FDA’s New Transparency Tool Addresses Chemical Contaminants
Recently, the Food and Drug Administration (FDA) introduced a new online resource called the Chemical Contaminants Transparency Tool (CCT Tool) which allows the public to search for information about different chemical contaminants that may be found in human food. This online, searchable database provides a consolidated list of contaminant levels such as tolerances, action levels, and guidance levels used to evaluate potential health risks in human foods. This tool is part of the FDA’s efforts to modernize food chemical safety and has been launched as part of the administration’s Make America Healthy Again initiative.
Key Features and Objectives of the Transparency Tool
Prior to launch of the CCT tool, tolerances, action levels, guidance levels, derived intervention levels, recommended maximum levels, and advisory levels were to be found (or defined) in 21 C.F.R. parts 109 and 509, and also in guidances for industry. The CCT Tool consolidates this information into one resource, with the goal of making it easier to find information about the contaminants by commodity type.
Here is a snapshot of some data available through the tool:
The levels above show the safety limits for contaminants in food, but do not imply that the presence of these chemical at the specified level is necessarily permissible. FDA’s prior guidances on these chemicals remains an important resource to understand the levels shown in the chart. As explained by acting FDA Commissioner Sara Brenner, M.D., M.P.H., “While it’s ideal to have no contaminants in our food, they can sometimes occur. Eating a variety of nutrient-rich foods from all major groups – vegetables, fruits, grains, dairy, and protein – can help minimize exposure.”
The introduction of the CCT Tool is a useful reminder of the importance of compliance for food manufacturers and distributors. It also highlights the new administration’s focus on transparency for and within the food system, and could be a harbinger of new tools that FDA may develop as part of the new administration’s goals.
Listen to this post
FDA Announces “Operation Stork Speed”
On March 18, 2025, FDA announced that, at the direction of Health and Human Services Secretary Robert F. Kennedy Jr., it is “taking steps to enhance its efforts to ensure the ongoing quality, safety and nutritional adequacy” of infant formula products as part of a broader review of the U.S. food supply, in what is being referred to as “Operation Stork Speed.”
Key measures include:
Nutrient Review: FDA will soon issue a Request for Information to begin a comprehensive review of infant formula nutrients.
Increased Testing: There will be increased testing for heavy metals and other contaminants in infant formula and other foods consumed by children.
Encouraging Innovation: FDA is urging companies to develop new infant formulas and improve transparency in labeling to better inform consumers and will collaborate with the National Institutes of Health on researching the long-term health outcomes associated with formula feeding of infants.
The announcement comes as part of a broader effort to stabilize the supply of infant formula following severe shortages in 2022. FDA has since implemented a national strategy to increase the resilience of the U.S. infant formula market, including measures to prevent future shortages and improve the integrity of the supply chain. Operation Stork Speed builds on these efforts, aiming to ensure that families have access to safe and nutritious formula for their infants.
Effective Risk Management for Nursing Facilities: Insurance Insights on Retaliation Claims
This is the first in a series of articles addressing critical issues in risk management and insurance for skilled nursing facilities.
Owners and operators of skilled nursing facilities know that a claim or lawsuit against their facility is not a matter of if, but when. Procuring the proper insurance is critical to effectively managing and mitigating these risks. A professional liability insurance policy should provide coverage for the facility and its directors, administrators, and employees from claims of negligent care.
Unfortunately, merely purchasing a professional liability policy without further scrutiny can leave a facility uninsured for certain claims. These policies incorporate exclusions and conditions that insurers could cite to attempt to limit coverage, particularly for claims that allege intentional injury to a patient resident. For example, an injured patient could allege that her injury was not the result of mere negligence, but instead resulted from retaliation by the facility or the facility’s employee in response to a prior complaint. These retaliation claims pose an increased risk to a facility and its insurance coverage, regardless of whether they are alleged as an intentional tort under a state’s common law or as a violation of a state’s anti-retaliation statute.
In states where retaliation is specifically barred by statute, state laws can create additional liability and damages exposure for claims brought by residents who file formal complaints or bring regulatory actions against nursing facilities alleging retaliation. Earlier this year, for example, the Illinois Legislature passed a new anti-retaliation statute for nursing facilities, House Bill 2474, that broadens the scope of anti-retaliation protections. The Illinois bill, which has passed both houses and been sent to the governor’s office for signature, does not require a formal complaint, but can be triggered by a resident taking more informal action, such as making a request to the facility related to the resident’s care. In addition to potential liability for consequential damages, Illinois HB 2474 also makes nursing facilities liable to the plaintiff for attorneys’ fees and additional damages “in an amount equal to the average monthly billing rate for Medicaid recipients in the facility.” The damage provisions of Illinois HB 2474 differentiate it from other broad anti-retaliation statutes. For example, Minnesota expanded its Patients’ Bill of Rights in 2020 to protect nursing facility residents from retaliation for a host of actions, including advocating “for necessary or improved care or services” (M.S.A. § 144.6512). However, Minnesota’s statute does not provide for a private cause of action for residents to sue the facility.
Even if a state’s anti-retaliation statute does not specify additional damages or provide a private cause of action, retaliation claims brought as common law torts can nevertheless pose the risk of enhanced damages based on the facility’s perceived culpability – a risk not found in ordinary negligence actions.
Retaliation claims are a significant and thorny example of circumstances where allegations of negligent and intentional conduct can intertwine. Unless a statute identifies certain acts that constitute retaliation per se, the patient must necessarily prove an intent to retaliate – retaliation cannot be the result of mere negligence. But ordinary negligence and intentional retaliation could manifest in factually identical ways – with intent being the only distinguishing factor. For example, a resident allegedly injured in a fall while being helped out of bed by a facility employee could assert negligence. But if that same resident had complained to management about the quality of their care prior to the fall, the resident could also allege retaliation, asserting that they were allowed to fall in retaliation for the complaint.
Insurers could seize on retaliation allegations to deny coverage under several exclusions, including exclusions for expected and intended conduct and for willful violations of laws or regulations. Depending on the scope of the policy exclusions, insurers could assert that otherwise insured negligence claims are excluded retaliation claims.
To maximize the potential coverage for claims of retaliation or other intentional conduct bolted on to ordinary negligence claims, insureds should understand that the expected and intended exclusion does not exclude claims that an insured acted intentionally; the insurer must also prove that the insured intended to cause the alleged harm. Unfortunately, a retaliation claim arguably alleges that intent to cause harm if the actions can be attributed to the insured entity or individual.
Insureds can take four steps to mitigate anticipated insurer defenses to coverage for retaliation claims:
First, insureds should seek language limiting the intentional conduct exclusion. The best limiting language would require a final adjudication of intentional conduct at trial (and after exhaustion of all appeals). Insurers could not invoke this exclusion in cases settled before trial.
Second, insureds should confirm that any exclusions based on alleged willful statutory violations do not inadvertently encompass statutory retaliation claims.
Third, because insurers may attempt to allocate liability among the negligence and retaliation claims to reduce their obligations for a settlement prior to trial, insureds should insist on favorable allocation provisions that do not leave the allocation to insurers’ discretion but instead require reasonable allocation based on an objective assessment of the claim.
Finally, insureds should insist on policy provisions requiring the insurer to defend (or preferably pay the defense of) all asserted claims – including arguably excluded claims – as long as at least one claim potentially falls within coverage.
These four steps will provide insureds with additional insurance protection against statutory retaliation claims by limiting the defenses that insurers could otherwise assert in response to these claims. And as always, policyholders should scrutinize their professional liability insurance policies during renewal to maximize the coverage available to them. Many coverage enhancements do not impact premium – but they do require insureds’ diligence and awareness of coverage quagmires before binding insurance, as this discussion of retaliation claims shows.
Listen to this post
What Would John Wilkes Booth Do? Mandatory COVID Vaxes for Actors
Although the threat of COVID-19 (remember that?) seems to have diminished considerably over the past five years, once upon a time in Hollywood many production companies (along with other employers) required employees to be vaccinated upon pain of losing their job.
In early 2022, Apple Studios LLC conditionally offered actor Brent Sexton the role of U.S. President Andrew Johnson in its production of Manhunt, a limited series about the hunt for John Wilkes Booth following the assassination of Abraham Lincoln. One of the conditions for Sexton’s casting was that he be fully vaccinated, in compliance with Apple’s mandatory on-set vaccination policy. Sexton refused to get vaccinated, seeking an exemption on medical grounds. After considering Sexton’s request, Apple ultimately decided that an unvaccinated actor could not safely be accommodated on set and withdrew Sexton’s offer. Sexton sued Apple for disability discrimination and related claims.
In response, Apple filed a motion to strike Sexton’s complaint under California’s anti-Strategic Lawsuit Against Public Participation (“anti-SLAPP”) law, which authorizes early dismissal of “lawsuits brought primarily to chill the valid exercise of the constitutional rights of freedom of speech and petition for the redress of grievances.” The trial court denied Apple’s motion, but the Court of Appeal reversed, holding that (1) Apple’s decision not to cast Sexton was in fact “protected expressive conduct” under the First Amendment; and (2) Sexton’s claims lacked merit because, by remaining unvaccinated, he failed to meet the “safety” qualification required for the job he sought.
To Jab, or Not to Jab: That Is the Question
The Court found that Apple’s decision not to cast Sexton furthered free speech in two ways. First, the choice of how to portray Andrew Johnson—a controversial and important historical figure—was a creative endeavor in and of itself, with the selection of different actors “contribut[ing] to the public issue of how contemporary viewers might conceive of Johnson.” Second, by making vaccination mandatory on the Manhunt set, “Apple took a stand” on the still-live public debate about vaccination policy.
While legal protections for casting decisions is a remote issue for most employers, the second “speech” element that the Court identified in Apple’s conduct—its decision to make vaccines mandatory on the Manhunt set—has potentially sweeping implications. Noting that there is still “a public debate over vaccination policy,” the Court found that by implementing and enforcing an on-set vaccine mandate, Apple “contributed to public discussion of vaccination policy.”
“Safety” as a Bona Fide Occupational Qualification?
In addition to finding Apple’s actions protected as expressive conduct, the Court also concluded that Sexton’s discrimination claims failed on the merits. A key element for a meritorious employment discrimination claim is that the plaintiff must show that they are qualified for the position. Here, the Court found that, because Sexton was unvaccinated, he was not qualified for the job he sought. How this decision will be harmonized with established case law on religious and medical exemptions remains to be seen. As always, we will continue to monitor this topic for any updates. (In the meantime, Manhunt (which is excellent!) is still streaming, featuring actor Glenn Morshower in the role of Andrew Johnson.)
Pedestrian Fatalities Up Almost Half from a Decade Ago
During the first half of 2024, drivers killed 3,304 pedestrians in the United States, a 2.6% decrease from the same period in 2023, according to a new study from the Governors Highway Safety Association (GHSA). However, this decline does not overshadow the alarming trend of rising pedestrian fatalities over the past decade, which have increased by 48% since 2014, translating to 1,072 more deaths.
Pedestrian Fatality Trends
Each year, the GHSA releases the first comprehensive look at pedestrian traffic death trends for the first six months of the year, using preliminary data from State Highway Safety Offices (SHSOs). The analysis indicates that while pedestrian fatalities decreased slightly from last year, they remain 12% higher than in 2019, emphasizing a concerning trajectory for road safety.
The slight decrease in pedestrian fatalities in early 2024 aligns with a broader trend in overall traffic deaths. According to the National Highway Traffic Safety Administration (NHTSA), total roadway fatalities dropped 3.2% during the first half of 2023. Nevertheless, the overall numbers remain significantly higher than those recorded five and ten years ago. In the first half of 2024, there were 18,720 roadway deaths, showing a 10% increase from 17,025 in the same period of 2019 and a 25% rise from 15,035 in 2014.
At the state level, the GHSA report reveals mixed results: pedestrian fatalities decreased in 22 states, while 23 states and the District of Columbia (D.C.) saw increases. Five states reported no change in their numbers. Notably, seven states experienced consecutive decreases in pedestrian fatalities, whereas four states faced two significant increases.
Why Are Roads So Dangerous for Pedestrians?
There is a combination of factors contributing to this rising danger for pedestrians. A decline in traffic enforcement since 2020 has allowed dangerous driving behaviors—such as speeding, distracted driving, and driving under the influence—to grow rapidly. Additionally, many roadways are designed primarily for fast-moving vehicles, often neglecting the needs of pedestrians. Many communities lack infrastructure – such as missing sidewalks and poorly lit crosswalks – that also help protect pedestrians. Furthermore, the growing presence of larger, heavier vehicles on roads increases the risk of severe injuries or fatalities in pedestrian accidents.
What Can Be Done?
To tackle this pedestrian safety crisis, the GHSA advocates for an approach that establishes a strong safety net that can protect everyone on the road. A crucial part of this strategy is traffic enforcement focused on dangerous driving behaviors – like speeding, and impaired or distracted driving – that disproportionately endanger pedestrians.
In summary, while there are signs of progress in addressing pedestrian safety, the statistics reveal a pressing need for ongoing efforts to protect those who walk on our roads. By strengthening enforcement, improving infrastructure, and promoting safe practices among both drivers and pedestrians, we can work toward reversing this tragic trend and ensuring safer streets for everyone.
HHS Job Cuts: FDA, CDC, NIH and CMS Impacted Amidst Significant Restructurings
On March 27, 2025, the United States Department of Health and Human Services (HHS) announced a “dramatic restructuring” that will result in a reduction in agency workforce combined with significant internal restructuring.1 The department plans to cut approximately 20,000 positions, bringing its headcount in line with HHS’s pre-2002 level of around 62,000 employees. The anticipated restructuring involves consolidating 28 divisions into 15, citing prior budget and staffing increases of 38 percent and 17 percent, respectively.2
In connection with this restructuring, the Administration announced the following changes:
Creation of the Administration for a Healthy America (AHA), which will consolidate the Office of the Assistant Secretary for Health (OASH), the Health Resources and Services Administration (HRSA), the Substance Abuse and Mental Health Services Administration (SAMHSA), the Agency for Toxic Substances and Disease Registry (ATSDR) and the National Institute for Occupational Safety and Health (NIOSH);
Transfer of the Administration for Strategic Preparedness and Response (ASPR) to the Centers for Disease Control (CDC);
Creation of a new Assistant Secretary for Enforcement to oversee the Departmental Appeals Board (DAB), Office of Medicare Hearings and Appeals (OMHA) and Office for Civil Rights (OCR);
Merging the Assistant Secretary for Planning and Evaluation (ASPE) with the Agency for Healthcare Research and Quality (AHRQ) to create a new Office of Strategy to provide research enhancing HHS’s various initiatives;
Reorganizing the Administration for Community Living (ACL) programs that support older adults and people of all ages with disabilities into other parts of HHS; and
10 HHS Regional Offices will be consolidated into 5.3
These cuts and restructurings follow the February 11, 2025, Executive Order which placed much of the federal government’s human resource management under the purview of the Department of Government Efficiency (DOGE)4 and the February 12, 2025 termination of “Fork in the Road,” a deferred resignation program for government employees.5 This latest announcement adds to the growing number of federal staff reductions—62,000 jobs were cut across 17 different agencies in February alone.6 With HHS’s designation of a new Assistant Secretary of Enforcement to combat purported fraud, waste and abuse across its divisions, more job cuts could be on the horizon.
As a result of this latest announcement, the anticipated amount of job cuts and resulting reduced employee pools are as follows: the U.S. Food and Drug Administration (FDA) will cut 3,500 employees (about 20 percent of its workforce); the Centers for Disease Control and Prevention (CDC) will cut 2,400 employees; the Centers for Medicare and Medicaid Services (CMS) will cut 300 employees; and the National Institutes of Health (NIH) will cut 1,200 employees. These cuts, along with another 2,600 employees slated for dismissal, amount to a total of 10,000 HHS jobs cut. These cuts, combined with another 10,000 employees who have left the agency due to buyouts or other voluntary resignations, add up to the 20,000 total employee reduction.7
Potential Impacts
The sweeping job cuts, department re-organization and consolidation are in line with Secretary Kennedy’s vision of “doing more with less” resources, while a former HHS employee anonymously expressed concerns that “the cuts will weigh heavily on caseworkers and account management teams,” ultimately leading to a declination in “[s]ervice standards for Medicare Advantage beneficiaries,” due to both “a reduction in the people that handle their cases” and “diminished oversight of the Medicare Advantage plans.”8
Healthcare providers and other organizations that rely on regular interaction with HHS and its subagencies should be on the lookout for disruptions or delays in service as HHS implements these cuts and departmental reorganizations. For example, several senior FDA drug reviewers have already announced their resignations, and more are expected, raising the distinct possibility that the FDA’s ability to perform its public health functions will be impaired.9 The full impact of the March 27th announcements will not be known for some time, but potentially impacted stakeholders should keep a watchful eye over the coming months as HHS implements the announced changes.
[1] U.S. Dep’t of Health and Human Servs., HHS Announces Transformation to Make America Healthy Again (Mar. 27, 2025), https://www.hhs.gov/about/news/hhs-restructuring-doge.html.
[2] U.S. Dep’t of Health and Human Servs., Fact Sheet: HHS’ Transformation to Make America Healthy Again (Mar. 27, 2025), https://www.hhs.gov/about/news/hhs-restructuring-doge-fact-sheet.html.
[3] Id.
[4] Exec. Order No. 14,210, 90 Fed. Reg. 9669 (Feb. 14, 2025); see also Exec. Off. of the President, Implementing The President’s “Department of Government Efficiency” Workforce Optimization Initiative (Feb. 11, 2025), https://www.whitehouse.gov/presidential-actions/2025/02/implementing-the-presidents-department-of-government-efficiency-workforce-optimization-initiative/.
[5] U.S. Off. of Pers. Mgmt., Fork in the Road: Program Closed, https://www.opm.gov/fork/ (last visited Mar. 27, 2025).
[6] Janet Nguyen, Federal workers’ salaries represent less than 5% of federal spending and 1% of GDP, Marketplace (Mar. 6, 2025), https://www.marketplace.org/2025/03/06/federal-workers-salaries-represent-less-than-5-of-federal-spending-and-1-of-gdp/.
[7] Phil Taylor, HHS plans 10,000 more job cuts, taking target to 20,000, pharmaphorum (Mar. 27, 2025), https://pharmaphorum.com/news/hhs-plans-10000-more-job-cuts-taking-target-20000.
[8] Meg Tirrell et al., HHS cuts 10,000 employees in major overhaul of health agencies, CNN (Mar. 27, 2025, 6:46 PM), https://www.cnn.com/2025/03/27/health/hhs-rfk-job-cuts/index.html.
[9] See @steveusdin1, X (Mar. 27, 2025, 4:54 PM), https://x.com/steveusdin1/status/1905377827836624915.
Virginia Enacts Law Protecting Reproductive and Sexual Health Data
On March 24, 2025, Virginia Governor Youngkin signed into law S.B. 754, which amends the Virginia Consumer Protection Data Act (“VCDPA”) to prohibit the collection, disclosure, sale or dissemination of consumers’ reproductive or sexual health data without consent.
The law defines “reproductive or sexual health information” as “information relating to the past, present, or future reproductive or sexual health” of a Virginia consumer, including:
Efforts to research or obtain reproductive or sexual health information services or supplies, including location information that may indicate an attempt to acquire such services or supplies;
Reproductive or sexual health conditions, status, diseases, or diagnoses, including pregnancy, menstruation, ovulation, ability to conceive a pregnancy, whether an individual is sexually active, and whether an individual is engaging in unprotected sex;
Reproductive and sexual health-related surgeries and procedures, including termination of a pregnancy;
Use or purchase of contraceptives, birth control, or other medication related to reproductive health, including abortifacients;
Bodily functions, vital signs, measurements, or symptoms related to menstruation or pregnancy, including basal temperature, cramps, bodily discharge, or hormone levels;
Any information about diagnoses or diagnostic testing, treatment, or medications, or the use of any product or service relating to the matters described above; and
Any information described above that is derived or extrapolated from non-health-related information such as proxy, derivative, inferred, emergent, or algorithmic data.
“Reproductive or sexual health information” does not include protected health information under HIPAA, health records for the purposes of Title 32.1, or patient-identifying records for the purposes of 42 U.S.C. § 290dd-2.
These amendments to the VCDPA will take effect on July 1, 2025.
McDermott+ Check-Up: March 28, 2025
THIS WEEK’S DOSE
Senate Confirms FDA, NIH Nominations, Advances CMS Nomination. The Senate confirmed US Food and Drug Administration (FDA) Commissioner Martin Makary and National Institutes of Health (NIH) Director Jayanta Bhattacharya, and the Senate Finance Committee advanced Mehmet Oz’s nomination as Centers for Medicare & Medicaid Services (CMS) administrator to the full Senate.
House Oversight Committee Discusses Government Reform Legislation. The committee advanced three bills related to government reorganization, the Federal Employees Health Benefits Program, and pandemic response.
CBO Projects US Will Reach Debt Limit in August or September 2025. The Congressional Budget Office (CBO) estimate will factor into the timing of a budget reconciliation package, as Republican leaders appear to be in agreement to include a debt limit increase in that forthcoming package.
HHS Announces Reorganization. The US Department of Health and Human Services (HHS) plans to eliminate 10,000 employees and consolidate multiple agencies.
President Trump Makes Additional Healthcare Nominations. Nominated positions include CDC director, HHS inspector general, HHS assistant secretary for health, and HHS assistant secretary for the Administration for Children and Families.
CONGRESS
Senate Confirms FDA, NIH Nominations, Advances CMS Nomination. On March 25, 2025, the Senate confirmed Martin Makary, MD, as the next FDA commissioner by a 56 – 44 vote. Sens. Durbin (D-IL), Hassan (D-NH), and Shaheen (D-NH) were the sole Democrats to vote yes, along with all Republicans. Jayanta Bhattacharya, MD, was also confirmed as the next NIH director by a 53 – 47 party line vote. The Senate Finance Committee advanced the nomination of Mehmet Oz, MD, to be CMS administrator by a 14 – 13 party line vote. Oz’s full Senate confirmation vote could be as early as next week, and he is expected to be confirmed.
House Oversight Committee Discusses Government Reform Legislation. The markup included discussion of nine bills, three of which pertained to healthcare and the federal workforce and advanced out of the committee:
H.R. 1295, the Reorganizing Government Act of 2025, would renew and extend through December 2026 the president’s authority to propose a government reorganization plan that Congress must consider via an up or down vote on a joint resolution of approval within 90 calendar days.
Passed 23 – 20 along party lines, with Republicans voting in support.
H.R. 2193, the FEHB Protection Act of 2025, would require federal agencies to verify that an employee is eligible to add a family member to their Federal Employees Health Benefits (FEHB) Program plan.
Passed 29 – 15, with support from Republicans as well as Reps. Connolly (D-VA), Lynch (D-MA), Brown (D-OH), Min (D-CA), Norton (D-DC), and Subramanyam (D-VA).
H.R. 2277, the Federal Accountability Committee for Transparency Act of 2025, would extend the Pandemic Response Accountability Committee through December 2026 and rename it the Fraud Prevention and Accountability Committee.
Passed unanimously, 44 – 0.
Links to all bills discussed during the markup can be found here.
CBO Projects US Will Reach Debt Limit in August or September 2025. The CBO “X date” projection is that the United States will default on its debt in August or September 2025 if the debt limit remains unchanged. If the government’s borrowing needs are greater than CBO projections, the debt limit could be reached as early as May or June 2025. Republicans aim to raise the debt limit as part of the reconciliation process in the coming months, but if a reconciliation package is not enacted by the X date, separate legislation may be required to raise the debt limit. Legislation outside the reconciliation process would require support from Democrats to pass. The US Department of the Treasury is expected to release its own X date estimate in May 2025.
ADMINISTRATION
HHS Announces Reorganization. In response to the executive order on the Department of Government Efficiency (DOGE) Workforce Optimization Initiative, HHS announced a “dramatic restructuring” that includes the elimination of 10,000 employees. This follows the voluntary departure of 10,000 employees that has already occurred. Taken together, these two workforce reductions will shrink HHS by 25% to 62,000 employees. The agency projects that the reorganization will save $1.8 billion and make the agency more efficient.
Major actions of the restructuring plan include:
Consolidating 28 divisions into 15, eliminating five of the 10 regional offices, and centralizing core administrative functions.
Eliminating 10,000 workers, including 3,500 employees from the FDA; 2,400 employees from the Centers for Disease Control and Prevention (CDC); 1,200 employees from the NIH; and 300 employees from CMS.
Creating a new Administration for a Healthy America subdivision, which will combine the Office of the Assistant Secretary for Health, the Health Resources and Services Administration, the Substance Abuse and Mental Health Services Administration (SAMHSA), the Agency for Toxic Substances and Disease Registry, and the National Institute for Occupational Safety and Health.
Moving programs for older adults from the Administration for Community Living to other agencies, including CMS, the Assistant Secretary for Planning and Evaluation, and the Administration for Children and Families (ACF).
Read the press release here, and the fact sheet here.
President Trump Makes Additional Healthcare Nominations. After the White House abruptly withdrew Dave Weldon’s nomination for CDC director, President Trump nominated acting CDC director Susan Monarez, PhD, to be the permanent director. She previously worked as deputy director of the Advanced Research Projects Agency for Health. Additional HHS nominations include:
HHS inspector general: Thomas March Bell, general counsel for House Republicans.
HHS assistant secretary for health: Brian Christine, MD, urologist.
HHS assistant secretary for ACF: Alex Adams, director of the Idaho Department of Health and Welfare.
QUICK HITS
Senate Finance Democrats Release Report on MA Marketing Tactics. The report found that Medicare Advantage (MA) plans are increasingly using marketing strategies to enroll beneficiaries, and includes eight recommendations to increase oversight of these actions.
Senate Democrats Hold Forum on NIH Research Cuts. The forum, hosted by Sens. Baldwin (D-WI) and Welch (D-VT), featured a panel of researchers, patients, and former NIH Director Monica Bertagnolli, MD. Discussion focused on how cuts or delays of NIH research could harm cancer and Alzheimer’s research.
HHS Cancels $12 Billion in State Infectious Disease, Substance Use Grants. Congress appropriated the now-cancelled CDC and SAMHSA state grants through September 2025 during the COVID-19 pandemic. The grants focused on infectious disease tracking, mental health services, and substance use disorder treatment. House Appropriations Committee Ranking Member DeLauro (D-CT) criticized the cancellations.
Department of Justice Launches Anticompetitive Regulations Task Force. As part of the president’s deregulatory initiative, the task force aims to eliminate anticompetitive state and federal laws and regulations, including in the healthcare sector. Public comments to support the task force’s efforts are due May 26, 2025.
BIPARTISAN LEGISLATION SPOTLIGHT
The Bipartisan Senate 340B Working Group announced the addition of Sens. Kaine (D-VA), Mullin (R-OK), and Hickenlooper (D-CO). They join Sens. Moran (R-KS), Baldwin (D-WI), and Capito (R-WV). The new additions replace former Sens. Stabenow (D-MI) and Cardin (D-MD), who retired, and Sen. Thune (R-SD), who stepped back from the working group when he became Senate majority leader. Last Congress, the working group released a conceptual discussion draft and request for information on proposed changes to the 340B program. It is now completing its review of stakeholder feedback with the intention of releasing a formal legislative draft.
NEXT WEEK’S DIAGNOSIS
The House and Senate are both in session next week. Republicans will continue conversations on a reconciliation strategy, as they aim to strike a deal on a unified budget resolution before the Easter recess in mid-April. A Senate vote on a unified budget resolution could occur as early as next week, and Senate nomination hearings and confirmation votes are expected to continue. The Senate Judiciary Committee will discuss drug patent legislation. The House Energy and Commerce Committee has a busy week with a Health Subcommittee hearing on over-the-counter monograph drugs, an Oversight and Investigations Subcommittee hearing on cybersecurity vulnerabilities in legacy medical devices, and an expected full committee markup. Both the Inpatient Prospective Payment System (IPPS) proposed rule and the final rate notice for MA and Part D plans are expected in early April 2025. Read our previews for the IPPS proposed rule here and the final rate notice here.
Are the Days of OSHA’s Rulemaking and Reliance on Consensus Standards Numbered?
Since Representative Andy Biggs (R-AZ) first introduced the “Nullify the Occupational Safety and Health Administration Act” or “NOSHA Act” (H.R. 86), there has been immense speculation about the future of the Occupational Safety and Health Administration (OSHA). The inauguration of President Donald Trump served to increase scrutiny of the agency, and actions by the Department of Government Efficiency (DOGE) have caused speculation to run rampant.
The focus on the NOSHA Act, what the administration might do, and how DOGE might impact OSHA may be distractions from a bigger threat facing OSHA and the way it regulates workplace health and safety.
Quick Hits
The introduction of the “Nullify the Occupational Safety and Health Administration Act” bill by Representative Biggs (R-AZ) has sparked significant speculation about the future of OSHA, especially under the Trump administration.
Justice Thomas’s dissent to the denial of certiorari in Allstates Refractory Contractors, LLC hinted at a potential Supreme Court shift regarding the constitutionality of delegations of rulemaking authority.
On March 26, 2025, the Supreme Court heard arguments in consolidated cases challenging the Telecommunications Act of 1996’s delegation of authority to the FCC and USAC that could have broader implications for how administrative agencies such as OSHA operate.
Justice Clarence Thomas’s dissent to the denial of certiorari in Allstates Refractory Contractors, LLC, v. Su at the end of the 2023–2024 term of the Supreme Court of the United States portended a potential change to the manner that the delegation of rulemaking authority might be addressed by the Court. Specifically, Justice Thomas was concerned about whether this broad grant of rulemaking authority violated Article I, Section 1 of the U.S. Constitution, which states:
All legislative Powers herein granted shall be vested in a Congress of the United States, which shall consist of a Senate and House of Representatives.
This term, the Court has taken up a pair of cases relating to the Telecommunications Act of 1996, the Universal Service Fund (USF), and the Universal Service Administrative Company (USAC), which is focused on whether the legislation violates Article I, Section 1 of the Constitution.
The Telecommunications Act of 1996 was the first substantive revision of the Communications Act of 1934 post–deregulation and modernization of American telecommunications markets and technologies. Local markets were opened to competition, and though there always had been funding for universal services, it developed a new system for funding those universal services. The revisions, per the Federal Communications Commission (FCC), set forth five principles:
“Promote the availability of quality services at just, reasonable and affordable rates for all consumers”
“Increase nationwide access to advanced telecommunications services”
“Advance the availability of such services to all consumers, including those in low income, rural, insular, and high cost areas, at rates that are reasonably comparable to those charged in urban areas”
“Increase access to telecommunications and advanced services in schools, libraries and rural health care facilities”
“Provide equitable and non-discriminatory contributions from all providers of telecommunications services for the fund supporting universal service programs”
In addition, the Telecommunications Act of 1996 directed the FCC to formalize what services must be provided to receive support from the USF, expanded the number of companies required to pay into the fund, and created USAC. USAC is described by the FCC as “an independent, not-for-profit corporation designated as the administrator of the federal Universal Service Fund by the FCC.”
The Supreme Court, on March 26, 2025, heard argument in Federal Communications Commission v. Consumers’ Research, No. 24-354, and Schools, Health & Libraries Broadband Coalition v. Consumers’ Research, No. 24-422. Both cases relate to the Fifth Circuit Court of Appeals’ en banc decision in Consumers’ Research v. Federal Communications Commission that “the combination of Congress’s sweeping delegation to FCC and FCC’s unauthorized subdelegation to USAC violates the [Constitution].”
More specifically, the Fifth Circuit Court of Appeals stated:
American telecommunications consumers are subject to a multibillion-dollar tax nobody voted for. The size of that tax is de facto determined by a trade group staffed by industry insiders with no semblance of accountability to the public. And the trade group in turn relies on projections made by its private, for-profit constituent companies, all of which stand to profit from every single tax increase. This combination of delegations, subdelegations, and obfuscations of the USF Tax mechanism offends Article I, § 1 of the Constitution.
While Justice Thomas, in Allstates Refractory, certainly suggested that a majority of the Court was of a like mind with respect to the delegation of rulemaking authority granted to administrative agencies, like OSHA, he did not address the delegation of rulemaking to “nonprofits,” such as the American National Standards Institute (ANSI), the American Society of Mechanical Engineers (ASME), and other organizations that publish the consensus standards cited by OSHA in its regulations and when applying the Occupational Safety and Health (OSH) Act’s “General Duty Clause.”
Given his description of the rulemaking authority contained within the OSH Act as being among the broadest to any administrative agency, it is conceivable that a ruling that confirms the Fifth Circuit’s decision in Federal Communications Commission v. Consumers’ Research, would compel Congress to act and actually legislate the workplace health and safety regulations OSHA would enforce. Arguably, reliance on “national standards,” which is built into the OSH Act, would have to be replaced with rules contained within legislation, thereby compelling Congress to have a much more active role with respect to workplace health and safety.
Joint Bulletin Warns Health Sector of Potential Coordinated Multi-City Attack
On March 20, 2025, the American Hospital Association (AHA) and the Health-ISAC issued an alert to the health care sector warning of a social media post that posed a potential threat “related to the active planning of a coordinated, multi-city terrorist attack on hospitals in the coming weeks.” The post targets “mid-tier cities with low-security facilities.”
The alert recommends “that teams review security and emergency management plans and heighten staff awareness of the threat,” including physical security protocols and practices, such as “having a publicly visible security presence.”
The alert, updated on March 26, 2025, indicates that the FBI has not identified a “specific credible threat targeted against hospitals in any U.S. city.” Nonetheless, the threat is concerning, and the recommendations of the AHA and Health-ISAC are worth noting.
Pennsylvania Teacher’s Union Faces Class Action over Data Breach
The Pennsylvania State Education Association (PSEA) faces a class action resulting from a July 2024 data breach. The proposed class consists of current and former members of the union as well as PSEA employees and their family members. The lawsuit alleges that the union was negligent and breached its fiduciary duty when it suffered a data breach that affected Social Security numbers and medical information. The complaint further alleges that the PSEA failed to implement and maintain appropriate safeguards to protect and secure the plaintiffs’ data.
The union sent notification letters in February 2025 informing members that the data acquired by the unauthorized actor contained some personal information within the network files. The letter also stated, “We took steps, to the best of our ability and knowledge, to ensure that the data taken by the unauthorized actor was deleted [. . .] We want to make the impacted individuals aware of the incident and provide them with steps they can take to further protect their information.” The union also informed affected individuals that they did not have any indication that the information was used fraudulently.
The complaint alleges “actual damages” suffered by the plaintiff related to monitoring financial accounts and an increased risk of fraud and identity theft. Further, the complaint states that “the breach of security was reasonably foreseeable given the known high frequency of cyberattacks and data breaches involving health information.”
In addition to a claim of negligence, the class alleges that the breach violates the Federal Trade Commission Act and the Health Insurance Portability and Accountability Act. The class is demanding 10 years of credit monitoring services, punitive, actual, compensatory, and statutory damages, as well as attorneys’ fees.
THE WHITE COAT DIDN’T BETRAY YOU—THE PIXEL DID: Judge Keeps Florida Wiretap Case Against Hospital Alive
Greetings CIPAWorld!
Your search history reveals more about you than you might realize. If you’ve ever noticed suspiciously specific medical ads appearing after researching health concerns online, you’re not just being paranoid; you’re witnessing sophisticated tracking technologies at work.
A federal court in Florida handed down a decision that should make us pause before typing that symptom into a healthcare website’s search bar. Here, this case involves a patient who claimed her medical searches on Orlando Health’s website allegedly led to targeted Facebook ads for her specific medical conditions. See W.W. v. Orlando Health, Inc., No. 6:24-cv-1068-JSS-RMN, 2025 U.S. Dist. LEXIS 40038 (M.D. Fla. Mar. 6, 2025).
Judge Julie S. Sneed’s ruling in W.W. v. Orlando Health, Inc. denied most of the healthcare provider’s attempts to dismiss the lawsuit, potentially opening the door for closer scrutiny of how medical websites track and share our sensitive health information. As someone who has researched medical information online in the past (who doesn’t these days?), I wondered exactly what happens when I click that “search” button on my insurance carrier’s website.
The Plaintiff alleged she used Orlando Health’s website to research conditions, including ileostomy, heart problems, and fatty liver disease. She later noticed Facebook advertisements popping up for products related to these exact conditions—ileostomy bags, heart failure treatments, and services from Orlando Health neurologists. Coincidence? Plaintiff didn’t think so, and Judge Sneed found her claims plausible enough to proceed.
However, the medical context elevates this case beyond another privacy suit. The Court noted that Orlando Health operates over 100 medical facilities. It encourages patients to use its website to communicate medical symptoms, conditions, and treatments via the search bar and related webpages, including access to appointment booking and the MyChart patient portal. As such, this wasn’t a casual browsing session but an online extension of the doctor-patient relationship.
What makes this case particularly concerning is the nature of the tracking technology itself. Plaintiff alleges that Orlando Health employed tracking tools that operate largely invisibly to users. Judge Sneed acknowledged this reality, noting these technologies are hidden from users’ view and difficult to avoid, even for the particularly tech-savvy user. This creates a troubling power imbalance—patients have no meaningful way to opt out of tracking that they don’t even know is happening.
Even more fascinating is how the court analyzed the claims of the Florida Security of Communications Act (“FSCA”). I think it’s important I highlight the FSCA… after all, I am a Floridian. The FSCA prohibits the intentional interception of electronic communications, and Orlando Health argued that what was being tracked was merely metadata, not the actual content of communications. But Judge Sneed distinguished this case from previous decisions involving commercial websites.
The key difference? Medical searches reveal something fundamentally private about us. For instance, if I decide to search “cardiologist for heart palpitations,” I’m not just clicking links—I’m communicating sensitive information about my health condition. The Court recognized this distinction, noting that information about a user’s medical conditions and healthcare searches constitutes ‘contents’ protected under these statutes.
To break this down further, the FSCA defines “contents” as “any information concerning the substance, purport, or meaning of that communication.” Fla. Stat. § 934.02(7). The Court emphasized that URLs and search queries on a medical website reflect the message Plaintiff sought to convey to Defendant through its website, thus satisfying the statutory standard. Judge Sneed’s approach relied on Black’s Law Dictionary to define “substance,” “purport,” and “meaning,” grounding her interpretation in long-standing legal usage.
As a result, Judge Sneed determined that W.W. successfully alleged all three required elements for an FSCA claim: (1) that Orlando Health intentionally intercepted her electronic communications, (2) that these interceptions captured protected “contents” under the statute, and (3) that she had not consented to this interception. The Court emphasized that Plaintiff has adequately alleged that the electronic communications she claims were intercepted were ‘contents’ as defined by the FSCA.
Orlando Health relied heavily on a Florida case, Jacome v. Spirit Airlines, Inc., No. 2021-000947-CA-01, 2021 WL 3087860, at *1 (Fla. Cir. Ct. June 17, 2021), which involved “session replay” technology tracking users’ movements on a commercial airline website. But Judge Sneed pointed out three crucial differences: first, Jacome involved different tracking technology in a non-healthcare context; second, the very case Orlando Health relied on actually supported W.W.’s position by acknowledging that medical records deserve protection; and third, other courts facing similar healthcare tracking cases have reached conclusions favorable to patients. The Court held that Plaintiff’s claims are predicated on the tracking tools’ interception of her communications… not on the simple fact that her movements on Defendant’s website were tracked.
Moreover, the Court analyzed multiple cases where similar tracking tools on healthcare websites were found potentially liable under wiretap laws. In A.D. v. Aspen Dental Mgmt., Inc., No. 24 C 1404, 2024 WL 4119153, at *5-7 (N.D. Ill. Sept. 9, 2024), the Northern District of Illinois denied a motion to dismiss, finding that URLs containing search terms about medical conditions constituted protected content. Similarly, in R.C. v. Walgreen Co., 733 F. Supp. 3d 876, 885, 903 (C.D. Cal. 2024), the Court found that when tracking technologies shared information about “sensitive healthcare products” with Meta and Google, resulting in targeted ads, this information “reveal[ed] a substantive message about [the p]laintiffs’ health concerns.”
As such, the ruling on the FSCA claim is principally significant because, as Judge Sneed noted, “the FSCA was modeled after the Wiretap Act, [and] Florida courts construe the FSCA’s provisions in accord with the meaning given to analogous provisions of the Wiretap Act.” W.W., 2025 U.S. Dist. LEXIS 40038, at *7. This means the Court’s interpretation of what constitutes “contents” under the FSCA directly influenced its analysis of the federal Wiretap Act claim.
What I found particularly striking was the Court’s reference to the Ninth Circuit’s decision in In re Zynga Priv. Litig., 750 F.3d 1098 (9th Cir. 2014). While that case found that basic website header information wasn’t protected content, it explicitly stated that “a user’s request to a search engine for specific information could constitute a communication such that divulging a URL containing that search term to a third party could amount to disclosure of the contents of a communication.” This distinction has become crucial in healthcare privacy cases, with courts like the Northern District of California in Doe v. Meta Platforms, Inc., 690 F. Supp. 3d 1064, 1076 (N.D. Cal. 2023), recognizing that “a URL disclosing a ‘search term or similar communication made by the user’ ‘could constitute a communication’ under the [Wiretap Act].”
Next, the Court also looked at similar cases in other jurisdictions. In In re Grp. Health Plan Litig., 709 F. Supp. 3d 707, 712, 718, 720 (D. Minn. 2023), a Minnesota Court determined that technology that “surreptitiously track[ed] users’ interactions on the [defendant’s w]ebsites and transmit those interactions to [Meta]” was actionable under the Wiretap Act. Similarly, in Doe v. Microsoft Corp., No. C23-0718-JCC, 2023 WL 8780879, at *9 (W.D. Wash. Dec. 19, 2023), a Washington Court found similar allegations sufficient under California’s Invasion of Privacy Act (“CIPA”).
The Court’s analysis demonstrated a sophisticated understanding of how modern tracking tools actually function. Judge Sneed described how the Facebook Pixel works, explaining that it causes the user’s web browser to instantaneously duplicate the contents of the communication with the website and send the duplicate from the user’s browser directly to Facebook’s server. In a sense, it’s like having a third person secretly photocopy your private medical forms as you fill them out—except it happens digitally, all without your knowledge. That’s a scary thought.
One crucial legal issue the Court had to address was whether Orlando Health could be liable under the Wiretap Act as a party to the communications. Normally, a party to communications can’t “intercept” them under the law. But Judge Sneed found that the “crime-tort exception” might apply, which creates liability when a party intercepts communications “for the purpose of committing any criminal or tortious act.” 18 U.S.C. § 2511(2)(d). This exception has created a split among federal courts, with some like B.K. v. Eisenhower Med. Ctr., 721 F. Supp. 3d 1056, 1065 (C.D. Cal. 2024) rejecting its application, while others like Cooper v. Mount Sinai Health Sys., Inc., 742 F. Supp. 3d 369, 380 (S.D.N.Y. 2024) have held that “A defendant’s criminal or tortious purpose of knowingly disclosing individually identifiable health information to another person in violation of HIPAA may satisfy the crime-tort exception.”
Let’s just think about this for a moment. When you visit your healthcare provider’s website and search for information about a medical condition, you’re effectively having a private conversation about your health. This is a conversation you reasonably expect to stay between you and your provider. Plaintiff alleges that Orlando Health allowed Facebook and Google to listen to this conversation without her knowledge or consent and then use what they heard to sell her things. That’s not just invasive—it’s monetizing vulnerability. The Complaint even describes Meta Pixel and Google’s APIs duplicating real-time communications and sending them to third-party servers without user awareness.
I remember searching for allergy specialists on my insurance provider’s website, only to suddenly see my social media feeds filled with ads for allergy medications. It felt like someone had been reading over my shoulder—because in a digital sense, they had been. This is a troubling loophole in our digital privacy framework. While HIPAA strictly regulates how healthcare providers handle patient information in traditional contexts, the rules often become murky in digital environments. The law hasn’t caught up to the technology, and it’s essential that case law helps close that gap.
The Court recognized other claims as well, including breach of confidence. Judge Sneed emphasized the profoundly personal nature of health information, quoting Norman-Bloodsaw v. Lawrence Berkeley Lab., 135 F.3d 1260, 1269 (9th Cir. 1998): “One can think of few subject areas more personal and more likely to implicate privacy interests than that of one’s health.” Additionally, the Court also allowed unjust enrichment and breach of implied contract claims to proceed, acknowledging that private health information has economic value that healthcare providers shouldn’t be able to exploit without consent. Judge Sneed agreed that Defendant obtained enhanced advertising services and more cost-efficient marketing from the data disclosures, which plausibly conferred a benefit on Orlando Health without Plaintiff’s consent.
In an interesting development for data privacy attorneys, the Court expressly recognized the economic value of personal health information. As Judge Sneed noted, courts should not “ignore what common sense compels it to acknowledge—the value that personal identifying information has in our increasingly digital economy…. Consumers too recognize the value of their personal information and offer it in exchange for goods and services.” W.W., 2025 U.S. Dist. LEXIS 40038, at *32-33 (quoting In re Marriott Int’l, Inc., 440 F. Supp. 3d 447, 462 (D. Md. 2020)).
Interestingly, the Court did dismiss one claim—invasion of privacy by intrusion upon seclusion—finding that Florida law requires an intrusion into a private “place” rather than merely a private activity. As Pet Supermarket, Inc. v. Eldridge, 360 So. 3d 1201, 1207 (Fla. Dist. Ct. App. 2023) specified, “Florida law explicitly requires an intrusion into a private place and not merely into a private activity.” This reveals a gap in privacy law that has not yet adjusted to the digital age, where violations occur in virtual rather than physical spaces.
The irony here is palpable. Healthcare providers are bound by HIPAA and other regulations that severely restrict how they can share our health information in traditional contexts. Yet some providers may allow tech companies to access this information through their websites with far less oversight.
Judge Sneed’s decision aligns with similar rulings in cases like D.S. v. Tallahassee Mem’l HealthCare, No. 4:23cv540-MW/MAF, 2024 WL 2318621, at *1 (N.D. Fla. May 22, 2024), and Cyr v. Orlando Health, Inc., No. 8:23-cv-588-WFJ-CPT (M.D. Fla. July 5, 2023). In Tallahassee Memorial, the Court denied dismissal of identical claims where a healthcare provider allegedly disclosed patient information to Meta and Google through website tracking. Similarly, in Cyr—another case against Orlando Health itself—the Court found the plaintiff’s claims plausible and worthy of proceeding past the pleading stage. This suggests that Courts are increasingly receptive to these digital privacy concerns in the healthcare context.
All in all, healthcare marketers may need to rethink their digital strategies, and patients might finally gain transparency into how their online health searches are being monetized. The next time you search for symptoms online or book a medical appointment through a website, remember that a seemingly private digital conversation might have more participants than you realize.