Health Law & Managed Care

McDermott+ Check-Up: June 6, 2025

THIS WEEK’S DOSE

Senate Begins Work on Reconciliation. Democrats prepared to file points of order to exclude certain provisions under the Byrd rule, while Republicans discussed key health provisions.
White House Sends Congress $9.4 Billion Rescissions Package. The package requests that Congress rescind $900 million in global health funding.
Senate HELP Committee Reviews Reauthorization of Over-the-Counter Monograph Drug User Fee Program. Discussion focused on layoffs at the US Food and Drug Administration (FDA) and how the agency can expedite over-the-counter medication development.
House Begins FY 2026 Appropriations Markups. The Subcommittee on Agriculture, Rural Development, FDA, and Related Agencies met to mark up its fiscal year (FY) 2026 bill.
HHS Releases FY 2026 Budget in Brief. The US Department of Health and Human Services (HHS) budget in brief requests $94 billion in discretionary funding, a $31 billion decrease from FY 2025.
CMS Rescinds 2022 EMTALA Abortion Guidance. The agency noted that the Emergency Medical Treatment and Active Labor Act (EMTALA) guidance did not reflect the current administration’s priorities.
FDA Declines to Appeal Ruling on LDT Regulation. A federal court previously struck down the laboratory-developed test (LDT) final rule, and the FDA declined to appeal within the given 60-day window.
Fired HHS Employees File Class Action Lawsuit. The federal case alleges that firings were based on incorrect personnel records.

CONGRESS

Senate Begins Work on Reconciliation. The Senate returned from its Memorial Day recess to begin consideration of HR 1, the One Big Beautiful Bill Act, the House-passed reconciliation package. Senate Majority Leader Thune (R-SD) aims to have a modified bill on the floor the week of June 23, 2025, with the goal of getting a final bill to President Trump’s desk by July 4, 2025. This week’s work occurred mostly behind the scenes. Senate committees of jurisdiction are not expected to hold markups; instead, committees of jurisdiction will release titles of the bill within their jurisdiction. The process started this week. The Senate Committee on Commerce, Science, and Transportation released its language that modifies the House’s artificial intelligence (AI) provisions, removing the 10-year state ban on AI regulation and amending funding language so that states would only be eligible for AI development grants if they do not enforce state laws regulating AI models. The Senate Finance Committee, with jurisdiction over Medicaid, taxes, and the Affordable Care Act (ACA), will likely be the last committee to release updated text. Majority Leader Thune noted that the Finance Committee title could be released as soon as next week.
Majority Leader Thune can lose no more than three Republicans to pass the bill. This week, more Republicans came out in opposition to certain Medicaid provisions, including the moratorium on provider taxes. Sens. Collins (R-ME), Murkowski (R-AK), Moran (R-KS), and Hawley (R-MO) are among those with concerns. On the conservative side, Sens. Paul (R-KY), Johnson (R-WI), Lee (R-UT), and Rick Scott (R-FL) continued to voice strong opposition unless the bill does more to cut federal spending and reduce the deficit. There has also been discussion about potentially including Medicare Advantage reforms to increase savings, although no explicit policies have been presented publicly. Senate passage will likely require a delicate balancing act, and afterward the bill must pass the House again. President Trump met this week with Senate Finance Committee Republicans, and Centers for Medicare & Medicaid Services (CMS) Administrator Oz is holding meetings in the Senate to hash out concerns and attempt to reach policies that can unite Republicans. The process to scrub the bill of provisions that don’t meet the Byrd rule is also ongoing. Republicans met with the Senate Parliamentarian this week, and Democrats likely will follow soon. (For a full explainer on the Byrd rule, read our +Insight).
On June 4, 2025, the Congressional Budget Office (CBO) released updated estimates for H.R. 1. CBO estimates that the bill would increase the deficit by $2.4 trillion. This figure is based on a $1.2 trillion reduction in federal spending offset by a $3.6 trillion decrease in revenue. CBO estimates that 10.9 million individuals would be uninsured in 2034. Of those, 7.8 million would lose Medicaid coverage, with others mainly losing coverage from changes to the ACA. CBO estimates that the ACA changes would result in gross benchmark premiums for ACA plans decreasing by an average of 12%. At the request of Senate Democrats, CBO released additional analysis that provides further details on health insurance loss and estimates that failure to extend the enhanced advance premium tax credits as part of H.R. 1 would lead to an additional 5.1 million Americans being uninsured in 2034.
White House Sends Congress $9.4 Billion Rescissions Package. The package asks for more than $9 billion of previously appropriated funding to be rescinded and is largely focused on foreign aid and the Corporation for Public Broadcasting. The package includes recissions of funding from health programs within the US Department of State and the US Agency for International Development (USAID). It requests rescission of $500 million in global health USAID funding that focuses on equity, family planning, and reproductive health within child and maternal health, HIV, and infectious disease activities. It also requests rescission of $400 million of President’s Emergency Plan for AIDS Relief (PEPFAR) funding. Congress has 45 days to act. Approval of the rescission package only requires a simple majority in the House, which will likely consider it next week. In the Senate, Appropriations Chair Collins (R-ME) has already stated concerns about PEPFAR cuts and noted her committee’s intention to examine the package.
Senate HELP Committee Reviews Reauthorization of Over-the-Counter Monograph Drug User Fee Program. During the hearing, Democrats focused on how workforce reductions at the FDA will impact agency operations, while supporting the development of over-the-counter (OTC) drugs. Republicans advocated for a more streamlined and efficient transition from prescription drugs to OTC medications, emphasized the need for regulatory oversight of international facilities, and encouraged use of an online dashboard to track the FDA’s progress. Jacqueline Corrigan-Curay, MD, acting director of the FDA’s Center for Drug Evaluation and Research, expressed her commitment to working with Congress to streamline the transition from prescription drugs to OTC medications.
House Begins FY 2026 Appropriations Markups. The House Appropriations Committee began subcommittee markups this week to discuss spending bills for FY 2026. The Subcommittee on Agriculture, Rural Development, FDA, and Related Agencies held its markup, during which it advanced its bill to the full committee by a party line vote. During the markup, Republicans stated that the bill would help reduce the federal deficit, while Democrats criticized the bill for cutting funding for the FDA and the Supplemental Nutrition Assistance Program. The full schedule of subcommittee and full committee markups can be found here.
ADMINISTRATION

HHS Releases FY 2026 Budget in Brief. Late on May 30, 2025, HHS released its budget request for FY 2026, known as a budget in brief. Some agencies and divisions within HHS also released congressional justifications that provide more information on funding requests. Additional justifications from other agencies and divisions are said to be forthcoming. The budget in brief follows the earlier release of the “skinny” budget and provides more detail on HHS priorities, including the agency’s restructuring. The document only includes discretionary funding requests and does not include legislative proposals that would impact mandatory programs such as Medicare or Medicaid. Administration officials indicate that mandatory funding requests are unlikely to be released before reconciliation is complete.
Highlights for HHS discretionary funding requests include:

$95 billion for HHS, a $31 billion decrease from FY 2025.
$14 billion for the new Administration for a Healthy America (AHA), which HHS estimates to be a $6 billion cut from current funding levels for all the programs that will be transferred to AHA. The budget in brief includes an overview of the programs from the Health Resources and Services Administration, the Centers for Disease Control and Prevention (CDC), the Substance Abuse and Mental Health Services Administration, and the Office of the Assistant Secretary for Health that would be part of AHA.
$3.1 billion for FDA, a $409 million cut compared to FY 2025.
$4.1 billion for CDC, a $550 million cut compared to FY 2025.
$27.5 billion for NIH, a $17 billion cut compared to FY 2025.

The budget notes that NIH would cap indirect cost rates for grants at 15%, a policy that NIH pursued earlier this year, is subject to ongoing litigation, and is likely to face scrutiny from lawmakers on both sides of the aisle.

$3.5 billion for CMS, a $673 million cut compared to FY 2025.

Read more in our +Insight.
CMS Rescinds 2022 EMTALA Abortion Guidance. The Biden administration released the HHS guidance in July 2022 in the wake of the US Supreme Court Dobbs decision that left regulation of abortion to the states. The now-rescinded guidance stated that EMTALA protects healthcare providers’ clinical judgement and any action they take to provide stabilizing care for emergency medical conditions, including ectopic pregnancy, complications of pregnancy loss, or preeclampsia. In a press release, CMS noted that it will continue to enforce EMTALA, including in emergency medical situations where the health of a pregnant woman or her unborn child are at risk, and indicated that the agency will rectify any legal confusion on this issue.
COURTS

FDA Declines to Appeal Ruling on LDT Regulation. In late March 2025, the US District Court for the Eastern District of Texas struck down the regulation finalized in May 2024 under the Biden administration that gave the FDA the authority to regulate LDTs. The district court found that the rule violated the Loper Bright standard because the FDA exceeded its statutory authority. The FDA was given a 60-day window to appeal the decision, which it declined to do. Therefore, the final rule remains without force. Although the FDA did not issue a statement on its decision, it follows previous actions by the Trump administration to limit agencies’ regulatory power outside of statutory authority. Read more about the March court decision here.
It remains to be seen if the Trump administration will take a new approach to LDT regulation or if lawmakers will re-introduce the VALID Act, which received bipartisan support in previous session of Congress and would require the FDA to regulate LDTs and other in vitro diagnostics.
Fired HHS Employees File Class Action Lawsuit. In yet another challenge to the HHS reductions in force, seven former HHS employees filed a case in the US District Court for the District of Columbia. The lawsuit claims that the personnel files used to justify firings had errors and inaccuracies, which HHS Secretary Kennedy has attributed to siloed human resources departments across the agency. The lawsuit notes that most employees fired during the April 2025 reduction in force could be eligible for this class action.
QUICK HITS

FDA Begins Agency-Wide AI Tool Use. FDA employees are using the generative AI tool Elsa in various internal projects, including clinical protocol reviews and scientific evaluations. The tool was launched before the original deadline of June 30, 2025, and FDA will expand the tool over time.
HHS Announces Heads of ASTP, OCR. Thomas Keane, MD, a radiologist, will serve as the assistant secretary for technology policy (ASTP) and national coordinator for health information technology. Paula Stannard worked for HHS during the first Trump administration and will serve as director of the HHS Office of Civil Rights (OCR).
FBI Opens Tipline for Reports of Gender-Affirming Care for Minors. The tipline seeks reports of any hospitals or clinics performing gender-affirming care for minors and follows HHS tips for whistleblowers.
CMS Announces Health Technology Initiatives. In line with CMS’s request for information on the healthcare technology ecosystem, the initiatives include building an interoperable national provider directory and modernizing Medicare identification processes.
House Passes SUPPORT Act Reauthorization with Bipartisan Support. The legislation would modify HHS substance use and mental health disorder programs and reauthorize various grant programs through FY 2030. It passed by a vote of 366 – 57, with the nays mostly from Freedom Caucus Republicans and Energy and Commerce Democrats.
James O’Neill Confirmed as HHS Deputy Secretary. The Senate confirmed O’Neill by a 52 – 43 party line vote. Once sworn in, he will be second in command at HHS.
House Oversight Committee Ranking Member Questions AI Use in MAHA Report. Acting Ranking Member Lynch (D-MA) requested information from HHS Secretary Kennedy by June 16, 2025, to assess whether the agency used AI to write the recently released MAHA report.
GAO Releases Report on Diagnostic Testing for Pandemic Threats. The US Government Accountability Office (GAO) report summarizes insights from a roundtable of 19 experts. GAO recommends that HHS develop and periodically update a national diagnostic testing strategy for infectious diseases and establish a national diagnostic testing forum.
NIH Requests Information on Agency AI Strategy. NIH requests information about specific topics and notes that there is a need for a unified, Office of the Director-level AI structure to build synergy across program silos, improve transparency, and accelerate research and development. Comments are due July 15.
CMS Rescinds Biden-era Medicaid SOGI Data Guidance. The now-rescinded guidance aimed to help states with collecting sexual orientation and gender identity (SOGI) information in Medicaid applications. The rescission notes that CMS no longer intends to collect this data from states.

NEXT WEEK’S DIAGNOSIS

Both chambers of Congress will be in session next week, with work on reconciliation expected to continue in the Senate. The Senate Appropriations Committee will discuss the NIH FY 2026 budget, and the House Energy and Commerce Health Subcommittee will examine US-made medicine and domestic supply chains. The House Committee on Appropriations will consider the Agriculture, Rural Development, FDA, and Related Agencies appropriations bill that advanced from the subcommittee this week.

Washington Strips Employers of Workers’ Compensation Immunity for Asbestos Claims

On May 29, 2025, the Washington Supreme Court overturned its own precedent, stripping an employer of Workers’ Compensation Immunity for asbestos claims by expanding the Deliberate Injury exception. The court held that mere “virtual certainty” that an injury could result, as opposed to the statutorily required “deliberate intention … to produce injury,” was sufficient to strip immunity in asbestos-related cancer cases. This ruling will likely result in a dramatic increase in liability for employers in Washington State whose employees may have been exposed to asbestos. The opinion also leaves open the potential for expanded liability for other, non-asbestos-related, long latency claims.
BackgroundIn Cockrum v. C.H. Murphy/Clark-Ullman, Inc., the plaintiff worked at the Alcoa Wenatchee Works aluminum smelter in Wenatchee, Washington, from 1967 to 1997. The facility is known to have contained both chrysotile and amphibole asbestos. Alcoa instituted a medical monitoring program in 1953 to screen their employees for asbestos-related disease, including screening for “pleural plaques … and early mesothelioma.” An internal 1982 memorandum states that “for a number of years, Alcoa has recognized the very serious potential health hazard represented by the various forms of asbestos use in our plant. Exposure to asbestos fibers can lead to asbestosis and various forms of cancer.”
Conversely, the plaintiff’s expert testified that “asbestos-related disease is never certain to result from asbestos exposure” and that this expert was “not aware of any carcinogen for which exposure at a particular dose is medically certain to cause cancer.” Despite this expert testimony, the Washington Supreme Court concluded that, based on these facts, “Alcoa ultimately knew of the harm of asbestos in its facilities prior to and contemporaneous with Cockrum’s exposures,” and that, therefore, the plaintiff had met the knowledge prong of the Deliberate Injury exception to Workers’ Compensation Immunity by way of a newly created multifactor test.
New Non-Exclusive Multifactor TestThe court articulated a new non-exclusive multifactor test for whether the knowledge component of the Deliberate Injury exception can be met: • The employer’s knowledge of ongoing, repeated development of symptoms known to be associated with the development of latent disease over time• The employer’s knowledge of symptoms developing in employees similarly situated to the plaintiff-employee• The timing of such symptoms developing prior to or contemporaneous with the plaintiff-employee’s exposure(s)• Whether the exposure arises from a common major cause within the employer’s control.
After the court considers these non-exclusive factors to establish knowledge, the court must still then perform the second part of the statutory test, determining if the employer disregarded this knowledge to cause an intentional injury to the plaintiff.
The Washington Supreme Court synthesized their new multifactor test down, concluding that “a plaintiff can satisfy the Deliberate Injury exception … if they demonstrate the employer had actual knowledge that latent diseases are virtually certain to occur and willfully disregard such knowledge.” Based on this, the Washington Supreme Court overturned the grant of summary judgment in favor of the employer and remanded the case back to the Superior Court to consider the second prong of the test, whether the employer disregarded their own knowledge by failing to take “known remedial measures within its control.”
TakeawayThis opinion represents a sea change in the potential for Washington employers, long sheltered by immunity, to face significant liability for asbestos disease in their own workforce. We can expect an increase in new filings against previously immune employer defendants, which should have an outsized impact on premises defendants and manufacturers with facilities within Washington State.

Hot Topics in Employee Benefits: A Primer for In-House Lawyers

Employee benefits compliance has many traps for the unwary and is ever evolving. Below, we have provided a primer on current issues of importance in the employee benefits area to help in-house attorneys identify potential risks, mitigate them, and know when to call an outside ERISA lawyer.
1. What Is Old Is New: Get Your Health Plan Governance in Order
Employers that sponsor self-funded health plans have a host of complicated obligations. There are greater potential legal, regulatory, and fiduciary risks than in years past with managing health plans because of increased congressional legislation, increased Department of Labor (DOL) focus on group health plan compliance, and increased group health plan litigation, often by the same plaintiffs’ firms that have been suing 401(k) plans in fee litigation the past 20 years or more.
Employers should consider properly establishing a benefits committee, much like how they established committees for their retirement plans, that will serve to govern and oversee their employer-sponsored group health plans, especially those that are self-funded. A formal committee could help employers stay compliant, formalize their prudent decision-making process, and shift certain fiduciary liability to the benefits committee from the Board, thus insulating the Board from the underlying fiduciary decisions.
2. Stay Calm and Carry On: Mental Health Parity Non-Enforcement Policy Pauses Only Certain Requirements
Self-insured health plans must show that the plan does not include more restrictions on access to mental health benefits than on access to medical benefits. The law looks at both financial limits (e.g., coinsurance, copays, and deductibles) and other types of limits (e.g., pre-authorization requirements, provider network design, and prescription drug formulary design).
Beginning in 2021, plans were required to produce a written analysis of the non-financial limits, also known as non-quantitative treatment limitations (NQTLs), and the DOL has been actively auditing those analyses. Such audits have been time- and resource-intensive, given that the DOL has yet to approve an analysis without changes.
Late last year, the agencies released a final rule with details on the DOL’s expectations with respect to the NQTL analysis. They have since been sued for the rule, with the plaintiffs claiming overreach by the DOL. On May 15, 2025, the DOL stated that it would not enforce the final rule but would continue to enforce the statute and prior guidance.
Therefore, self-insured plans should continue to produce and update their NQTL analysis. We expect at least some continued audit activity, as well as the threat of private litigation.
3. To Report or Not to Report, That Is the Question: Florida Data Request to Self-Insured Plans Under Pharmacy Benefits Management Law
Several states have recently enacted laws designed to increase oversight of pharmacy benefit managers (PBMs) and limit certain PBM practices. Many of these laws impose reporting obligations on PBMs and the plans and employers with which they contract. While some of these laws exempt self-funded group health plans from their reach, recognizing that states are generally preempted from regulating such plans under ERISA, others explicitly include self-funded group health plans within their reach. For example, Florida’s Prescription Drug Reform Act includes “self-insured employer health plans” in its definition of “pharmacy benefits plan or program”—the category of plans to which the law applies.
This year, Florida’s Office of Insurance Regulation issued data requests under the PBM law, asking PBMs and group health plans to submit a broad range of prescription drug data, including participants’ names, dates of birth, prescriptions filled, and doctors visited. For sponsors of self-funded health plans, these data requests and similar requests made by other state agencies raise questions regarding both ERISA preemption and Health Insurance Portability and Accountability Act (HIPAA) obligations.
We expect that these questions may soon be answered through litigation, but in the meantime, employers with self-funded plans should work with counsel to evaluate these requests on a case-by-case basis. In some instances, the requested data may be minimal, and the state laws may fall outside of ERISA’s broad preemption protection. In other cases, where states request sweeping, specific data, such requests might be preempted by ERISA, especially where sharing the information would violate HIPAA.
4. If You Didn’t Document It, It Didn’t Happen: Takeaways from Cunningham v. Cornell University
On April 27, 2025, the U.S. Supreme Court ruled in Cunningham v. Cornell University that a plaintiff can allege that a transaction between a plan and a “party in interest,” such as a plan service provider, is a “prohibited transaction” under ERISA even if the plaintiff doesn’t directly allege that the transaction was unreasonable or unnecessary. Why did the Supreme Court conclude a plaintiff doesn’t have to allege something specifically wrong, especially where transactions between plans and plan service providers are common? The Court took a textualist approach and concluded that ERISA’s structure puts the burden on the plan fiduciary to prove the transaction was necessary and reasonable, and because of this, a plaintiff need not plead “unreasonableness” in its complaint. As the Court conceded, the result is that the bar to get past a motion to dismiss is lowered, making it more difficult for plans to avoid costly litigation for weak—if not downright meritless—prohibited transaction claims. Recognizing that this may be problematic for plans, the Supreme Court urged lower courts to use other tools at their disposal to weed out meritless claims sooner rather than later, such as additional pleadings or the threat of shifting plan legal fees to a plaintiff.
So, what can a prudent plan administrator take away from a case about technical ERISA pleading standards? The clearer a fiduciary’s prudent process for selecting and compensating a plan service provider, the better. Clear documentation of the fiduciary’s process, such as in committee meeting minutes (preferably, vetted by experienced counsel), makes it more likely that a court will see the prudence a fiduciary has exercised from the get-go, before individuals have to defend their efforts in depositions.
5. How Well Is Your Wellness Plan?
HIPAA’s wellness program rules provide an exception to its general rule that prohibits an employer from determining premiums or benefits based on a health factor. Employers offering wellness programs should be mindful of ongoing challenges to health-contingent programs. These programs require participants to satisfy a standard related to a health factor to earn a reward. Health contingent programs can be outcomes-based or activity-only programs. While many of the requirements apply to both programs, challenges—and litigation—focus on health-contingent programs that are outcomes-based. These programs require employers to allow a “reasonable alternative standard” for meeting the requirements, regardless of whether it is medically inadvisable for a participant to try to meet the standard, or if meeting the standard is unreasonably difficult due to a medical condition. Cases focus on the availability of, or communication related to, a “reasonable alternative standard.”
Employers offering these plans should review their communications ahead of open enrollment season to make sure reasonable alternative standards are disclosed in all printed and electronic communications. Employers should also ensure that they are, in fact, offering a reasonable alternative standard as well as ensuring payment is made for any retroactive periods while the standard is being met.
6. Don’t You Forget About Me: Cybersecurity Guidance Applies to All Employee Benefit Plans
In April 2021, in the wake of a rash of phishing and hacking incidents that resulted in the theft of retirement funds, the DOL issued cybersecurity guidance for plan sponsors, plan fiduciaries, record keepers, and plan participants. Recognizing the vast assets being held in private-sector pension and defined contribution plans without sufficient vigilance, protections, and accountability, these assets may be at risk from both internal and external cyber threats.
The guidance issued by the DOL includes Tips for Hiring a Service Provider, Cybersecurity Program Best Practices, and Online Security Tips. However, it was heavily focused on ways to protect retirement plan data and the financial assets in retirement accounts, leading many to the misconception that the guidance didn’t extend to the data maintained by the plan sponsors, plan fiduciaries, and the contractors and vendors for health and welfare plans.
As cybercrime evolved and hackers began to use malware and ransomware, health care data became an increasingly attractive target because the services that health care organizations and their IT systems support keep people alive and healthy. Hackers appreciated that there was little tolerance for allowing health care systems to remain offline, making it more likely a ransom will be paid, creating the perfect storm and magnifying the value of health care data to cybercriminals. Breaches by large vendors made it abundantly clear that, in a digital world, the need for strong cyber hygiene transcends all boundaries, prompting the DOL to issue an update in November 2024 to the cybersecurity guidance to confirm that it applies to all ERISA plans.

President’s FY 2026 Budget: HHS Highlights

Every year, the administration releases the president’s budget, which requests funding from Congress for the upcoming fiscal year (FY). The president’s budget is a nonbinding document and funding levels reflected in appropriations bills do not always align with funding levels in the president’s budget request. However, the president’s budget has traditionally been an opportunity for the administration to lay out its priorities and state publicly what programs and activities it wants to invest in, and which it wants to cut. Thus, it can be viewed as a guide map to how the administration wants departments, like the US Department of Health and Human Services (HHS), to be structured and funded.
On May 30, 2025, HHS released additional information related to the FY 2026 president’s budget: the FY 2026 Budget in Brief and select agency/division congressional justifications. These additional documents, which follow the “skinny budget” that was released in the beginning of May, provide more details about HHS’s funding requests and how the Trump administration plans to restructure the department. Read on to learn more about these proposed budget levels and structural changes.
Read More Here
Kayla Holgash, Marie Knoll, and Erica Stocker contributed to this article

Know Your Limits: Insights on Statutory Minimum Limits for Nursing Facilities

How much insurance does my organization need? This conundrum impacts policyholders from small businesses needing single policies to Fortune 500 companies placing complex, multimillion-dollar insurance towers. For owners and operators of skilled nursing facilities, deciding on the right limits of liability insurance is not just a question of evaluating and balancing the risk of third-party claims to your organization – it can be a question of statutory compliance as well.
While many states do not require nursing facilities to maintain minimum levels of liability insurance, those states that do can pose serious regulatory risks to unwary policyholders. For example, in Virginia, certified nursing facilities must maintain minimum general liability insurance limits of $1 million and minimum professional liability limits of $2.65 million (VA ST § 32.1-127). The required professional liability limits increase every year, and by 2030 certified nursing facilities must maintain $2.95 million in limits (VA ST § 8.01-581.15). Failure to maintain these limits can lead to revocation of the facility’s license (VA ST § 32.1-127). Pennsylvania’s complicated statutory scheme of minimum professional liability insurance for non-hospital healthcare providers ranges up to $1 million in minimum per-occurrence limits and $3 million in aggregate limits (40 P.S. § 1303.711). Failure to submit proof of proper insurance can lead to license suspension or revocation. In Colorado, a condition of active licensure for healthcare institutions is maintenance of $500,000 per occurrence and $3 million in aggregate limits (C.R.S.A. § 13-64-301).
Because minimum liability limits in the healthcare industry are not standardized, identifying the applicable statute may not be simple. For example, the Virginia law is found in the Virginia health code, the Pennsylvania law is found in the Pennsylvania insurance code, and the Colorado law is part of the “Health Care Availability Act” – which is itself part of Colorado’s “Court and Court Procedure” statutory scheme.
A facility may only discover a failure to comply with regulatory limits when facing a serious liability claim. In that case, the insured may find itself fighting on two or even three fronts – with the underlying claimant to resolve the case, with its insurance company to fight for additional coverage, and potentially with the state to prevent or minimize regulatory consequences.
Because of the potential complexity of compliance and the consequences for noncompliance, insureds should ensure they are complying with minimum liability limits. This includes confirming with their brokers that current policies comply with applicable minimum limits in the states where they operate facilities. If the answer is no, the insured should seek an immediate and retroactive endorsement that complies with state requirements. At renewal, insureds should work with their broker and legal counsel to ensure continuing compliance. The correct solution will depend on the risk management strategy and goals of the policyholder, as well as the organizational structure. For example, policyholders operating numerous facilities may form LLCs for each facility and purchase insurance for each LLC. Others may insure numerous facilities under a master policy.
Insureds operating facilities across numerous states could choose among the following potential options when procuring liability coverage to ensure compliance with minimum limit requirements:

A separate policy for each facility providing the minimum limits required for the state where that facility is located;
A separate policy for each state where the policyholder operates that provides the requisite minimum limits for each facility in that state;
A master policy with separate endorsements amending the policy limits by location; or
A master policy providing the highest minimum limits of all states where the policyholder operates.

Operating a skilled nursing facility requires complying with a dizzying array of statutes and regulations. Ensuring that your facilities procure the required insurance limits may be simple by comparison, but it is a crucial step in ensuring protection from both third-party claims and regulatory compliance risk.

Top Five Labor Law Developments for May 2025

The U.S. Supreme Court granted the Trump Administration’s application to stay former National Labor Relations Board Member Gwynne Wilcox’s reinstatement. Trump, et al. v. Wilcox, et al., No. 24A966 (May 22, 2025). The U.S. Court of Appeals for the D.C. Circuit had previously enjoined President Donald Trump’s removal of Wilcox, citing the Supreme Court’s 1935 decision in Humphrey’s Executor that upheld the constitutionality of for-cause removal protections for federal agency leaders. The Trump Administration then filed an emergency application to the Court for a stay of the D.C. Circuit’s order, arguing subsequent case law narrowed Humphrey’s Executor to apply only to multi-member agencies that do not wield substantial executive power, making the case inapplicable to the Board. In granting the stay, the Supreme Court found the Trump Administration is likely to show that Board members exercise considerable executive power, but the Court did not decide whether the Board falls within recognized exceptions for removal protections. The 6-3 order aims to avoid the disruptive effect of Wilcox’s repeated removal and reinstatement while the D.C. Circuit decides the merits of the case.
A coalition of unions, nonprofit groups, and local governments requested that a California federal court issue a nationwide injunction to stop an executive order (EO) requiring federal agencies to downsize or reorganize. American Federation of Government Employees, AFL-CIO, et al. v. Trump, et al., No. 3:25-cv-03698 (N.D. Cal. May 14, 2025); National Nurses United, et al. v. Kennedy, Jr., No. 1:25-cv-01538 (D.D.C. May 14, 2025). The lawsuit stems from EO 14210 aiming to reduce the size of the federal government’s workforce and directing each agency head to work with the Department of Government Efficiency on hiring plans. The coalition, which includes national unions and municipalities, argues the EO violates the U.S. Constitution’s separation of powers and the Administrative Procedure Act. Although the court previously granted a temporary restraining order, the coalition argues a nationwide injunction against the federal agencies is appropriate to avoid “piecemeal” litigation. Similarly, in a separate lawsuit, a coalition of unions, including National Nurses United, is seeking an injunction to stop the Department of Health and Human Services from implementing staff cuts at the National Institute for Occupational Safety and Health.
A Kentucky federal judge ruled the U.S. Department of Treasury lacks standing to rescind its collective bargaining agreement with employees, while the U.S. Department of Defense (DoD) is seeking to confirm its right to terminate them. U.S. Department of Treasury v. National Treasury Employees Union, Chapter 73, No. 2:25-049 (E.D. Ky. May 20, 2025); U.S. Department of Defense, et al. v. American Federation of Government Employees AFL-CIO District 10, et al., No. 6:25-cv-00119 (W.D. Tex. May 5, 2025). The lawsuits stem from EO 14251, which exempts certain agencies from the Federal Service Labor-Management Relations Statute that provides organizing and collective bargaining protections for federal employees. The federal court dismissed the action based on the Treasury’s lack of standing, as it had not enforced the EO against the local union at the time of filing. The court emphasized that the Treasury’s claimed injuries were speculative and, therefore, did not address the merits of the case. In a separate lawsuit in a Texas federal court, the DoD and other federal agencies are seeking declaratory relief against several union affiliates to confirm their rights under the EO. The unions have also moved to dismiss the case based on standing, among other claims.
The Nevada legislature passed a bill banning mandatory captive audience meetings; Washington will now provide unemployment benefits for striking workers. If signed by the governor, the Nevada legislation will prohibit employers from taking any adverse employment action against employees who decline to attend or participate in a meeting “sponsored by the employer” or listen to an employer communication if its purpose is to communicate the employer’s opinion on religious or political matters. Many states have similar legislation, and the Biden Board issued a decision holding such meetings violative of the National Labor Relations Act. Under the bill, “political matters” includes the decision to join or support any labor organization. Meanwhile, Washington’s governor signed a bill that provides unemployment benefits for striking workers under certain circumstances. The Washington law will take effect Jan. 1, 2026.
Acting General Counsel William Cowen issued a memorandum emphasizing the need for efficiency in resolving unfair labor practice (ULP) cases. Memorandum GC 25-06. The memorandum’s key points include granting discretion to exclude default language in settlements, permitting non-admission clauses, authorizing unilateral settlements, and approving settlements for less than full remedies. The memo also addresses the Board’s 2022 Thryv, Inc. decision, which expanded the scope of remedies for ULPs, noting regional directors should “focus on addressing foreseeable harms that are clearly caused by the unfair labor practice.” The memo represents a shift in policy from former General Counsel Jennifer Abruzzo and provides updated guidance on settlement efforts following Cowen’s previous memo rescinding several of Abruzzo’s memos and enforcement priorities.

CMS Sheds Light on its Timeline for Expedited RADV Audits

Shortly following its announcement of sweeping changes to RADV audits, CMS shared industry guidance last week regarding upcoming deadlines for the submission of risk adjustment data corrections in advance of RADV sampling. While this type of notice is routine in advance of RADV audit sampling, it is unique as it covers five plan years (2020 through 2024). CMS instructs Medicare Advantage organizations (MAOs) to submit data corrections for PY 2020 through PY 2024 with deadlines ranging from June 16, 2025, through July 15, 2025. Based on these dates and CMS’s target of completing these audits by early 2026, we believe that MAOs can expect to receive audit notices on a rolling basis beginning in the mid to late summer.
CMS’s decision to alter the long-standing audit time frame results in MAOs having a far shorter time to correct data than they have in the past with significant variation across the plan years that are addressed in the notice. For example, for PY 2020, an MAO has until June 16, 2025, to submit data corrections – this amounts to approximately 4 years 6 months from the close of the plan year. During that time MAOs have identified a variety of errors and submitted them for corrections. Compare this to PY 2024 audits for which MAOs must submit data corrections by July 15, 2025 – this only allows the MAOs 6 1/2 months from the close of the plan year. While many MAOs will likely have identified some errors during the plan year, they are losing a significant amount of time that is often used to address any identified errors.
In the memorandum, CMS also announced that it has finished the PY 2019 audit sampling and that the MAOs that have been selected would receive their notices soon.
Another notable point is that CMS does not plan to make payment adjustments at this time for any closed period deletes submitted for PY 2020 through PY 2024. Instead, it will announce the rerun of these PYs and their related overpayment data submission deadlines in future industry guidance (HPMS memos).
We will continue to monitor CMS communications for information regarding the volume of contracts that will be audited, the process updates, and the speed with which the audits will be completed.

The BR Privacy & Security Download: June 2025

On May 5, 2025, the newest Commissioner of the Federal Trade Commission (FTC), Mark R. Meador, spoke at the Second Annual Antitrust Conference at George Washington University.
His prepared remarks offer insight into his approach to antitrust enforcement, addressing what he sees as common antitrust enforcement myths.
In dispelling the first myth—“antitrust is regulation”—the Commissioner is very clear: “Antitrust is law enforcement, period. Full stop.”
He similarly and succinctly rejects four other myths related to antitrust enforcement:

“Vertical integration is always procompetitive.” Commissioner Meador makes the contrary case that vertical integration is not always procompetitive, particularly in non-physical markets such as technology.
“Innovation can justify exclusion.” The Commissioner instead asserts the need to identify conduct that forecloses alternatives.
“We need national champions to compete with China.” The Commissioner suggests, to the contrary, that competition is better suited by free enterprise.
“Structural remedies are an extreme measure.” He counters that structural remedies can be a way to restore free markets.

Commissioner Meador concludes his comments with what might be seen as a policy warning, making clear that the current FTC’s interest in antitrust enforcement is not limited to technology platforms or “Big Tech,” but extends to every industry, including “groceries, healthcare, and energy.”
Additional Authors: Daniel R. Saeedi, Rachel L. Schaller, Gabrielle N. Ganze, Ana Tagvoryan, P. Gavin Eastgate, Timothy W. Dickens, Jason C. Hirsch, Adam J. LandyAmanda M. Noonan, and Karen H. Shin.

Commissioner Meador Dispels Myths About Antitrust Enforcement

Adidas and UChicago Sued Over Data Breaches Caused by Third-Party Vendors

What do a global sportswear giant, and a prestigious medical center have in common? Apparently, a shared struggle defending data breach lawsuits for breaches of sensitive personal information caused by third-party vendors.
This week, Adidas America and the University of Chicago Medical Center found themselves on the receiving end of data breach lawsuits. The plaintiffs say both organizations failed to keep their personal info safe, and now want the courts to step in. According to the complaints, Adidas customer Karim Khowaja and UChicago patients Alta Young and Judy Rintala are calling out the companies for what they claim were lax data protection practices that led to their sensitive personal information falling into the wrong hands. Their key argument? The organizations should have known—and done—better.
Khowaja’s lawsuit alleges that Adidas provided a notification of the data breach that left customers with more questions than answers. Khowaja claims that Adidas did not identify the third-party vendor involved, what data was accessed, or when the breach occurred. Further, Khowaja claims this is not Adidas’ first data security blunder—he points back to a 2018 breach as proof the company should have been more vigilant.
“The more accurate pieces of data an identity thief obtains about a person, the easier it is… to take on the victim’s identity,” Khowaja warns in his complaint.
The same allegations are being directed at the University of Chicago Medical Center. According to Young and Rintala, the hospital didn’t discover the breach until ten months after suspicious activity was first detected—by its financial services vendor, National Recovery Services LLC (NRS). Young’s lawsuit claims the breach affected 38,000 patients, and Rintala’s goes further, alleging that the hospital didn’t encrypt or redact any of the compromised data—leaving names, birth dates, and other sensitive information widely available to cybercriminals. “That ‘utter failure’ will present risks to patients for their respective lifetimes,” Rintala claims.
All three plaintiffs are looking to represent classes of similarly affected individuals and are asking for damages and injunctive relief. Each of the plaintiffs are also emphasizing the “real-world” costs of these breaches: time, money, and the emotional stress of trying to prevent identity theft or fraud.
These lawsuits highlight a growing trend: courts being asked to hold companies accountable for third-party vendor breaches. It raises an important question: How far does the responsibility go when it comes to data security? It may be as simple as: if you use a third-party vendor who has access to or maintains sensitive personal information, there is a known risk. Here, a “known risk” refers to a security vulnerability or threat that a reasonable organization should have been aware of—either through industry standards, past incidents, or internal warnings—and failed to adequately address.
In the UChicago case, Young argues that the medical center knew about the risks of working with external vendors like NRS, especially since the kind of breach that occurred is a common method of attack in healthcare data security:

Healthcare is a top target for hackers due to the volume of sensitive personal and financial data. This isn’t new—HIPAA guidance and cybersecurity advisories have warned about it for years.
NRS discovered “suspicious activity” ten months prior to informing UChicago.
The plaintiffs say this delay, paired with the lack of encryption or redaction, shows UChicago failed to properly vet or monitor its vendor—even though outsourcing doesn’t relieve them of responsibility under HIPAA and other regulations.

In Khowaja’s complaint, he makes a similar argument: Adidas previously experienced a breach. So, when it happened again—this time via a third-party customer service provider—he says the company can’t plead ignorance:

Adidas “knew or should have known” that outsourcing customer service introduced a risk of exposure.
Despite that, they allegedly didn’t put in the necessary safeguards to protect customer data or notify affected users with enough information to respond.

Again, the argument isn’t just about the breach itself—it’s about Adidas’ failure to anticipate a risk they’d already seen firsthand.
If the courts agree that failure to safeguard against a “known risk” is enough to trigger liability, we could see more plaintiffs lining up in similar cases across industries for incidents caused by third-party vendors.

HHS Rescinds 2022 EMTALA Guidance on State Law Preemption in Emergency Reproductive Healthcare

On May 29, 2025, the Department of Health and Human Services (“HHS”) rescinded its July 11, 2022 guidance (Ref. QSO-22-22-Hospitals) (the “2022 Guidance”) clarifying how the Emergency Medical Treatment and Labor Act of 1965 (“EMTALA”) should be interpreted in the wake of state policy and legislative responses to the landmark Supreme Court decision, Dobbs v. Jackson Women’s Health Organization (2022), overturning Roe V. Wade (1973) which legalized abortion in the United States.
Under EMTALA, all Medicare participating hospitals and their dedicated emergency departments are required to provide patients, regardless of their ability to pay or insurance status, with an appropriate medical screening, stabilizing treatment, and transfer, if necessary. The 2022 Guidance directed, among other things, that this law applies irrespective of any state laws or mandates that apply to specific procedures (including conditions for which stabilization may require abortion, such as ectopic pregnancy, severe preeclampsia, and complications arising from probable pregnancy loss). The 2022 Guidance further stated that “[a] physician’s professional and legal duty to provide stabilizing medical treatment to a patient who presents to the emergency department and is found to have an emergency medical condition preempts any directly conflicting state law or mandate that might otherwise prohibit such treatment.”
Today, the 2022 Guidance is no longer in effect, however the Centers for Medicare and Medicaid (“CMS”) affirmed in its June 3, 2025 Press Release that it “will continue to enforce EMTALA, which protects all individuals who present to a hospital emergency department seeking examination or treatment, including for identified emergency medical conditions that place the health of a pregnant woman or her unborn child in serious jeopardy.” CMS has been explicit that it is working to “rectify any perceived legal confusion and instability created by the former administration’s actions.” Nevertheless, Medicare participating hospitals and their dedicated emergency departments are left wondering: “what happens now when state law, federal law, and physician ethical duties to their patients are in direct conflict?”

First Steps in Implementing the Trump Administration’s Price Transparency Agenda

May 29, 2025 – Last week, the Trump administration took steps toward implementing one of its major priorities: improving price transparency. As discussed in a previous Regs & Eggs blog post, President Trump signed an executive order (EO) on price transparency on February 25, 2025, that hinted at changing or even expanding current price transparency requirements for hospitals and health plans. The EO called on the secretary of the US Department of Health and Human Services, working in conjunction with the secretaries of the US Departments of Labor and the Treasury, to take the following actions within 90 days:

Require the disclosure of the actual prices of items and services, not estimates.
Issue updated guidance or proposed regulatory action ensuring that pricing information is standardized and easily comparable across hospitals and health plans.
Issue guidance or proposed regulatory action updating enforcement policies designed to ensure compliance with the transparent reporting of complete, accurate, and meaningful data.

Well, 90 days are up. And although rulemaking may be required to fully carry out all the directives included in the EO (which could take a while), the departments issued guidance and requests for information (RFIs) last week that are meant to address some of the issues the administration believes make the current price transparency requirements less effective and meaningful to consumers than they should be.
Hospital Price Transparency

First, the Centers for Medicare & Medicaid Services (CMS) issued guidance and an RFI aimed at clarifying what specific information hospitals must provide under the previously established hospital price transparency requirements. Since January 1, 2021, hospitals have been required to make public:

A machine-readable file (MRF) containing a list of all standard charges for all items and services.
A consumer-friendly list of standard charges for 300 “shoppable” services. (A hospital that maintains an internet-based, prominently displayed, free-to-use price estimator tool is deemed to have met this requirement.)

With respect to the MRF requirement, CMS’s calendar year (CY) 2024 Outpatient Prospective Payment System (OPPS) final rule stated that:

It is generally appropriate for a hospital to display a payer-specific negotiated charge as a standard algorithm, to the extent a standard algorithm is the manner in which the hospital establishes its standard charges with third-party payers.
The hospital must include a description of that algorithm in its MRF.
As of January 1, 2025, if a hospital’s standard charge is based on a percentage or algorithm, its MRF must also specify the estimated allowed amount for that item or service.

The CMS guidance issued last week reiterates the OPPS reg requirements and states that CMS expects “that, for most contracting scenarios, hospitals’ payer-specific negotiated charges can be expressed as a dollar amount” (emphasis added). The Trump administration has expressed concerns that hospitals too often provide percentages in the MRFs instead of actual dollar amounts and encode 999999999 (nine 9s) as the estimated allowed amount. The Trump administration feels that providing actual dollar amounts will provide a clearer picture to outside stakeholders, including patients, about actual hospital prices are, and it wants hospitals to provide this information, rather than percentages, in most cases.
Now that the guidance is out there, CMS may expect some hospitals to change the information they include in MRFs. However, by also issuing an RFI, CMS signaled that it may make even more changes or issue additional clarifications or guidance around hospital price transparency in the near future. In the RFI, CMS is seeking input on public and stakeholders’ concerns about the accuracy and completeness of MRFs and other considerations for CMS to ensure the accuracy and completeness of the information. Specifically, the RFI includes the following six questions:

Should CMS specifically define the terms “accuracy of data” and “completeness of data” in the context of hospital price transparency requirements, and, if yes, then how?
What are your concerns about the accuracy and completeness of the hospital price transparency MRF data? Please be as specific as possible.
Do concerns about accuracy and completeness of the MRF data affect your ability to use hospital pricing information effectively? For example, are there additional data elements that could be added, or others modified, to improve your ability to use the data? Please provide examples.
Are there external sources of information that may be leveraged to evaluate the accuracy and completeness of the data in the MRF? If so, please identify those sources and how they can be used.
What specific suggestions do you have for improving the hospital price transparency compliance and enforcement processes to ensure that the hospital pricing data is accurate, complete, and meaningful? For example, are there any changes that CMS should consider making to the CMS validator tool, which is available to hospitals to help ensure they are complying with hospital price transparency requirements, so as to improve accuracy and completeness?
Do you have any other suggestions for CMS to help improve the overall quality of the MRF data?

Comments on the RFI are due on July 21, 2025. Notably, the CY 2026 OPPS proposed rule will likely be issued before July 21, and the OPPS reg is where CMS has made changes to the hospital price transparency regs in the past. That would mean we might expect the next overhaul of the regs to occur in CY 2027, informed by stakeholders’ comments in response to this RFI.
Health Plan Price Transparency

The departments also issued a short statement and an RFI on the price transparency requirements for health plans. Under current regs, most health plans are already required to disclose, via MRFs on a public website, information regarding in-network provider rates for covered items and services, out-of-network allowed amounts and billed charges for services, and negotiated rates and historical net prices for covered prescription drugs. The departments previously issued technical implementation guidance for the in-network and out-of-network MRFs in the form of schemas but have heard many access-related concerns about “file size, data integrity, and a lack of critical context that limits full transparency.” The departments now state that they plan to issue a revised version of the schemas to address these issues. The “schema version 2.0” will reduce file size by “requiring exclusion of duplicative data [and] reducing unnecessary data fields, and will include updates to better contextualize the data, making it more meaningful to ultimately achieve greater transparency.” The departments are considering future rulemaking to further refine and improve the useability of the MRFs.
In the RFI, the departments note that they never implemented the requirement for health plans to include net prices for covered prescription drugs in MRFs. Because promoting price transparency across the board (including drug pricing) is a high priority, the departments request comments on “the issues related to compliance with, and implementation of, the prescription drug MRF disclosure requirements.” The questions in the RFI focus on the required data elements in the MRFs, including potential additional or alternative data elements, and other general implementation concerns. Responses to the RFI are due in late-June, and they will be used to help inform future rulemaking or guidance on prescription drug price transparency.

All in all, the Trump administration released four separate documents aimed at promoting price transparency last week and indicated that more guidance and regs are to come, so it’s clear that the administration will continue to focus on this issue. Both hospitals and health plans should plan accordingly and be prepared to make changes (if needed) to the methods they are currently using to comply with all the requirements.
Until next week, this is Jeffrey (and Leigh) saying, enjoy reading regs with your eggs.