Criminal Health Care Fraud Enforcement: Projections for 2025 and Beyond [Podcast]

Since Pam Bondi was appointed U.S. Attorney General, we’ve seen notable shifts in the U.S. Department of Justice’s (DOJ’s) criminal enforcement priorities.
How significant are some of these changes, and how might they affect your health care organization as we progress through 2025 and beyond?
On this episode, Epstein Becker Green attorneys Sarah Hall, Melissa Jampol, Thomas Jaworski, and Richard Westling discuss what to expect from criminal health care fraud enforcement under Attorney General Bondi’s leadership and how it may impact the health care industry.

Court Sides with RICO Complainant Who Received Tainted Medical Marijuana and with FDA on Regulating E-Cigarettes – SCOTUS Today

The Racketeer Influenced and Corrupt Organizations Act (RICO) allows any person “injured in his business or property by reason of” racketeering activity to bring a civil suit for damages. 18 U. S. C. §1964(c). However, the statute forbids suits based on “personal injuries.” But are economic harms resulting from personal injuries “injuries to ‘business or property?’”
Yesterday, in Medical Marijuana, Inc. v. Horn, the U.S. Supreme Court, in a 5–4 opinion written by Justice Barrett and joined by Justices Kagan, Sotomayor, Gorsuch, and Jackson, answered that question in the affirmative. Justices Thomas and Kavanaugh wrote dissenting opinions, the latter joined by the Chief Justice and Justice Alito.
Attempting to alleviate his chronic pain, Douglas Horn purchased and began taking “Dixie X,” advertised as a tetrahydrocannabinol-free (“THC-free”), non-psychoactive cannabidiol tincture produced by Medical Marijuana, Inc. However, when his employer later subjected him to a random drug test, Horn tested positive for THC. When Horn refused to participate in a substance abuse program, he was fired. Horn then brought his RICO suit.
The U.S. Court of Appeals for the Second Circuit, reversing the U.S. District Court for the Western District of New York, held that Horn had been “injured in his business” when he lost his job and rejecting the “antecedent-personal-injury bar,” which several circuits had adopted to exclude business or property losses that derive from a personal injury. Affirming the Second Circuit, the Supreme Court held that the civil RICO statute did not categorically bar that form of recovery.
Interestingly (and the subject of the dissents, particularly that of Justice Thomas, who asserted that cert. had been improvidently granted), the Court did not address issues deemed outside of the question presented, including whether Horn suffered a personal injury when he consumed THC, whether the term “business” encompasses all aspects of “employment,” and what “injured in his . . . property” means for purposes of §1964(c). Thus, the majority opinion encompasses several assumptions, the verification of which will be the subject of the Court’s ultimate remand to the Second Circuit.
The essence of the opinion is derived from the dictionary, and a debate over how its definitions should be read informs the split among the Justices. Justice Barrett’s majority opinion starts with the American Heritage Dictionary and the “ordinary meaning of ‘injure’”: to “cause harm or damage to” or to “hurt.” While the statute precludes recovery for injury to the person, its business or property requirement operates with respect to the kinds of harm for which the plaintiff can recover, not the cause of the harm for which he seeks relief. For example, a gas station owner beaten in a robbery cannot recover for his pain and suffering. But if injuries from the robbery force him to shut his doors, he can recover for the loss of his business. A plaintiff can seek damages for business or property loss, in other words, regardless of whether the loss resulted from a personal injury.
Rejecting Medical Marijuana’s (and the dissenters’) view of what “business or property” should mean under RICO, Justice Barrett, in a delightfully written paragraph, remarks that:
Medical Marijuana tries valiantly to engineer a rule that yields its preferred outcomes. (Civil RICO should permit suit against Tony Soprano, but not against an ordinary tortfeasor.) But its textual hook—the word “injured”—does not give it enough to go on. When all is said and done, Medical Marijuana is left fighting the most natural interpretation of the text—that “injured” means “harmed”—with no plausible alternative in hand. That is a battle it cannot win.
It didn’t.
With respect to the remand, Justice Barrett noted that RICO’s “direct relationship” requirement is a constraint on civil RICO claims and, given the complications in the factual underpinnings of the case, that requirement might prove to be an insurmountable barrier to Horn’s succeeding. Horn himself “concedes that he faces ‘a heavy burden on remand.'”
The second case decided yesterday shows that if the Court is indeed going to be unanimous, it will not be succinct. Justice Alito’s 46-page discourse on behalf of a unanimous Court in Food and Drug Administration v. Wages and White Lion Investments, L.L.C. proves that point. I shall argue that Justice Alito’s lengthy opinion indirectly provides much useful guidance to patients, providers, and payers with respect to likely challenges to administrative actions, especially in the health care space, in the current Trump administration.
The issue in the case concerned whether the FDA lawfully denied respondents authorization to market certain electronic nicotine-delivery system products, known as electronic cigarettes, “e-cigarettes,” or “vapes.” These products come in a variety of flavors that particularly appeal to young people, and they pose unique risks. While the FDA has always had authority to determine whether a manufacturer could market a new drug, the FDA gained particular jurisdiction to regulate tobacco products under the Family Smoking Prevention and Tobacco Control Act of 2009 (TCA). The TCA barred the FDA from banning all regulated tobacco products outright, but it blocked marketing any “new tobacco product” without FDA authorization. The TCA requires the FDA to deny such an application unless an applicant shows that its product “would be appropriate for the protection of the public health.” To determine this, the FDA must consider, among other things, “the risks and benefits to the population as a whole.” 
The respondents in the case had petitioned for judicial review of the FDA’s denial orders under the Administrative Procedure Act (APA). The Fifth Circuit, sitting en banc, held that the “FDA had acted arbitrarily and capriciously by applying application standards different from those articulated in its predecisional guidance documents regarding scientific evidence, cross-flavor comparisons, and device type. The court expressed particular concern about the FDA’s failure to review marketing plans it previously deemed critical. It also rejected the FDA’s argument that any errors were harmless.”
Reversing the Fifth Circuit, the Supreme Court first declined to reach the argument that the FDA erred in evaluating the respondents’ applications under standards developed in adjudication rather than standards promulgated in notice-and-comment rulemaking. Instead, the Court concluded that the denial orders were sufficiently consistent with the FDA’s predecisional guidance—as to scientific evidence, comparative efficacy, and device type—and thus did not run afoul of the so-called “change-in-position doctrine,” which provides that “[a]gencies are free to change their existing policies as long as they provide a reasoned explanation for the change,” “display awareness that [they are] changing position,” and consider “serious reliance interests.”
This doctrine asks whether an agency changed existing policy and, if so, whether it displayed awareness of the change and offered good reasons for it. Here, the new policy that led to the rejection of the respondents’ applications was “sufficiently consistent” with the agency’s predecisional guidance regarding scientific evidence. It was also consistent with the TCA’s provision that “well-controlled investigations” or other “valid scientific evidence,” if found “sufficient,” may support a finding that a new tobacco product is “appropriate for the public health.”
However, there was still a “harmless error” issue for the Court to decide. And that related to the Fifth Circuit’s rejection of the FDA’s claim of harmless error regarding the agency’s change of position on marketing plans. The FDA did not dispute that despite assuring manufacturers that marketing plans would be “critical” to their applications, it ultimately did not consider the respondents’ marketing plans. The FDA argued that this was harmless because it had issued denials to manufacturers other than the respondents that were based upon marketing plans indistinguishable from those of the respondents. While the Fifth Circuit applied an incorrect standard of review under governing precedents, doing it correctly “presents a difficult problem, requiring reconciliation of the so-called remand rule developed in SEC v. Chenery Corp., 318 U. S. 80, 88, 93–95, with the APA’s instruction that reviewing courts must take ‘due account’ of ‘the rule of prejudicial error’ that ‘ordinarily appl[ies] in civil cases,’ Shinseki v. Sanders, 556 U. S. 396, 406 (quoting 5 U. S. C. §706).”
The Court continues, “The most natural interpretation of the APA’s language is that reviewing courts should adapt the ‘rule of prejudicial error’ applicable in ordinary civil litigation (also known as the harmless-error rule) to the administrative-law context, which, of course, includes the remand rule.” However, the Court has acknowledged that a remand may be unwarranted in certain cases when an agency’s decision “is supported by a plethora of factual findings, only one of which is unsound, because a remand would be pointless.” Given the fact that both the FDA and the Fifth Circuit might have been in error with respect to the harmless error question, and that the FDA has not asked the Court to decide the harmless error question at this point in the case, the Supreme Court vacated the Fifth Circuit’s holding and remanded the case to it so that the Circuit Court “can decide the question afresh” under the correct reading of the caselaw requirements described by the Supreme Court.”
One recognizes the importance of the FDA’s consideration of marketing a tobacco product directed at young people. But perhaps more importantly, I suggest that the Court’s decision offers grounds for useful observations about the many changes in regulatory position and various rulemaking determinations (or lack thereof) being made by various administrative agencies during the current administration. Many of these events are occurring in the food and drug and health care coverage and reimbursement spaces. The length and depth of this unanimous opinion with respect to the FDA’s responsibilities when it has changed position or otherwise might be challenged under the APA for having acted arbitrarily or capriciously suggests the intensity and precision of what federal courts will require in administrative law challenges. In this decision, the agency largely prevailed, though the facts of the case occurred during the previous administration. The court challenges in the current administration are just beginning to take shape as the regulatory environment is radically changing.
Even during the Supreme Court’s current term, at the beginning of a new presidential term, we shall see—and many of my readers will bring—regulatory challenges that will be guided by what the Court held yesterday.

Supreme Court Rules Lost Wages May Be Recoverable Under RICO For False Advertising After Drug Test Dismissal

On April 2, 2025, the Supreme Court of the United States ruled that a truck driver who lost his job after testing positive for marijuana may pursue claims for lost wages under the Racketeer Influenced and Corrupt Organizations Act (RICO) against the sellers of an allegedly fraudulently marketed pain relief product.

Quick Hits

The Supreme Court allowed a truck driver to pursue civil RICO claims for lost wages after he failed an employer drug test after ingesting an allegedly falsely marketed pain relief product.
The Court ruled that a plaintiff may pursue treble damages under RICO for lost business or property that followed a personal injury.
The decision raises questions about the scope of RICO, particularly whether lost wages and economic harms related to personal injuries can be considered recoverable.

The 5–4 ruling in Medical Marijuana, Inc. v. Horn held that a plaintiff may seek treble damages under RICO, a law initially designed to combat organized crime, for lost business or property, even if the damages resulted from an antecedent personal injury.
The ruling allowed a truck driver to pursue civil RICO claims seeking recovery for lost wages against the sellers of a pain relief product after he was discharged for failing a random drug test when he tested positive result for tetrahydrocannabinol (THC), the psychoactive component of marijuana or cannabis. He alleged the sellers falsely marketed their pain relief product as not containing THC, only the non-psychoactive chemical cannabidiol, more commonly known as CBD.
The product sellers argued that the damages resulted from a personal injury and that RICO’s “business or property” injury limitation precludes recovery for economic harms stemming from personal injuries. Specifically, RICO allows an individual to bring civil claims for damages to “business or property by reason of” racketeering and other activities prohibited by the act and recover treble damages.  
“The phrase ‘injured in his business or property’ does not preclude recovery for all economic harms that result from personal injuries,” Justice Amy Coney Barrett wrote in the Court’s opinion, which was joined by four other justices. “We therefore affirm the Second Circuit’s judgment and remand the case for further proceedings consistent with this opinion.”
Notably, the Supreme Court expressly did not address whether the truck driver had suffered a personal injury when he consumed THC or whether the term “business” encompasses all aspects of “employment.” The Court also did not provide further explanation on what types of injuries to “property” are covered by RICO.
The Second Circuit had found that the truck driver was “‘injured in his business’” when he lost his job and that there is no bar to recovery under RICO if the economic harm is preceded by or a result of a personal injury.
The CBD product sellers argued that the Second Circuit’s approach would effectively destroy RICO’s “business or property” limitation and transform traditional personal injury suits into federal suits under RICO, which allows for recovery of treble damages.
However, the Supreme Court majority rejected the sellers’ arguments. In the Court’s opinion by Justice Barrett, the Court clarified the plain interpretation of the RICO text, stating that “‘injured’ means ‘harmed’ − with no plausible alternative in hand.” (Justice Ketanji Brown Jackson wrote a short concurring opinion to note that Congress has instructed that RICO be “liberally construed.”)
The Court further explained that while “civil RICO has undeniably evolved,” RICO claims are still limited in that they require a direct relationship between the injury and the alleged injurious conduct, and a “plaintiff must first establish a pattern of racketeering activity.” The Court also noted that the terms “business” and “property” in RICO still limit the types of claims that are recoverable.
“As we noted at the outset, ‘business’ may not encompass every aspect of employment, and ‘property’ may not include every penny in the plaintiff ’s pocketbook,” the Court said. “Accordingly, not every monetary harm—be it lost wages, medical expenses, or otherwise—necessarily implicates RICO.”  
“If the breadth of the statute ‘leads to the undue proliferation of RICO suits, the ‘correction must lie with Congress,’” the Court added.  
In a dissenting opinion joined by Chief Justice John Roberts and Justice Samuel Alito, Justice Brett Kavanaugh argued that RICO categorically excludes personal injury claims, stating that “the fundamental question here is whether business or property losses from a personal injury transform a traditional personal-injury suit into a business-injury or property-injury suit that can be brought in federal court for treble damages under RICO.”
Justice Kavanaugh further argued that the majority’s opinion “leaves substantial confusion in its wake” because it did not explain “whether lost wages and medical expenses are recoverable losses of business or property in those RICO suits.”
Justice Clarence Thomas dissented, arguing that the case was “improvidently granted” because the parties dispute whether the truck driver even “suffered a personal injury in the first place” and that there has been inadequate briefing on the meaning of the “business or property” injury requirement in RICO.
Next Steps
The Supreme Court’s ruling expands the reach of RICO’s civil component by finding that personal injury claims that have damages to “business or property” are not necessarily excluded. The CBD sellers in the case and business groups have argued that such an approach could increase federal RICO liability for businesses for product liability claims. However, the Court noted that it is up to Congress to limit the claims, if necessary.
Further, while the ruling comes in the context of an employee suing for lost wages after losing his job, the ruling leaves open questions over the extent to which lost wages or other adverse employment actions that lead to lost wages or economic losses for employees may implicate RICO. The Second Circuit had interpreted injury in “business” under RICO as encompassing “employment.” Still, the Supreme Court expressly did not decide that issue, noting the Second Circuit’s “interpretation may or may not be right.”
Whether the truck driver’s RICO suit will ultimately be successful after remand level is highly questionable. However, the concerns raised in the dissent remain—the inclusion of economic harms that stem from personal injuries as recoverable under RICO is likely to lead some crafty attorneys to attempt to further expand the applicability of the civil RICO statute. 

Trump Administration Efforts to Eliminate Cartels Pose Heightened Risk for Financial Institutions

As discussed in Bracewell’s February 11 and February 26 updates, the executive branch is prioritizing the “total elimination” of cartels and transnational criminal organizations, both through edicts from the Oval Office and through agency initiatives. Each action is significant on its own, but taken together, this concerted effort increases the potential criminal and civil liability of any company — but particularly financial institutions — that conducts business in Mexico and certain parts of Central and South America. Below we break down three significant pieces of this effort and provide guidance on how companies should navigate this new risk landscape.
Designation of Cartels as FTOs and SGDTs Expands Scope of Criminal and Civil Liability
Pursuant to Executive Order 14157, the US State Department designated eight international cartels and transnational organizations[1] as Foreign Terrorist Organizations (FTOs) and Specially Designated Global Terrorists (SGDTs). The list includes six Mexican cartels, TdA (a cartel active in parts South America) and MS-13 (a cartel active in parts of Central America). These new designations increase the risk of criminal and civil liability for both US and foreign companies that may interact with these cartels knowingly or unknowingly, directly, through third-party vendors, or when paying certain “fees” and to conduct business in areas controlled by the cartels.
Criminal Liability. Providing any of the cartels now designated as FTOs with money, financial services, lodging, personnel or transportation may constitute the criminal offense of providing “material support” to a terrorist organization in violation of 18 U.S.C. § 2339B. Because the reach of 18 U.S.C. § 2339B is not confined to US entities or activities on US soil, these charges have been brought against foreign companies for transactions in foreign countries, including against Lafarge, a French building materials manufacturer for sharing revenue with FTOs (ISIS and ANF) in Syria, and Chiquita Banana for making payments to an FTO (the AUC) in Colombia. By increasing the number of FTOs, the new designations increase the risk of similar prosecutions directed at any company providing material support to these newly designated FTOs operating in Mexico and in parts of Central and South America. While some of these entities may previously have been subject to US sanctions, criminal liability creates an even greater threat.
Civil Liability. The Anti-Terrorism Act, 18 U.S.C. § 2333, allows US nationals injured by an act of terrorism to bring claims against companies that engage in or aid and abet an act of international terrorism by providing material support or knowingly providing substantial assistance to the FTO who perpetrated, planned or authorized the attack. The potential liability is considerable, because the statute allows the victims to “recover threefold the damages he or she sustains and the cost of the suit, including attorney’s fees.” In Linde v. Arab Bank, PLC,[2] for example, a jury found Arab Bank Plc liable for knowingly supporting militant attacks in Israel linked to Hamas — an FTO — based on the bank’s providing financial services to charities that plaintiffs allege were agents of Hamas set up to solicit and launder money to support the FTO’s operations. Before the verdict was overturned on appeal, the bank was facing at least $100 million in damages. Ultimately, Arab Bank Plc reached a settlement with the plaintiffs for an undisclosed amount.
Justice Department Expedites Cartel-Related Prosecutions
Historically, certain types of prosecutions required approvals by various stakeholders within the Department of Justice. To facilitate the “aggressive prosecution” of cartels and transnational criminal organizations (TCOs), Attorney General Pam Bondi has suspended certain approval requirements, to which she referred as “bureaucratic impediments,” that might slow down or impede prosecutors from bringing charges against cartels, TCOs or their affiliates for some terrorism charges,[3] violations of the International Emergency Economic Powers Act (IEEPA), racketeering, violations of the Foreign Corrupt Practices Act and money laundering and asset forfeiture. See Bondi Memorandum regarding Total Elimination of Cartels and Transnational Criminal Organizations (Bondi Memo).
Before this suspension, a prosecutor would need approval from either the Criminal Division or the National Security Division (NSD) before issuing warrants and filing the charges listed above. Now, prosecutors are able to proceed more easily, without the same level of oversight. The Bondi Memo does, however, encourage consultation with the NSD and requires that prosecutors provide 24 hours’ advance notice of the intention to seek charges or apply for warrants. Nevertheless, the requirement to provide NSD with 24 hours’ notice, as compared to the requirement to meet NSD’s approval requirements, will allow for more charges to be brought more quickly.[4]
In addition to increasing the number of charges brought against cartels and their members directly, these changes will likely lead to an increase in the number of charges brought against companies for various crimes, including providing “material support” to a terrorist organization in violation 18 U.S.C. § 2339B, as described above; facilitating payments related to the human smuggling or illegal drugs, which has been declared a national emergency under IEEPA; and laundering money used for activities of the cartels.
Financial institutions are particularly at risk of tripping these wires. Banks that may provide financial services, or money transfer businesses (MTBs) that facilitate payments to cartels, for example, could be the subject of the criminal prosecutions described above. Given that cartels are woven into the fabric of many industries in Mexico, Central and South America, banks may be providing these services unwittingly. To address this threat, banks must reevaluate their Customer Due Diligence and KYC policies and reassess their current customers.
OFAC Highlights Risk for Financial Institutions Related to Cartel Designations
Reinforcing the increased risk of liability to financial institutions described above, the Office of Foreign Asset Control (OFAC) issued an alert on March 18, 2025 (OFAC Alert), warning of exposure to sanctions and civil or criminal penalties, especially for providing material support to foreign terrorist organizations in violation of 18 U.S.C. 2339B. The OFAC Alert is specifically directed at US and foreign financial institutions, noting that “foreign financial institutions that knowingly facilitate a significant transaction or provide significant financial services for any of the designated organizations could be subject to US correspondent or payable-through account sanctions.” This could suggest that the administration is not only aware that its new approach may ensnare financial institutions, but that doing so is one of its aims, likely calculating that such a focus will decrease cartel access to finances.
There is a precedent for such prosecutions of financial institutions for failing to maintain effective anti-money laundering programs and to conduct appropriate due diligence to avoid transacting with customers located in countries subject to sanctions enforced by OFAC. These prosecutions can result in fines and penalties greater than $1 billion. Now, the OFAC Alert serves as a warning that financial institutions may be prosecuted if they provide financial services to any of the cartels now designated as FTOs.
[1] The first round of designations include: Tren de Aragua (TdA); La Mara Salvatrucha (MS-13); Cártel de Sinaloa; Cártel de Jalisco Nueva Generación (CJNG); Cártel del Noreste (CDN); La Nueva Familia Michoacana (LNFM); Cártel del Golfo (CDG); and Cártel Unidos (CU).
[2] Case No. 04-cv-2799 in the United States District Court for the Eastern District of New York.
[3] The terrorism charges for which NSD approval has been suspended include: 18 U.S.C. §§ 2332a, 2332b, 2339, 2339A, 2339B, 2339C, 2339D, 21 U.S.C. § 960A, and 50 U.S.C. § 1705. This policy does not exempt from NSD’s approval and concurrence requirements cases involving 18 U.S.C. §§ 175, 175b, 219, 793, 794, 831, 951, and 1030(a)(l).
[4] Although it is not entirely clear in the Bondi Memo, these changes appear to apply only to “investigations targeting members or associates of cartels or TCOs.” The suspension of approval requirements could be interpreted, or may be amended, to include all charges under the enumerated statutes.

Corporate Transparency Act Update: Drastic Reduction in Scope of BOI Reporting in March 21, 2025 FinCEN Guidance

On March 21, 2025, the United States Treasury announced a significant reduction in scope of the definition of “reporting company” under the Corporate Transparency Act, limiting the obligation to file beneficial ownership reports to foreign entities only and removing the obligation to file from U.S. persons and U.S. companies.
As noted in our previous online posts, following significant litigation regarding the constitutionality of the regulation, on February 19, 2025, FinCEN suspended reporting obligations under the CTA and promised further guidance on reporting obligations to be issued on or before March 21, 2025. On March 21, 2025, FinCEN issued an interim final rule:
The new rule exempts U.S. persons from having to disclose BOI under the regulations by narrowing the definition of a “reporting company”. This means that any entity created in the United States does not need to report beneficial ownership to FinCEN under the CTA, even if it has non-US persons as beneficial owners.
The rule is now narrowed to only foreign entities that are registered to do business in the United States by the filing of a document with a secretary of state or similar office. The rule reduces the scope of the CTA dramatically, as most foreign enterprises doing business in the United States will have created a legal subsidiary within the country in order to conduct business. As above, U.S. entities are exempt from reporting.
Entities in existence prior to Friday have 30 days to complete their BOI filings with FinCEN. Entities that come into existence after the issuance of the rule have 30 days following formation to complete their filing obligations.
FinCEN continues to accept comments to this interim final rule and intends on issuing a final rule later this year. The final rule may change the scope of the CTA, and litigation continues before the courts regarding the CTA. We will continue to follow the law’s progress and will provide updates as this regulation evolves.
Our prior posts on CTA developments can be found here:
Client Alert: Corporate Transparency Act Beneficial Ownership Information Reporting On Hold – Business Law
Client Alert: Supreme Court Allows Corporate Transparency Act Enforcement But FinCEN Notes Another Stay Prevents Current Implementation – Business Law
CTA Reporting Now Required, but FinCEN Waives Penalties and Indicates New Reporting Deadline Extension Likely Later This Year – Business Law

CTA Drastically Pared Back

As promised by the US Department of Treasury in early March, the Financial Crimes Enforcement Network (FinCEN) issued an interim final rule removing the requirement for US companies, their beneficial owners, and US persons to report beneficial ownership information (BOI) to FinCEN under the Corporate Transparency Act (CTA).

Now, only non-US entities that have registered to do business in the United States are subject to the CTA.
See our prior alert on Treasury’s March 2 announcement here.
Only Non-US Entities Subject to the CTA
The interim final rule, issued by FinCEN on March 21 and published on March 26, amends the BOI reporting rule to revise the definition of “reporting company” to extend only to entities formed under the law of a foreign country that have registered to do business in any US state or tribal jurisdiction by filing a document with a secretary of state or similar office. This category of entities under the original rule was termed “foreign reporting companies.” And, in a related move, the interim final rule also formally exempts domestic entities (formerly known as “domestic reporting companies”) from the CTA’s requirements.
No BOI Reporting of US Persons Is Required
Furthermore, reporting companies are not required to report the BOI of any US persons who are beneficial owners, and US persons are exempt from having to provide BOI with respect to any reporting company for which they are a beneficial owner.
Company Applicant Reporting Is Still Required
The concept of a “company applicant” has been retained for the foreign entities still subject to the CTA, but it applies only to the individual who directly files the document that first registers the reporting company with a state or tribal jurisdiction and to the individual (if different from the direct filer) who is primarily responsible for directing or controlling that filing. A company applicant may be a US person and is not exempted from being reported as a company applicant by virtue of being a US person.
New Initial Reporting Deadlines
Foreign entities that are “reporting companies” under the interim final rule and do not qualify for an exemption from reporting under the CTA are subject to new deadlines:

Reporting companies registered to do business in the United States before March 26 must file BOI reports by April 25.
Reporting companies registered to do business in the United States on or after March 26 have 30 calendar days to file an initial BOI report after receiving notice that their registration is effective (or public notice has been provided, such as through a publicly accessible registry).

Having filed an initial BOI report, a foreign entity that is a reporting company is subject to the 30-day deadline after March 26 to file an updated or corrected report as needed.
Next Steps
FinCEN is accepting comments on the interim final rule until May 27 and intends to finalize it later this year.
There are certain special cases that remain ambiguous under the interim final rule, such as that of a company that has been formed and exists simultaneously in the United States and in a foreign country. Based on the text of the interim final rule, such a company appears to not be a “reporting company,” as it presumably would fall within the new regulatory exemption for an entity that has been created by the filing of a document with a secretary of state or similar office under the law of a US state or tribal jurisdiction. But, as of now, the matter is not entirely clear.
With the changes wrought by the interim final rule, most companies are no longer subject to the CTA. For various reasons, the number of foreign entities that have registered to do business in the United States is small, and those companies may wish to consider restructuring their US activities to avoid a continued CTA obligation (although they may still need to file an initial report with FinCEN), such as by creating a US operating subsidiary.

Federal Judge Restrains Liability for Alleged False DEI Certifications

President Trump’s January 21 Executive Order targeting Diversity, Equity, and Inclusion Programs (DEI) (the “January 21 Executive Order”) and, specifically, § 3(b)(iv)) (the Certification Provision) cannot be the basis for liability — at least for one proactive litigant in the Northern District of Illinois. The holding could have broader implications for False Claims Act (FCA) defendants concerned about evolving certification requirements.
On January 20 and 21, 2025, President Trump issued two executive orders targeting Diversity, Equity, and Inclusion programs (titled, “Ending Radical and Wasteful Government DEI Programs and Preferencing” and “Ending Illegal Discrimination and Restoring Merit-Based Opportunity,” respectfully). The January 21 Executive Order included a direction to agencies (the “Certification Provision”) to require federal grant recipients to certify they do not “operate any programs promoting DEI that violate any applicable Federal anti-discrimination laws” and to “agree that its compliance in all respects with all applicable Federal anti-discrimination laws is material to the government’s payment decisions for purposes of [the FCA].” Immediately, this provision raised concerns that the Trump Administration may use the Certification Provision to bring FCA cases against grant recipients who do not comply. The threat of FCA litigation is paused for now, at least for Chicago Women in Trades (CWIT).
In February 2025, CWIT sued the Trump administration arguing, among other things, the Certification Provision violates its First Amendment Right to free speech because it “effectively regulates CWIT’s conduct outside of the contours of the federal grants.” (See Chicago Women in Trades v. Trump et al., Case No.1:25-cv-02005, N.D. Ill.)In response, the government argued the Certification Provision only implicates “illegal” DEI programs and no one has a constitutional right to violate the law. On March 27, 2025, U.S. District Court Judge Matthew Kennelly granted CWIT’s motion for a Temporary Restraining Order, preventing the Department of Labor from enforcing the Certification Provision and the Government from “initiat[ing] any False Claims Act enforcement against CWIT pursuant to the Certification Provision.”
In its Order, the court held the Certification Provision’s definition of what is an illegal DEI program is “left entirely to the imagination.” In the court’s view, the government has emphasized that conduct violating anti-discrimination laws has changed, and the government also has been “unwilling to in (in its briefs or at argument) define how it has changed.” This uncertainty put CWIT (and other grantees) in a difficult position — they must either decline to make a certification and lose federal grant money or risk making a certification that is later deemed to be false because the meaning of an illegal DEI program is unknown, subjecting “the grantee to liability under the False Claims Act.”[1]
While the Order restricts the Government specifically with respect to CWIT and the Certification Provision, lawsuits like CWIT’s will force federal courts across the country to determine what the Certification Provision means for FCA litigation going forward.
If you have questions about President Trump’s January 21 Executive Order or the False Claims Act, contact the authors or your Foley relationship lawyer.

[1] The court also said even if the government did define an illegal DEI program, the January 21 executive order still reads as an “express reference to First Amendment-protected speech and advocacy.”

ICO Fines Advanced Computer Software Group £3 Million Following Ransomware Attack

On March 27, 2025, the UK Information Commissioner’s Office (“ICO”) announced that it had issued a fine against Advanced Computer Software Group (“Advanced”) for £3.07 million (approx. $4 million) for non-compliance with security rules identified through an investigation following a ransomware attack which occurred in 2022.
The ICO’s investigation found that personal data belonging to 79,404 people was compromised, including details of how to gain entry into the homes of 890 people who were receiving care at home. According to the ICO, hackers accessed certain systems of a group subsidiary via a customer account that did not have multi-factor authentication. The ICO also noted that it was widely reported that the security incident let to the disruption of critical services. The ICO concluded that the group subsidiary had not implemented adequate technical and organization measures to keep its systems secure.
Initially, the ICO intended to issue a higher fine against Advanced. However, it took into consideration Advanced’s proactive engagement with the UK National Cyber Security Centre, the UK National Crime Agency and the UK National Health Service in the wake of the attack, along with other steps taken to mitigate the risk to those impacted. The final fine represents a voluntary settlement agreed between the ICO and Advanced.

Strengthening Government Fraud Enforcement: Administrative False Claims Act Provides Agencies Tool to Bring Fraud Claims

Enacted as part of the recent National Defense Authorization Act (NDAA), the U.S. Congress established a significant new fraud enforcement mechanism, called the Administrative False Claims Act (AFCA), which empowers federal agencies to investigate and adjudicate more fraud cases involving false claims and statements made to the government.

Quick Hits

The Administrative False Claims Act (AFCA) significantly strengthens agencies’ ability to combat fraud involving federal funds by allowing direct prosecutions.
The AFCA raises the maximum claim amount from $150,000 to $1 million, expands definitions of false claims that trigger liability beyond those involving claims for money, and establishes reimbursement guidelines for investigation costs.
The AFCA further broadens liability by including false statements not tied to a claim for payment and extends the timeframe for pursuing allegations of fraud.

On December 23, 2024, then-President Joe Biden signed the 2025 NDAA (also known as the “Servicemember Quality of Life Improvement and National Defense Authorization Act (NDAA) for Fiscal Year 2025”). Buried in the lengthy legislation is a section creating the AFCA, which revamps the underutilized Program Fraud Civil Remedies Act (PFCRA) of 1986. The AFCA expands the types of fraud cases that federal agencies can directly pursue, raising the claim ceiling to $1 million and allowing agencies to recover investigation costs.
Background
The PFCRA was enacted in 1986 to provide administrative agencies with a mechanism to pursue low-dollar-value fraud cases. However, the statute has been underutilized historically. In particular, a 2012 study conducted by the U.S. Government Accountability Office (GAO) revealed that during the fiscal years 2006 to 2010, only five civilian agencies—the U.S. Department of Housing and Urban Development (HUD), U.S. Department of Health and Human Services (HHS), the U.S. Department of Energy, the Corporation for National and Community Service (now named AmeriCorps), and the Nuclear Regulatory Commission—had utilized the PFCRA. Notably, HUD referred 96 percent of the cases, while other agencies referred only six cases over five years, according to the GAO study.
Key Amendments Under the AFCA
The AFCA introduces several significant amendments to strengthen the former PFCRA:

Increased Claim Ceiling—The maximum claim amount has been raised from $150,000 to $1 million, adjusted for inflation.
Conformance With FCA Provisions—The AFCA aligns its provisions with those found in the False Claims Act (FCA), one of the government’s primary tools for combating fraud against the federal government, ensuring consistency in fraud enforcement.
Reverse False Claims—The AFCA expands the definition of a false claim to include claims made to an “authority,” including federal agencies, executive departments, and designated federal entities, “which has the effect of concealing or improperly avoiding or decreasing an obligation to pay or transmit property, services, or money to the authority.”
Reimbursement for Investigation Costs—The AFCA also provides that agencies are reimbursed for the costs of investigations from amounts collected, including “any court or hearing costs,” making it more financially viable for agencies to pursue fraud cases.
Expanded Jurisdiction for Appeals—The AFCA specifies who can hear appeals for agencies without ALJs, broadening the scope of administrative review.
No Qui Tam Provision—However, unlike the FCA, the AFCA does not include a qui tam provision, which allows private individuals, known as “relators” or “whistleblowers,” to file lawsuits on behalf of the government and potentially receive a portion of any recovered damages.
Promulgation of Regulations—The AFCA will further require authorities to promulgate regulations and procedures to carry out the act and its amendments by June 23, 2025.
Revision of Limitations—The AFCA expands the limitation period for pursuing allegations, requiring the person alleged to be liable to be notified of the allegation within six years from the date the violation is alleged to have been committed or within three years after the material facts are discovered or “reasonably should have been known,” but not more than ten years from the date the alleged violation was committed.
Semiannual Reporting—The AFCA also amends the reporting obligations for federal government agencies, departments, and entities, requiring semiannual reports to include data on AFCA claims: the number of cases reported, actions taken—including statistical tables showing pending and resolved cases, average time to resolve cases, and final agency decisions appealed—and instances in which officials reviewing cases declined to proceed.

Next Steps
The AFCA represents a significant shift in administrative fraud enforcement as the federal government under the Trump administration focuses on reducing fraud and waste. The law strengthens and enhances the government’s ability to investigate and prosecute allegations of fraud, particularly those involving smaller dollar amounts, by providing agencies with a mechanism to prosecute allegations of fraud without having to go through the U.S. Department of Justice (DOJ) and the FCA process.
Moreover, the AFCA also expands the scope of potential liability, covering false statements even in the absence of a claim for payment. However, the AFCA lacks a qui tam provision that would incentivize whistleblowers to come forward with false claims allegations.
Moreover, the AFCA provides another antifraud tool as the Trump administration has sought to use the FCA against businesses to stop “illegal” diversity, equity, and inclusion (DEI) programs. There is potential that the AFCA could be used similarly as part of the administration’s efforts.
However, there are still questions regarding the AFCA’s authorization of administrative law judges (ALJs) and other officials to oversee cases. In its 2024 decision in Securities and Exchange Commission v. Jarkesy, the Supreme Court of the United States vacated a civil monetary penalty that was imposed in an ALJ proceeding. The Court found that this penalty violated the defendant’s right to a jury trial under the Seventh Amendment of the U.S. Constitution, raising concerns about the constitutionality of ALJ proceedings, particularly concerning monetary penalties.

Why Reporting Accounting Fraud Will Lead to Future SEC Whistleblower Awards

A recent CNN documentary about the Enron accounting scandal is a stark reminder of the devastation that results when corporate officers cook the books – thousands of employees lost their jobs, individual investors and pension funds lost billions, and the stock market plummeted as investors lost confidence in the accuracy of public company accounting. Most employees that knew about the fraud failed to speak up due to fear of retaliation and a corporate culture characterized by greed and deception. If Enron employees had been protected against retaliation and incentivized to report accounting fraud to the SEC, the SEC may have learned about the fraudulent practices early enough to combat and remedy those practices.
Under the SEC Whistleblower Program, whistleblowers can submit tips anonymously to the SEC through an attorney and be eligible for an award for exposing any material violation of the federal securities laws. Since 2011, the SEC has issued more than $2.2 billion in awards to whistleblowers. The largest SEC whistleblower awards to date are:

$279 million (May 5, 2023)
$114 million (Oct. 22, 2020)
$110 million (Sept. 15, 2021)

This article discusses: 1) how whistleblowers can earn awards for reporting accounting fraud to the SEC; 2) the pervasiveness of accounting fraud at U.S. publicly traded companies; and 3) the SEC’s focus on accounting fraud which, in turn, will lead to future SEC whistleblower awards.
SEC Whistleblower Program
In response to the 2008 financial crisis, Congress passed the Dodd-Frank Act, which created the SEC Whistleblower Program. Under the program, the SEC is required to issue monetary awards to whistleblowers when they provide original information about violations of the federal securities laws (e.g., accounting fraud) that leads to successful SEC enforcement actions with monetary sanctions in excess of $1 million. Whistleblowers are eligible to receive an award of between 10% and 30% of the total monetary sanctions collected in a successful enforcement action. In certain circumstances, even officers, directors, auditors, and accountants may be eligible for awards under the program.
Since the inception of the SEC Whistleblower Program, whistleblower tips have enabled the SEC to bring successful enforcement actions resulting in more than $6 billion in monetary sanctions. In Fiscal Year (FY) 2024 alone, the SEC Office of the Whistleblower awarded more than $255 million to whistleblowers, which included a $98 million award. Also in FY 2024, the SEC received nearly 25,000 whistleblower tips, of which 2,609 related to Corporate Disclosures and Financials. As detailed below, recent data suggest that whistleblower tips related to accounting frauds will likely increase in the coming years due to rampant accounting fraud, violations, and errors.
Whistleblowers Needed: Accounting Fraud is Widespread
In October 2023, a paper titled How Pervasive is Corporate Fraud? estimated that “on average 10% of large publicly traded firms are committing securities fraud every year.” According to the paper:
Accounting violations are widespread: in an average year, 41% of companies misrepresent their financial reports, even when we ignore simple clerical errors. Fortunately, securities fraud is less pervasive. In an average year, 10% of all large public corporations commit (alleged) securities fraud, with a 95% confidence interval between 7 and 14%.

The paper’s findings about the pervasiveness of accounting violations were echoed in a December 2024 Financial Times article titled Accounting errors force US companies to pull statements in record numbers. According to the article:
The number of US companies forced to withdraw financial statements because of accounting errors has surged to a nine-year high, raising questions about why mistakes are going unnoticed by auditors.
In the first 10 months of this year, 140 public companies told investors that previous financial statements were unreliable and had to reissue them with corrected figures, according to data from Ideagen Audit Analytics. That is up from 122 in the same period last year and more than double the figure four years ago. So-called reissuance restatements cover the most serious accounting errors, either because of the size of the mistake or because an issue is of particular concern to investors.

Fortunately for investors, officers, directors, auditors, and accountants can be eligible for awards under the SEC Whistleblower Program, and whistleblower tips – especially from individuals with actual knowledge of the fraud – enable the SEC to quickly detect and halt accounting schemes.
Accounting Fraud in SEC Crosshairs
SEC enforcement actions against accounting violations and improper disclosures often lead to significant penalties. Eligible whistleblowers may receive awards of between 10% and 30% of the monetary sanctions collected in successful enforcement actions. Since 2020, some of the SEC’s largest enforcement actions were brought against companies engaged in accounting violations:

In 2020, General Electric agreed to pay a $200 million penalty for misleading investors by understating losses in its power and insurance businesses.
In 2021, The Kraft Heinz Company agreed to a $62 million penalty to settle charges that it engaged in a long-running expense management scheme that resulted in the restatement of several years of financial reporting
In 2021, Luckin Coffee agreed to pay a $180 million penalty for defrauding investors by materially misstating the company’s revenue, expenses, and net operating loss in an effort to falsely appear to achieve rapid growth and increased profitability and to meet the company’s earnings estimates.
In 2022, accounting firm Ernst & Young agreed to pay a $100 million penalty due to some employees cheating on CPA ethics exams and for misleading SEC investigators.
In 2024, UPS agreed to pay a $45 million penalty for misrepresenting its earnings by improperly valuing its UPS Freight business unit.

Whistleblower tips concerning similar accounting violations have led to, and will continue to lead to, significant whistleblower awards. For more information about reporting accounting fraud to the SEC and earning a whistleblower award, see the following articles:

How to Report Accounting Fraud an Earn an SEC Whistleblower Award
5 Things Whistleblowers Should Know About Reporting Accounting Fraud to the SEC
Improper revenue recognition tops SEC fraud cases

Delligatti v. United States (No. 23-825)

Federal law provides a mandatory minimum sentence of five years for a person who uses or carries a firearm during a “crime of violence.” In Delligatti v. United States (No. 23-825), the Supreme Court addressed whether a crime of omission involves the “use” of physical force, thus subjecting a defendant to the sentencing enhancement. A 7-2 Court held that it does.
Salvatore Delligatti is an associate of the Genovese crime family. Delligatti had been hired by a gas station owner to take out a neighborhood bully and suspected police informant. Delligatti, in turn, recruited a local gang to carry out the job and provided them with a gun and a car. Unfortunately for Delligatti, the job was thwarted twice, once when the gang abandoned the plan because there were too many witnesses present, and second by the police, who had discovered the plot. Delligatti was charged with multiple federal offenses, including one count of using or carrying a firearm during a “crime of violence” pursuant to 18 U.S.C. § 924(c). 
Section 924(c) states that an offense qualifies as a crime of violence if it “has as an element the use, attempted use, or threatened use of physical force against a person or property of another.” To determine whether an offense falls within Section 924(c), courts employ the so-called categorical approach, asking whether the offense in question always involves the use, attempted use, or threatened use of force. The Government argued that Delligatti’s offense met this requirement because he had committed attempted second-degree murder under New York law. Before trial, Delligatti moved to dismiss his Section 924(c) charge arguing the Government could not establish a predicate crime of violence. The District Court disagreed, holding that there “can be no serious argument” that attempted murder is not a crime of violence. A jury convicted Delligatitti on all counts and he was sentenced to 25 years of imprisonment.
On appeal to the Second Circuit, Delligatti argued that New York’s second-degree murder statute fell outside Section 924(c)’s elements clause because it could be committed either by an affirmative act or by an omission. But the Second Circuit affirmed his conviction, holding that causing (or attempting to cause) bodily injury necessarily involves the use of physical force, even if the injury is caused by an omission. The Supreme Court granted certiorari to decide whether an individual who knowingly or intentionally causes bodily injury or death by failing to take action uses physical force within the meaning of Section 924(c).
Justice Thomas, writing for the majority, held that precedent, congressional intent, and logic refuted Delligatti’s challenge to his conviction. First precedent: In United States v. Castleman (2014), the Court interpreted a statute that prohibited anyone convicted of misdemeanor domestic-violence crimes, which similarly requires the use of physical force, from owning a firearm. In Castleman, the Court held that it was “impossible to cause bodily injury without applying force,” and that this force can be applied directly or indirectly, such as sprinkling poison in a victim’s drink, even though sprinkling poison does not itself involve force. Put differently: whenever someone knowingly causes physical harm, he uses force for the purposes of the statute. (Indeed, Delligatti had conceded that it was possible to use violent force indirectly, such as “when a person tricks another into eating food that has aged to the point of becoming toxic.”)
Justice Thomas then rebuffed Delligatti’s contention that one does not use physical force against another through deliberate inaction. By way of further example, a car owner makes “use” of the rain to wash a car by leaving it out on the street, or a mother who purposefully kills her child by declining to intervene when the child finds and drinks bleach makes “use” of bleach’s poisonous properties. Thomas thus concluded that crimes of omission qualify as a Section 924(c) crime of violence because intentional murder is the prototypical crime of violence, and it has long been understood that “one could commit murder by refusing to perform a legal duty, like feeding one’s child.” He noted that there is a preference for interpretations of Section 924(c) that encompass prototypical crimes of violence over ones that do not. And, at the time of Section 924(c)’s enactment, the principle that even indirect causation of bodily harm involves the use of violent force was well-established in case law, treatises, and various state laws. This violent force could be accomplished with battery-level force, i.e., force satisfied by “even the slightest offensive touching,” or by deceit or other nonviolent means. 
In dissent, Justice Gorsuch, joined by Justice Jackson, continued with the majority’s approach of reasoning by example, only this time concluding that Section 924(c) does not reach crimes of omission. He began by asking the reader to imagine “a lifeguard perched on his chair at the beach who spots a swimmer struggling against the waves. Instead of leaping into action, the lifeguard chooses to settle back in his chair, twirl his whistle, and watch the swimmer slip away. The lifeguard may know that his inaction will cause death. Perhaps the swimmer is the lifeguard’s enemy and the lifeguard even wishes to see him die. Either way, the lifeguard is a bad man.” But while the lifeguard may be guilty of any number of serious crimes for his failure to fulfill his legal duty to help the swimmer, the lifeguard’s inaction does not qualify as a “crime of violence.” 
Justice Gorsuch reached this conclusion primarily through statutory interpretation. In his view, when Congress enacted Section 924(c), “to use” meant “to employ,” “to convert to one’s service,” or “to avail one’s self of” something, terms that imply action, not inaction, inertia, or nonactivity. In his view, the physical force needed to commit a crime of violence must be a physical act, as well as one that is violent (extreme and severe, as opposed to “mere touching” consistent with battery). So, in the lifeguard example, by remaining in his chair, the lifeguard does not employ “even the merest touching, let alone violent physical force.” And while Gorsuch acknowledged that crimes of omission can still be serious, he explained that Section 924(c) was not written to reach every felony found in the various state codes, so the Court should not stretch the statute’s terms to reach crimes of inaction, inertia, or nonactivity. He also pointed out that when Congress was considering defining crime of violence to require the use of physical force, a Senate report discussed the hypothetical of the operator of a dam who refused to open floodgates during a flood, thereby placing residents upstream in danger, and concluded that the dam operator would not be committing a crime of violence because he did not use physical force. Finally, Gorsuch pointed out that crimes of omission more naturally fit within another subsection of Section 924(c), which the Court held was unconstitutionally vague in United States v. Davis (2019), showing that Congress has had no difficulty addressing crimes of omission elsewhere.

Reproductive Health Under Trump: What’s New and What’s Next

Overview

Over the past two months, the second Trump administration has shifted federal policies and priorities regarding abortion, in vitro fertilization (IVF), contraception, and other reproductive-health-related matters – and it is expected to continue to do so. In addition to the federal policy agenda, many developments related to reproductive health likely will continue to occur at the state level. The Dobbs decision shifted policymaking in these areas toward the states, and lawmakers and advocates have expressed their intentions to either adhere to or protect against the new administration’s policies and agenda items. This article discusses some of the major recent trends in women’s health and reproductive health, and what is likely to come next under the new administration.

In Depth

THE TRUMP ADMINISTRATION WILL CONTINUE TO WEAKEN BIDEN-ERA POLICIES THAT PROTECT REPRODUCTIVE HEALTH
The Hyde Amendment
During its first month, the second Trump administration signed several executive orders (EOs) and otherwise signaled its approach to certain reproductive health measures that were previously in place. For instance, in the first week of his presidency, US President Donald Trump signed an EO entitled “Enforcing the Hyde Amendment,” which called for an end to federal funding for elective abortions and revoked two previous EOs that permitted such funding. The EO charged the Office of Management and Budget with providing guidance around implementing the mandate. While the EO was not a surprise, it referred to the Hyde Amendment and “similar laws,” leaving some ambiguity in its scope and the way in which it will be implemented in practice (e.g., it could be used to target federal funds for abortion and perhaps related services by other federal agencies, such as the US Departments of Defense, Justice, and State). In response to this EO, federal agencies could revoke Biden-era policies and reinstate or expand upon Trump administrative policies. Such efforts may include recission of Biden-era regulations that authorized travel for reproductive-health-related needs for servicemembers and their families and permitted abortion services through the US Department of Veterans Affairs.
The Comstock Act
Although we have not seen activity in this respect to date, the new administration will likely rescind the Comstock Act Memo, which was published by the US Department of Justice (DOJ) Office of Legal Counsel. This memo was issued in December 2022 by the Biden administration following the Dobbs decision. The Comstock Act is a federal criminal statute enacted in 1873 that prohibits interstate mailing of obscene writings and any “article or thing designed, adapted, or intended for producing abortion.” Violations of the Comstock Act are subject to fines or imprisonment. The Comstock Act Memo sets forth the opinion of the DOJ Office of Legal Counsel that the Comstock Act does not prohibit mailing abortion-inducing medication unless the sender explicitly intends for it to be used unlawfully. If the new administration revokes this memo or attempts to apply the Comstock Act to the mailing of abortion-inducing medication (and, perhaps, any abortion-inducing implements, which could have even wider-reaching implications) regardless of intent, it could become very difficult for patients to obtain abortion-inducing medication. Such actions also could lead to complications related to the provision of such medications via the mail (and potentially in person, depending on the attempted interpretation). At the time of publication, the DOJ website still included the Comstock Act Memo, noting that 18 U.S.C. § 1461 does not prohibit the mailing of abortion-inducing medication when the sender does not intend for the recipient to use the drugs unlawfully.
The 2024 HIPAA Final Rule on Access to Reproductive Health Records and Related State Activity
In 2024, the US Department of Health and Human Services Office for Civil Rights (OCR) published a Health Insurance Portability and Accountability Act (HIPAA) final rule to support reproductive healthcare privacy (2024 final rule). The 2024 final rule prohibits a covered entity or business associate from disclosing protected health information (PHI) for conducting an investigation into or imposing liability on any person for seeking, obtaining, providing, or facilitating reproductive healthcare where the reproductive healthcare is lawful. The 2024 final rule also prohibits disclosure of PHI to identify any person for the purpose of conducting an investigation or imposing liability. The enforcement mechanism of the 2024 final rule includes an attestation component under which a requesting party must certify that the use of the PHI is not prohibited when requested for health oversight activities, judicial or administrative proceedings, law enforcement purposes, or disclosures to coroners and medical examiners under 42 C.F.R. § 164.512. The Trump administration likely will not enforce (and may reverse) protections around reproductive health data under the 2024 final rule, which would leave a bigger gap for the states to potentially fill, as evidenced by the EO regarding enforcement of the Hyde Amendment and rollback of other Biden-era reproductive health protections.
In response to increased scrutiny of reproductive healthcare, several states have enacted laws protecting healthcare providers, patients, and others involved in providing or receiving reproductive healthcare. Although these laws vary from state to state, they generally prohibit disclosure of data and other information related to reproductive healthcare that was lawfully obtained by a patient and provided by a healthcare provider. These laws can provide a certain level of comfort to providers that provide care to patients who travel across state lines to receive care that may be unavailable to them in their home state but is accessible and lawfully provided in another state. States that do not have such laws may seek to enact similar protections under the new administration as federal protections become less certain, particularly if the layer of protection afforded by the 2024 final rule is revoked or otherwise diminished.
ABORTION POLICY WILL CONTINUE TO BE LARGELY DICTATED BY STATES AND MAY EXPAND INTO NEW AREAS OF FOCUS
Following the Dobbs decision, many states quickly took action to enshrine abortion protections in their laws and constitutions. Some states, such as Michigan, moved to overturn old, unenforced abortion bans on their books. Michigan further implemented laws, executive actions, and eventually a ballot measure to amend its state constitution. This trend has continued; in the November 2024 presidential election, seven states passed ballot measures to protect abortion access. However, the 2024 election also marked the first three abortion protection ballot referendums that failed to pass. Voters in South Dakota and Nebraska rejected proposed constitutional amendments, and a measure in Florida received only 57% of the vote where a 60% majority was required.
In the years since Dobbs, new laws and court cases have largely sorted the states into two categories: states that are more protective and states that are more restrictive regarding abortion. However, the law remains unsettled in a few states, such as Georgia and Wisconsin, where pending court cases, legislative action, and gubernatorial executive action may result in different outcomes. In the 2024 election, Missouri voters passed a ballot initiative to overturn the state’s strict ban on abortion and enshrine reproductive rights in the state constitution, effectively switching the state from more restrictive to more protective. More constitutional ballot measures could come in states such as Pennsylvania, New Mexico, Virginia, and New Hampshire, where abortion rights are currently supported under state law but not enshrined in state constitutions. Abortion advocates may also focus on Iowa, South Carolina, and Florida, where recent court decisions have largely settled the law, but further litigation is possible. Restrictive states also continue to legislate additional restrictions on access to abortion.
The majority of states can be expected to continue on their current trajectory: more protective states may continue to enact abortion protections, and more restrictive states may continue to enforce existing bans and expand prohibitions. In 2025, the focus of both protective and restrictive laws likely will continue to expand. The initial wave of post-Dobbs policymaking primarily focused on a healthcare provider’s ability to perform an abortion and a patient’s right to receive an abortion. New laws and proposals now focus on topics such as assisting others in obtaining an abortion, telehealth prescribing of abortion medications, abortion funding, abortion rights of minors, and patient data privacy.
Trump administration policies and initiatives may impact more protective states’ abilities to provide abortion services. For instance, if the Comstock Act Memo is revoked, abortion-inducing medication may become scarce or difficult to obtain through the mail, even from a provider in a protective state to a patient in another protective state. If interpreted even more broadly by the administration, the Comstock Act could serve as a catalyst for a national abortion ban, which would almost certainly face legal challenges. While the Trump administration has not yet asked Congress for a national abortion ban, the EO that Trump signed recognizing two sexes includes personhood language regarding life beginning “at conception,” signaling that additional changes may be proposed at both the federal and state policy levels regarding fetal personhood and attendant rights. Such changes would likely result in legal challenges in federal and state courts.
IVF SERVICES WILL CONTINUE TO EXPAND BUT MAY FACE FRICTION WITH ABORTION PROHIBITIONS AND CERTAIN TRUMP ADMINISTRATION PRIORITIES
State abortion laws have somewhat solidified following Dobbs, but many laws remain unclear as to their impact on IVF providers. Many states have abortion prohibitions that predate IVF, some of which define “unborn child” from the moment of fertilization or conception. Other laws are ambiguous but contain language that arguably protects a fetus at any stage of development. Since Dobbs, state attorneys general in Arkansas, Oklahoma, Wisconsin, and other states have indicated that they will not pursue IVF providers using state abortion bans, and the Trump administration has issued an EO calling for expanded access to IVF. However, the state-level laws remain ambiguous, and there is a risk that courts may interpret such laws to apply to embryos or otherwise impact IVF access. Moreover, the EO raising the issue of fetal personhood may create friction for efforts to expand access to IVF.
In February 2024, the Alabama Supreme Court became the first state supreme court to definitively rule that “unborn children” includes cryogenically frozen IVF embryos. The court held an IVF clinic liable under the state’s wrongful death statute after an incident in which frozen IVF embryos were destroyed. The decision initially caused several IVF providers in the state to pause services until two weeks later, when the legislature passed a specific exception to the statute for IVF providers. Even though the status quo was quickly restored, both providers and patients were significantly impacted by the period of uncertainty. In 2025 and beyond, other states could face similar test cases. In response to public support for reproductive technology, some restrictive states have proposed legislation to address, for example, the use of assistive reproductive technology and selective reduction.
At the same time, insurance coverage for IVF and other fertility treatments has expanded and will likely continue to do so in 2025. Approximately 22 states now mandate that insurance plans provide some combination of fertility benefits, fertility preservation, and coverage for a number of IVF cycles. After July 1, 2025, all large employers in California must provide insurance coverage for fertility treatments, including coverage for unlimited embryo transfers and up to three retrievals. 2025 will also bring expanded IVF coverage options for federal employee insurance plans.
THE RIGHT TO CONTRACEPTION WILL REMAIN VULNERABLE TO STATE LAWMAKING AND COURT CHALLENGES
Although the Dobbs majority opinion states that the “decision concerns the constitutional right to abortion and no other right,” and that “nothing in [the Dobbs] opinion should be understood to cast doubt on precedents that do not concern abortion,” doubt remains as to other women’s health rights. In his concurrence in Dobbs, Justice Clarence Thomas expressed interest in revisiting prior Supreme Court of the United States decisions upholding rights other than the right to abortion, such as the right to contraception upheld in Griswold v. Connecticut.
In response to the Thomas concurrence, the federal Right to Contraception Act was introduced. The act would have enshrined a person’s statutory right to contraception and a healthcare provider’s right to provide contraception. The act passed the US House of Representatives, but the US Senate version was unable to overcome a filibuster in June 2024. Federal efforts to protect the right to contraception are unlikely to pass in the new Congress.
Although federal action is unlikely, certain states have already protected the right to contraception under state law. Approximately 15 states and the District of Columbia currently have some form of protection for the right to contraception either by statute or under the respective state’s constitution. Under the new administration, state legislative action likely will increase with respect to the right to access contraception. Certain states with restrictive abortion policies, such as South Carolina, have proposed modifications to their abortion restrictions to explicitly protect the use of contraceptives.
WHAT STEPS SHOULD STAKEHOLDER CONSIDER TAKING?
Any company whose services touch on reproductive health or women’s health should engage in a risk assessment of their business and the ways in which the Trump administration may affect their ability to operate without complications. Although the first two months of EOs and other actions from the administration have not drastically altered the landscape for reproductive health across the country, access to reproductive and women’s health is likely to evolve over the next four years. We are closely monitoring these developments and will continue to forecast the ways in which this could impact stakeholders in the industry.