Any permit application submitted on or after 31 January 2025 must use the new Overburdened Community/Adjacent Burden Group (OBC/ABG) and stressor data layers for analysis.
New Mexico
On 17 January 2025, the EPA OEJECR announced an investigation into civil rights violations by the City of Albuquerque, New Mexico in preventing the adoption of a pollutant-reducing rule. As one of the final actions of the Biden Administration, EPA took up a complaint alleging that the city council and county air quality control boards violated procedural state requirements in blocking a rule that would benefit an identified environmental justice community. Though the matter remains pending, it is unclear whether OEJECR will continue to investigate cases opened under the Biden administration or whether the substantial shift in EJ initiatives will impact EPA’s ability to investigate allegations of discrimination.
New York
On 29 January 2025, the New York State Department of Environmental Conservation (NYSDEC) announced the release of proposed amendments to the State Environmental Quality Review Act (SEQRA) regulations, to integrate EJ considerations into environmental reviews. These amendments, mandated by ECL Article 8, build upon what has become known as the Environmental Justice Siting Law (EJSL), signed by Governor Kathy Hochul on 31 December 2022.
EJSL mandates that EJ concerns be considered in environmental permitting decisions and the SEQRA review process. Specifically with respect to SEQRA, the EJSL requires the SEQR process to consider the “effects of any proposed action [subject to a determination of significance] on disadvantaged communities, including whether the action may cause or increase a disproportionate pollution burden on disadvantaged community” when making the determination of significance under SEQR (that is, the SEQR lead agency decision of whether to prepare or cause to be prepared an environmental impact statement). NYSDEC’s proposed regulations implement this requirement. The public comment period on the proposed amendments began on 29 January 2025, and NYSDEC will accept comments until 7 May 2025.
Pennsylvania
The Pennsylvania Department of Environmental Protection (PADEP) is working on a comment-response document for comments received on an Interim Final EJ Policy issued on 16 September 2023. The Interim Final EJ Policy is a significant modification and expansion of the Department’s prior EJ policy published in 2004. The policy impacts how and when major environmental permits are issued in Pennsylvania and also impacts enforcement of environmental laws in EJ areas. Unlike prior iterations of the policy, PADEP will determine whether an area constitutes an EJ area based on a weighted index of both environmental indicators and population characteristics. Permits covered by the policy will be analyzed for impacts to EJ areas and will be required to engage in additional outreach to local communities. Perhaps most interestingly, the Interim Final EJ Policy allows for enhanced civil penalties for violations that occur in EJ areas covered by the policy. PADEP will be using a mapping and screening tool known as “PennEnviroScreen” that identifies EJ communities using 32 environmental, health, and socioeconomic indicators. A more detailed update on the Interim Policy can be found here.
In addition, on 14 January 2025, State Rep. Greg Vitali (D-Delaware) introduced an EJ bill, H.B.109, which would require additional processes for permit applications in EJ areas—including the submittal of a cumulative environmental impact report and a more robust public hearing process—and would empower PADEP to “require additional conditions or mitigation measures” or “deny a permit application in an environmental justice area based on the cumulative environmental impacts.” The bill was most recently referred to the House Committee on Environmental and Natural Resource Protection.
Virginia
On 8 January 2025, Senator Lamont Bagby (D-14) introduced legislation, SB-1254, that would require municipalities with a population above 20,000 and counties above 100,000 to consider incorporating an EJ strategy into their comprehensive plans each time they are under review. EJ became codified in Virginia law in 2020 through the Virginia Environmental Justice Act, which makes it state policy to ensure that environmental justice is “carried out throughout the Commonwealth,” with a focus on low-income communities, communities of color, and especially those near major sources of pollution. A comprehensive plan is a policy document intended to set forth how a locality plans to grow and steer future development. Virginia law has required since 1980 that all local governments develop and adopt a comprehensive plan, and it also stipulates that the plans must be reviewed at least once every five years.
The bill provides that the locality’s strategy shall be to identify EJ and fenceline communities within the jurisdiction of the local planning commission and identify objectives and policies to reduce health risks, to promote civic engagement, and to prioritize improvements and programs that address the needs of environmental justice and fenceline communities, as those terms are defined by the bill. The bill passed both the House and Senate but was vetoed on 24 March 2025, the very last day for the Governor to act on legislation from the 2025 General Assembly session.
Conclusion
In light of these recent developments, the Trump Administration’s approach to EJ marks a significant shift from prior federal policies. Businesses, particularly those operating in overburdened communities, should closely monitor policy shifts and enforcement trends at both the federal and state levels. The firm has assembled a task force that is closely watching these developments and is ready to work with clients to understand how these and other changes may impact their businesses.
Footnotes

1 In April, the Department will submit the proposed rule to the Colorado Air Quality Control Commission.
Additional Authors: Abby Dinegar, Emily M. Poniatowski, and Brendan Lawlor

Navigating California’s New Regulations on Automated Decision-Making Tools

The California Civil Rights Department (CRD) has recently approved regulations under the Fair Employment and Housing Act (FEHA) to address discrimination in employment resulting from the use of automated decision-making systems, including artificial intelligence (AI) and algorithms. These regulations apply to all employers covered by the FEHA and will likely take effect in July, once they complete the final administrative process of approval by the Office of Administrative Law.
Definition of Automated Decision Systems
An automated decision system (ADS) is defined as a computational process that makes or assists in making decisions regarding employment benefits such as hiring, promotion, selection for training programs, or similar activities. An ADS can result from AI, machine learning, algorithms, statistics, or other data processing techniques. The definition of ADS does not include word processing software, spreadsheet software, or other commonly used software for day-to-day work.
Regulations Against Discrimination
Under these regulations, it is unlawful for an employer to use ADS or selection criteria that discriminate against applicants or employees based on protected categories defined under FEHA. Evidence of anti-bias testing of ADS or similar practices may support defenses against discrimination claims. Anti-bias testing involves evaluating automated decision-making systems to identify and mitigate biases that may lead to unfair or discriminatory outcomes, ensuring the system operates equitably across different demographic groups. However, methods of conducting anti-bias testing may vary depending on the ADS used.
Recordkeeping
The regulations require preserving ADS data and related records for four years from either the date of the data’s creation or the personnel action involved, whichever occurs later, similar to other types of personnel records and selection criteria. Other revisions include adding ADS to regulations in the definition of “application” or included in “recruitment activity.” Additionally, the regulations specify that using ADS for certain skill testing may necessitate providing reasonable accommodations for religious beliefs or disabilities, ensuring non-discriminatory practices.
Compliance for Employers
For employers in California, the regulations clarify that when using ADS for any aspect of employment, caution should be applied to avoid discrimination.

Executive Order Targets Accreditors That Impose DEI Requirements on Colleges

On April 23, 2025, President Donald Trump issued an executive order to stop accrediting organizations from including diversity, equity, and inclusion (DEI) requirements as part of accreditation standards.

Quick Hits

A new executive order aims to prevent accrediting organizations from requiring DEI practices for accreditation.
The executive order notes that accreditors are the gatekeepers that decide which colleges and universities students can spend their federal student loan money on.

The executive order, “Reforming Accreditation to Strengthen Higher Education,” aims to eliminate DEI requirements in standards of accreditation. Specifically, the order warns against DEI-based accreditation standards that require colleges to “share results on [DEI] in the context of their mission by considering … demographics … and resource allocation.” The order calls for accrediting organizations that require colleges to engage in DEI initiatives to be held accountable.
The order states that “[a]ccreditors routinely approve institutions that are low-quality” and “offer … a negative return on investment” for students. It calls on accreditors to assist colleges in “focus[ing] on delivering high-quality academic programs at a reasonable price.” It also warns that accreditors could face “denial, monitoring, suspension, or termination of accreditation recognition” for violating federal law, including by requiring schools to demonstrate DEI initiatives.
The executive order requires accreditors to mandate that colleges “use data on program-level student outcomes to improve … outcomes, without reference to race, ethnicity, or sex.”

The Courts Weigh in on OCR’s Title VI Guidance and the U.S. Department of Education’s Certification Requirements

On April 24, 2025, federal courts in New Hampshire, Maryland, and the District of Columbia weighed in on three separate challenges brought against the U.S. Department of Education’s February 14, 2025 Dear Colleague Letter (“DCL”), the March 1, 2025 Frequently Asked Questions (“FAQs”), and the April 24, 2025 Certification Requirement for states and public school districts (the “Certification”).
Hunton previously discussed the key takeaways from the DCL and the FAQs for institutions of higher education in our March 27, 2025 client alert, available here.
In three different challenges heard by three different federal courts, the courts overall found in favor of the organizational plaintiffs based on Fifth Amendment vagueness claims, First Amendment claims, and Administrative Procedure Act claims. The result is that the U.S. Department of Education’s enforcement of compliance with Title VI based on the DCL, FAQs, and the Certification is currently halted across the United States.
The individual cases are summarized as follows:

In National Education Association v. U.S. Department of Education (D.N.H.) (1:25-cv-00091-LM), the named plaintiffs included the National Education Association (NEA) and NEA’s affiliate in New Hampshire (NEA-NH) and the Center for Black Educator. In this case, the Court granted a preliminary injunction halting enforcement of the DCL – but not a nationwide injunction. Rather, the preliminary injunction applies to the named plaintiffs and “entities receiving federal funding that employee or contract with plaintiffs or plaintiffs’ members.” The NEA, according to its website has more than 3 million members, in school districts across the country,
In American Federation of Teachers v. U.S. Department of Education (D. Md.) (Case No. 1:25-cv-00628-SAG), the American Federation of Teachers (AFT) and AFT’s affiliate in Maryland (AFT-MD), the American Sociological Association, and Eugene School District 4J brought suit against the U.S. Department of Education. In this case, Court stayed the enforcement of the DCL pending further court resolution, but did not enjoin the FAQs. The court explained that the U.S. Department of Education can only pursue Title VI enforcement actions “consistent with long-standing principles and the dictates of SFFA” (referring to the Supreme Court’s decision prohibiting considerations of race in college admissions in Supreme Court v. Harvard, 600 U.S. 181 (2023)). The Court further explained that assuming the Certification is considered “an implementation of the [Dear Colleague] Letter, it would of course be improper for the government to initiate enforcement based on a stayed policy, through [this] certification or otherwise.” The Court was clear that these remedies were not limited to just the parties in this case, but apply nationwide.
In NAACP v. U.S. Department of Education (D.D.C.) (Case No. 1:25-cv-01120), the Court enjoined the U.S. Department of Education from implementing and enforcing the Certification on a nationwide basis. Specifically, the Court prohibited the U.S. Department of Education from:

“requir[ing] any entity or individual subject to the Certification to make any ‘certification’ or other representation or assurance pursuant to the Certification.”
“impos[ing] any consequences on any entity or individual subject to the Certification for failing to submit a Certification.”
“initiat[ing] any enforcement action, including, but not limited to, a False Claims Act suit, against any entity or individual which has already submitted a Certification, arising out of any representation made or assurance given by such entity or individual in complying with the Certification.”

The combined effect of these three decisions limits – at least for now – U.S. Department of Education’s ability to enforce any reading of Title VI and its implementing regulations beyond established law. This includes enforcement related to DEI programs and initiatives.
However, as of April 28, 2025, all of these enjoined or stayed documents remain on OCR’s Policy Guidance webpage, available here.

Beltway Buzz, May 2, 2025

The Beltway Buzz™ is a weekly update summarizing labor and employment news from inside the Beltway and clarifying how what’s happening in Washington, D.C., could impact your business.

100 Days of the Trump Administration 2.0. April 29, 2025, marked the one hundredth day of President Trump’s second term of office. Set forth below are the key labor and employment policy changes that have occurred thus far.
Diversity, Equity, and Inclusion

Through various executive orders, the Trump administration has upended the diversity, equity, and inclusion (DEI) landscape, both within the federal government and for private-sector employers. These directives are still subject to multiple legal challenges and expected further action from U.S. Attorney General Pam Bondi. As noted in further detail below, the U.S. Equal Employment Opportunity Commission (EEOC) and the Office of Federal Contract Compliance Programs (OFCCP) will be focusing on this issue as well. In Congress, the Buzz is monitoring the status of the Dismantle DEI Act. Additionally, President Trump issued an executive order instructing all federal agencies to “deprioritize enforcement of all statutes and regulations to the extent they include disparate-impact liability,” which allows for a finding of discrimination if an otherwise neutral employment policy or practice results in an adverse impact on a protected class.

Other Executive Orders

Nondisplacement of federal contractor employees. President Trump rescinded Executive Order 14055, which obligated successor federal contractors to make job offers to workers employed under predecessor contracts. As the Buzz has noted, this is a policy shift that has been ping-ponging across administrations for thirty years.
Minimum wage. President Trump rescinded an executive order issued by President Biden in 2021 that increased the minimum wage for employees of federal contractors to $15 per hour (which was set at $17.75 per hour at the beginning of 2025 as a result of annual increase provisions contained in the Biden executive order).
“Good Jobs” executive order. President Trump rescinded President Biden’s “Good Jobs” executive order, which encouraged federal agencies to require potential contractors to adhere to certain labor and employment standards, such as project labor agreements, prevailing wages, and paid leave.

Changes to Rulemaking Processes

State Department extends “foreign affairs” rulemaking exemption governmentwide. Secretary of State Marco Rubio issued a notice concluding that any federal agency rulemaking addressing “the status, entry, and exit of people, and the transfer of goods, services, data, technology, and other items across the borders of the United States” is subject to the “foreign affairs” exemption of the Administrative Procedure Act (APA), meaning that the rule does not have to go through the public notice and comment process.
Directing the repeal of unlawful regulations. President Trump has instructed all federal agencies to repeal any regulation “that clearly exceeds the agency’s statutory authority or is otherwise unlawful” by proceeding under the “good cause” exemption of the APA, which also avoids the public notice and comment process.

U.S. Department of Labor (DOL)

Personnel. The confirmations of Secretary of Labor Lori Chavez-DeRemer and Deputy Secretary of Labor Keith Sonderling are important steps towards reversing the Biden-era DOL enforcement and regulatory agendas. Though without confirmed leaders of the Wage and Hour Division and the Occupational Safety and Health Administration (OSHA), it remains unclear as to how the administration will handle the overtime, independent contractor, and walkaround regulations (which are all subject to legal challenges), as well as OSHA’s heat illness prevention proposal.
OFCCP gutted. President Trump revoked President Lyndon Johnson’s Executive Order 11246 (a nearly sixty-year-old order that established affirmative action requirements for federal contractors), thus gutting OFCCP (though contractors still have ongoing obligations regarding the recruitment and hiring of veterans and individuals with disabilities). Although it is being reported that OFCCP will reduce its staff by approximately 90 percent, a new director has been appointed, and she has indicated that the agency will review data that has already been submitted by federal contractors for evidence of discrimination related to employer DEI efforts.

National Labor Relations Board (NLRB)

Personnel. As expected, President Trump fired NLRB General Counsel Jennifer Abruzzo shortly into his administration. What was perhaps not expected was that President Trump dismissed NLRB Member Gwynne Wilcox (while allowing Wilcox’s fellow Democratic member of the Board, David Prouty, to remain). Trump’s ouster of Wilcox—which she subsequently challenged in federal court—will test his theory that the National Labor Relations Act’s restrictions on removing Board members are unconstitutional. Ultimately, the Supreme Court of the United States will rule on this issue, which will likely have ramifications, not just for the Board, but for other independent federal commissions and boards.
The Board lacks a quorum. While we wait for the confirmation of a new general counsel and new Board members, the Board cannot operate with just Prouty and Chair Marvin Kaplan. Thus, the employer community is still operating under policies established by the Board over the last four years, which include card-check organizing, limitations on employer speech, expanded remedies, and ambush elections, among others.

Federal Mediation and Conciliation Service (FMCS)

Like OFCCP, FMCS—which was reportedly involved in several spending scandals in recent years—is now down to a skeleton crew of employees. Many labor practitioners found the agency helpful in resolving labor disputes.

U.S. Equal Employment Opportunity Commission

Personnel. President Trump dismissed commissioners Jocelyn Samuels and Charlotte Burrows, and he appointed Republican commissioner Andrea Lucas to serve as the EEOC’s acting chair. President Trump also fired the EEOC’s general counsel, Karla Gilbride. Andrew Rogers is currently serving as acting general counsel of the EEOC. President Trump has nominated Rogers to lead the DOL’s Wage and Hour Division.
DEI. Acting Chair Lucas is operating the Commission in conjunction with the administration’s focus on DEI. To that end, the Commission has issued two technical assistance documents addressing what the Commission—and the administration—believe to be unlawful DEI practices.
No quorum, no votes. With only Commissioner Andrea Lucas and Commissioner Kalpana Kotagal remaining on the EEOC, the Commission lacks a functioning quorum. This means that Acting Chair Lucas will not be able to make changes to the regulations implementing the Pregnant Workers Fairness Act, as well as the Commission’s guidance on sexual harassment. Further, with Lucas at the helm, employers can feel confident that the Commission will not pursue any effort to collect salary data from employers.

Immigration

Immigration has clearly been a top priority for the administration, with much of the focus on the southern border, deportation, and attempts to limit or terminate humanitarian parole programs (such as Temporary Protected Status for Venezuela and the Cuba, Haiti, Nicaragua, and Venezuela (CHNV) parole program). There is also the administration’s effort to eliminate birthright citizenship and the implementation of a registration requirement for non-citizens. While these actions certainly have an impact on the workplace, at least thus far, employment-based immigration policy changes have largely been pushed to the back burner. For example, H-1B “cap season” proceeded without any significant changes, and no travel bans have been implemented.

Zachary V. Zagger and Leah J. Shepherd have a full recap of the first one hundred days of the Trump administration. Be sure to keep an eye open for the Spring Regulatory Agenda, which will provide a forecast of where the administration wants to go on the regulatory front. In his first administration, President Trump’s first Regulatory Agenda was issued on July 17, 2017.
Republican Lawmakers Introduce Joint-Employer Legislation. The legislative proposal to provide employers with a clear joint-employer standard based on direct and immediate control has been on our radar for many years now. The bill is unlikely to clear the sixty-vote legislative filibuster hurdle in the U.S. Senate.
Remaining OSHRC Commissioner Retires. Cynthia Attwood, chair and sole remaining commissioner of the Occupational Safety and Health Review Commission (OSHRC), retired upon the expiration of her term on April 27, 2025. This means that there are no confirmed commissioners at OSHRC, which hears appeals of the workplace safety citations OSHA issues to employers. As the Buzz has discussed, OSHRC has been without a quorum since April 2023. Now, two commissioners will need to be confirmed in order for OSHRC to get up and running. In March 2025, President Trump nominated DOL veteran Jonathan Snare to serve as commissioner.
RIP, Secretary of Labor Herman. Alexis M. Herman, the first African American to serve as U.S. secretary of labor, died on April 25, 2025, at the age of seventy-seven. Herman served as labor secretary from 1997 to 2001 during President Clinton’s second term of office. Prior to her service as secretary of labor, Herman served as the director of the DOL’s Women’s Bureau (at just twenty-nine years old, she was the youngest person to serve in the role) and director of the White House Office of Public Liaison during President Clinton’s first term. As secretary of labor, Herman is remembered, in part, for having played a substantial role in settling a nationwide strike of a package-delivery company.

McDermott+ Check-Up: May 2, 2025

THIS WEEK’S DOSE

House Committees Begin Reconciliation Markups. Non-health-related committees moved forward this week, with the House Energy and Commerce Committee tentatively scheduled to mark up its legislative text in the coming weeks.
House Energy and Commerce Committee Advances Health Bills. The bills include the SUPPORT Act reauthorization and other public health legislation.
Senate Appropriations Committee Examines Biomedical Research. Senators voiced broad bipartisan support for federal research funding.
House Oversight and Government Reform Subcommittee on Cybersecurity, IT, and Government Innovation Holds Hearing on IT Modernization. The hearing examined how information technology (IT) modernization could impact the efficiency and functionality of the federal government.
Administration Releases FY 2026 “Skinny” President’s Budget. The fiscal year (FY) 2026 budget request is abbreviated, or “skinny,” which is common in a new administration and will be followed by a full budget request at a later date.
Administration Publishes Report on Gender-Affirming Care. The report outlines action taken to comply with an executive order and was followed by a published review of evidence for the treatment of gender dysphoria and the associated ethical considerations.
SCOTUS Rules Against DSH Hospitals. The Supreme Court of the United States (SCOTUS) sided with the administration in a challenge to how Medicare disproportionate share hospital (DSH) payments are calculated.

CONGRESS

House Committees Begin Reconciliation Markups. Multiple committees in the House – although none in the healthcare space – advanced their “committee prints” this week, which include the provisions within their jurisdiction for the House’s budget reconciliation package. This process will continue into the week of May 12, when the House Energy and Commerce Committee is tentatively scheduled to hold its markup to finalize the $880 billion in savings across Medicaid, the Children’s Health Insurance Program, and Medicare. The Ways and Means Committee is also signaling that it may be ready to move a tax package forward the same week.
Several Republicans representing competitive seats have been discussing with committee and House Republican leadership their concerns about policies that they perceive as cutting Medicaid. Rep. Bacon (R-NE) has publicly stated that he will not support more than $500 billion in Medicaid savings. The components most widely expected to be included in the Energy and Commerce Medicaid package include work requirements, more stringent and frequent eligibility verifications, and repeal of Biden-era Medicaid eligibility regulations. In recent days, focus also has been on Medicaid provider tax changes and potentially converting the Medicaid expansion population to a per capita cap. The challenge facing Energy and Commerce is the need to get to $880 billion in savings across its jurisdiction. While the committee is expected to get some savings out of energy policy changes and spectrum auction, Medicaid is its largest target. Meanwhile, Energy and Commerce Democrats released a report showing how many individuals would lose coverage if national work requirements were implemented.
Once all House committees have passed their packages, the House Budget Committee will combine the legislative texts and vote on the entire package, followed by a vote on the House floor. (Note that the Budget Committee’s package does not need to directly resemble the packages passed out of each committee.) Then, it will be the Senate’s turn to act. Speaker Johnson’s (R-LA) goal is for the House to pass the package before Memorial Day, and to have it signed into law by July 4, 2025, although that timeline is not guaranteed. The biggest factor that would enforce a real deadline is if the US Department of the Treasury were to announce an earlier date than anticipated for the United States hitting the debt ceiling. That pronouncement was expected this week but appears to have slipped. There is no indication that the date will be earlier than late summer or early fall. This is directly relevant to reconciliation because Republicans hope to address the debt limit increase as part of that process.
House Energy and Commerce Committee Advances Health Bills. This week’s markup considered six pieces of healthcare legislation largely related to public health. All passed with broad bipartisan support, although two had some Democratic pushback:

H.R. 2483, the SUPPORT Reauthorization Act of 2025, would reauthorize certain programs that provide for opioid use disorder prevention, treatment, and recovery.

The bill passed 36 – 13. All Republicans voted aye. Democrats were almost evenly split, with opponents citing concerns about workforce cuts at the Substance Abuse and Mental Health Services Administration, the agency responsible for administering the legislation’s programs.

H.R. 2484, the Seniors’ Access to Critical Medications Act of 2025, would establish an exception to the physician self-referral prohibition for certain outpatient prescription drugs furnished by a physician practice under the Medicare program.

The bill passed 38 – 7. All Republicans and most Democrats voted aye. The seven Democrats who voted against the bill stated their concerns that the policy would increase healthcare consolidation.

For more information about the bills, view the markup memo.
Senate Appropriations Committee Examines Biomedical Research. During the hearing, members from both parties voiced their support for biomedical research. Democrats expressed concern over the implications of federal cuts and mass firings on future research, and Republicans acknowledged the importance of federal funding for lifesaving research.
House Oversight and Government Reform Subcommittee on Cybersecurity, IT, and Government Innovation Holds Hearing on IT Modernization. During the hearing, Democrats emphasized the essential role of a qualified modern IT workforce for the security, efficiency, and effectiveness of federal systems, and highlighted the negative impacts of replacing federal workers with artificial intelligence. Republicans focused on identifying the biggest barriers to change, such as procurement requirements, hiring processes, budget limitations, and bureaucratic hurdles. They stressed the importance of modernizing federal IT to improve overall government efficiency.
ADMINISTRATION

Administration Releases FY 2026 “Skinny” President’s Budget. The abbreviated budget request only includes discretionary items and, ultimately, is a document that sets forth the administration’s policy priorities. While the budget request is expected to provide guidance to Congress as it begins the FY 2026 appropriations process, the priorities and funding levels included in the document will not necessarily be the final levels that are approved by Congress. The budget requests a 22% cut to domestic spending overall, including large cuts to the US Department of Health and Human Services (HHS). Health-related highlights include:

$93.8 billion for HHS, a 26.2% decrease from the FY 2025 level of $127 billion. This includes cuts to various agencies, such as:

$3.6 billion from the Centers for Disease Control and Prevention
$18 billion from the National Institutes of Health
$674 million from the Centers for Medicare & Medicaid Services (CMS)

$500 million to support the Making American Healthy Again Commission.
The full elimination of several programs, including the Administration for Strategic Preparedness and Response Hospital Preparedness Program and the Community Services Block Grant.

The administration also released other facts sheets and supporting documents here.
Administration Publishes Report on Gender-Affirming Care. The report provides updates on actions taken by the administration to implement executive order (EO) 14187, “Protecting Children from Chemical and Surgical Mutilation.” Cited actions include:

HHS:

Began work on the required literature review of best practices to treat children with gender dysphoria. The report was also published this week.
Began reviewing data tools to ensure that federal data collection aligns with the administration’s definition of medically useful information.
Eliminated 215 grants to medical institutions that provide gender-affirming care.

CMS issued a quality and safety special alert memo entitled “Protecting Children from Chemical and Surgical Mutilation.”
The US Department of Defense and Office of Personnel Management have taken steps to exclude coverage of gender-affirming care for minors.
The US Department of Justice:

Prepared guidance to enforce laws outlawing female genital mutilation.
Initiated investigations of multiple entities that allegedly misled the public about long-term side effects of gender-affirming care.
Drafted and submitted for review legislation creating a private right of action for children who have received gender-affirming care and their parents.
Prepared to establish a Parental Rights Task Force.

COURTS

SCOTUS Rules Against DSH Hospitals. The 7 – 2 ruling sided with HHS in a case about how DSH payments are calculated. CMS only counts Medicare enrollees who received supplemental security income (SSI) cash payments during the same month they received hospital care as low-income patients for the purposes of DSH payment. The plaintiff hospitals argued that CMS should include all patients in the SSI system at the time of their hospitalization. SCOTUS found that CMS’s formula was adequate, meaning that DSH hospitals will receive lower payments than they believe they are entitled to.
QUICK HITS

Ways and Means Republicans Outline Priorities for CMS Innovation Center. In a letter led by House Ways and Means Committee Chair Smith (R-MO) and Health Subcommittee Chair Buchanan (R-FL), 25 Republican committee members asked CMS Administrator Oz and CMS Innovation Center Director Sutton to focus on payment models that save money and improve transparency, ensure solicitation of stakeholder feedback, and renew attention on improving rural healthcare.
CBO Explains Its Role in Budget Reconciliation Process. In a blog post and a letter to Reps. Pfluger (R-TX) and Westerman (R-AR), the Congressional Budget Office (CBO) outlined how it develops cost estimates during reconciliation and how CBO and the Joint Committee on Taxation collaborate during that process.
ASTP/ONC Takes Deregulation Actions. The Assistant Secretary for Technology Policy/Office of the National Coordinator for Health IT (ASTP/ONC) clarified that it is using its nonenforcement discretion in relation to insights condition and maintenance of certification reporting requirements and USCDI v3 data elements related to sexual orientation and gender identity.
HHS Announces Universal Vaccine Technology. Generation Gold Standard was developed by the National Institute of Allergy and Infectious Diseases and aims to protect against multiple strains of the same virus, including influenza and coronaviruses.
GAO Releases Reports on Prescription Drugs. In a statutorily required report, the US Government Accountability Office (GAO) described CMS’s implementation of the Inflation Reduction Act Medicare drug negotiation program and inflation rebate program. An additional report included findings on the market presence of nonprofit drug companies.
GAO Releases Additional Reports on Human Genomic Data, Nursing Homes. GAO urged HHS to systemically track the use of foreign testing labs and strengthen oversight of security measures, and recommended that the US Department of Veterans Affairs identify additional enforcement actions to ensure that nursing homes comply with quality standards.
Senators Introduce Resolution to Reinstate Richardson Waiver. Sens. Wyden (D-OR), Markey (D-MA), and King (I-ME) led 16 senators in introducing a resolution to reinstate the Richardson Waiver, which directed government agencies to use the more formal rulemaking process for rules regarding “public property, loans, grants, benefits, or contracts.” In February, HHS issued a policy statement rescinding the waiver. Read the senators’ press release here.

NEXT WEEK’S DIAGNOSIS

Both chambers will be in session next week, with healthcare activity expected at the committee level, including:

A House Oversight and Government Reform Committee hearing on the welfare state.
Senate Finance Committee and Senate Health, Education, Labor, and Pensions (HELP) Committee nomination hearings for James O’Neill to be deputy HHS secretary (both committees), Gary Andres to be an assistant HHS secretary (Finance Committee), and Janette Nesheiwat to serve as Medical Director in the Regular Corps of the Public Health Service and Surgeon General of the Public Health Service (HELP Committee).

The House Energy and Commerce Committee will tentatively hold a markup of their reconciliation package the week of May 12.

OCR Reaches Settlement with Health Care Network Health Over HIPAA Violations Stemming from Phishing Attack

On April 23, 2025, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced a HIPAA enforcement action against PIH Health, Inc. (“PIH”), a California-based health care network, following a phishing attack that exposed patients’ electronic protected health information (“ePHI”). The settlement highlights OCR’s continued focus on ensuring that covered entities implement robust security programs capable of identifying and mitigating threats to ePHI.
The investigation stemmed from a breach report submitted by PIH in January 2020, which disclosed that in June 2019, a phishing attack had compromised the email accounts of 45 employees. The attack resulted in the unauthorized disclosure of unsecured ePHI belonging to 189,763 individuals, including names, addresses, dates of birth, driver’s license numbers, Social Security numbers, medical diagnoses, lab results, medications, treatment and claims information, and financial data.
OCR’s investigation uncovered multiple potential violations of the HIPAA Privacy, Security and Breach Notification Rules, including PIH’s failure to (1) use or disclose PHI as required by the Privacy Rule, (2) conduct an accurate and thorough risk analysis of security vulnerabilities affecting ePHI, and (3) provide timely breach notification to affected individuals, HHS, and the media.
To resolve the matter, PIH agreed to a $600,000 monetary settlement and to implement a two-year corrective action plan. Under the corrective action plan, PIH is required to conduct a comprehensive HIPAA risk analysis, develop and implement a risk management plan to address identified vulnerabilities, revise and maintain HIPAA-compliant policies and procedures, and provide workforce training on HIPAA requirements for safeguarding PHI.
This enforcement action underscores OCR’s expectation that covered entities proactively assess and strengthen their HIPAA compliance programs to address evolving cybersecurity threats such as phishing attacks. It also follows two recent additional settlements announced by OCR involving failures to implement basic safeguards under the HIPAA Security Rule, reinforcing the agency’s continued emphasis on holding regulated entities accountable for cybersecurity-related compliance lapses.

New Executive Order Seeks To Eliminate Disparate Impact Liability

Key Takeaways

Disparate impact liability holds employers accountable for policies that appear neutral, but disproportionately harm a protected group, even without discriminatory intent.
This EO significantly reduces federal agency enforcement of disparate impact claims, but importantly, does not impact the risk of a class or individual claim under federal or state laws.
Businesses should continue to review hiring and promotion policies for unintentional bias, ensure compliance with federal law and any applicable state laws, and await updated federal guidance from the EEOC.

On April 23, 2025, President Trump issued an Executive Order entitled “Restoring Equality of Opportunity and Meritocracy” (“EO”) mandating the elimination of disparate impact liability within Title VI and VII of the Civil Rights Act of 1964. The EO further emphasizes the importance and focus of this administration on the concept of equal employment opportunity.
Disparate impact liability is a means by which employers can be held liable for discrimination when their facially neutral policies or practices result in a disproportionate adverse impact on a protected class. This theory of liability was recognized by the Supreme Court in 1971 in the case of Griggs v. Duke Power Co., and was later codified by Congress in the Civil Rights Act of 1991.
This EO seeks to eliminate the use of this theory of liability to the “maximum degree possible”. To effectuate this goal, the order takes several key steps. First, it revokes several former presidential actions that approved of disparate impact liability. Second, it directs all agencies to deprioritize enforcement of statutes and regulations to the extent that they include disparate impact liability.
This order directs the Attorney General to initiate appropriate action to repeal or amend the implementing regulations for Title VI of the Civil Rights Act of 1964 for all agencies to the extent they contemplate disparate-impact liability. In addition, within 30 days of the date of the EO, the Attorney General is to report to the President, in coordination with the chairs of all other agencies, all existing regulations, guidance, rules, or orders that impose disparate impact liability and detail steps for their amendment or repeal.
This EO also directs the Attorney General and EEOC Chair to assess all pending investigations, civil suits, or positions taken in ongoing matters that rely on a theory of disparate impact liability and to take appropriate action consistent with this EO. Further, the Attorney General is to determine whether Federal Authority preempts State laws that impose disparate impact liability.
Finally, the EO directs the Attorney General and the EEOC Chair to issue guidance or technical assistance to employers regarding appropriate methods to promote equal access to employment regardless of whether an applicant has a college education, where appropriate.
Practically, this EO signals a continued shift in enforcement at the EEOC. It seems unlikely the EEOC will bring any new litigation relying on disparate impact. However, a private right of action for disparate impact still exists under the precedent of Griggs and similar cases, allowing employees to bring claims of discrimination relying on a disparate impact theory. Moreover, state laws may also provide for disparate impact liability.