Preparing for the Implementation of Missouri Paid Sick Time: Key Deadlines and Compliance Requirements
The earned paid sick time provisions of Proposition A are set to take effect on May 1, 2025. Missouri Proposition A requires employers to provide employees working in Missouri at least 1 hour of sick leave for every 30 hours worked and allows carryover of up to 80 of such hours per year. The law applies to almost all Missouri employees, including full-time, part-time and temporary with limited exceptions. For more details on the requirements and background of this paid sick leave law, see our prior blog posts on Missouri Proposition A requirements here and litigation challenge here.
While ongoing litigation and legislative efforts seek to delay or modify certain aspects of the law, these initiatives are unlikely to affect the start date or the notice period required by the statute. Therefore, it is essential for employers to begin preparing for the implementation of the law to ensure compliance with the statutory requirements, including the mandatory notice and poster provisions.
Notice and Poster Requirements
Written Notice to Employees
Employers are required to provide written notice of the earned paid sick time policy to all employees by April 15, 2025. The notice must be provided on a single sheet of paper, using a font size no smaller than 14-point. This notice should be distributed along with the employer’s updated written policy.
The Missouri Department of Labor & Industrial Relations has provided a standardized notice for employers.
Poster Display Requirement
In addition to the written notice, Proposition A mandates that employers display a poster detailing the earned paid sick time policy in a “conspicuous and accessible place” at each workplace. This poster must be displayed starting April 15, 2025. The Missouri Department of Labor & Industrial Relations has also provided a poster for this purpose.
Litigation Update
On March 12, 2025, the Missouri Supreme Court heard oral arguments in a case brought by various business groups and associations challenging the constitutionality of Proposition A. The plaintiffs argue that the Proposition is unconstitutional due to its inclusion of both minimum wage and paid sick time issues on the same ballot.
While the Supreme Court has not yet issued a ruling, it typically takes between 100 and 200 days for the Court to render an opinion. Although the outcome of the case may ultimately affect certain provisions of the law, employers should continue preparing for the implementation of Proposition A as currently written, effective May 1, 2025.
Legislative Update
On March 13, 2025, House Bill 567 passed in the Missouri House of Representatives. This bill seeks to repeal the paid sick leave provisions of Proposition A, delay the scheduled minimum wage increase, and eliminate the annual adjustments to the minimum wage based on the price index. The bill cleared a public hearing in the Senate on March 26, and an executive session will be held on April 7.
If the bill passes the Senate and is signed into law by the Governor, it will not take effect until August 28, 2025. As a result, Proposition A will remain in effect beginning May 1, 2025, and employers should prepare for the law to be implemented as currently written.
Resources and Support
The Missouri Department of Labor & Industrial Relations has developed an overview and frequently asked questions (FAQ) section on its website to assist employers in understanding the requirements of Proposition A and the earned paid sick time benefits.
Missouri employers need to review and likely need to update their existing policies regarding sick time and/or paid time off to comply with Missouri paid sick leave requirements.
McDermott+ Check-Up – April 4, 2025
THIS WEEK’S DOSE
Reconciliation Moves Forward with Senate Introduction of Concurrent Budget Resolution. This move initiates the next stage in the reconciliation process, which requires House and Senate passage of a unified budget resolution.
Senate Confirms CMS Administrator. By a vote of 53 – 45, Mehmet Oz, MD, was confirmed as administrator of the Centers for Medicare & Medicaid Services (CMS).
Senate Judiciary Committee Holds Drug Legislation Markup. All six bills were passed by voice vote.
Senate Homeland Security and Governmental Affairs Committee Holds OPM Director Nomination Hearing. The hearing for Office of Personnel Management (OPM) director nominee Scott Kupor largely focused on the federal workforce.
House Energy and Commerce Health Subcommittee Holds Hearing on OTC Monograph Drugs. The hearing focused on the development of over-the-counter (OTC) sunscreen products.
House Energy and Commerce Oversight and Investigations Subcommittee Holds Hearing on Cybersecurity for Medical Devices. Witnesses advocated for increased cyber resilience of medical devices.
House Education and Workforce Health, Employment, Labor, and Pensions Subcommittee Holds Hearing on Employer-Sponsored Healthcare. The subcommittee sought to better understand the current landscape of employer-sponsored healthcare and discuss potential improvements.
HHS Begins Implementing Dramatic Restructuring, Cutting Agency Workforce and Consolidating Divisions. The US Department of Health and Human Services’ (HHS’s) initiative will eliminate or merge many divisions and offices, close five of the 10 regional offices, and create unprecedented changes that will have far-reaching consequences.
Laboratory-Developed Test Final Rule Struck Down. A federal court ruled that the US Food and Drug Administration could not regulate laboratory-developed tests as medical devices.
HHS Faces Legal Challenges to Rescinded Funding. Democratic attorneys general and governors in 23 states and Washington, DC, filed a lawsuit against HHS regarding the recent cancellation of $12 billion in state infectious disease and substance use grants.
CONGRESS
Reconciliation Moves Forward with Senate Introduction of Concurrent Budget Resolution. This move initiates the next stage in the reconciliation process, which requires the Senate and House to pass a unified budget resolution. Rather than resolving the different approaches of the previously passed resolutions in the two chambers, the resolution unveiled in the Senate this week takes the unusual, but permitted, approach of having the Senate and House stick with their preferred policies and funding levels. This would defer the tough decisions – including agreements on the level of spending cuts, tax extensions, and raising the debt limit – until later in the process.
In the healthcare space, this would mean that the House maintains its instruction to the Energy and Commerce Committee to cut $880 billion, much of which is anticipated to come from Medicaid, while the Senate instructs the Finance Committee (which has jurisdiction over Medicaid) to achieve a minimum of $1 billion in spending cuts.
The Senate cleared a procedural hurdle on the budget resolution and is moving toward advancing the measure by this weekend. President Trump met with Members and threw his strong support behind the effort. If the Senate passes the resolution, the House plans to advance it next week, which would likely require the intervention of the president, as near-unanimity among House Republicans would be necessary. Some conservative members of the House, including House Budget Committee Chair Arrington (R-TX), have come out in opposition to the Senate budget resolution, fearing that it would ultimately lead to a final reconciliation bill that does not achieve the level of spending cuts included in the House’s preferred plan.
Senate Confirms CMS Administrator. The full Senate confirmed Mehmet Oz, MD, as CMS administrator by a party-line vote of 53 – 45. Oz’s tenure begins amid significant restructuring and workforce reductions occurring at CMS and HHS.
Senate Judiciary Committee Holds Drug Legislation Markup. The six bipartisan bills listed below were all advanced out of the committee by voice vote. In the markup, senators emphasized the importance of lowering prescription drug prices.
S. 527, the Prescription Pricing for the People Act of 2025, would require the Federal Trade Commission (FTC) to study the role of intermediaries in the pharmaceutical supply chain.
S. 1040, the Drug Competition Enhancement Act, would prohibit product hopping.
S. 1041, A Bill to Amend Title 35, United States Code, to Address the Infringement of Patents That Claim Biological Products, and for Other Purposes, would address patent thickets.
S. 1097, the Interagency Patent Coordination and Improvement Act of 2025, would establish an interagency task force between the US Patent and Trademark Office and the US Food and Drug Administration (FDA) for patent-related information sharing and technical assistance.
S. 1095, the Stop STALLING Act, would enable the FTC to deter filing of sham citizen petitions.
S. 1096, the Preserve Access to Affordable Generics and Biosimilars Act, would prohibit pay-for-delay deals.
Senate Homeland Security and Governmental Affairs Committee Holds Nomination Hearing for OPM Director. In addition to considering OPM director nominee Scott Kupor, the hearing considered Eric Ueland’s nomination for deputy director of the Office of Management and Budget. Republican senators asked both nominees how they would address the federal government’s increasing size, as well as its hiring and firing processes. Democratic senators asked the nominees if they support the reduction of federal employees.
House Energy and Commerce Health Subcommittee Holds Hearing on OTC Monograph Drugs. During the hearing, witnesses urged the committee to improve FDA’s ability to develop safe and effective sunscreen products that can reduce the rates of skin cancer in the United States. Republican Members focused their questions on the regulation of OTC monograph drugs and how the United States can improve its clinical ability to produce sunscreens similar to those in other countries that have lower rates of skin cancer. Given the timing of the hearing, Democratic Members focused their questions on how the reorganization of HHS, specifically the FDA, will hinder the agency’s role to regulate and approve the efficiency and safety of OTC drugs and medical devices.
House Energy and Commerce Oversight and Investigations Subcommittee Holds Hearing on Cybersecurity for Medical Devices. In the hearing, witnesses emphasized the need for increased cyber resilience of medical devices and suggested various solutions, including improved coordination between stakeholders and the government and increased cybersecurity training and education. Democrats focused their comments on the ongoing HHS reorganization and reduction in force, and changes made to National Institutes of Health (NIH) funding. They expressed concerns about how those actions will affect medical device research, review, and regulation. Republicans focused on the potential for cyberattacks from foreign countries, including China, the risk of backdoor attacks, and barriers to cybersecurity faced by rural hospitals.
House Education and Workforce Health, Employment, Labor, and Pensions Subcommittee Holds Hearing on Employer-Sponsored Healthcare. Subcommittee members and witnesses discussed the current landscape of employer-sponsored healthcare and potential improvements. Republicans emphasized the importance of association health plans for small businesses and self-employed individuals, highlighting their potential to provide affordable and comprehensive health coverage by allowing small businesses to band together and negotiate better rates. Democrats expressed concerns about budget cuts to Medicaid and the layoffs occurring at HHS, stressing that they could potentially hurt small businesses and employer-sponsored insurance coverage.
ADMINISTRATION
HHS Begins Implementing Dramatic Restructuring, Cutting Agency Workforce and Consolidating Divisions. Following last week’s announcement of HHS’s “dramatic restructuring” that includes the elimination of 10,000 employees, the consolidation of 28 divisions into 15, the elimination of five of the agency’s 10 regional offices, and the creation of a new Administration for a Healthy America subdivision, HHS employees began to receive layoff notices this week. According to last week’s HHS announcement and subsequent anecdotal reports this week, significant workforce reductions are underway at FDA, NIH, CMS, and the Centers for Disease Control and Prevention, among others.
The action sent shockwaves across Capitol Hill and the healthcare sector. In Congress, Democrats swiftly expressed deep concerns, along with some Republicans. Senate Health, Education, Labor, and Pensions (HELP) Committee Chair Cassidy (R-LA) and Ranking Member Sanders (I-VT) formally invited HHS Secretary Kennedy to testify at a hearing on April 10, 2025, to update the committee on these actions. In the letter of invitation, they noted that during the confirmation process, Secretary Kennedy committed to coming before the committee quarterly, and that this is the first such invitation. While House Energy & Commerce Chair Guthrie (R-KY) and Health Subcommittee Chair Carter (R-GA) released a supportive statement, Chair Guthrie also requested a bipartisan staff briefing for HHS to explain the actions. Ranking Member Pallone (D-NJ) and Health Subcommittee Ranking Member DeGette (D-CO) called that action too little and wrote to Chair Guthrie, asking him to conduct oversight and hold hearings, including with Secretary Kennedy.
Democrats also sent multiple letters to Secretary Kennedy seeking more transparency:
Senate Finance Committee Ranking Member Wyden (D-OR), Senate HELP Committee Ranking Member Sanders, Senate Democratic Leader Schumer (D-NY), and Senator Warner (D-VA) led 34 Democratic senators in a letter requesting information about the fired employees by April 4, 2025, along with a detailed, staff-level briefing on the reduction in force plan.
House Energy and Commerce Committee Ranking Member Pallone, Health Subcommittee Ranking Member DeGette, and Oversight and Investigations Subcommittee Ranking Member Clarke (D-NY) sent a letter requesting documents and answers to a series of questions by April 15, 2025.
Lead Democratic appropriators from both sides of the Capitol sent a letter requesting specific information about HHS’s organizational structure by April 4, 2025.
No further details on the restructuring have been released as of the publication of this Check-Up, and Members of Congress are learning of the specific impacts only anecdotally through reports of specific terminations. Still unknown is the impact on HHS operations, the timing of regulations and agency guidance, and daily operations. We will continue to provide updates as we learn more.
COURTS
Laboratory-Developed Test Final Rule Struck Down. The US District Court for the Eastern District of Texas struck down the FDA’s final rule on laboratory-developed tests (LDTs), under which FDA would have started regulating LDTs as medical devices, with the initial phase starting May 6, 2025. Citing the new Loper Bright standard that has replaced the Chevron doctrine, the court concluded that the LDT final rule exceeded FDA’s authority under the Food, Drug, and Cosmetic Act, stating that FDA’s authority to regulate “devices” extends to tangible, physical products that are commercially distributed – not professional services that use such products.
HHS Faces Legal Challenges to Rescinded Funding. Last week, HHS canceled $12 billion in state infectious disease and substance use grants. Democratic attorneys general and governors in 23 states and Washington, DC, have filed a lawsuit against HHS seeking a temporary restraining order and injunctive relief to halt the funding cuts, stating that the cuts were unlawful and harmful. As legal challenges continue, it is being reported that the Trump administration is withholding tens of millions of dollars from Planned Parenthood clinics, claiming the clinics have violated Trump’s executive order on diversity, equity, and inclusion. In related news, the US Supreme Court heard oral arguments this week on South Carolina’s effort to exclude Planned Parenthood from its Medicaid program.
QUICK HITS
President Imposes Higher Tariffs. President Trump announced his plan to impose higher tariffs, including a 10% universal tariff on all goods imported into the United States, beginning April 5, 2025, and higher reciprocal tariffs on certain jurisdictions, including China, Japan, and the European Union, beginning April 9, 2025. The plan comes with certain exemptions, including pharmaceutical products, although that could change as the administration considers and advances additional trade policies.
CBO Releases Long-Term Budget Outlook. The Congressional Budget Office (CBO) predicts that the Medicare Hospital Insurance Trust Fund will run out of funds in 2052, which is 17 years later than previously estimated. According to CBO, expenditures from the trust fund are projected to be smaller and income to the trust fund is projected to be greater than projected last year because Part A spending was less than anticipated in 2024, payments to hospitals are expected to grow more slowly than they did in 2024, and modeling of federal payments to insurers in the Medicare Advantage program has been updated. Read the full report here.
NIH, FDA Nominees Sworn In. Jay Bhattacharya, MD, PhD, was sworn in as NIH director, and Martin Makary, MD, MPH, was sworn in as FDA commissioner.
ONDCP Releases Drug Policy Priorities. The White House Office of National Drug Control Policy (ONDCP) outlined six priorities for the Trump Administration:
Reduce the number of overdose fatalities, with a focus on fentanyl
Secure the global supply chain against drug trafficking
Stop the flow of drugs across borders and into communities
Prevent drug use before it starts
Provide treatment that leads to long-term recovery
Innovate in research and data to support drug control strategies
BIPARTISAN LEGISLATION SPOTLIGHT
Sens. Schatz (D-HI), Wicker (R-MS), Warner (D-VA), Hyde-Smith (R-MS), Welch (D-VT), and Barrasso (R-WY) reintroduced the CONNECT for Health Act this week. The bipartisan bill would make permanent the current Medicare flexibilities that are scheduled to expire on September 30, 2025, without further congressional action. The bill has a total of 59 original cosponsors. A press release from Sen. Schatz can be found here. Companion legislation in the House is expected imminently from Reps. Thompson (D-CA), Schweikert (R-AZ), Matsui (D-CA), and Balderson (R-OH).
NEXT WEEK’S DIAGNOSIS
The Senate and House will be in session next week, as Republican leaders continue efforts to advance the partisan budget reconciliation process. Hearings and markups of note next week include the following:
The House Energy and Commerce Committee will hold a markup that was postponed this week after Speaker Johnson abruptly cancelled votes for most of the week. The broadly bipartisan markup will include several health-related bills.
A Senate HELP Committee markup will include a pediatric cancer bill.
The House Ways and Means Health Subcommittee will hold a hearing on biosimilars.
House Energy and Commerce Chairman Guthrie stated that HHS Secretary Kennedy has agreed to a bipartisan briefing to answer questions about the HHS reorganization, but we are awaiting official confirmation. It is not yet known whether Secretary Kennedy will accept the Senate HELP Committee’s invitation to testify on April 10, 2025. We are also watching for the IPPS proposed rule and Medicare Advantage and Part D final rule, which are both pending release.
Unlocking the Secrets of the Endocannabinoid System: A New Frontier in Therapeutic Cannabis Research for Adolescents
Humans possess several well-established bodily systems, including the sympathetic nervous system, the central nervous system, and the endocrine system. A relatively recent discovery is the endocannabinoid system (ECS). Understanding the ECS is essential for comprehending the effects of cannabis and its compounds on the body, particularly in therapeutic applications.
Endocannabinoids are naturally occurring compounds in the body that bind to cannabinoid receptors located throughout the body. The ECS regulates physiological processes such as mood, appetite, sleep, immune response, pain sensation, memory, and growth and development. The ECS is present and active regardless of cannabis use. Compounds in cannabis, including THC (tetrahydrocannabinol) and CBD (cannabidiol), interact with the ECS by binding to the endocannabinoid receptors. THC can produce psychoactive effects when binding with these receptors, while CBD interacts indirectly and provides therapeutic benefits without causing a high. Current research is focused on the effects and benefits of cannabis-based medical products for adolescent diseases, including childhood cancer, treatment-resistant epilepsy, and Sturge-Weber Syndrome (SWS), a rare congenital disorder characterized by a facial birthmark, abnormal blood vessels in the brain, and eye abnormalities.
Current research is focused on the effects and benefits of cannabis-based medical products for adolescent diseases, including childhood cancer, treatment-resistant epilepsy, and Sturge-Weber Syndrome (SWS), a rare congenital disorder characterized by a facial birthmark, abnormal blood vessels in the brain, and eye abnormalities.
In 2018, the U.S. Food and Drug Administration approved Epidiolex oral solution (highly purified CBD) for the treatment of seizures associated with two severe forms of epilepsy, Lennox-Gastaut syndrome and Dravet syndrome, in patients two years of age and older. Since then, scientists have studied whether Epidiolex is effective in treating pediatric patients with SWS. In 2024, researchers summarized early data on Epidiolex’s efficacy for preventing and treating epilepsy and neurocognitive impairments in patients with SWS. In their review, researchers found that CBD interacts with endocannabinoids and produces an anti-inflammatory, neuroprotective, and anti-epileptic effect. In addition to reduced seizure activity, patients demonstrated improvements in cognitive, behavioral, and motor functions as well as quality of life.
In another recent study, researchers conducted a review of published literature evaluating the use of cannabis in pediatric oncology patients. The review evaluated the safety, dosing, and effectiveness of cannabis products for managing symptoms in children with cancer. After examining ten observational studies involving 1,529 children and nine interventional studies with 398 participants, the researchers determined that cannabinoids may be beneficial in managing pain, nausea, and vomiting in pediatric patients, particularly when traditional pharmaceuticals are ineffective. The researchers explained that cannabinoids bind to cannabinoid 1 receptors of the ECS and prevent the release of emetogenic neurotransmitters, the chemical messengers that trigger nausea and vomiting. Notably, no serious cannabis-related adverse events were reported across all studies, but researchers underscored the need for further investigation into the composition of cannabis products, appropriate dosages, and potential drug interactions.
Research on cannabinoids and the ECS is evolving, with promising therapeutic applications for various health conditions. We will keep monitoring this research to uncover its potential benefits for adolescents and adults.
We Aren’t in Kansas Anymore – Dr. Oz Confirmed as Head of CMS
Well, maybe they held off until after Medicarians, but the Senate has confirmed Dr. Mehmet Oz as the new head of the Center for Medicare and Medicaid Services (CMS).
Dr. Oz is probably most known for hosting a daytime TV-show. But, he is now in charge of the CMS and its substantial budget which equates to over 20 percent of federal outlays. Importantly, for TCPAWorld readers, CMS also is the primary regulator for the marketing of Medicare Advantage (MA) and Part D plans.
Dr. Oz has been vocal in his support for Medicare Advantage in the past and could work to make the MA process better for consumers. However, during his confirmation hearing, he did note that “We’re actually apparently paying more for Medicare Advantage than we’re paying for regular Medicare. So it’s upside down”.
With a proposed final rule still waiting to be finalized, it will be interesting to see how Dr. Oz’s leadership of the organization will affect agencies and marketers. One area of interest will be the finalization of the expansion of CMS’s oversight of “marketing” under the MA and Part D plans which will be bring even more advertising materials under the purview of CMS for review and approval. Prior to this proposed rule, whether a MA or Part D “communication” counted as “marketing” depended on two things: its content and its intent. “Content” meant it had to include details about plan benefits, costs, ratings, or MA-specific rewards.
Now, CMS is proposing a shift. They want to drop the content requirement entirely. If this rule is finalized, the only thing that will matter is the “intent” behind the communication. Does the communication intend to influence the consumer’s enrollment decision? CMS will figure this out by looking at objective factors like the audience and the message itself, not just the plan’s stated purpose. The expectation is that this will significantly increase the amount of materials that plans will need to submit for CMS review, leading to more comprehensive oversight of Medicare marketing.
Maybe under Dr. Oz’s leadership this rule will get another look. One thing is for certain, as Dr. Oz pointed out at his hearing, “There’s a new sheriff in town.”
New York State Department of Health Releases FAQs Regarding PHL 45-A, the Material Transactions Law
Roughly two years in the making, the New York State Department of Health (NYS DOH) has issued long-awaited guidance on its material transactions law.
Notably, the guidance provides clarity on how to calculate the “de minimis” exception to the material transaction law requirement—including an indication that “related” transactions only need to have a single party in common, which is an important consideration for providers and investors pursuing a “roll-up” strategy.
N.Y. Pub. Health Law Article 45-A, “Disclosure of Material Transactions,” took effect on August 1, 2023, and requires “health care entities” involved in a “material transaction” to provide written notice to the NYSDOH at least 30 days prior the proposed closing of a transaction. As our colleagues wrote at the time, the legislation grew out of concerns with the “proliferation of large physician practices being managed by entities that are investor-backed” (e.g., private equity).
These concerns have only increased in the past two years; more than a dozen states including New York have enacted health care transaction notice requirements. Currently, several state legislatures are attempting to either amend existing requirements or create new ones. New York is one state that is potentially amending its existing notice requirement. As we noted in March, proposed legislative changes to the New York law would include an extension of the notice deadline to 60 days; a statement as to whether any party to the transaction owns any other health care entity that within the past three years has closed operations, is in the process of closing operations, or has experienced a substantial reduction in services; and a statement as to whether a sale-leaseback agreement, mortgage or lease, or other payments associated with real estate are a component of the proposed transaction.
We discuss the existing New York law, and the recent guidance, below. The guidance is brief; if you have additional questions in this area, please reach out to the authors.
Who is required to report material transactions?
The first topic addressed in the NYS DOH’s FAQs is “[w]hich entities are required to report Material Transactions under PHL Article 45-A?” As described in PHL 45-A and the FAQs, PHL45-A applies to both in-state and out-of-state “health care entities.” Both Section 4550(2) and Q1-Q2 of the FAQs clarify that “health care entities” subject to the reporting requirements include, but are not limited to:
Physician practices or groups;
Management services organizations or similar entities providing all or substantially all the administrative or management services that are under contract with at least one physician practice;
Provider-sponsored organizations;
Health insurance plans;
Health care facilities, organizations, or plans providing health care services in New York;
Dental practices;
Clinical laboratories;
Pharmacies (including wholesale pharmacies and secondary wholesalers);
Independent practice associations (IPAs); and
Accountable care organizations (ACOs).
Notably, the NYS DOH FAQs do not specify any other healthcare professions under the list of “health care entities,” including applied behavior analysts, chiropractors, clinical social workers, occupational therapists or physical therapists. There have been open questions whether such professions are captured under this law or whether a management services organization that provides administrative services to such professions are considered “health care entities” and subject to the law. The NYS DOH did not list such professions in the FAQ but included a disclaimer that the professions listed are not exhaustive but illustrative of the types of entities covered under the law.
What constitutes a material transaction?
Both Section 4550(4)(a) and Q3 of the FAQs state that a “material transaction” means any of the following—occurring during a single transaction or in a series of related transactions in a rolling twelve-month time period—that result in a “health care entity” increasing its total gross-in-state revenues by $25 million or more:
A merger with a health care entity;
An acquisition of one or more health care entities, including but not limited to the assignment, sale, or other conveyance of assets, voting securities, membership, or partnership interest or the transfer of control;
An affiliation agreement or contract formed between a health care entity and another person; or
The formation of a partnership, joint venture, accountable care organization, parent organization, or management services organization for the purpose of administering contracts with health plans, third-party administrators, pharmacy benefit managers, or health care providers as prescribed by the commissioner by regulation.
Exemptions
Both Section 4550(4)(b) and Q4-Q6 of the FAQs state that a material transaction does not include
Clinical affiliations of health care entities formed for the purpose of collaborating on clinical trials or graduate medical education programs;
Transactions already subject to review under certain provisions; and
De minimis transactions, meaning a transaction or a series of related transactions which result in a health care entity increasing its total gross in-state revenues by less than $25 million.
De Minimis Exemption:
Likely in response to questions from industry stakeholders, the FAQs clarify—with relevant examples—the de minimis transaction exemption and how the $25 million threshold is calculated on an annual basis.
Calculating de minimis transaction exception for a single transaction:
The guidance indicates that the state will consider the de minimis exception in one of two ways depending upon the transaction structure.
If the transaction in question is an acquisition where the acquiring entity will remain an ongoing concern, the guidance indicates that the parties must assess whether the entity or entities being acquired had $25 million or more in gross in-state revenue in the prior 12-month period from the anticipated closing date (“lookback period”).
If the transaction is a merger that results in a new corporate entity, the guidance indicates that the parties must assess whether the whether their total combined gross in-state revenues from the 12-month lookback period is greater than or equal to $25 million.
Calculating de minimis exception for a series of related transactions:
The guidance indicates that the state considers a series of related transactions to be those where the acquiring party remains the same regardless of the identity of the selling or acquired party. Therefore, the guidance instructs the parties to assess the revenue associated with each of the acquirer’s transactions that took place, or will take place, during the 12-month lookback period to determine if the total added combined gross in-state revenue calculated across all of the transactions is greater than or equal to $25 million or more.
CON Exemption:
If elements of a transaction are subject to separate review/approval processes—including but not limited to certificate of need (CON) laws—the parties to the proposed transaction must report the non-CON portions of the transaction, if a good faith estimation of the total in-state gross revenues of the transaction less the total in-state gross revenues of those elements subject to CON review/approval is calculated to be more than $25 million.
Impact assessments
Expanding on the directive in § 4552(1)(f) to determine the material transaction’s impact on cost, quality, access, health equity and competition in the impacted markets, Q7 of the FAQs state that the parties should provide a good faith assessment of the impact of the proposed material transaction, including but not limited to whether:
Services will be eliminated, reduced, added, or expanded;
Contracts with certain insurance carriers will be added or eliminated, including whether Medicaid participation will be impacted;
Locations will open or close, or expand or reduce service availability;
Healthcare staffing changes are expected;
Contracted commercial payor rate increases are anticipated;
Changes in the share of services provided to historically underserved populations are anticipated; and
The parties expect any increase in market consolidation.
More to Know
Additional requirements not covered in the FAQs, including the submission of names, addresses, copies of definitive agreements, location of services and revenue, closing date, and nature and purpose may be found in Section 4552.
The NYS DOH encourages stakeholders, counsel and the public to review its Material Transactions webpage, which includes a link to summaries of reported transactions. Question 8 of the FAQs notes that interested parties may comment on a proposed material transaction by emailing comments to MaterialTransactionDisclosure@health.ny.gov. (Additional questions not covered by the FAQs may be emailed to the same address).
Minnesota Employment Legislative Update 2025, Part I: Breaking the Tie to Make the Law
After controlling Minnesota’s House, Senate, and governorship since 2023, the Minnesota Democratic–Farmer–Labor (DFL) Party’s legislative and gubernatorial “trifecta” at the state capitol is no more. The 2025 regular session of the Minnesota Legislature began with Democrats and Republicans tied at sixty-seven members each in the House and a slim DFL majority in the Senate, meaning no single party can push through its agenda alone.
With every vote carrying significant weight in the session, legislators must reach across the aisle to achieve the majority vote required to pass bills. The question is, who will compromise, and what will it take to break the tie?
Quick Hits
The Minnesota Legislature’s party divide creates uncertainty for employers, with amendments to key labor laws like Paid Family and Medical Leave and Earned Sick and Safe Time potentially facing delays or requiring bipartisan compromise.
Proposed amendments to Minnesota’s Earned Sick and Safe Time Law include delaying penalties for violations before January 1, 2026, making Earned Sick and Safe Time permissive, and changes to leave notice requirements and documentation for extended leave, but none have advanced past initial stages.
Various bills aim to modify or delay the Paid Family and Medical Leave Law, with some proposing exemptions for small employers and others seeking to repeal the law or delay its implementation until 2027.
This divide in the Minnesota Legislature means uncertainty for Minnesota employers. Critical issues, such as Minnesota’s Paid Family and Medical Leave and Earned Sick and Safe Time (ESST) laws, may either face delays or require bipartisan compromise to advance. Employers should stay alert until the end of the legislative session on May 19, 2025, as the legislature negotiates the future of Minnesota’s labor and employment laws.
This article previews key proposed bills that would impact employers if enacted. While it is too early to predict which bills will reach the governor’s desk, the nature of the proposed legislation offers insight into the extent of the legislative divide and the effort required by the legislature to pass any bills.
Minnesota Earned Sick and Safe Time
A handful of proposed bills would amend Minnesota’s ESST law, but none have advanced past their introduction and first reading. These bills sit in the Minnesota House of Representatives’ Workforce, Labor, and Economic Development Finance and Policy Committee and the Minnesota Senate’s Labor Committee, respectively.
House File (HF) 2025 / Senate File (SF) 2300 would create the most significant changes among the proposed bills. These companion bills, among other amendments, would:
exempt employers with fewer than fifteen employees from ESST requirements;
allow prorating ESST hours based on full-time or part-time employee status;
change employee notice for unforeseeable leave from “as soon as practicable” to “as reasonably required by the employer”;
allow employers to ask for documentation if ESST use exceeds two days;
remove certain paid time off (PTO) requirements; and
let employers ask employees to find replacements unless the leave is unforeseeable and permit employees to find replacements on their own.
Other proposed bills would exclude farm employees working for farms with five or fewer employees (HF 1057 / SF 310), Department of Transportation workers (HF 1905), and inmates of correctional facilities (SF 947) from certain requirements; exclude employees appointed to serve on boards or commissions from certain definitions (HF 758 / SF 494); and give employers the option to provide certain benefits (HF 1542 / SF 2572). HF 1325 / SF 2605 would prohibit penalties for violations before January 1, 2026, and provide various exemptions and proration options for small employers.
Paid Family and Medical Leave (Paid Leave)
Various proposed bills aim to change the Paid Leave Law, including potentially delaying its implementation for another year or repealing it altogether. Notably, HF 0011 / SF 2529 would delay the law’s implementation by one year, meaning employees would not receive benefits until January 1, 2027. Once it was sent to the House floor for debate and vote, the House laid HF0011 on the table. No further action will be taken until the House reconsiders the bill.
Other related bills to watch:
HF 1241 / SF 1771 and HF 1263 / SF 2277 would repeal the Paid Leave Law and return unspent money to the general fund.
HF 0260 / SF 1793 would exempt employers with twenty or fewer employees until January 1, 2028.
HF 2113 would exempt employers with fifty or fewer employees.
HF 2024 would exempt certain small employers; change the definition of a seasonal employee; allow private plans to provide shorter durations of leave and benefits under certain circumstances; and postpone benefits until January 1, 2027.
HF 1523 / SF 1849 would exempt certain agricultural workers.
HF 2269 would delay employer penalties for failure to notify employees of paid leave benefits until January 1, 2027.
HF 1976 / SF 2466 would exempt collective bargaining agreement employees from the definition of “covered employment” under certain conditions; remove individuals with personal relationships with employees from the definition of “Family Member”; change the definition of “small employer” to fifty or fewer employees; and require small employers to pay a 50 percent rate among other amendments.
Nondiscrimination
The legislature introduced numerous bills targeting nondiscrimination laws, which are summarized here.
HF 1672 / SF 2371 would expand nondiscrimination provisions to include medical cannabis patients.
HF 2182 / SF 200 would allow employers to justify adverse impact of discriminatory practices if related to the job or business purpose.
HF 0481 / SF 1529 would prohibit employment discrimination based on refusal of medical intervention.
HF 0282 / SF 407 would add political affiliation as a protected category under the Minnesota Human Rights Act. Similarly, SF 863 would prohibit employers from engaging in economic reprisals based on political contributions or activity.
HF 1427 / SF 1111 would require transportation network companies to make vehicles wheelchair-accessible and adopt nondiscrimination policies.
Independent Contractors
The legislature has taken up several bills related to independent contractors. Below is a summary of the key bills currently under consideration:
HF 1316 / SF 2306 would require employers to report newly hired independent contractors to the commissioner of children, youth, and families for child support purposes.
SF 2153 would expand “prohibited practices” to include “if an employer has a formal job classification and compensation plan, place an employee in a job classification or job category or provide a job title that misrepresents the employee’s experience or actual job duties and responsibilities.”
HF 2145 / SF 2361 woulddouble the potential penalty for employers that intentionally misrepresent an employee as an independent contractor in the unemployment insurance or paid family and medical leave programs.
Job Postings, Employment Agreements, and Unions
The legislature also introduced bills that would affect job posting requirements, employment agreements, and unions. Namely:
Job Postings
HF 1484 / SF 2235 would require job postings to disclose whether employee health plan options comply with cost-sharing limits.
Employment Agreements
HF 2567 / SF 2533 would prohibit stay-or-pay provisions as a condition of employment.
HF 1768 would provide more circumstances under which a covenant not to compete is valid and enforceable.
Unions
HF0107 / SF1532 would allow strikers who stop working due to a labor dispute to be eligible for unemployment benefits.
SF 1148 would allow applicants to be eligible for unemployment benefits if the employer hires a replacement worker for their position.
HF 2240 / SF 3050 would allow private employees to allocate their union dues to a local, state, or national organization of their choice.
Opposition to Renewed COPA Application in Indiana Reveals FTC Leadership’s Views on Hospital Merger Enforcement
The Federal Trade Commission (FTC) recently submitted comments in opposition to a renewed application for a certificate of public advantage (COPA) that would, if granted, allow two hospitals in Indiana to merge despite potential antitrust concerns.
In its submission, the FTC suggested that it had no institutional bias against COPAs but routinely objects because of the price increases, declines in quality, and lower wages that the FTC argues result from most mergers subject to a COPA.
The FTC also said that it takes “failing-firm” defense arguments (i.e., the claim that one of the parties to the transaction will fail unless the merger is permitted) seriously and “never wants to see a valued hospital exit a community.” Furthermore, the FTC stated that it “has not challenged mergers with hospitals that are truly failing financially and cannot remain viable without the proposed acquisition.”
Nevertheless, the FTC noted the potential for cross-market harms as a reason to object to the Indiana hospitals’ COPA application. The FTC identified businesses with employees in counties not directly in the hospitals’ service areas who might be adversely affected by the transaction, the impact on the cost of health care for state employees, and the purported effect on patients insured by Medicare and Medicaid as reasons to object to the proposed application.
The BR Privacy & Security Download: April 2025
STATE & LOCAL LAWS & REGULATIONS
Virginia Governor Vetoes AI Bill: Virginia Governor Glenn Youngkin vetoed the Virginia High-Risk Artificial Intelligence Developer and Deployer Act (the “Act”). The Act was similar to the Colorado AI Act and would have required developers to use reasonable care to prevent algorithmic discrimination and to provide detailed documentation on an AI system’s purpose, limitations, and risk mitigation measures. Deployers of AI systems would have been required to implement risk management policies, conduct impact assessments before deploying high-risk AI systems, disclose AI system use to consumers, and provide opportunities for correction and appeal. The governor stated that the Act’s “rigid framework fails to account for the rapidly evolving and fast-moving nature of the AI industry and puts an especially onerous burden on smaller firms and startups that lack large legal compliance departments” and that the Act “would harm the creation of new jobs, the attraction of new business investment, and the availability of innovative technology” in the state. The governor also noted that existing state laws “protect consumers and place responsibilities on companies relating to discriminatory practices, privacy, data use, libel, and more” and that an executive order issued by the governor in 2024 established safeguards and oversight for AI use.
CPPA Advances Regulations for Data Broker Deletion Mechanism: The California Privacy Protection Agency (“CPPA”) advanced proposed California Delete Act regulations through the establishment of the Delete Request and Opt-Out Platform (“DROP”). These regulations would create an accessible mechanism for consumers to request the deletion of all their non-exempt personal information held by registered data brokers via a single request to the CPPA. The proposed rules also clarify the definition of a “direct relationship” with a consumer, specifying that simply collecting personal information directly from a consumer does not constitute a direct relationship unless the consumer intends to interact with the business. This revision could bring more businesses, such as third-party cookie providers, under the definition of data brokers. Consumers will likely be able to access DROP by January 1, 2026, and data brokers will be required to access it by August 1, 2026.
Virginia Enacts Reproductive Privacy Law: Virginia enacted amendments to the Virginia Consumer Data Protection Act to prohibit the collection, disclosure, sale, or dissemination of consumers’ reproductive or sexual health data without consent. “Reproductive or sexual health information” is defined under the law as “information relating to the past, present, or future reproductive or sexual health of an individual,” including: (1) efforts to research or obtain reproductive or sexual health information services or supplies, including location information that may indicate an attempt to acquire such services or supplies; (2) reproductive or sexual health conditions, status, diseases, or diagnoses, including pregnancy, menstruation, ovulation, ability to conceive a pregnancy, whether an individual is sexually active, and whether an individual is engaging in unprotected sex; (3) reproductive and sexual health-related surgeries and procedures, including termination of a pregnancy; (4) use or purchase of contraceptives, birth control, or other medication related to reproductive health, including abortifacients; (5) bodily functions, vital signs, measurements, or symptoms related to menstruation or pregnancy, including basal temperature, cramps, bodily discharge, or hormone levels; (6) any information about diagnoses or diagnostic testing, treatment, or medications, or the use of any product or service relating to the matters described in 1 through 5; and (7) any information described in 1 through 6 that is derived or extrapolated from non-health-related information such as proxy, derivative, inferred, emergent, or algorithmic data. “Reproductive or sexual health information” does not include protected health information as defined by HIPAA.
Oregon Attorney General Releases Enforcement Report on Oregon’s Consumer Privacy Act: The Oregon Attorney General released a six-month report on the enforcement of Oregon’s comprehensive privacy law, the Consumer Privacy Act (“OCPA”), which took effect on July 1, 2024. The report provides that, as of the beginning of 2025, the Privacy Unit within the Civil Enforcement Division at Oregon’s Department of Justice (“Privacy Unit”) received 110 complaints. Most of these complaints were about online data brokers. In the last six months, the Privacy Unit initiated and closed 21 matters after sending cure notices (the OCPA provides for a 30-day cure period, which sunsets on January 1, 2026) and broader information requests. Some of the most common deficiencies identified were the lack of requisite disclosures or confusing privacy notices (e.g., not listing the OCPA rights or not naming Oregon in “your state rights” section), and lacking or burdensome rights mechanisms (e.g., the lack of a webpage link for consumers to submit opt-out requests).
Utah Becomes First State to Enact Legislation Requiring App Stores to Verify Users’ Ages:Utah has enacted the App Store Accountability Act, which mandates that major app store providers must verify the age of every user in the state. For users under 18, the law requires verifiable parental consent before any app can be downloaded, including free apps, or any in-app purchases can be made. App stores must also confirm a user’s age category (adult, older teen (16-17), younger teen (13-15), or child (under 13)). When a minor creates an account, it must be linked to a parent’s account. App store providers are responsible for building systems to verify ages, obtain parental consent, and share this data with app developers. They must also provide sufficient disclosure to parents about app ratings and content and notify them of significant changes to apps their children use, requiring renewed consent. Violations of the law will be considered deceptive trade practices, and the act creates a private right of action for harmed minors or their parents. The core requirements for age verification and parental consent are set to take effect on May 6, 2026.
Michigan Legislative Committee Advances Judicial Privacy Bill: The Michigan Senate Committee on Civil Rights, Judiciary, and Public Safety provided a favorable recommendation for a judicial privacy bill that would allow state and federal judges to request the deletion of their personal information from public listings. The Michigan bill would create a private right of action with mandatory recovery of legal fees for any entity that fails to respond to a valid deletion request. The purpose of the bill is to protect against a significant uptick in threats against judicial officers and their families. The bill is based on Jersey’s Daniel’s Law, which has sparked a wave of class action lawsuits against data brokers and online listing companies. If passed, businesses that receive a valid request from a member of the judiciary or their immediate family members under the proposed bill would have to remove from publication any covered information pertaining to the requestor.
Virginia Legislature Passes Consumer Data Protection Act Amendments Restricting Minors’ Use of Social Media; Governor Declines to Sign: The Virginia Legislature unanimously passed a bill to amend the Virginia Consumer Data Protection Act to limit minors’ use of social media to one hour per day. Specifically, the bill would require that any social media platform operator to (1) use commercially reasonable methods, such as a neutral age screen mechanism, to determine whether a user is a minor younger than 16 years of age and (2) limit any such minor’s use of such social media platform to one hour per day, per service or application, and allow a parent to give verifiable parental consent to increase or decrease the daily time limit. Virginia Governor Glenn Youngkin declined to sign the bill as passed, recommending several changes to strengthen the bill. These recommendations include raising the age of covered users from 16 to 18 and requiring social media platform operators to disable infinite scroll features and auto-playing videos unless the operator has obtained verifiable parental consent.
FEDERAL LAWS & REGULATIONS
Lawmakers Reintroduce COPPA 2.0 to Strengthen Children and Teens’ Online Privacy:U.S. Senators Bill Cassidy (R-LA) and Edward Markey (D-MA) have reintroduced the Children and Teens’ Online Privacy Protection Act (“COPPA 2.0”), aiming to update online data privacy rules to better protect children and teenagers. The bill seeks to address the youth mental health crisis by stopping data practices that contribute to it. COPPA 2.0 proposes several key measures, including a ban on targeted advertising to children and teens and the creation of an “Eraser Button,” allowing users to delete personal information. It also establishes data minimization rules to limit the excessive collection of young people’s data and revises the “actual knowledge” standard to prevent platforms from ignoring children on their sites. Furthermore, the legislation would require internet companies to obtain consent before collecting personal information from users aged 13 to 16. Previous versions of COPPA 2.0 have advanced in Congress, passing the Senate and a House committee in the past.
White House Seeks Stakeholder Input for Trump Administration’s AI Action Plan:The White House Office of Science and Technology Policy issued a Request for Information to gather public input on the administration’s AI Action Plan. This AI Action Plan intends to define priority policy actions to enhance America’s position as an AI powerhouse and prevent unnecessary regulations from hindering private sector innovation. The focus is on promoting U.S. competitiveness in AI, limiting regulatory burdens, and developing safeguards that support responsible AI advancement. Stakeholders, including academia, industry groups, and private sector organizations, were encouraged to share their policy ideas on topics such as model development, cybersecurity, data privacy, regulation, national security, innovation, and international collaboration. The submitted comments will be used to inform future regulatory proposals.
Congresswoman Issues RFI for Input on U.S. Privacy Act Reform: Congresswoman Lori Trahan (D-MA) announced her effort to reform the Privacy Act of 1974, aiming to protect Americans’ data from government abuse. The proposed reforms seek to address outdated provisions in the act and enhance privacy protections for individuals in the digital age. Trahan emphasized the importance of updating the act to reflect modern technological advancements and the increasing amount of personal data collected by government agencies. The initiative includes measures to ensure greater transparency, accountability, and oversight of data collection practices. Trahan highlights the urgency of the issue as a result of access by the Department of Government Efficiency staff to personal data held by several agencies and calls for legislative action to protect citizens’ privacy rights and prevent government overreach.
U.S. LITIGATION
Court Blocks Enforcement of California Age-Appropriate Design Code: Industry group NetChoice scored yet another victory over the California Age-Appropriate Design Code Act, obtaining a second preliminary injunction temporarily blocking its enforcement. The act was passed unanimously by the California legislature in 2022 and—if enforced—would place extensive new requirements on websites and online services that are “likely to be accessed by children” under the age of 18. NetChoice won its first preliminary injunction in September 2023 on the grounds that the act would likely violate the First Amendment. In August 2024, the Ninth Circuit partially upheld this injunction, finding that NetChoice was likely to succeed in demonstrating that the act’s data protection impact assessment provisions violated the First Amendment. However, the Ninth Circuit remanded the case for determination of the constitutionality of the remaining provisions as well as whether any unconstitutional provisions could be severed from the remainder of the act. On remand, Judge Beth Labson Freeman again granted NetChoice’s motion for preliminary injunction finding that the act regulates protected speech, triggering a strict scrutiny review. Judge Freeman concluded that although California has a compelling interest in protecting the privacy and well-being of children, this interest alone is not sufficient to satisfy a strict scrutiny standard. This ruling is likely to strengthen NetChoice’s opposition of similar acts, such as the Maryland Age-Appropriate Design Code Act.
Court Rejects Allegheny Health Network’s Attempt to Force Arbitration over Meta Pixel Tracking:The U.S. District Court for the Western District of Pennsylvania ruled that Allegheny Health Network (“AHN”) cannot compel arbitration in a class action lawsuit filed by a patient under a pseudonym. The patient alleged that AHN unlawfully collected and disclosed his confidential health information to Meta Platforms. AHN initially sought to compel arbitration based on an arbitration provision within their website’s Terms of Service. However, the court denied this motion, finding that the patient did not have actual or constructive notice of the arbitration agreement. The court found that the link to the AHN’s Terms of Service, a “browsewrap” agreement, was not sufficiently conspicuous, as it was located at the bottom of the homepage among numerous other links and in a less visible footer on its “Find a Doctor” page. Additionally, the court found AHN failed to prove the patient had seen the specific Terms of Service containing the arbitration provision that was added to the website.
Supreme Court Declines Review of Sandhills Medical Data Breach Suit:The U.S. Supreme Court has declined to review a Fourth Circuit decision that ruled Sandhills Medical Foundation Inc. (“Sandhills Medical”), a federally funded health center, cannot use federal immunity to shield itself from a data breach lawsuit. The lawsuit was brought by Joann Ford following a data breach at Sandhills Medical. Sandhills Medical argued it was entitled to federal immunity under 42 U.S.C. § 233(a), which protects federally funded health centers from lawsuits related to the performance of medical, surgical, dental, or related functions. The Fourth Circuit, however, interpreted “related functions” narrowly, stating it did not cover data protection. Sandhills Medical, in its petition to the Supreme Court, contended that this ruling created a circuit split with the Ninth and Second Circuits, which have taken a broader view of the immunity. Sandhills Medical warned that the Fourth Circuit’s “unnaturally cramped” reading of the statute needed correction. Despite these arguments, the Supreme Court denied Sandhills Medical’s petition, meaning the health center will now face the lawsuit in South Carolina District Court.
Utah Attorney General Seeks Reinstatement of Utah Minor Protection in Social Media Act: Utah has requested a federal appeals court to reinstate a law that imposes restrictions on social media platforms. The Utah Minor Protection in Social Media Act (the “Act”), passed in 2024, was previously blocked by a lower court. The act aims to protect minors from harmful content and requires social media companies to verify the age of users and obtain parental consent for minors. Utah’s Attorney General argues that the law is necessary to safeguard children from online dangers and prevent exploitation. Previously, tech industry group NetChoice successfully sued to block the law, arguing it infringes on First Amendment rights and imposes undue burdens on businesses.
Court Holds Sharing of IP Address Insufficient to Prove Harm in CIPA Case: Judge Edgardo Ramos of the Southern District of New York granted defendant Insider, Inc.’s (“Insider”) motion to dismiss claims that its use of Audiencerate’s website analytics tools constituted an unlawful ‘pen register’ in violation of California’s Invasion of Privacy Act (“CIPA”). Plaintiffs argued that Insider invaded their privacy when it installed a tracker on their browsers, sending their IP addresses to a third party, Audiencerate, without their consent. However, Judge Ramos found that this collection and disclosure of IP addresses was insufficient to establish harm for purposes of Article III standing. He found that unlike a Facebook ID, which can be used to track or identify specific individuals, an IP address cannot be used to identify an individual and can only provide geographic information “as granular as a zip code.” Therefore, disclosure of an IP address would not be highly offensive to a reasonable person. Judge Ramos further emphasized that this “conclusion is consistent with the general understanding that in the Fourth Amendment context a person has no reasonable expectation of privacy in an IP address.” Despite this ruling, CIPA class actions and demands are likely to remain a constant threat to business with California-facing websites.
Periodical Publisher Unable to Dismiss VPPA Class Action: Judge Lewis J. Liman of the Southern District of New York denied defendant Springer Nature America’s (“Nature”) motion to dismiss claims that its use of Meta Pixel violated the Video Privacy Protection Act (“VPPA”). The VPPA prohibits videotape service providers from knowingly disclosing personally identifiable information about their renters, purchasers, or subscribers. Despite being drafted to address information collected through physical video stores, the VPPA has become a potent tool in the hands of the plaintiffs’ bar to challenge websites containing video content. Although Nature is primarily a research journal publication, Judge Lewis found that it could qualify as a videotape service provider as defined under the VPPA in part because of the video content on its website and its subscription-based business model. Relying on the recent Second Circuit decision in Salazar v. National Basketball Association, Judge Liman also found that the plaintiff had alleged a concrete injury sufficient to confer standing because the disclosure of information about videos viewed was adequately similar to the public disclosure of private facts. This ruling should remind companies whose websites contain significant video content to carefully review their cookie usage and consent management capabilities.
U.S. ENFORCEMENT
CPPA Requires Data Broker to Shut Down: As part of its public investigative sweep of data broker registration compliance, the CPPA reached a settlement agreement with Background Alert, Inc. (“Background Alert”) for failing to register and pay an annual fee as required by California’s Delete Act. The Delete Act requires data brokers to register and pay an annual fee that funds the California Data Broker Registry. As part of the settlement, Background Alert must shut down its operations for three years for failing to register between February 1 and October 8, 2024. If Background Alert violates any term of the settlement, including the requirement to shut down its operations, it must pay a $50,000 fine to the CPPA.
New York Attorney General Settles with App Developer for Failure to Protect Students’ Privacy: The New York Attorney General settled with Saturn Technologies, the developer of the Saturn app, for failing to protect students’ privacy. Saturn allows high school students to create a personal calendar, interact with other users, share social media accounts, and know where other users are located based on their calendars. The New York Attorney General’s investigation found that unlike what Saturn Technologies represented, the company failed to verify users’ school email and age to ensure only high school students from the same high school interacted. The investigation also found that Saturn Technologies used copies of users’ contact books even when the user changed their phone settings to deny Saturn’s access to their contact book. Under the settlement, Saturn Technologies must pay $650,000 in penalties and change its verification process, provide enhanced privacy options for students under 18, and prompt users under 18 to review their privacy settings every six months.
New York Attorney General Sues Insurance Companies for Back-to-Back Data Breaches: The New York Attorney General sued insurance companies National General and Allstate Insurance Company for back-to-back data breaches, which exposed the driver’s license numbers of more than 165,000 New Yorkers. In 2020, attackers took advantage of a flaw on two of National General’s auto insurance quoting websites, which displayed consumers’ full driver’s license numbers in plain text. The complaint alleges that National General failed to detect the breach for two months and failed to notify consumers and the appropriate state agencies. The complaint also alleges that National General continued to leave driver’s license numbers exposed on a different quoting website for independent insurance agents, resulting in another data breach in 2021. This action is the New York Attorney General’s latest effort to hold auto insurance companies accountable for failing to protect consumers’ personal information against an industry-wide campaign by attackers targeting online auto insurance quoting applications.
California Attorney General Announces Investigative Sweep of Location Data Industry: The California Attorney General announced an ongoing investigative sweep into the location data industry. The California Attorney General sent letters to advertising networks, mobile app providers, and data brokers that appear to be in violation of the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”). The enforcement sweep is intended to ensure that businesses comply with their obligations under the CCPA with respect to consumers’ rights to opt out of the sale and sharing of personal information and limit the use of sensitive personal information, which includes precise geolocation data. The letters sent by the California Attorney General notify recipients of potential violations of the CCPA and request additional information regarding how the recipients offer and effectuate such CCPA rights. Location data has become an enforcement priority for the California Attorney General given the federal landscape affecting California’s immigrant communities and reproductive and gender-affirming healthcare.
CPPA Settles with Auto Manufacturer for CCPA Violations: The CPPA settled with American Honda Motor Co. (“Honda”) for its alleged CCPA violations. The CPPA alleged that Honda (1) required consumers to verify themselves and provide excessive personal information to exercise their rights to opt out and limit; (2) used an online privacy management tool that failed to offer consumers their CCPA rights in a symmetrical way; (3) made it difficult for consumers to authorize agents to exercise their CCPA rights on their behalf; and (4) shared personal information with ad tech companies without contracts containing CCPA-required language. As part of the settlement, Honda must pay $632,500, implement new and simpler methods for submitting CCPA requests, and consult a user experience designer to evaluate its methods, train its employees, and ensure the requisite contracts are in place with third parties with whom it shares personal information. This action is a part of the CPPA’s investigative sweep of connected vehicle manufacturers and related technologies.
OCR Settles with Healthcare Provider for HIPAA Violations: The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) settled with Oregon Health & Science University (“OHSU”) over potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule’s right of access provisions. The HIPAA Privacy Rule requires covered entities to provide individuals or their personal representatives access to their protected health information within thirty days of a request (with the possibility of a 30-day extension) for a reasonable, cost-based fee. OCR initiated an investigation against OHSU for a second complaint OCR received in January 2021 from the individual’s personal representative. OCR resolved the first complaint in September 2020, when OCR notified OHSU of its potential noncompliance with the Privacy Rule for only providing part of the requested records. However, OHSU did not provide all of the requested records until August 2021. As part of the settlement, OHSU must pay $200,000 in penalties.
Democratic FTC Commissioners Fired by Trump Administration: The Trump administration fired the Federal Trade Commission’s (“FTC”) Democratic Commissioners Alvaro Bedoya and Rebecca Kelly Slaughter. Their removal leaves the FTC with no minority party representation among the agency’s five commissioner bench. Slaughter was originally nominated by Trump in 2018 and was serving her second term. Bedoya was in his first term as commissioner. Bedoya and Slaughter indicated in public statements that they would take legal action to challenge the firings. Among potential privacy impacts of the firings is how the lack of minority party representation may affect the enforcement of the EU-U.S. Data Privacy Framework (“DPF”), which is used by many businesses to legally transfer personal data from the EU to the United States. The DPF is intended to be an independent data transfer mechanism, and the removal may heighten concerns about the independence of agencies tasked with enforcing the DPF. The move at the FTC follows the prior removal of democrats from the U.S. Privacy and Civil Liberties Oversight Board, which is charged with providing oversight of the redress mechanism for non-U.S. citizens under the DPF.
CFPB Drops Suit Against TransUnion: The Consumer Financial Protection Bureau (“CFPB”) voluntarily dismissed with prejudice its lawsuit against TransUnion in which it alleged that TransUnion engaged in deceptive marketing practices in violation of a 2017 consent order. The CFPB provided no explanation for its decision and each party agreed to bear its own litigation costs and attorneys’ fees.
INTERNATIONAL LAWS & REGULATIONS
CJEU Rules Data Subject Is Entitled to Explanation of Automated Decision Making: The Court of Justice of the European Union (“CJEU”) ruled that a controller must describe the procedure and principles applied in any automated decision-making technology in a way that the data subject can understand what personal data was used, and how it was used, in the automated decision making. The ruling stemmed from an Austrian case where a mobile telephone operator refused to allow a customer to conclude a contract on the ground that her credit standing was insufficient. The operator relied on an assessment of the customer’s credit standing carried out by automated means by Dun & Bradstreet Austria. The court also stated that the mere communication of an algorithm does not constitute a sufficiently concise and intelligible explanation. In order to meet the requirements of transparency and intelligibility, it may be appropriate to inform the data subject of the extent to which a variation in the personal data would have led to a different result. Companies will have to be creative in assessing what information is required to ensure the explainability of automated decision-making to data subjects.
European Parliament Publishes Report on Potential Conflicts Between GDPR and EU AI Act: The European Parliament published a report on the interplay of the EU AI Act with the EU General Data Protection Regulation (“GDPR”). One of the AI Act’s main objectives is to mitigate discrimination and bias in the development, deployment, and use of “high-risk AI systems.” To achieve this, the EU AI Act allows “special categories of personal data” to be processed, based on a set of conditions (e.g., privacy-preserving measures) designed to identify and to avoid discrimination that might occur when using such new technology. The report concludes that the GDPR, which imposes limits on the processing of special categories of personal data, might prove restrictive in the circumstances under which the GDPR allows the processing of special categories of personal data. The paper recommends that GDPR reforms of further guidelines on how the GDPR works with the EU AI Act would help address any conflicts.
Norwegian and Swedish Data Protection Authorities Release FAQs on Personal Data Transfers to United States: The Norwegian and Swedish data protection authorities issued FAQs on Personal Data Transfers to the United States in response to the dismissal of several members of the U.S. Privacy and Civil Liberties Oversight Board (“PCLOB”). The PCLOB is responsible for providing oversight of the redress mechanism for non-U.S. citizens under the U.S.-EU Data Protection Framework (“DPF”), which is one legal mechanism available to transfer EU personal data to the U.S. under the GDPR. Datatilsynet, the Norwegian data protection authority, stated that it understands that the intent is to appoint new PCLOB members in the future and that, even without a quorum, the PCLOB can perform some tasks related to the DPF. Accordingly, Datatilsynet stated that issues would only arise in the adequacy decision underpinning the DPF as a result of the removal of the PCLOB members if the appointment of new members takes a long time. The Swedish data protection authority, Integritetsskydds myndigheten (“IMY”) also cited confusion of the European business community following the dismissal of several members of the PCLOB. The IMY stated that the Court of Justice of the European Union has the authority to annul the DPF adequacy decision but has not taken such action. As a result, the DPF is still a valid mechanism for data transfer according to the IMY. Both data protection authorities indicated they would continue to monitor the situation in the U.S. to determine if anything occurred that affected the DPF and its underlying adequacy decision.
OECD Releases Common Reporting Framework for AI Incidents: The OECD Organization for Economic Co-operation and Development (“OECD”) released a paper titled “Towards a Common Reporting Framework for AI Incidents.” The paper outlines the need for a standardized approach to reporting AI-related incidents. It emphasizes the importance of transparency and accountability in AI systems to ensure public trust and safety. The report proposes a framework that includes guidelines for identifying, documenting, and reporting incidents involving AI technologies. The paper specifically identifies 88 potential criteria for a common AI incident reporting framework across 8 dimensions. The 8 dimensions are (1) incident metadata, such as date of occurrence, title, and description of the incident; (2) harm details focusing on severity, type, and impact; (3) people and planet, describing impacted stakeholders and associated AI principles; (4) economic context describing the economic sectors where the AI was deployed; (5) data and input, which includes a description of the inputs selected to train the AI system; (6) AI model providing information related to the model type; (7) task and output, describing the AI system tasks, automation level, and outputs; and (8) other information about the incident to catch any complementary information reported with respect to an incident.
China Issues Draft Measures for Financial Institutions to Report Cybersecurity Incidents and for Data Compliance Audits: The People’s Bank of China (“PBOC”) released draft administrative measures for reporting cybersecurity incidents in the financial sector (“Draft Measures”). The Draft Measures provide guidelines for identifying, reporting, and managing cybersecurity incidents by financial institutions regulated by the PBOC. Reporting requirements and timing vary according to type of entity and classification of incidents. Incidents would be classified as one of four categories – especially significant, significant, large, and average. Separately, the Cyberspace Administration of China (“CAC”) issued administrative measures on data protection audit requirements (“Data Protection Audit Measures”). The Data Protection Audit Measures provide (1) the conditions under which an audit of a data handler’s compliance with relevant personal information protection legal requirements would be required; (2) selection of third-party compliance auditors; (3) frequency of compliance audits; and (4) obligations of data handlers and third-party auditors in conducting compliance audits. The Data Protection Audit Measures include guidelines setting forth the specific factors that data handlers must evaluate in an audit, including the legal basis for processing personal information, whether the data handler has complied with notice obligations, how personal information is transferred outside of China, and the technical security measures employed by the data handler to protect personal information, among other factors.
European Commission Releases Third Draft of General-Purpose AI Code of Practice: The European Commission announced the publication of the third draft of the EU General-Purpose AI Code (“Code”). The first two sections of the draft Code detail transparency and copyright obligations for all providers of general-purpose AI models, with notable exemptions from the transparency obligations for providers of certain open-source models in line with the AI Act. The third section of the Code is only relevant for a small number of providers of most advanced general-purpose AI models that could pose systemic risks, in accordance with the classification criteria in Article 51 of the AI Act. In the third section, the Code outlines measures for systemic risk assessment and mitigation, including model evaluations, incident reporting, and cybersecurity obligations. A final version of the General-Purpose AI Code of Practice is due to be presented and published to the European Commission in May.
Additional Authors: Daniel R. Saeedi, Rachel L. Schaller, Gabrielle N. Ganze, Ana Tagvoryan, P. Gavin Eastgate, Timothy W. Dickens, Jason C. Hirsch, Adam J. Landy, Amanda M. Noonan and Karen H. Shin.
Criminal Health Care Fraud Enforcement: Projections for 2025 and Beyond [Podcast]
Since Pam Bondi was appointed U.S. Attorney General, we’ve seen notable shifts in the U.S. Department of Justice’s (DOJ’s) criminal enforcement priorities.
How significant are some of these changes, and how might they affect your health care organization as we progress through 2025 and beyond?
On this episode, Epstein Becker Green attorneys Sarah Hall, Melissa Jampol, Thomas Jaworski, and Richard Westling discuss what to expect from criminal health care fraud enforcement under Attorney General Bondi’s leadership and how it may impact the health care industry.
Safety Perspectives from the Dallas Region: Staying Safe During Texas Wildfire Season [Podcast]
In this episode of our Safety Perspectives From the Dallas Region podcast series, shareholders John Surma (Houston) and Frank Davis (Dallas) discuss the critical topic of workplace safety during wildfire season. With Texas currently facing significant wildfires, Frank and John discuss essential OSHA guidelines, preparedness steps, and emergency action plans to ensure the safety of employees in affected areas.
Court Sides with RICO Complainant Who Received Tainted Medical Marijuana and with FDA on Regulating E-Cigarettes – SCOTUS Today
The Racketeer Influenced and Corrupt Organizations Act (RICO) allows any person “injured in his business or property by reason of” racketeering activity to bring a civil suit for damages. 18 U. S. C. §1964(c). However, the statute forbids suits based on “personal injuries.” But are economic harms resulting from personal injuries “injuries to ‘business or property?’”
Yesterday, in Medical Marijuana, Inc. v. Horn, the U.S. Supreme Court, in a 5–4 opinion written by Justice Barrett and joined by Justices Kagan, Sotomayor, Gorsuch, and Jackson, answered that question in the affirmative. Justices Thomas and Kavanaugh wrote dissenting opinions, the latter joined by the Chief Justice and Justice Alito.
Attempting to alleviate his chronic pain, Douglas Horn purchased and began taking “Dixie X,” advertised as a tetrahydrocannabinol-free (“THC-free”), non-psychoactive cannabidiol tincture produced by Medical Marijuana, Inc. However, when his employer later subjected him to a random drug test, Horn tested positive for THC. When Horn refused to participate in a substance abuse program, he was fired. Horn then brought his RICO suit.
The U.S. Court of Appeals for the Second Circuit, reversing the U.S. District Court for the Western District of New York, held that Horn had been “injured in his business” when he lost his job and rejecting the “antecedent-personal-injury bar,” which several circuits had adopted to exclude business or property losses that derive from a personal injury. Affirming the Second Circuit, the Supreme Court held that the civil RICO statute did not categorically bar that form of recovery.
Interestingly (and the subject of the dissents, particularly that of Justice Thomas, who asserted that cert. had been improvidently granted), the Court did not address issues deemed outside of the question presented, including whether Horn suffered a personal injury when he consumed THC, whether the term “business” encompasses all aspects of “employment,” and what “injured in his . . . property” means for purposes of §1964(c). Thus, the majority opinion encompasses several assumptions, the verification of which will be the subject of the Court’s ultimate remand to the Second Circuit.
The essence of the opinion is derived from the dictionary, and a debate over how its definitions should be read informs the split among the Justices. Justice Barrett’s majority opinion starts with the American Heritage Dictionary and the “ordinary meaning of ‘injure’”: to “cause harm or damage to” or to “hurt.” While the statute precludes recovery for injury to the person, its business or property requirement operates with respect to the kinds of harm for which the plaintiff can recover, not the cause of the harm for which he seeks relief. For example, a gas station owner beaten in a robbery cannot recover for his pain and suffering. But if injuries from the robbery force him to shut his doors, he can recover for the loss of his business. A plaintiff can seek damages for business or property loss, in other words, regardless of whether the loss resulted from a personal injury.
Rejecting Medical Marijuana’s (and the dissenters’) view of what “business or property” should mean under RICO, Justice Barrett, in a delightfully written paragraph, remarks that:
Medical Marijuana tries valiantly to engineer a rule that yields its preferred outcomes. (Civil RICO should permit suit against Tony Soprano, but not against an ordinary tortfeasor.) But its textual hook—the word “injured”—does not give it enough to go on. When all is said and done, Medical Marijuana is left fighting the most natural interpretation of the text—that “injured” means “harmed”—with no plausible alternative in hand. That is a battle it cannot win.
It didn’t.
With respect to the remand, Justice Barrett noted that RICO’s “direct relationship” requirement is a constraint on civil RICO claims and, given the complications in the factual underpinnings of the case, that requirement might prove to be an insurmountable barrier to Horn’s succeeding. Horn himself “concedes that he faces ‘a heavy burden on remand.'”
The second case decided yesterday shows that if the Court is indeed going to be unanimous, it will not be succinct. Justice Alito’s 46-page discourse on behalf of a unanimous Court in Food and Drug Administration v. Wages and White Lion Investments, L.L.C. proves that point. I shall argue that Justice Alito’s lengthy opinion indirectly provides much useful guidance to patients, providers, and payers with respect to likely challenges to administrative actions, especially in the health care space, in the current Trump administration.
The issue in the case concerned whether the FDA lawfully denied respondents authorization to market certain electronic nicotine-delivery system products, known as electronic cigarettes, “e-cigarettes,” or “vapes.” These products come in a variety of flavors that particularly appeal to young people, and they pose unique risks. While the FDA has always had authority to determine whether a manufacturer could market a new drug, the FDA gained particular jurisdiction to regulate tobacco products under the Family Smoking Prevention and Tobacco Control Act of 2009 (TCA). The TCA barred the FDA from banning all regulated tobacco products outright, but it blocked marketing any “new tobacco product” without FDA authorization. The TCA requires the FDA to deny such an application unless an applicant shows that its product “would be appropriate for the protection of the public health.” To determine this, the FDA must consider, among other things, “the risks and benefits to the population as a whole.”
The respondents in the case had petitioned for judicial review of the FDA’s denial orders under the Administrative Procedure Act (APA). The Fifth Circuit, sitting en banc, held that the “FDA had acted arbitrarily and capriciously by applying application standards different from those articulated in its predecisional guidance documents regarding scientific evidence, cross-flavor comparisons, and device type. The court expressed particular concern about the FDA’s failure to review marketing plans it previously deemed critical. It also rejected the FDA’s argument that any errors were harmless.”
Reversing the Fifth Circuit, the Supreme Court first declined to reach the argument that the FDA erred in evaluating the respondents’ applications under standards developed in adjudication rather than standards promulgated in notice-and-comment rulemaking. Instead, the Court concluded that the denial orders were sufficiently consistent with the FDA’s predecisional guidance—as to scientific evidence, comparative efficacy, and device type—and thus did not run afoul of the so-called “change-in-position doctrine,” which provides that “[a]gencies are free to change their existing policies as long as they provide a reasoned explanation for the change,” “display awareness that [they are] changing position,” and consider “serious reliance interests.”
This doctrine asks whether an agency changed existing policy and, if so, whether it displayed awareness of the change and offered good reasons for it. Here, the new policy that led to the rejection of the respondents’ applications was “sufficiently consistent” with the agency’s predecisional guidance regarding scientific evidence. It was also consistent with the TCA’s provision that “well-controlled investigations” or other “valid scientific evidence,” if found “sufficient,” may support a finding that a new tobacco product is “appropriate for the public health.”
However, there was still a “harmless error” issue for the Court to decide. And that related to the Fifth Circuit’s rejection of the FDA’s claim of harmless error regarding the agency’s change of position on marketing plans. The FDA did not dispute that despite assuring manufacturers that marketing plans would be “critical” to their applications, it ultimately did not consider the respondents’ marketing plans. The FDA argued that this was harmless because it had issued denials to manufacturers other than the respondents that were based upon marketing plans indistinguishable from those of the respondents. While the Fifth Circuit applied an incorrect standard of review under governing precedents, doing it correctly “presents a difficult problem, requiring reconciliation of the so-called remand rule developed in SEC v. Chenery Corp., 318 U. S. 80, 88, 93–95, with the APA’s instruction that reviewing courts must take ‘due account’ of ‘the rule of prejudicial error’ that ‘ordinarily appl[ies] in civil cases,’ Shinseki v. Sanders, 556 U. S. 396, 406 (quoting 5 U. S. C. §706).”
The Court continues, “The most natural interpretation of the APA’s language is that reviewing courts should adapt the ‘rule of prejudicial error’ applicable in ordinary civil litigation (also known as the harmless-error rule) to the administrative-law context, which, of course, includes the remand rule.” However, the Court has acknowledged that a remand may be unwarranted in certain cases when an agency’s decision “is supported by a plethora of factual findings, only one of which is unsound, because a remand would be pointless.” Given the fact that both the FDA and the Fifth Circuit might have been in error with respect to the harmless error question, and that the FDA has not asked the Court to decide the harmless error question at this point in the case, the Supreme Court vacated the Fifth Circuit’s holding and remanded the case to it so that the Circuit Court “can decide the question afresh” under the correct reading of the caselaw requirements described by the Supreme Court.”
One recognizes the importance of the FDA’s consideration of marketing a tobacco product directed at young people. But perhaps more importantly, I suggest that the Court’s decision offers grounds for useful observations about the many changes in regulatory position and various rulemaking determinations (or lack thereof) being made by various administrative agencies during the current administration. Many of these events are occurring in the food and drug and health care coverage and reimbursement spaces. The length and depth of this unanimous opinion with respect to the FDA’s responsibilities when it has changed position or otherwise might be challenged under the APA for having acted arbitrarily or capriciously suggests the intensity and precision of what federal courts will require in administrative law challenges. In this decision, the agency largely prevailed, though the facts of the case occurred during the previous administration. The court challenges in the current administration are just beginning to take shape as the regulatory environment is radically changing.
Even during the Supreme Court’s current term, at the beginning of a new presidential term, we shall see—and many of my readers will bring—regulatory challenges that will be guided by what the Court held yesterday.
Wyoming Bans Most Non-Compete Agreements
Wyoming just banned most non-compete agreements (Wyo. Stat. § 1-23-108): starting July 1, 2025, most agreements that restrict workers from working in competitive jobs will be void, absent some exceptions for:
High-Level Employees: Non-compete agreements with “executive and management personnel” and “officers and employees who constitute professional staff to executive and management personnel” will still be enforceable. However, the statute does not define these terms, so employers should review those roles carefully.
Sale-of-Business: Sellers and buyers can agree to non-competes when selling or transferring a business.
Trade Secrets: Employers can protect trade secrets through narrowly tailored non-compete agreements that comply with the state’s definition of trade secrets, i.e. “the whole or a portion or phase of a formula, pattern, device, combination of devices or compilation of information which is for use, or is used in the operation of a business and which provides the business an advantage or an opportunity to obtain an advantage over those who do not know or use it.” Wyo. Stat. § 6-3-501(a)(xi).
Recovery of Relocation, Education, and Training Expenses: Employers can contract with employees to recoup training, education, and/or relocation expenses if an employee leaves within 4 years, with varying repayment percentages based on tenure:
Up to 100% if employment lasted less than two yearsUp to 66% if employment was between two and three years
Up to 33% if employment was between three and four years
Special Rules for Physicians
Non-compete agreements for physicians that restrict practice are prohibited. Further, doctors may notify patients with rare disorders about their new practice location and contact information. Notably, the statute clarifies that an agreement that contains an enforceable non-compete against a physician that is otherwise permitted by law will remain enforceable.
Looking Ahead
The statute applies only prospectively to contracts signed on or after July 1, 2025. Wyoming employers and business should consult legal counsel to update or implement restrictive covenant agreements in a timely manner.