New DOJ White Collar Priorities Focus on Health Care Fraud
On May 12, 2025, the U.S. Department of Justice’s Criminal Division released a new guidance memo on white-collar enforcement priorities in the Trump Administration entitled “Focus, Fairness, and Efficiency in the Fight Against White-Collar Crime.”
In this memo, and the accompanying speech by Matthew R. Galeotti, the Trump Administration’s appointed Head of the Criminal Division, the DOJ reiterated its previously stated commitment to prosecuting illegal immigration, drug cartels, and transnational criminal organizations. For the first time in the new Administration, however, the DOJ clearly articulated new white-collar enforcement priorities, directing Criminal Division white-collar prosecutors to follow three core tenets: focus, fairness, and efficiency. As detailed below, the new memo sets forth the following three priorities:
1. Focus on High-Impact Waste, Fraud, and Abuse Harming Vulnerable Taxpayers
It should be no surprise that the administration is targeting actors that profit through “waste, fraud, and abuse.” The memo sets clear priorities for its prosecutors to investigate, listing as the #1 priority health care fraud and federal program and procurement fraud. The memo goes on to provide a top 10 list of “high-impact areas”, with “trade and customs fraud, including tariff evasion” as #2. Heavy focus is given to fraud perpetrated by foreign actors and conduct threatening U.S. national security. Also listed is fraud victimizing U.S. investors, including elder fraud and Ponzi schemes. Appearing as #8 on the list is violations of the Controlled Substances Act and the Federal Food, Drug and Cosmetic Act, including the creation of counterfeit pills laced with fentanyl and the “unlawful distribution of opioids by medical professionals and companies.”
The memo also prioritizes efforts to identify and seize assets that are the proceeds of offenses harming vulnerable victims by amending the DOJ Criminal Division’s Corporate Whistleblower Awards Pilot Program to reflect priority areas where whistleblower tips lead to forfeitures. These areas include criminal violations related to international criminal organizations, corporations violating federal immigration laws, corporate sanctions, and trade offenses, and other areas consistent with the Administration’s previously stated priorities.
2. Fairness in Prosecuting Corporations and Individuals
Consistent with the outlook of prior administrations, the DOJ clearly stated that its first priority is to prosecute individuals as opposed to corporations. The memo notes that individuals commit crimes often at the expense of corporate shareholders, employees, investors, and American consumers. The memo also states that “the Division’s policies must strike an appropriate balance between the need to effectively identify, investigate, and prosecute corporate and individuals’ criminal wrongdoing while minimizing unnecessary burdens on American enterprise.” The memo cautions that not all corporate misconduct warrants federal criminal prosecution and directs prosecutors to consider additional factors when determining whether to bring criminal charges against corporations, including whether the company reported its conduct to the DOJ; the company’s willingness to cooperate with the government investigation; and remedial actions taken by the company. The memo also states that “prosecutors should prioritize schemes involving senior-level personnel or other culpable actors, demonstrable loss, and efforts to obstruct justice.”
3. Conduct Efficient Investigations That Do Not Linger
The memo acknowledges that federal investigations into alleged corporate wrongdoing can be costly and intrusive for businesses, investors, and others, and where individuals impacted by a lengthy investigation often had no knowledge of or involvement in the conduct at issue. The memo also concedes that corporate investigations can disrupt a business’s day-to-day operations and cause reputational harm. To decrease the impact on business and commerce, prosecutors are now required to minimize the length and collateral impact of their investigations by working expeditiously to investigate cases and make charging decisions.
In addition, the DOJ is implementing policy changes that could be seen as more business friendly, such as stating that potentially costly corporate monitorships are disfavored and only to be imposed in limited circumstances and ordering a review of existing monitorships and agreements with companies. The memo also limits existing corporate resolutions to three years, except in exceedingly rare cases, with guidance to regularly assesses these agreements to determine if early termination is appropriate.
Although many of these changes have been anticipated in the months since the change of administration, the memo provides clarity and concrete priority areas for prosecution – as well as areas where DOJ will pull back federal oversight, such as monitorships.
Our next blog will discuss the newly revised Justice Manual provision 9-47.120 – Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy, which provides that “additional benefits are now available to companies that self-disclose and cooperate, including potential shorter terms” of deferred or non-prosecution agreements.
We will be monitoring additional developments in this area as the Administration continues to implement policy changes.
Data Transactions: DOJ’s Final Rule’s Implications for Academic Medical Centers with Clinical Research Programs
The Department of Justice (DOJ) published its Final Rule to implement Executive Order 14117 on January 8, 2025, with a correcting amendment issued April 18, 2025. Executive Order 14117, issued on February 28, 2024, titled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern,” instructed the Attorney General to create regulations that ban or limit U.S. persons from participating in transactions involving property in which a foreign country or its nationals have an interest. Transactions are banned or limited if they involve U.S. government-related data or bulk sensitive personal data (as defined by the final implementing rules), fall into categories deemed by the Attorney General to pose a national security risk (with such security risk arising from potential access to data by identified countries of concern or related individuals), and meet additional criteria outlined in the Executive Order.
The Final Rule outlines categories of transactions that are either banned or limited; designates specific countries and types of individuals or entities with whom transactions involving government-related or bulk U.S. sensitive personal data are restricted; creates a system for granting, modifying, or revoking licenses for otherwise restricted activities and for issuing advisory opinions; and sets requirements for transaction recordkeeping and reporting requirements to support the DOJ’s investigations, enforcement, and regulatory actions in relation to the Executive Order.
Academic Medical Centers (AMCs) and similar entities engaged in clinical research and international collaborations need to be aware of and determine the applicability of the regulatory requirements imposed by the Final Rule. Research partnerships involving biometric identifiers, personal health information, or genomic data may be deemed restricted or prohibited transactions if the partnerships include entities from designated countries of concern.
Summary
The Final Rule is aimed at preventing certain U.S. foreign adversaries — including China, Russia, Iran, North Korea, Cuba, and Venezuela — from accessing sensitive U.S. personal data and government-related information.
Key Definitions. The Final Rule authorizes the DOJ to regulate and enforce restrictions on data transactions with designated “Countries of Concern” and “Covered Persons.”
“Country of Concern” is defined to mean:
any foreign government that, as determined by the Attorney General with the concurrence of the Secretary of State and the Secretary of Commerce, (1) has engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons, and (2) poses a significant risk of exploiting government-related data or bulk U.S. sensitive personal data to the detriment of the national security of the United States or security and safety of U.S. persons.
“Covered Person” is defined to include: (1) foreign entities that (a) are fifty percent or more owned, directly or indirectly, by countries of concern or another covered persons; or (b) are organized under the law of, or have their principal place of business in, a Country of Concern; (2) foreign entities that are fifty percent or more owned, directly or indirectly, by Covered Persons, either individuals or entities; (3) foreign individuals who are non-U.S. residents working as employees or contractors of a Country of Concern; (4) foreign individuals primarily residing in Countries of Concern; and (5) other entities or individuals as reasonably determined by the Attorney General based on certain criteria.
Categories of Covered Data. The Final Rule targets eight categories of “Covered Data,” including biometric identifiers, genomic data, health and financial data, precise geolocation information, and personal identifiers that can be linked to other sensitive data. It also includes certain government-related information, such as data tied to U.S. government personnel or the geolocation of sensitive facilities. Notably, the regulations apply regardless of data processing volume when government-related information is involved.
Primary Types of Restricted Transactions. The DOJ identifies three primary types of restricted transactions: employment, investment, and vendor agreements. U.S. businesses must ensure foreign employees, investors, and service providers — especially those linked to Countries of Concern — do not gain access to Covered Data unless strict security protocols are met. This affects a wide range of commercial activities, from hiring and corporate deals to cloud services and software subscriptions, and likely impacts AMCs engaging in clinical research when data is shared with certain employees. Research sponsors, investors and service providers. Prohibitions and restrictions of the Final Rule, however, only apply to Covered Data Transactions with a Country of Concern or Covered Person that involve access by a Country of Concern or Covered Person to government-related data or bulk U.S. sensitive personal data. The Final Rule does not regulate transactions that do not implicate access to government-related data or bulk U.S. sensitive personal data by a Country of Concern or a Covered Person.
Prohibited Transactions. Notably, under the Final Rule certain transactions are absolutely prohibited, such as those involving the sale or licensing of Covered Data to foreign entities in data brokerage arrangements, or those involving biometric data or biospecimens.
Penalties for Non-Compliance. Violations of the Final Rule carry significant fines and penalties. Civil fines can reach the greater of US$368,136 or twice the transaction amount. Willful violations may result in criminal penalties of up to US$1 million and up to 20 years in prison.
The Bottom Line for Clinical Research. To comply with the Final Rule, AMCs must engage in rigorous and thorough diligence on proposed, and existing research activities, collaborations and operations, including on their partners, clients, employees/contractors, and data recipients, to determine if a proposed or existing transaction falls within the ambit of the Final Rule. The scope and penalties for violations of and non-compliance with the Final Rule are a clear indicator that a process to determine and ensure compliance with the Final Rule will be critical for AMCs, and businesses across industries, that engage in activities and transactions involving personal or government-related data.
Implications for Academic Medical Centers with Clinical Research Programs
The Final Rule adds a new layer of regulatory compliance complexity for AMCs and similar entities engaged in clinical research and international collaborations.
Research studies and activities, including research collaborations and partnerships involving biometric identifiers, personal health information or genomic data, may be deemed restricted or prohibited transactions if the partnerships include entities from designated Countries of Concern and/or Covered Persons.
Existing and proposed multi-national studies and data-sharing initiatives must be reviewed to determine if the Final Rule is applicable to the study or activity, and if so, to ensure compliance.
Additionally, AMCs must also ensure that vendors, including cloud and AI service providers, are not affiliated with Countries of Concern and that all data processing activities meet stringent new security and compliance standards. As noted above, ensuring compliance with the Final Rule will necessitate a thorough review of the AMC’s vendor contracts.
Further, the Final Rule necessitates a reassessment by AMCs, of their data-sharing policies and multi-site protocols, and will likely require the incorporation of national security-focused compliance clauses in certain data sharing agreements (such as data use agreements) and the enhancement of institutional data governance frameworks, which frameworks should be designed to avoid and mitigate any legal and regulatory exposure, and ensure that the institution is able to maintain eligibility for receipt of federal funding.
Next Steps
This Final Rule prescribes significant categorical rules that prevent U.S. persons from providing government-related data or U.S. citizens’ bulk, sensitive personal data, including through commercial data-brokerage transactions, to Countries of Concern or Covered Persons. Compliance with the Final Rule specifically necessitates that AMCs and institution implement security measures when engaging in investment transactions, employment agreements, and vendor contracts, that involve either government-related data or large-scale collections of sensitive personal data — such as health records, biometric identifiers, or financial information.
The requirements of the Final Rule are intended to prevent foreign adversaries from indirectly accessing this data through commercial relationships. By identifying these specific transaction types, the Final Rule seeks to address perceived national security gaps and provides clear, enforceable standards that define when and how data-related dealings with foreign actors are restricted.
Failure to comply with these new requirements could result in fines and penalties, regulatory scrutiny, loss of federal funding, and enforcement actions, making compliance with the Final Rule, when and as applicable to a transaction and activity, a critical compliance priority for AMCs and institutions handling large volumes of sensitive personal data.
Have You Done Your Part to Comply with Part 2 Changes?
Important changes are coming to 42 CFR Part 2 (Part 2), which deals with the confidentiality of patients’ substance use disorder (SUD) records. On April 16, 2024, the US Department of Health and Human Services (HHS) published a new final rule to update Part 2 (New Rule) in an effort to align the requirements of Part 2 with those found in the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH).
Part 2 will now allow patients to sign a single consent for future uses and disclosures of Part 2 records, as opposed to patients previously having to sign individualized consents prior to each disclosure. Following such consent from the patient, a HIPAA-regulated recipient of the Part 2 records may further use and disclose those records as permitted under HIPAA, except for civil, criminal, administrative or legislative proceedings against the individual who is the subject of the Part 2 records. Additionally, breaches of Part 2 information now must be addressed in the same manner as other breaches involving unsecured protected health information (for instance, by requiring certain notifications be made within no more than 60 calendar days from the discovery of the breach). Finally, civil penalties for violations of Part 2 have been added, thus making the penalties consistent with those available under HIPAA. Any entities or providers who are subject to Part 2 must comply with the New Rule by February 16, 2026, or risk incurring significant penalties under the new Part 2 regime.
One of the most notable changes under the New Rule is that Part 2 violation penalties and HIPAA violation penalties are now aligned. Previously, Part 2 violations were only subject to criminal penalties. The disciplinary framework under the New Rule allows for both civil and criminal penalties for a Part 2 violation. On the civil side, penalty fines can be up to $1.5 million per calendar year, depending on the severity of the violation. On the criminal side, penalty fines can be up to $250,000, with imprisonment from one to 10 years, depending on the severity of the violation.
Given the significant changes to Part 2 and the approaching date for compliance, entities and providers subject to Part 2 should, at a minimum, review and update their materials and procedures related to:
Patient consent;
Disclosure of patient information;
Medical records/documentation;
Patient rights;
Breach notification;
Patient notices (i.e., Notice of Privacy Practices); and
Data storage and segregation.
Some next steps are purely internal but will require collaboration to ensure that the technical and administrative aspects align. Other steps are patient-facing and will require updates to documentation, combined with operationalizing communications to patients. In addition, internal training materials should be updated to account for the various Part 2 changes, and staff should be educated about the updated requirements and the severity of consequences that could result from willful or inadvertent non-compliance.
The New Rule’s updated penalties represent a distinct shift towards stricter and more punitive enforcement regarding the confidentiality of SUD records and compliance with Part 2 generally. Entities and providers subject to Part 2 should begin reviewing and revising their policies and procedures now to ensure compliance with the New Rule by 2026 in light of the expected more punitive enforcement landscape.
A Bit of Mental Health Parity Relief for Employers Sponsoring Group Health Plans
Takeaways
Even though we have the promise of a non-enforcement policy applying to the 2025 and 2026 deadlines of at least some provisions of the 2024 Final Regulations, the 2013 Final Regulations, the Consolidated Appropriations Act, 2021, and other MHPAEA requirements remain enforceable.
The Department of Labor (DOL), together with the Departments of Treasury and Health and Human Services) have decided to suspend enforcement of certain provisions of the nonquantitative treatment limitations (NQTL) final regulations issued in September 2024. Those regulations had been challenged in federal court by the ERISA Industry Committee (ERIC) last year, and the Departments’ answer to ERIC’s complaint was due May 12, 2025. In a motion filed May 9, 2025, the Departments instead asked the court to suspend the legal proceedings while they “reconsider the 2024 Rule at issue … including whether to issue a notice of proposed rulemaking rescinding or modifying the regulation.” The court granted the Department’s motion, to which ERIC had consented.
The Departments also said that they intend to issue a non-enforcement policy for the 2024 final regulations and to “reexamine” their current MHPAEA enforcement programs “more broadly.” The Departments conferred with ERIC regarding their draft non-enforcement policy and finalized it the same day that the motion was filed. While it was not part of the filing, the nonenforcement policy is expected to be issued by the Departments to the public soon. We will not know, until it is issued, what portions of the rule (with some provisions effective for 2025 and other provisions effective for 2026) still will be enforced, if any.
Regardless, it is important to note that the requirement to prepare a nonquantitative treatment limitation comparative analysis for each NQTL, as required by the Consolidated Appropriations Act, 2021, and other MHPAEA requirements (including those under the 2013 final regulations) remain in effect.
Ethylene Oxide Litigation: Your Company Has Been Sued- Now What?
Ethylene Oxide (EtO) is an industrial solvent widely used as a sterilizing agent for medical and other equipment that cannot otherwise be sterilized by heat/steam. EtO may also be used as a component for producing other chemicals, including glycol and polyglycol ethers, emulsifiers, detergents, and solvents. Allegations that exposure to EtO increases the risk of certain cancers has led to governmental regulation as well as private tort actions against companies that operate sterilization facilities that utilize EtO.
History of EtO Verdicts
There have now been a handful of verdicts in EtO trials and the results have been a mixed bag. We have seen some defense verdicts, but also some multimillion-dollar plaintiff verdicts. As we discussed in a posting last week, the most recent example of the latter was a plaintiff verdict for $20 million handed down last earlier this month in Georgia (punitive damages are still being determined).
The first ethylene oxide case to go to trial was the Kamuda matter, in which an Illinois jury awarded $263 million in September of 2022 against Sterigenics for ethylene oxide exposure from that company’s Willowbrook facility. A subsequent trial in the same jurisdiction against the same defendant resulted in a defense verdict. Ultimately, Sterigenics resolved its pending claims involving the Willowbrook plant in the amount of $408 million. In December of 2024, a Philadelphia Court of Common Pleas jury found the defendant B. Braun Manufacturing Inc. not liable on all counts. The plaintiff had alleged that her husband developed leukemia as a result of working at the defendant’s sterilization plant in Allentown, Pennsylvania for seven years. Notably, unlike the Illinois trials, the Philadelphia trial involved an employee at the sterilization facility as opposed to the Illinois plaintiffs who did not work at the Willowbrook plant but resided nearby.
In March of this year, a Colorado jury rendered a verdict in favor of defendant Terumo BCT Inc. (Isaacks et al. v. Terumo BCT Sterilization Services Inc. et al. in the First Judicial District of Colorado (docket number 2022CV031124). The plaintiffs are appealing. This was a bellwether trial lasting six weeks, and involved four female plaintiffs. The jury determined that the defendant was not negligent in its handling of emissions from its Lakewood plant. The plaintiffs had sought $217 million in damages for their alleged physical impairment and also $7.5 million for past and future medical expenses as well as punitive damages. In light of the fact that the six person jury found the defendant Terumo not negligent, it did not need to consider damages or causation. All of the plaintiffs alleged that they had developed cancer as a result of ethylene oxide emissions from the Terumo facility. One plaintiff alleged breast cancer as a result of 23 years of exposure from the plant, while another alleged breast cancer after almost 35 years of exposure (these two plaintiffs were neighbors). Another plaintiff alleged multiple myeloma while the fourth plaintiff alleged Hodgkin’s lymphoma. Notably, there remain hundreds more pending claims against Terumo in Colorado. In fact, plaintiffs’ counsel filed almost 25 more cases while the trial was in progress
Does Your Insurance Cover EtO Claims?
In light of multi million dollar verdicts in Illinois and Georgia, companies with potential EtO liability should determine if they have adequate coverage for defense and indemnity should they be sued. KCIC recently issued a report on insurance coverage for EtO claims: (kcic.com/trending/feed/eto-an-emerging-and-evolving-risk/#msdynttrid=wne5D5mhUe8x_gvUuI0Hn9FqKuJPpR3wOfwvnUj8MyE). As the article points out, companies facing EtO claims may be able to tap their pollution liability policies or pollution coverage as part of their commercial general liability (CGL) policies. As KCIC notes, one option for companies is to cite to their “permitted emissions” exception which stems from the 1997 Illinois Supreme Court decision in American States Insurance Co. v. Koloms in which the court noted that if the pollution exclusion was too literally interpreted, it could have such limitless applications that it could essentially negate all coverage.
Therefore, Koloms concluded that pollution exclusions be limited to traditional environmental contamination — which includes industrial emissions of pollutants into the environment. In 2011, in Erie Ins. Exch. v. Imperial Marble Corp, the Illinois appellate court cited the Koloms case and found that when the industrial emissions were at levels that were within regulatory permissions, the pollution exclusions are arguably ambiguous and should not negate the duty to defend. The theory was that emissions authorized by law may not constitute traditional environmental pollution, and therefore the court found that the insurer had a duty to defend against claims that arose from permitted emissions. In contrast, though, a recent decision in the federal district in Pennsylvania determined that a pollution exclusion in a CGL policy barred coverage for EtO liabilities under Pennsylvania law (for more detail refer to the KCIC report).
So, Will Your Insurer Cover Your EtO Claims?
Well, maybe. This depends on what state’s law controls as well as the language of your policy. If you have existing policies, it is advisable to have them reviewed to determine if there is coverage for EtO claims. Consultation with your broker is advisable. To the extent you will be in the market for new coverage in the near future and you think it possible your company might face EtO claims, discuss this with your broker to make sure that you will be covered. In light of the recent Georgia verdict, coupled with the Illinois verdict from a few years ago, the EtO litigation seems poised to expand to other states. Be prepared.
EPA Receives TSCA Section 21 Petitions Seeking Reconsideration of Exemption Conditions in Final Trichloroethylene Rule
The U.S. Environmental Protection Agency (EPA) recently updated its website to include two petitions submitted under Section 21 of the Toxic Substances Control Act (TSCA) that seek reconsideration of exemption provisions of EPA final risk management rule for trichloroethylene (TCE). On March 24, 2025, PPG Industries, Inc. (PPG) submitted a petition seeking an amendment to the December 2024 final rule’s exemption for the industrial and commercial use of TCE as a processing aid for specialty polymeric microporous sheet materials manufacturing that would allow PPG to meet an interim existing chemical exposure limit (ECEL) of five parts per million (ppm) and an action level of 2.5 ppm. According to the petition, “[o]ne of PPG’[s] specialty materials is the Teslin substrate, a unique polymeric microporous sheet material that is a fundamental component of a wide range of products used in everyday life.” PPG notes that although EPA “granted a 15-year TSCA Section 6(g) exemption for Teslin on the basis that PPG’s use of TCE in the Teslin manufacturing process is a critical and essential use for which no technically and economically feasible safer alternative is available in accordance with TSCA Section 6(g)(1)(A),” the final rule “also imposes an unachievable interim ECEL of 0.2 ppm on PPG during the exemption period, as well as an action level of 0.1 ppm.” EPA’s May 9, 2025, letter acknowledging receipt of the petition states that it will either grant or deny the portions of the petition eligible for TSCA Section 21 within 90 days of the date the petition was received (i.e., by June 22, 2025).
On April 30, 2025, the Alliance for a Strong U.S. Battery Sector (Alliance) and Microporous, LLC (collectively, Petitioners) submitted a TSCA Section 21 petition for reconsideration of and revisions to the final TCE rule. According to the petition, because there is no feasible alternative to TCE in manufacturing lead-acid battery separators, EPA determined that banning the use would “significantly disrupt national security and critical infrastructure.” While the final rule granted U.S. battery-separator manufacturers a 20-year exemption from the TCE ban, the exemption “includes such onerous conditions on the continued use of TCE that it effectively functions as a total ban.” To continue using TCE, battery-separator manufacturers must either reduce TCE exposure levels to the interim ECEL of 0.2 ppm, “a level roughly 30 times below what European regulators allow and what can be achieved using state-of-the-art engineering and administrative controls — or else equip exposed workers in respiratory personal protective equipment (“PPE”) that EPA admits creates health and safety hazards and that the record demonstrates cannot feasibly be worn all day, every day by employees in these manufacturing settings.” Petitioners request that EPA revise the final rule to increase the interim ECEL to six ppm and extend the length of the duration from 20 to 25 years to account for the time required to research, develop, test, and obtain approvals for any alternative to TCE in battery-separator manufacturing. EPA’s May 9, 2025, letter acknowledging receipt of the petition states that it will either grant or deny the portions of the petition eligible for TSCA Section 21 within 90 days of the date the petition was received (i.e., by July 30, 2025).
New Era for Workplace Violence Reporting in Virginia: Healthcare Employers Must Act Now
Takeaways
Effective 07.01.25, most healthcare employers in Virginia must implement a new reporting system that tracks incidents of workplace violence, notify all employees of the system, and provide guidelines on when and how to report incidents of workplace violence.
Employers must implement a policy prohibiting discriminating or retaliating against any employee for reporting incidents of workplace violence.
Virginia healthcare employers must take immediate steps to create and implement a workplace violence incident reporting system.
Beginning July 1, 2025, healthcare employers in Virginia will be required to create workplace violence prevention plans or reporting systems. Employers must document, track, and analyze incidents of workplace violence and maintain records of incidents for at least two years.
On March 24, 2025, Governor Glenn Youngkin signed into law identical bills, House Bill 2269 and Senate Bill 162, creating the new reporting requirements. The law aims to enhance the safety of healthcare workers through continuing education, de-escalation training, risk identification, and violence prevention planning. The bills amend Section 31.1-127 of the Code of Virginia.
California, Connecticut, Illinois, Louisiana, Maine, Maryland, Minnesota, New Jersey, New York, Oregon, Texas, and Washington already have such requirements.
Definitions
Hospital. Although the amended Section 31.1-127 and its underlying legislation use the term “hospital,” this term is a bit of a misnomer because it encompasses most healthcare employers in Virginia. The term is defined by Section 32.1-123 of the Code of Virginia and includes “any facility licensed” pursuant to “Article 1. Hospital and Nursing Home License” and “in which the primary function is the provision of diagnosis, of treatment, and of medical and nursing services, surgical or nonsurgical, for two or more nonrelated individuals.”
Employee of the hospital and employee. “Employee” under amended Section 31.1-127 means “an employee of the hospital or any health care provider credentialed by the hospital or engaged by the hospital to perform health care services on the premises of the hospital.” Incidents that include any staff member, not just those providing healthcare services, must be captured in the new reporting system.
Workplace violence. Under amended Section 31.1-127, “workplace violence” includes “any act of violence or threat of violence, without regard to the intent of the perpetrator, that occurs against an employee of the hospital while on the premises of such hospital and engaged in the performance of his duties.” This includes threats or use of physical force against an employee that may result in injury, psychological trauma, or stress, “regardless of whether physical injury is sustained.”
Reporting, Tracking Requirements
Qualifying hospitals’ systems must document, track, and analyze any reported incidents of workplace violence. The incident reporting system must include the following components:
Date and time of the incident;
Description of the incident, including the affected employees’ job titles;
Perpetrator’s identity (patient, visitor, employee, or other person);
Location of the incident;
Type of incident (physical attack, threat, sexual assault, other);
Response and consequences of the incident; and
Reporter’s information (name, job title, and the date of completion).
Amended Section 31.1-127 also requires hospitals to report the data they collect, at a minimum, quarterly to the hospital’s chief medical officer and chief nursing officer. Hospitals must send an annual report without personally identifiable information to the Department of Health that includes the number of incidents reported.
Notice, Policy, Continuing Education Requirements
Qualifying healthcare employers must notify all employees about the workplace violence incident reporting system, including any new employees during orientation. Employers must also provide training on when and how to report incidents of workplace violence to their employer, security agencies, and appropriate law-enforcement authorities.
Amended Section 31.1-127 requires qualifying healthcare employers to adopt a policy that prohibits any person from discriminating or retaliating against any employee for “reporting to, or seeking assistance or intervention from, the employer, security agencies, law-enforcement authorities, local emergency services organizations, government agencies, or others participating in any incident investigation.”
Employers must also analyze the data to make improvements in preventing workplace violence. Amended Section 31.1-127 expressly identifies how such improvements can be made, including by providing continuing education in targeted areas, such as de-escalation training, risk identification, and violence prevention planning.
Steps for Healthcare Employers in Virginia
With the July 1 effective date fast approaching, qualifying Virginia healthcare employers must take immediate steps to create and implement a workplace violence incident reporting system. Steps employers can take to comply with the new law:
Review employee handbooks and standalone workplace violence and safety policies or implement such policies.
Review and update onboarding documents for new employees.
Review employee trainings and continuing education to determine whether they sufficiently address de-escalation, risk identification, and violence prevention planning.
Stay up to date on potential changes as the new law directs the Virginia Secretary of Health and Human Resources to “convene a stakeholder work group” that includes various state agencies and trade groups “for the purpose of making recommendations on the workplace violence reporting system and policies.” Additional statutes, regulations, and administrative guidance can be expected in the coming years.
Federal Regulators Announce Non-Enforcement of the 2024 Rule for Mental Health Parity
On May 9, 2025, the Departments of Labor, Health and Human Services, and Treasury (collectively, “the Departments”) asked the D.C. federal court to suspend litigation while they consider whether to rescind or modify the 2024 Rule implementing the Mental Health Parity and Addiction Equity Act (MHPAEA).
As part of the request, the Departments indicated that they will suspend enforcement of the 2024 Rule.
The 2024 Rule was issued to implement revisions to the MHPAEA statute that were passed as part of the Consolidated Appropriations Act of 2021 (“CAA”) to add specific requirements for the development and enforcement of comparative analyses for non-quantitative treatment limits (“NQTLs”). The Departments’ enforcement suspension was announced as a part of a motion to hold in abeyance a legal challenge to the statutory basis for the 2024 Rule that was filed by the ERISA Industry Committee (“ERIC”) on January 17, 2025.
Specifically, the motion provides that the parties have agreed to the Departments’ request to stay the litigation while the Departments suspend enforcement of the 2024 Rule and “reconsider the 2024 Rule…including whether to issue a notice of proposed rulemaking rescinding or modifying the regulation.” The Departments specifically propose to “(1) issue a non-enforcement policy in the near future covering the portions of the 2024 Rule that are applicable for plan years beginning on or after January 1, 2025 and January 1, 2026, and (2) reexamine the Departments’ current MHPAEA enforcement program more broadly.” The Departments also propose to provide quarterly status reports to the court on progress, starting on or before August 7, 2025. The motion also indicates that ERIC consented to the Department filing the motion, subject to ERIC’s “right to resume litigation at any time if necessary.”
The Departments’ motion leaves unclear whether the non-enforcement policy will apply to all aspects of the regulations or only to selected provisions. At minimum, the non-enforcement policy is likely to address the four aspects of the 2024 Rule that ERIC challenged in its complaint:
1. “Meaningful benefits”
The 2013 MHPAEA regulations provided that if a health plan provides benefits for mental health and substance use disorders (“MH/SUD”) in any classification of benefits, then it must provide MH/SUD benefits in every classification in which medical/surgical benefits are provided. The 2024 Rule expanded this requirement in two ways. First, it clarified that the requirement applies by condition—that is, a service must be covered in every classification for each covered MH and SUD condition. Second, it stipulates that such coverage must be “meaningful,” and defines “meaningful” to mean that coverage must include at least one “core” or “primary” treatment for the condition in each classification.
Under the non-enforcement policy, the Departments are unlikely to require analysis of whether a plan’s coverage for MH/SUD conditions is “meaningful.” However, even prior to the 2024 Rule, the Departments have found that exclusions for certain MH/SUD benefits violate the statutory requirements for non-quantitative treatment limits (NQTLs), so plans and issuers should continue to ensure that MH/SUD exclusions in the plan document can be justified under the statute.
2. “Material differences in access”
The MHPAEA statute requires plans to analyze whether the application of an NQTL to MH/SUD benefits is comparable to its application to medical/surgical benefits “in operation.” Guidance including the 2024 Rule clarified that this generally involves the use of data measures to analyze the impact of the NQTL on access to MH/SUD and medical/surgical treatments and services, including measures like denial rates for claims and authorizations. The 2024 Rule specified that if the plan’s data measures demonstrate outcomes that are more stringent for MH/SUD benefits than for M/S benefits, the plan must take action to remedy any “material difference” in access that is attributable to the NQTL.
The Departments have consistently requested data measures to evaluate comparability “in operation” dating back to the 2013 parity rule, so the forthcoming policy on non-enforcement of the 2024 Rule should not be interpreted to mean that plans and issuers should no longer consider data measures in evaluating their compliance with the MHPAEA statute. Instead, the non-enforcement policy is likely to mean that regulators will provide greater leeway for plans to select and interpret the measures that they use in their analyses.
3. Comparative analysis requirements
The CAA updated the MHPAEA statute to require plans and issuers to develop a 5-step “comparative analysis” to demonstrate that the processes, strategies, evidentiary standards, and other factors used to apply an NQTL to MH/SUD benefits, as written and in operation, are comparable to, and are applied no more stringently than, the processes, strategies, evidentiary standards, and other factors used to apply the NQTL to medical or surgical benefits in each benefit classification. In each of the annual Reports to Congress on MHPAEA that the Departments have published since then, the Departments have found that the comparative analyses that plans and issuers have been creating are insufficient to meet the statutory requirements. The 2024 Rule provided extensive guidance on the specific content that the Departments have determined that plans and issuers should provide within each step of the analysis.
The forthcoming non-enforcement policy does not change the statutory requirement for plans and issuers to create these comparative analyses. However, it most likely signals that the Departments will not focus on the adequacy of documentation with regard to the comparative analyses, and instead will focus their enforcement efforts on identifying substantive disparities in the design or application of NQTLs. In practice, where regulators determine that the comparative analysis submitted by a plan is insufficient to demonstrate compliance with the statute, regulators are likely to continue to request additional policies, data, and other plan documentation sufficient to determine whether the NQTL meets the statutory requirements for comparability and stringency.
4. Fiduciary certification requirement
The 2024 Rule required plan fiduciaries to certify that they have engaged in a “prudent process to select one or more qualified service providers to perform and document a comparative analysis” for each NQTL, and that they have satisfied their duty to monitor those service providers. The preamble explained that the Departments interpret this duty to include, at a minimum, reviewing the comparative analyses, asking questions about them to understand the documented findings and conclusions, and ensuring that the responsible service providers provide assurance that, to the best of their ability, the NQTLs and associated comparative analyses comply with the requirements of MHPAEA and these regulations. The 2024 Rule required the fiduciary certification to be included in each comparative analysis.
The non-enforcement policy is likely to provide that the Department of Labor (DOL) will not require comparative analyses to include certification that the plan fiduciary has engaged in a prudent process to select and oversee the service providers that performed the analysis. However, general fiduciary obligations related to the selection and monitoring of service providers under the Employee Retirement Income Security Act (ERISA) will continue to apply.
The formal policy of non-enforcement, when published, should help to clarify the Departments’ intentions with regard to the scope of the provisions that will not be enforced, but may not fully resolve the ambiguity about which aspects of the MHPAEA statute and accumulated guidance for which they do intend to enforce. The expiration of 2021 funding to support additional staffing for the Department of Labor investigations team and other staffing cuts under the Trump Administration may further impact enforcement practices for employer health plans and their third-party administrators. The Departments’ 2024 MHPAEA Report to Congress provides the most detailed discussion to date of the types of findings and corrective actions that the Departments required prior to the adoption of the 2024 Rule and may be the best guide to the Departments’ enforcement strategy for 2025 unless and until more details are provided in the formal non-enforcement policy. However, although the motion only mentions the 2024 Rule and the Departments were enforcing the CAA prior to its adoption, it is possible that the Departments will go further and suspend all MHPAEA enforcement efforts as a part of the non-enforcement policy.
Health insurance issuers that offer fully-insured health plans should note that the federal policy of non-enforcement does not apply to state regulators, who interpret and enforce both federal and state laws for mental health parity. Fully-insured plans in all states continue to be subject to the MHPAEA statute and the 2024 Rule, in addition to any state law for mental health parity. Some states have already adopted the 2024 Rule into state statute, and others may do so as a result of the Departments’ announcement. Many states have required parity compliance reporting using state-specific data measures and reporting templates. Some state regulators may determine that the federal policy of non-enforcement puts a greater burden and priority on state regulators to enforce parity laws. Insurance issuers should therefore ensure that their parity compliance strategies align with both federal and state data and documentation requirements and enforcement trends.
Finally, employers, third-party administrators, issuers, Medicaid Managed Care Organizations, and other entities subject to, or significantly impacted by, MHPAEA will also need to carefully monitor and engage with any effort by the Departments to rescind and replace the 2024 Rule.
Eleventh Circuit Addresses Rule 9(b) Heightened Pleading Standard in False Claims Act Case
The U.S. Court of Appeals for the Eleventh Circuit has concluded that a successful False Claims Act (FCA) claim should “allege not just a scheme, but a scheme that actually led to false claims being submitted to the government”—and must do so with particularity.
This heightened pleading standard cost the qui tam relators in United States ex rel. Vargas v. Lincare, Inc. et al., 24-11080, 2025 WL 1122196 (11th Cir. Apr. 16, 2025), three out of the four claims in their fourth amended complaint. The U.S. District Court for the Middle District of Florida had dismissed the entire complaint for failing to plead sufficient facts under Federal Rule of Civil Procedure 9(b) (“Rule 9(b)”).
The Eleventh Circuit reversed in part, holding that certain allegations of upcoding were adequately pleaded under Rule 9(b) to survive a motion to dismiss. The complaint alleged that the defendants, a medical supplier and its subsidiary, improperly coded the accessories (i.e., batteries, chargers, and cables) of continuous positive airway pressure (CPAP) machines as ventilator accessories. Ventilator accessories are covered by TRICARE, a health insurance program for military personnel and their families; CPAP accessories are not.
The Eleventh Circuit affirmed the dismissal of claims alleging: (1) the routine waiver of patient copays in violation of TRICARE conditions of participation; (2) automatic shipments of CPAP supplies, such as masks (TRICARE covers these supplies only upon a request); and (3) illegal kickbacks to employees of labs or medical offices who could choose which supplier was used.
“The most direct way to satisfy [Rule 9(b)] is by identifying specific claims submitted to the government: invoices, billing records, reimbursement forms,” wrote Senior U.S. Circuit Judge Gerald Bard Tjoflat. Alternative means (other than documentary proof) may satisfy Rule 9(b), the court noted, as long as the claim has “sufficient indicia of reliability”—a case-by-case determination.
Reliability and Falsity
The Eleventh Circuit concluded that the relators successfully pleaded specific allegations relating to the CPAP accessory scheme. The court rejected the defendants’ arguments that: (1) there were insufficient indicia of reliability to show that an actual claim was submitted, and (2) even if claims were submitted, they were not false. On these points, the court determined the following:
Reliability: The relators adequately alleged hands-on access to private records, including patient files, billing correspondence, and authorizations for payment—“the type of inside information that [is] sufficient at the pleading stage.” The relators identified specific claims (i.e., specific instances of upcoding), with dates, amounts, and billing codes.
Falsity: The relators adequately alleged that the coding practices were improper and the resulting claims were false. Though the defendants claimed that TRICARE allowed the substitute ventilator codes, this was a factual dispute and not grounds for dismissal, per the court.
Meanwhile, the relators identified no specific false claims submitted to TRICARE in connection with: (1) any co-pay waiver, (2) the auto-ship scheme involving CPAP replacement supplies, or (3) the alleged kickbacks.
No Shotgun Pleadings
In a separate concurrence, Judge Tjoflat called attention to a “foundational pleading defect that the District Court did not reach.” The relators’ fourth amended complaint, he noted, packed all four of the fraud claims described above into a single count—burdening the courts, defendants, and the appellate process.
“That is not how litigation works,” he wrote. “The fourth amended complaint is a shotgun pleading—something we have condemned time and time again. It…forces courts to play detective rather than umpire.”
Shotgun pleadings, the judge stated, run counter to Rule 8 (requiring statements in a claim to be “short and plain,” with allegations that are “simple, concise, and direct”) and Rule 10 (requiring each claim founding on a separate transaction or occurrence to be stated in a separate count, “if doing so would promote clarity”). When confronted with a shotgun complaint, he said, a defendant should move for a more definite statement under Rule 12(e). And a district court should sua sponte strike it—“early and firmly.”
Takeaways
The Vargas decision offers clarity in the Eleventh Circuit on the rigorous application of the Rule 9(b) “reliable indicia” standard in the FCA context. With this decision, the Eleventh Circuit has made clear that merely alleging fraudulent schemes or practices is not enough to survive a Rule 9(b) challenge. Relators must allege concrete details connecting alleged schemes to actual false claims submitted to the government. Failure to do so is likely to result in dismissal. As demonstrated in Vargas, the Eleventh Circuit’s strict application of the standard underscores the high bar that relators must clear to avoid dismissal at the pleading stage.
Epstein Becker Green Staff Attorney Ann W. Parks contributed to the preparation of this post.
Workplace Strategies Watercooler 2025: The Election Is Over, What’s Next? Part I [Podcast]
In part one of this two-part Workplace Strategies Watercooler 2025 podcast series on changes employers can expect from the new administration, Jim Plunkett (shareholder, Washington, D.C.) sits down with Scott Kelly (shareholder, Birmingham) to discuss the current status and challenges faced by federal contractors following changes at the Office of Federal Contract Compliance Programs (OFCCP) due to President Trump’s Executive Order 14173, including the revocation of EO 11246, compliance options, and ongoing obligations under federal anti-discrimination laws. Next, Jim speaks with John Merrell (shareholder, Greenville) regarding expected changes in traditional labor policy, including the makeup of the National Labor Relations Board (NLRB), the role of the general counsel, and the NLRB’s case priorities, standards, and decisions. Finally, Jim talks with Wayne Pinkstone (shareholder, Philadelphia) about anticipated changes within the Occupational Safety and Health Administration (OSHA) during President Trump’s second term, including the administration’s regulatory agenda, the fate of the heat stress rule proposed under the previous administration, and the overall leadership and enforcement of the agency.
Cal/OSHA Standards Board Considers Subcommittee in Response to NIOSH Cuts
The California Occupational Safety and Health Standards Board (OSHSB) is considering the formation of a subcommittee to tackle challenges arising from the dismantling of the National Institute for Occupational Safety and Health (NIOSH).
During the OSHSB meeting on April 17, 2025, board members discussed reports of significant layoffs within NIOSH due to federal government budget cuts. These cuts would “eliminate 92% of the NIOSH’s workforce,” effectively leading to a shutdown of the agency. Earlier this month, NIOSH was hit with even more layoffs.
NIOSH conducts occupational safety and health research, recommends safety standards, and provides training and educational resources. The near elimination of NIOSH is expected to disrupt these essential services and create a gap, particularly affecting the certification of personal protective equipment (PPE). Federal regulations require the use of NIOSH-approved respirators and mandate certain comprehensive respiratory protection programs.
Without NIOSH certification, California faces challenges in protecting workers, especially in high-risk industries such as fire protection, healthcare, and mining. The absence of a certifying body could impede the development and sale of new respiratory protection technologies, which the OSHSB is concerned would pose significant risks to worker safety. The board expressed urgency regarding potential risks to firefighters’ health and safety, given recent wildfire and urban interface fires within the state.
The proposed subcommittee would explore NIOSH’s overall functions and consider alternatives, including potential legislation, partnerships with other states, and leveraging existing expertise in the field. The subcommittee would also investigate the current situation in Washington D.C., assess the impact on California workers, and evaluate actions the state or OSHSB can take to mitigate these issues. The OSHSB plans to continue these discussions with Cal/OSHA during its upcoming meeting in Redding.
Healthcare Preview for the Week of: May 12, 2025 [Podcast]
Reconciliation Text Is Here
Late Sunday night, May 11, 2025, the House Committee on Energy and Commerce released the much-anticipated budget reconciliation bill text ahead of its scheduled markup on May 13, 2025.
While the Congressional Budget Office (CBO) has not yet released a score, we expect that it will do so before the markup. In the meantime, CBO provided a letter to Energy and Commerce Chairman Guthrie confirming that the committee exceeds the $880 billion in federal savings that the House budget resolution instructed the committee to find. The vast majority of the bill’s policies and savings are in the Medicaid program, some of which were expected, including:
Establishing new work requirements in Medicaid (called “community engagement requirements” in the legislative language)
Repealing the Biden-era eligibility rules and nursing home staffing rule
Additional Medicaid policies include:
Prohibiting gender transition procedures, focused on minors
Restricting coverage of undocumented immigrants by reducing the federal match for the expansion population to 80% if the state covers undocumented immigrants with state-only funds, and checking immigration status sooner than 90 days
Implementing new cost-sharing requirements and verifying eligibility every six months for the expansion population
Banning spread pricing by pharmacy benefit managers (PBMs) and prohibiting PBM compensation based on the price of a drug as a condition of entering into a contract with a prescription drug plan in Medicare
The legislation also includes versions of policies that remain highly contested among many stakeholders, including:
Implementing a moratorium on new state directed payments (SDPs) that exceed the Medicare rate, as opposed to adjusting existing SDPs that go up to the average commercial rate
Introducing a moratorium on new or increased provider taxes, as opposed to reducing or removing existing provider taxes
Closing the managed care organization (MCO) provider tax “broad based” loophole, which is expected to impact seven of the 20 states that use MCO provider taxes (California, Illinois, Massachusetts, Michigan, New York, Ohio, and West Virginia)
You can brush up on these policies and more in our Medicaid Restructuring Options document.
The bill includes additional provisions outside of Medicaid. For example, it would codify the March 2025 Affordable Care Act program integrity proposed rule, which includes provisions to roll back certain special enrollment periods, impose new premium payments for certain individuals, prohibit states from providing coverage for sex-trait modification as an essential health benefit, and exclude Deferred Action for Childhood Arrivals recipients from the definition of “lawfully present.” It proposes a short term “doc fix,” which would establish a single conversion factor for clinicians who are qualifying participants in Advanced Alternative Payment Models and those who aren’t, and would set the update to the single conversion factor at 75% of the Medicare Economic Index (MEI) in calendar year (CY) 2026 and at 10% of the MEI for CY 2027 and future years. The bill would also prevent disproportionate share hospital payment cuts until 2029.
This bill is still in the early stages of committee processes, and we still need to see CBO estimates for federal savings and coverage changes (likely decreases). The committee markup will likely last well into the evening on Tuesday, with Democrats offering amendments and critiques. Assuming the bill passes committee, it will then need to be stitched together with the other bills that make up reconciliation for consideration on the House floor.
We are also waiting for additional language and official notice of a markup from the House Committee on Ways and Means, which has jurisdiction over the Medicare program. Its early release of language was incomplete. House Speaker Mike Johnson has indicated a desire to get the reconciliation package through the House by the Memorial Day recess.
Outside of reconciliation, the Senate Committee on the Judiciary will hold a hearing on PBMs, and the House Committee on the Judiciary, Subcommittee on Administrative State, Regulatory Reform, and Antitrust will hold a hearing on graduate medical education and evaluating the medical residency antitrust exemption.
US Department of Health and Human Services (HHS) Secretary Robert F. Kennedy Jr. will testify on Wednesday, for the first time as the HHS Secretary, before the House Appropriations Committee and the Senate Committee on Health, Education, Labor, and Pensions on the president’s fiscal year 2026 proposed HHS budget.
Secretary Kennedy along with Centers for Medicare & Medicaid Services Administrator Mehmet Oz participated in a press conference on Monday morning as President Trump signed a new executive order requiring the establishment of “most-favored-nation” pricing for prescription drugs.
Today’s Podcast
In this week’s Healthcare Preview, Debbie Curtis and Rodney Whitlock join Maddie News to discuss the released text of the House Energy and Commerce Committee’s reconciliation language and what comes next.