What 340B Hospitals Need to Know About CMS’s CY 2026 OPPS Final Rule
Key Takeaways
CMS launches Drug Acquisition Cost Survey beginning Jan. 1, 2026. OPPS hospitals must submit NDC-level pricing data for both 340B and non-340B drugs, which CMS will use to inform CY 2027 reimbursement policy.
Hospitals must prepare for significant operational and legal risks. Nonparticipation in the survey could lead to drug packaging and reimbursement loss, and hospitals should begin data validation and site-of-service planning now.
Site-neutral payment cuts for drug administration services take effect in CY 2026. Excepted off-campus departments will be paid at the PFS rate — 60% lower than OPPS — affecting 61 HCPCS codes tied to infusion and injection services.
CMS’s recently published CY 2026 OPPS Final Rule will affect 340B covered entities in two key ways starting Jan. 1, 2026. First, CMS will conduct a Drug Acquisition Cost Survey to collect NDC-level pricing data on separately payable 340B and non-340B drugs from all hospitals paid under the OPPS. Second, CMS will apply physician fee schedule (PFS) reimbursement rates to drug administration HCPCS codes furnished at provider-based sites considered excepted under Section 603 of the Bipartisan Budget Act of 2015.
Payment reductions for drug administration codes will have immediate financial consequences, and CMS’s Acquisition Cost Survey could lead to substantial reimbursement changes. 340B covered entities should carefully evaluate how they plan to respond, as CMS outlined several proposals for hospitals that decline to participate.
OPPS Drug Acquisition Cost Survey
CMS intends to survey all hospitals for detailed acquisition cost data across nearly 2,300 NDCs. CMS intends to use this data to inform OPPS drug payment policy beginning with the CY 2027 OPPS/ASC Proposed Rule. Given the CMS’s prior unlawful attempt to reduce drug reimbursement in 2018 and the Supreme Court’s 2022 decision overturning that effort, the Final Rule signals a renewed push to justify payment cuts for separately payable drugs. The language clearly suggests that 340B covered entities may be a prime target.
Survey Scope and Requirements: What Providers Need to Know
The survey will impose a significant data burden on hospitals, particularly for 340B covered entities. Below is a summary of key requirements and timelines:
Who: All OPPS hospitals must provide requested survey data (note this excludes CAHs since they are not paid under OPPS).
What: Acquisition cost at the NDC level, including discounts directly applicable to an individual NDC and also those discounts not necessarily linked to a single NDC (e.g., discount linked to invoice, prompt pay discounts, wholesaler discounts).
CMS is asking hospitals to separately list their acquisition costs for drug NDCs acquired through the 340B program and those drug NDCs acquired outside of the 340B program.
HRSA’s 340B pilot program is out of scope of this survey.
Hospitals must provide data from July 1, 2024, to June 30, 2025.
When: Starting early 2026.
Considering CMS plans to complete the survey in time to inform the CY 2027 OPPS/ASC proposed rule, data will likely be due by March 31, 2026.
Where and How: CMS will launch a portal on Jan. 1, 2026, that hospitals must register with to upload drug acquisition cost data.
CMS will host webinars on Dec. 9, 2025, and Dec. 11, 2025, to provide an overview of the survey and data submission. Providers should plan to attend. Details and other resources can be found here.
CMS has published a Draft Survey Template that offers some insight into the required data and formatting.
CMS Cuts Reimbursement for Drug Administration Codes at Excepted Off-Campus Sites
Beginning in CY 2026, CMS will expand its site-neutral payment policy to significantly reduce Medicare reimbursement for drug administration services furnished in excepted provider-based hospital outpatient departments (HOPDs). Although these HOPDs were historically “grandfathered” or “excepted” under Section 603 of the Bipartisan Budget Act of 2015 — meaning they could continue to be paid at the higher OPPS rate — CMS is using its authority to curb what it views as inappropriate increases in the volume of outpatient services by reducing the payment differential for the drug administration component (not the drug itself but see above Acquisition Cost Survey discussion). As a result, drug administration services at excepted HOPDs will be paid at the PFS equivalent rate (40% of OPPS), rather than the full OPPS hospital rate.
This policy also signals CMS’s increasing willingness to expand site-neutral payment reforms, suggesting additional future pressure on outpatient reimbursement models, including for 340B hospitals.
For all hospitals paid under the OPPS that provide complex infusion and injection services — including 340B covered entities — this change represents a substantial payment reduction for services provided in excepted HOPDs. CMS estimates a $280 million overall decrease in OPPS spending in CY 2026 from this provision. While the policy does not change payment for the drug itself, it directly affects the payment intended to reimburse hospitals for the cost of the facility, nursing and other staffing costs, supplies, drug preparation and storage, and other overhead. The PFS equivalent rate for drug administration services will represent a 60% reduction of the OPPS rate. This change impacts APCs 5691, 5692, 5693 and 5694, which represent 61 HCPCS.
Key Considerations and Risks for All Hospitals
Hospitals should take proactive steps to prepare for both the drug acquisition survey and the payment changes tied to provider-based drug administration services.
Hospitals should begin validating their ability to extract 340B vs. non‑340B acquisition detail at the NDC level using the Draft Survey Template. The burden will be material, since it includes roughly 2,300 NDCs and requires substantial analysis to incorporate various discounts offered to providers.
Though CMS does not explicitly require participation with an enforcement mechanism, participation is effectively mandatory. Hospitals that do not report their drug acquisition costs may be viewed as lacking meaningful additional, marginal costs related to their acquisition of the drugs and CMS may determine the drugs costs should not be paid separately but should be packaged. Although CMS may lack statutory authority to engage in such rate setting, all hospitals should carefully consider this dialogue and associated risks when considering a non-response.
Certain trade associations are likely looking closely at the survey and associated burdens, and they could coordinate a challenge of the survey. We would also expect legal challenges to resulting rates if stakeholders determine that the survey is inadequate.
Hospitals should also assess the financial impact of CMS’s site-neutral payment policy for drug administration services. Hospitals should evaluate service mix, site-of-service utilization, and potential operational shifts, such as relocating services to on-campus departments or affiliated physician office settings, to mitigate the impact of these payment reductions.
NYDFS Cybersecurity Crackdown- New Requirements Now in Force, and “Covered Entities” Include HMOs, CCRCs—Are You Compliant?
As cybersecurity breaches grow more complex and frequent, regulators are increasingly focused on organizational compliance.
Organizations such as Crowdstrike report that in 2025, cyberattacks are increasing in speed, volume, and sophistication—and cybercrime has evolved as a “highly efficient business.” The escalating threat landscape demands robust security frameworks that can withstand evolving risks.
Enter the amendments announced in November 2023 to the New York’s Department of Financial Services (NYDFS) Cybersecurity Regulation, 23 NYCRR Part 500 (“Amended Regulation”), that became effective on November 1. This post explores the breadth of these Amended Regulations, and the steps that covered entities need to take now.
The Amended Regulation applies to “covered entities,” i.e., DFS-regulated entities including partnerships, corporations, branches, agencies, and associations—indeed, “any person”—operating under, or required to operate under, a license, registration, charter, certificate, permit, accreditation, or similar authorization under New York’s Banking Law, Insurance Law, or Financial Services Laws.
Notably, health maintenance organizations (HMOs) and continuing care retirement communities (CCRCs) are considered covered entities. NYDFS-authorized New York branches, agencies, and representative offices of out-of-country foreign banks are also covered entities subject to the requirements of Part 500.
While some requirements took effect almost immediately in late 2023, others were delayed to 2024 and 2025. The final set of cybersecurity requirements that became effective November 1 require covered entities to:
expand multifactor authentication (MFA) to include all individuals accessing information systems; and
implement written policies and procedures designed to produce and maintain a complete, accurate, and documented asset inventory of information systems.
Multi-Factor Authentication (MFA)
The amended Section 500.12 requires covered entities to use multi-factor authentication (MFA) for any individual accessing any information system of a covered entity—regardless of location, type of user, and type of information contained on the Information System being accessed (FAQ 18). Internal networks that would require the use of MFA include email, document hosting, and related services, whether on-premises or in the cloud, such as Office 365 and G-Suite (FAQ 19).
Definition
MFA is defined in the regulation as authentication through verification of at least two of the following types of authentication factors:
knowledge factors, such as a password, passphrase, or personal identification number (PIN);
possession factors, such as a hardware token, authentication app, or smartcard; or
inherence factors, such as a biometric characteristic (fingerprints, facial recognition, or other biometric markers.
Artificial Intelligence and Other Risks
Note that while the definitions include passwords and biometric characteristics as verifiers, caution should be taken, as AI deepfakes may now pose a risk to biometric-based systems. Indeed, NYDFS issued a related letter regarding AI cybersecurity risks in October 2024. The October 2024 letter does not impose new requirements with respect to the Amended Regulation, yet states:
While Covered Entities have the flexibility to decide, based on their Risk Assessments, which authentication factors to use, not all forms of authentication are equally effective. Given the risks…Covered Entities should consider using authentication factors that can withstand AI-manipulated deepfakes and other AI-enhanced attacks by avoiding authentication via SMS text, voice, or video, and using forms of authentication that AI deepfakes cannot impersonate, such as digital-based certificates and physical security keys. Similarly, instead of using a traditional fingerprint or other biometric authentication system, Covered Entities should consider using an authentication factor that employs technology with liveness detection or texture analysis to verify that a print or other biometric factor comes from a live person. Another option is to use authentication via more than one biometric modality at the same time, such as a fingerprint in combination with iris recognition, or fingerprint in combination with user keystrokes and navigational patterns. [Footnotes omitted].
The NYDFS July 2025 Guidance on the MFA requirements stresses the need “for organizations to understand the trade-offs associated with each method in order to make informed, risk-based decisions.” The July 2025 Guidance discusses the tradeoffs with respect to SMS Authentication, App-based Authentication (with and without number matching), and Token-based Authentication. Note that a covered entity’s Chief Information Security Officer (CISO) may approve in writing the use of reasonably equivalent or more secure controls, to be reviewed at least annually.
Limited Exemptions
The covered entity may qualify for a limited exemption pursuant to section 500.19(a), Section 500.19(a) provides limited exemptions for covered entities with:
fewer than 20 employees;
less than $7,500,000 in gross annual revenue in each of the last three years; or
less than $15,000,000 in year-end total assets.
Where one of the limited exemptions applies, MFA should nevertheless be used for:
remote access to the covered entity’s information system;
remote access to third-party applications, including but not limited to those that are cloud-based, from which nonpublic information is accessible; and
all privileged accounts other than service accounts that prohibit interactive login.
Asset Inventory of Information Systems
Section 500.13(a) requires covered entities—as part of their cybersecurity programs—to implement written policies and procedures designed to produce and maintain a complete, accurate, and documented asset inventory of their information systems. At a minimum, policies and procedures must include
a method to track specified key information for each asset, including, as applicable:
the owner;
the location;
classification or sensitivity;
support expiration date;
recovery time objectives; and
the frequency required to update and validate the covered entity’s asset inventory.
Section 500.13(b) also requires covered entities to include policies and procedures for the secure disposal on a periodic basis of any nonpublic information (identified in section 500.1(k)(2)-(3)) that is no longer necessary for business operations or for other legitimate business purposes of the covered entity, except where such information is otherwise required to be retained by law or regulation, or where targeted disposal is not reasonably feasible due to the manner in which the information is maintained.
Enforcement
The regulation is to be enforced by the superintendent. Section 500.20 states that the failure to act to satisfy an obligation shall constitute a violation, although the superintendent is directed, when assessing penalties, to consider elements including cooperation, good faith, history of prior violations, the number of violations, and the extent of harm to consumers. In a recent example, in August, NYDFS secured a $2 million settlement with a health insurance provider for violations of Part 500.
Takeaways
Implementation
Covered entities must:
implement MFA for any individual accessing any information systems of a covered entity or meet the requirements of a limited exemption (fewer than 20 employees, less than $7,500,000 in gross annual revenue in each of the last three years; or less than $15,000,000 in year-end total assets). Covered entities should understand the various methods of MFA in order to make informed, risk-based decisions regarding their use; and
implement written policies and procedures designed to produce and maintain a complete, accurate, and documented asset inventory of their information systems, with a method to 1) track key information and 2) the frequency needed to update and validate the asset inventory
The CISO may approve alternative controls in writing, if these are reasonably equivalent or more secure, and reviewed annually.
Compliance Filing
Covered entities must:
submit to NYDFS an annual notice regarding compliance with Part 500—through a Certification of Material Compliance or an Acknowledgment of Noncompliance—by April 15 (covers compliance during the previous calendar year), unless fully exempt and a Notice of Exemption is submitted (FAQ 29);
file separate annual notifications, if holding more than one license;
keep all data and documentation supporting their annual notifications for 5 years and provide that information to the Department upon request;
notify NYDFS of a cybersecurity incident no later than 72 hours after determining that one has occurred (FAQ 20). May have to notify even if the attack is unsuccessful (FAQ 21) or occurs at a third-party service provider (FAQ 23).
Third Parties
Covered entities should ensure compliance with regulations pertaining to third-party service providers, including:
Implementing policies with respect to third-party service providers (Section 500.11).
Undertaking a thorough due diligence process in evaluating the cybersecurity practices of third-party providers; the FAQs state that relying on the latter’s certification of material compliance is insufficient.
Cybersecurity governance: If the CISO is employed by a third-party service provider, the covered entity shall retain responsibility and provide direction and oversight (Section 500.4).
Making a risk assessment regarding appropriate controls for third-party service providers (Section 511(b)).
Note that NYDFS issued “Guidance on Managing Risks Related to Third-Party Service Providers” in October 2025, a Part 500 checklist, an exemption flowchart, and more. Developments are fast-paced in the cybersecurity world and companies have a lot to lose if they pay insufficient attention to all of these new legal requirements, as they set a new floor. While meeting all of these (and other) cyber requirements may not be easy, this remains a space in which an ounce of prevention may well be worth a pound of cure.
EBG will continue to monitor developments in this area. If you have questions or need assistance in implementation of the Amended Regulations within your organization, please reach out to the authors or the EBG attorney with whom you work.
Epstein Becker Green Staff Attorney Ann W. Parks assisted with the preparation of this post.
THE STATE OF AID: The Department of State’s $150 Million Agreement with Zipline International Inc. Shows a New Path to Unlocking Aid
On November 25, 2025, the Department of State announced an agreement of up to $150 million with Zipline International Inc. to expand access to life-saving medical supplies across Côte d’Ivoire, Ghana, Kenya, Nigeria, and Rwanda. According to the fact sheet on Zipline’s website: “Zipline designs, manufactures, and operates the world’s largest and most experienced autonomous delivery service, which uses electric aircraft to get people instant access to what they need, on their terms.” Founded in 2014 and commencing commercial operations in 2016, Zipline’s fact sheet also touts the company’s operating on four continents, serving more than 5,000 hospitals and health facilities, and making a delivery somewhere in the world every 60 seconds.
Zipline’s agreement with the State Department has been described as using “milestone-based payments and co-financing commitments with partner governments to ensure sustainability and recipient government participation.” Axios reports this type of agreement is a “first-of-its-kind from the State Department.” The agreement is also one of the first agreements announced by the current administration implementing its new America First Global Health Strategy.
The America First Global Health Strategy was announced on September 18, 2025, and provided an overview of the new paradigm for delivering foreign aid in support of global health and international development. The strategy made “the purchase of innovative American products a key component of future U.S. health foreign assistance programs.” Similarly, the strategy described “larger opportunities across the health service delivery value chain where U.S. companies can capitalize on growing markets, including healthcare logistics, private pharmacies and clinics, and health data solutions.”
The Zipline agreement comes right on the heels of the State Department announcing its progress partnering with the Global Fund and the American company Gilead Sciences to make the human immunodeficiency virus (HIV) type 1 capsid inhibitor lenacapavir available in Africa. Lenacapavir is considered a breakthrough medication in the HIV prevention space, which Gilead has offered to the State Department at no cost for use in Eswatini and Zambia.
The State Department’s agreements with Zipline and Gilead provide examples of what the future of American-driven global health will look like, creating optimism for companies interested in engaging in international development. The optimism appears particularly warranted for U.S.-based entities that have an international footprint.
Listen to this post
This Week in 340B: November 18 – 24, 2025
Find this week’s updates on 340B litigation to help you stay in the know on how 340B cases are developing across the country. Each week we comb through the dockets of more than 50 340B cases to provide you with a quick summary of relevant updates from the prior week in this industry-shaping body of litigation. Get more details on these 340B cases and all other material 340B cases pending in federal and state courts with the 340B Litigation Tracker.
Issues at Stake: Contract Pharmacy
In one case by a drug manufacturer challenging an Arkansas state law governing contract pharmacy arrangements, the drug manufacturer filed a reply in support of its motion for summary judgment and a response to the government and intervenor-defendant’s motion for summary judgment.
In one case brought by a drug manufacturer challenging a Colorado state law governing contract pharmacy arrangements, the plaintiff filed a notice of appeal and the defendants filed a reply to the response to the motion to dismiss.
In a case challenging a South Dakota state bill, plaintiffs filed a brief in support of their motion for a preliminary injunction.
A drug manufacturer filed a complaint in Rhode Island to challenge a Rhode Island state law governing contract pharmacy arrangements.
A group of drug manufacturers filed a complaint in Vermont to challenge a Vermont state law governing contract pharmacy arrangements.
In one case brought by a drug manufacturer challenging a Vermont state law governing contract pharmacy arrangements, the plaintiff filed a motion for preliminary injunction.
In two cases challenging a Utah state law governing contract pharmacy arrangements, the court denied the defendant’s motion to dismiss in each case.
In one case brought by a drug manufacturer challenging an Oregon state law governing contract pharmacy arrangements, the plaintiff moved for summary judgement.
In one case by a trade association of drug manufacturers challenging an Oregon state law governing contract pharmacy arrangements, the plaintiff moved for summary judgment.
In one case by a drug manufacturer challenging a Nebraska state law governing contract pharmacy arrangements, the defendant files a response in opposition to the plaintiff’s motion for preliminary injunction.
Kelsey Reinhardt and Nadine Tejadilla contributed to this article
CMS Adds New Requirements to Hospital Price Transparency Reporting
On November 21, 2025, the Centers for Medicare & Medicaid Services (CMS) published the CY 2026 Outpatient Prospective Payment System (OPPS) and Ambulatory Surgical Center Final Rule (the Rule), which includes several significant changes to hospital price transparency regulations. The changes follow from Executive Order 14221, entitled “Making America Healthy Again by Empowering Patients with Clear, Accurate, and Actionable Healthcare Pricing Information,” which directs the Department of Health & Human Services (HHS) to take steps to require more uniform, accurate pricing information from hospitals. Key provisions of the Rule’s new requirements are summarized below. Although these new requirements become effective on January 1, 2026, CMS is delaying enforcement until April 1, 2026.
New MRF Data Reporting Requirements
Allowed Amounts
Currently, where a hospital’s standard charge is based on an algorithm or percentage, CMS requires hospitals to report an “estimated allowed amount” in their machine-readable file (MRF). The Rule removes this requirement and instead requires hospitals to report the following four elements:
Median allowed amount (which replaces estimated allowed amount);
The 10th percentile allowed amount;
The 90th percentile allowed amount; and
The number of allowed amounts used to calculate the prior three amounts.
The median allowed amount and the 10th– and 90th-percentile allowed amounts must be calculated based on amounts the hospital has historically received from a third-party payer (less certain contractual adjustments) over the 12 to 15 months prior to posting the MRF. If an allowed amount falls between two amounts, hospitals are required to report the higher amount. To calculate these data points, hospitals must use electronic data interchange (EDI) 835 electronic remittance advice (ERA), or an equivalent, alternative source of remittance data.
Hospital NPI
The Rule also adds a requirement that hospitals encode in their MRF their organizational (i.e., Type 2) National Provider Identifier or NPI.
Modification of MRF Attestation Statement
Current regulations require each hospital to attest to the accuracy and completeness of the information encoded in its MRF. Beginning January 1, 2026, the Rule replaces the existing affirmation statement with a new, strengthened requirement at 45 C.F.R. § 180.50(a)(3)(iii) (reproduced below).
To the best of its knowledge and belief, this hospital has included all applicable standard charge information in accordance with the requirements of 45 CFR 180.50, and the information encoded is true, accurate, and complete as of the date in the file. This hospital has included all payer-specific negotiated charges in dollars that can be expressed as a dollar amount. For payer-specific negotiated charges that cannot be expressed as a dollar amount in the machine-readable file or not knowable in advance, the hospital attests that the payer-specific negotiated charge is based on a contractual algorithm, percentage or formula that precludes the provision of a dollar amount and has provided all necessary information available to the hospital for the public to be able to derive the dollar amount, including, but not limited to, the specific fee schedule or components referenced in such percentage, algorithm or formula.
The Rule also adds a requirement that hospitals include with the attestation statement the name of the hospital’s CEO, president, or senior official designated to oversee the data encoding process for the MRF.
Changes to Civil Monetary Penalties
Finally, the Rule makes available a 35% reduction to Civil Monetary Penalties (CMP) imposed for certain violations of hospital price transparency requirements, which hospitals can request in exchange for the hospital waiving its right to an administrative hearing. However, the 35% reduction will not apply if the CMP is imposed due to the hospital failing to make its MRF or any shoppable services public.
Conclusion
Hospitals would be well advised to proactively assess their price transparency practices and update their processes and disclosures to align with the enhanced requirements of the new Rule.
This article was co-authored by Ivy Miller
Executive Briefing- Strategic Inflection Points in Digital Health & Health Tech
The digital health and health tech sectors are undergoing a period of accelerated transformation amidst a fragmented regulatory landscape. Companies are looking within and to peers to determine how to pursue innovation while balancing financial and regulatory risks in this challenging landscape, while investors are waiting for leaders to emerge. This briefing outlines four critical inflection points that are redefining the market.
1. AI in Healthcare: Building Trust and Embracing Risk Amidst Regulatory Uncertainty
Inflection Point: With no clear federal legal framework for AI in healthcare, organizations must work with internal and external stakeholders to build trust and understanding of the technology while proactively managing risk to drive adoption.
Addressing Knowledge Gaps: Many patients lack the context to evaluate AI-driven decisions. Public-facing materials and clinician communication are key to bridging this gap. Empowering patients to engage with their own medical data – the information AI uses – establishes transparency and can build trust in AI-assisted care.
Progress, Not Perfection: The question isn’t whether AI is perfect—it’s whether it’s better than current alternatives. Humans also make mistakes, but human error is more acceptable to the public than AI error. Framing AI as a tool for enhancement, not replacement, helps build trust. Communicating success stories to overcome negative perceptions in the court of public opinion is an important step in advancing AI within healthcare.
Risk Without Regulation: The absence of federal AI regulation requires healthcare organizations to build internal frameworks for risk quantification and mitigation.
Human-in-the-Loop Models as a De-Risking Strategy: At this time, AI is most often being deployed as clinical decision support—not as a replacement for clinicians. These models must be pressure-tested by competent humans to avoid hallucinations and ensure accountability. From a legal standpoint, the source of error—human or machine—doesn’t change the risk. What matters is whether the output was pressure-tested by a qualified reviewer.
Investor Insight: Back companies that treat AI governance as a strategic asset, not just a compliance checkbox. The strongest players combine defensible frameworks, clear accountability, and alignment with emerging federal and state guidance with real-world evidence and proven use cases. Models that embed meaningful human oversight, anchored by the pedigree and expertise of the individuals in that loop, reduce both clinical and regulatory risk. That combination makes them far more investable and better positioned for long-term adoption.
2. Payment Model Volatility: Navigating the Cash-Pay Surge and Reimbursement Gaps
Inflection Point: The traditional reimbursement ecosystem is now one of many paths for digital health companies.
Cash-Pay Expansion: We see continued growth in cash-pay models given challenges with health plan coverage and consumer preferences to leverage virtual models for certain treatments, such as weight loss.
Reimbursement Realities: Many digital health companies are opting out of insurance due to low reimbursement rates and protracted contracting cycles. Fee-for-service remains dominant, but Per Member Per Month (PMPM) contracts are gaining traction—especially when not tied to value-based care.
TPA & Employer Dynamics: Third-party administrators (TPAs) increasingly expect digital health vendors to function as in-network providers. Meanwhile, employers are consolidating point solutions.
Investor Insight: Look for companies with diversified revenue strategies and the ability to navigate payor credentialing and contracting complexity.
3. Regulatory Fragmentation: State-Level Barriers and Compliance Complexity
Inflection Point: Regulatory inconsistency across states is creating operational friction, scalability challenges, and compliance risk.
Credentialing Challenges: Credentialing delays are a contributing factor of high provider attrition rates. Partnerships with National Committee for Quality Assurance (NCQA)-certified Credentials Verification Organizations (CVOs) are emerging as a solution, but implementation remains uneven.
Mid-Level Provider Variability: Regulations governing nurse practitioners and physician assistants vary widely by state, complicating staffing and service delivery models.
Access Restrictions: Cash-pay telehealth providers often face barriers to accessing patient medical records, undermining trust and continuity of care.
Investor Insight: Prioritize companies with strong compliance infrastructure and scalable credentialing strategies.
4. Employer & Broker Channel Shifts: From Point Solutions to Ecosystem Integration
Inflection Point: Employers are demanding integrated digital health ecosystems over fragmented point solutions, but it is currently unclear which healthcare stakeholders can best orchestrate an ecosystem.
Broker Channel Leverage: To reach employers, digital health companies must navigate broker relationships or align with carrier pricing strategies—often requiring strategic concessions.
Resale Models: Carriers are increasingly reselling digital health solutions as carved-out benefits, creating pricing and positioning challenges for vendors.
Ecosystem Expectations: Employers want plug-and-play solutions that integrate seamlessly into existing benefits infrastructure, favoring vendors that offer breadth and interoperability.
Investor Insight: Back companies with ecosystem-ready platforms and well-structured channel partnerships. Prioritize those with a clear strategy for when to own the patient front end versus when to integrate seamlessly into existing pathways, and the discipline to know when not to be the front door.
Conclusion
Digital health and health tech is at a strategic crossroads. Companies that can adapt to payment volatility, regulatory fragmentation, and shifting employer expectations will be best positioned to lead their sectors and attract investor interest.
McDermott+ Check-Up- November 21, 2025
THIS WEEK’S DOSE
Congressional disagreements on addressing healthcare costs continue. The looming expiration of the enhanced advanced premium tax credits (APTCs) continues to be a major topic of discussion for lawmakers, with no bipartisan agreement in sight.
Numerous congressional hearings on healthcare. The Senate Finance Committee examined the rising cost of healthcare and the Senate Aging Committee analyzed domestic production of medicine. In the House, the Ways and Means Committee reviewed chronic disease prevention and treatment, the House Energy and Commerce Committee examined the risks associated with AI chatbots, and the Budget Committee held an oversight hearing on the Congressional Budget Office (CBO).
Senate advances nomination for HHS inspector general. The nomination of Thomas Bell to be inspector general of the US Department of Health and Human Services (HHS) was advanced through both the Senate Committee on Homeland Security & Governmental Affairs and the Senate Finance Committee, which means it is ready for full Senate consideration.
CMS issues guidance on Medicaid provider and MCO tax provisions of OBBBA. The Centers for Medicare & Medicaid Services (CMS) clarified two tax provisions, applicable to providers and managed care organizations (MCOs), included in the One Big Beautiful Bill Act (OBBBA).
CMS announces 2026 premiums and deductibles for Medicare Parts A and B. In 2026, Medicare Parts A and B premiums and deductibles will increase.
HHS advances caregiver support efforts. HHS announced new initiatives aimed at strengthening caregiver support and expanding the caregiving workforce.
DHS releases proposed rule on public charge determinations. The Department of Homeland Security (DHS) proposed rule would revise how immigration officers assess public-charge determinations, potentially affecting enrollment in programs like Medicaid.
CMS updates Medicare claims processing guidance. CMS’ updated guidance reflects the end of the government shutdown and the restoration of certain payment waivers and flexibilities.
CMS releases final CY 2026 ESRD rule. The final rule updates payment rates and policies under the End-Stage Renal Disease (ESRD) Prospective Payment System (PPS) for calendar year (CY) 2026.
CONGRESS
Congressional disagreements on addressing healthcare costs continue. With the record-setting 43-day government shutdown in the rearview mirror, the House and Senate were back in full swing this week, and the fast-approaching expiration of the enhanced APTCs kept healthcare affordability issues front and center. While part of the deal to reopen the government included Senate Majority Leader Thune’s (R-SD) promise of a floor vote on an enhanced APTC extension bill of the Democrats’ choosing by the second week of December, a path forward has yet to be determined. While Democrats have continued to advocate for a straightforward enhanced APTC extension, many Republicans appear to be in favor of an approach that sends money directly to consumers, such as through health savings accounts (HSAs). President Trump issued a statement to this end, and Republican lawmakers are also touting this concept, though the exact language and mechanics of such a proposal has yet to be put forward. Additionally, on the topic of HSAs, the Government Accountability Office (GAO) released a report following their interviews with nine HSA providers and other stakeholders looking at features of HSAs, how they are marketed, how HSA holders use their accounts, and the characteristics of individuals who use HSAs and other tax-advantage savings accounts. The issue of HSAs and APTCs was front and center at the Senate Finance Committee’s hearing on healthcare costs (see next story) and will likely remain so into December.
Numerous congressional hearings on healthcare. With both the House and Senate in session this week for the first time since mid-September, committees on both sides of the Capitol held a number of healthcare-focused hearings.
Senate:
Finance Committee hearing on healthcare costs. In this hearing, Republican members of the committee generally supported the concept of providing funds to individuals using HSAs instead of offering discounted coverage on the marketplace through the APTCs as a solution to rising healthcare costs. In contrast, Democratic senators, and the witnesses invited by the Democrats, argued that the extension of the enhanced APTCs is the crisis facing millions of Americans come January 1, 2026, and that needs to be the immediate focus. Democratic senators and some of the witnesses also agreed that longer-term health reforms aren’t possible before that date.
Aging Committee hearing on restoring trust in medicines. Witnesses in the Senate Aging Committee hearing shared the regulatory and financial barriers they face as US-based drug manufacturers, and expressed concerns with the increasing dependence on foreign-made medicines leading to drug shortages and threats to national security and patient health. Senators on the committee emphasized the importance of improving quality and reliability of the nation’s medical supply and asked the witnesses to identify policy changes would most benefit them and patients. Additionally, Chair Scott (R-FL) shared plans to introduce legislation that would require country-of-origin information on drug labeling to ensure patients know where their medications are coming from.
House:
Energy and Commerce Oversight and Investigations Subcommittee hearing on AI chatbots. During this hearing, committee members expressed concerns about the potential harmful effects AI chatbots could pose as they become increasingly popular. Their questions focused on issues related to mental health, child safety, and privacy, emphasizing the importance of mitigating the risks of misinformation and disinformation in AI chatbots. Witnesses shared insights on negative mental health outcomes from AI chatbots and emphasized that AI chatbots should not replace human relationships.
Ways and Means Health Subcommittee hearing on care coordination. During this hearing on chronic disease prevention and treatment, Democrats on the committee expressed concerns over Americans who might lose their health insurance because of the rise in health insurance premiums. They emphasized that without extending the APTCs, many Americans would not be able to access health services. Republican members of the committee emphasized that the ACA must be replaced and noted that HSAs would be an affordable option for people to access care. Both parties emphasized that telehealth services should be expanded and highlighted the benefits rural communities experience with telehealth.
House Budget Committee hearing with CBO director. This hearing included a focus on the recent cyberattack at CBO and calls for an independent audit, and many members focused their questions on CBO’s scoring of OBBBA’s healthcare provisions and the expiration of the enhanced APTCs. CBO Director Swagel noted that during negotiations for OBBBA, CBO had to decide between timeliness and transparency when releasing information. Now that the bill has been enacted, he affirmed CBO will release a more in-depth analysis on OBBBA in February 2026, including budget estimates. Democratic members expressed concerns about the enhanced APTCs’ expiration and asked Director Swagel about CBO’s analysis of OBBBA’s impact on the national debt and number of uninsured Americans. Chair Arrington (R-TX) indicated that the committee may hold a healthcare-related hearing in the future.
Senate advances nomination for HHS inspector general. This week the Senate Committee on Homeland Security & Governmental Affairs held a hearing to consider the nomination of Thomas Bell to be HHS inspector general. The committee then held a business meeting where they advanced his nomination by a vote of 8-7, along party lines. With the Senate Finance Committee also moving the nomination forward this week by a vote of 14-13 along party lines, it will now proceed to the Senate floor.
ADMINISTRATION
CMS issues guidance on provider and MCO tax provisions of OBBBA. In a Dear Colleague letter, the Center for Medicaid and CHIP Services (CMCS) provided guidance on implementing certain Medicaid provisions from the OBBBA.
Providers. Section 71115 of OBBBA specifies the requirements for an expansion or non-expansion state that “has enacted a tax and imposes such tax,” referring to the healthcare-related provider taxes. CMS’ guidance clarifies the definitions of “enacted” and “imposed” under new rules in the OBBBA. The guidance outlines that non-expansion states may maintain existing “hold harmless” arrangements, while expansion states must gradually reduce their thresholds starting in fiscal year 2028. CMS is also collecting data on current tax structures to support consistent application of the new thresholds and to inform future rulemaking and state planning.
MCOs. Section 71117 of OBBBA addresses provider tax waivers by tightening rules around the federal requirements that provider taxes be uniform and broad-based, meaning they must be applied at the same level and to all providers in the state. States have been allowed to seek CMS waivers if their tax structures were redistributive and not directly tied to Medicaid payments, but CMS grew concerned that this allowed states to tax Medicaid MCOs at higher rates than others. To close this loophole, Section 71117 empowered CMS to phase out non-compliant taxes through a transition period of up to three fiscal years. Before OBBBA was enacted, CMS had proposed a similar rule in May 2025, though it offered a more limited transition period – only for states whose waiver approvals were granted more than two years before the final rule’s effective date.
In this guidance, CMS also provides the following transition periods, which differ from the May proposed rule:
States with MCO taxes that use this loophole and received a waiver approval before the July 4, 2025, enactment of OBBBA will have until the end of the applicable state’s fiscal year ending in calendar year 2026.
States with all other taxes that use this loophole and received a waiver approval before the July 4, 2025, enactment of OBBBA will have until the end of the applicable state’s fiscal year ending in calendar year 2028, but no later than October 1, 2028.
While the information provided in the letter is preliminary in nature, CMS plans to release a rule with more formal guidance.
CMS announces 2026 premiums and deductibles for Medicare Parts A and B. Key changes for 2026 include:
Part B. The Part B standard monthly premium for 2026 will be $202.90, an increase of 9.7% over the 2025 Part B standard monthly premium of $185.00. The annual Part B deductible for 2026 will be $283.00, an increase of 10.1% over the 2025 Part B deductible of $257. CMS noted that the increase in the 2026 Part B standard premium and deductible is mainly due to projected price changes and assumed utilization increases that are consistent with historical experience. Additionally, CMS reported that as a result of reductions in payment amounts for skin substitutes finalized in the recent Medicare Physician Fee Schedule final rule, the 2026 Part B premium is about $11 less than it would otherwise have been.
Part A. The Part A monthly premium will be $565, an increase of 9.1% over the 2025 Part A monthly premium of $518. While most Part A enrollees do not pay a monthly premium for Part A coverage, certain individuals who do not qualify for premium-free coverage are eligible for coverage subject to a monthly premium and are therefore impacted by the premium increase for 2026. The Part A inpatient deductible will be $1,736, an increase of 3.6% over the 2025 deductible of $1,676. The 2026 cost sharing for inpatient stays that exceed 60 days will be $434 per day for days 61 – 90 and $868 per day for lifetime reserve days.
HHS advances caregiver-support efforts. During an event in which experts in caregiving and family caregivers discussed the financial and emotional challenges facing caregivers and their families, HHS highlighted the need to strengthen the workforce through financial support. Additionally, HHS Secretary Kennedy announced the Caregiver Artificial Intelligence Prize Competition and called upon innovators to develop AI caregiver tools that support family members, friends, and the direct-care workforce in providing safe, person-centered care at home, as well as AI caregiver workforce tools that help employers improve efficiency, scheduling, and training. The Administration for Community Living (ACL) will award innovators who can harness the power of AI to reduce the administrative burden on caregivers. The ACL will provide up to $2 million in prizes to 10 awardees over a three-year period to help scale the initiative.
DHS releases proposed rule on public-charge determinations. The proposed rule would change how immigration officers determine whether noncitizens are likely to become dependent on government assistance. Under federal immigration law, noncitizens applying for a visa, admission to the United States, or an adjustment of status to lawful permanent resident can be denied if they are deemed likely to become reliant on the government, known as being a “public charge.” The statute states that immigration officers, at a minimum, must consider an individual’s “age; health; family status; assets, resources, and financial status; and education and skills” when making a public-charge determination.
The proposed rule would rescind the 2022 final rule and give officers greater discretion to consider all statutory and case-specific factors when determining inadmissibility under the public charge standard. DHS also plans to develop new policy and interpretive tools to guide these determinations and is seeking public input on their design. DHS now estimates that the proposed rule could reduce federal and state spending on public programs by at least $8.97 billion annually, due to an expected disenrollment or forgone enrollment of about 950,000 individuals from programs such as Medicaid, the Children’s Health Insurance Program (CHIP), SNAP, Temporary Assistance for Needy Families, and Supplemental Security Income.
CMS updates Medicare claims processing guidance. CMS released updated Medicare claims processing guidance to reflect the end of the shutdown and the restoration of certain payment waivers and flexibilities, including Medicare telehealth flexibilities and the Acute Hospital Care at Home (AHCAH) waiver. In this guidance, CMS clarified that all telehealth claims are now payable if they meet applicable requirements and directed clinicians to resubmit returned or held claims. Similarly, hospitals participating in the AHCAH program may now resubmit claims for services on or after October 1, 2025. CMS also instructed the Medicare Administrative Contractors (MACs) to make adjustments to claims affected by the recent congressional action to retroactively restore lapsed programs, including low-volume hospital adjustment and the Medicare-dependent hospital program. CMS expects normal processing operations to resume shortly and advised providers to contact their MACs only if discrepancies arise.
Separately, CMS posted revised frequently asked questions (FAQs) on Medicare telehealth services. The FAQs state that the Medicare telehealth waivers and flexibilities now expire on January 30, 2026. Providers can submit Medicare telehealth claims for dates of service on or after October 1, 2025. CMS states in the FAQs that it will continue to pay telehealth claims in the “same way they had been paid before October 1, 2025. Telehealth flexibilities will apply retroactively as if there hadn’t been a temporary lapse in the application of the telehealth flexibilities through January 30, 2026.” CMS also discussed the issue of using a provider’s home address when the clinician provides telehealth services from their home, stating that “practitioners can provide telehealth services from their home and in many cases do not need to report their home address.”
CMS releases final CY 2026 ESRD rule. The rule finalizes the following:
The final CY 2026 ESRD PPS base rate is set at $281.71, an increase from the CY 2025 ESRD PPS base rate of $273.82. The final amount reflects the application of the wage index budget neutrality adjustment factor, the budget neutrality factor for the final non-contiguous areas payment adjustment (NAPA) (0.99860), and a final ESRD Bundled market basket update of 2.1%
CMS modifies the timeframe for Transitional Drug Add-on Payment Adjustment (TDAPA) eligibility to provide that a new renal dialysis drug or biological product must have been approved by the Food and Drug Administration within the past three years at the time of submission of the TDAPA application. This revised eligibility timeframe will apply for all new drugs and biological products for which a TDAPA application is submitted on or after January 1, 2028.
CMS will terminate the End-Stage Renal Disease Treatment Choices Model, ending December 31, 2025.
A fact sheet from CMS can be found here.
QUICK HITS
Republican House committee leaders release letter on Organ Procurement and Transplantation Network. Energy and Commerce Committee Chair Guthrie (R-KY) and Energy and Commerce Oversight and Investigations Subcommittee Chair Joyce (R-PA) sent a letter to CMS Administrator Oz requesting a briefing by December 1, 2025, to better understand HHS’ recent actions and ongoing work to enhance safety within the Organ Procurement and Transplantation Network.
House and Senate release 2026 legislative calendars. The House 2026 legislative calendar and the Senate 2026 legislative calendar show the days each chamber plans to be in session in the new year. While the calendars are generally similar, there are weeks in which one chamber will be in session while the other will be in recess. Additionally, both chambers will be out of session for most of October 2026, due to the approaching midterm elections.
HHS releases updated report on pediatric gender-affirming care. The previously published report is critical of pediatric gender-affirming care, focusing on the potential risks and long-term health impacts associated with treatments such as puberty blockers, hormones, and surgeries. This update shows that the report was peer-reviewed.
GAO releases report on Medicaid enrollment across state lines. The GAO found that the federal government and six states overpaid MCOs in fiscal year (FY) 2023 and recommends CMS implement controls to prevent duplicate Social Security numbers on marketplace policies receiving APTC benefits and require marketplaces and Medicaid/CHIP agencies to submit enrollment data for frequent interstate matching and resolve discrepancies to verify eligibility or terminate coverage.
NEXT WEEK’S DIAGNOSIS
Congress will be in recess next week for the Thanksgiving holiday. Lawmakers are set to return the week of December 1, 2025, at which time we expect the Senate’s plans to become clearer on timing for an APTC vote, along with potential progress on the next package of the nine remaining FY 2026 appropriations bills, which must be addressed prior to the new January 30, 2026, funding deadline.
CMS Finalizes Mandatory Ambulatory Specialty Model for Cardiology and Low-Back Pain
The Centers for Medicare & Medicaid Services (“CMS”) recently finalized a rule establishing the new Ambulatory Specialty Model (“ASM”)— a mandatory value-based payment model that could apply to nearly one-quarter of all physicians in select specialties starting January 1, 2027. The ASM applies to physicians providing services to address two high-expenditure chronic conditions among Medicare patients: heart failure (cardiology) and low-back pain (pain management, interventional pain, neurosurgery, orthopedic surgery, and physical medicine and rehabilitation). Participation will be mandatory for eligible clinicians practicing in geographic areas selected by CMS that will likely encompass approximately one-quarter of U.S. Core-Based Statistical Areas (“CBSAs”) or metropolitan divisions nationwide. Published in connection with the Calendar Year (“CY”) 2026 Medicare Physician Fee Schedule (“PFS”), this alternative payment model represents a significant step in CMS’s transition toward specialty-specific accountability for cost, quality, and care coordination in ambulatory care. The model has significant implications for specialty practices, particularly those participating in or aspiring to join Accountable Care Organizations (“ACOs”). Additionally, the ASM will leverage components of the existing Merit-based Incentive Payment System (“MIPS”)/Medicare Value Pathways (“MVPs”) frameworks. For clinicians subject to MIPS/MVP, this model introduces a revised approach to performance scoring under a familiar framework.
ASM in Brief
Beginning January 1, 2027, participating specialists will be evaluated based on their performance in four domains or “performance categories” based on the MIPS scoring framework—Quality, Cost, Improvement Activities, and Interoperability—and scored relative to peers within their geographic region. The ASM involves two-sided risk, meaning that clinicians may receive positive, neutral, or negative payment adjustments to future Medicare Part B claims depending on their composite score based on the performance categories. Unlike MIPS, however, the ASM will require clinicians to report on measures and activities clinically relevant to their specialty type and chronic condition of focus (heart failure or low-back pain). Additionally, under the MIPS framework, CMS assesses a clinician’s performance against an entire pool of all MIPS participating clinicians, regardless of specialty type or service provided. However, the ASM modifies this approach, assessing individual clinical performance scores against only clinicians treating the same chronic condition.
The ASM will be tested over five performance years, from January 1, 2027, through December 31, 2033, with performance measured during those years and corresponding payment adjustments applied to Medicare Part B claims on a two-year lag (i.e., performance in CY 2027 will affect payment rates in CY 2029). In the first payment adjustment year (2029), adjustments will range from approximately –9 percent to +9 percent, with larger potential adjustments in subsequent years. To ensure that the ASM results in savings, ASM will retain a percentage of the payments rather than distributing all funds as payment adjustments to the clinicians.
To participate in the model, clinicians must have historically treated at least 20 applicable episodes per year. CMS will also identify participants based on historical claims data, publishing final participant lists and selected geographies in 2026.
Performance Categories
The four performance categories for the ASM are the same performance categories required for clinicians participating in MIPS, except that the ASM will measure quality and cost at the individual clinician level (except for small practices), while continuing to measure practice transformation and EHR interoperability at the group level:
Quality: The quality measurement strategy for the ASM focuses on three domains related to utilization– (1) excess utilization, (2) evidence-based care and outcomes, and (3) patient-reported outcomes and experience. The specific measures are intended to elevate the patient’s voice and be clinically relevant for each specialty type for each of the two conditions (hearth failure and low-back pain).[1] Any addition or removal of a quality measure for an ASM cohort would be prospective only and will occur through notice and comment rulemaking.[2]
Cost: CMS will assess efficiency and cost-effectiveness of care by leveraging existing MIPS episode-based cost measures (“EBCMs”). For the ASM heart failure participant cohort, CMS will use the heart failure EBCM to assess a specialist’s cost ASM performance category score. Similarly, CMS will use the low-back pain EBCM to determine an ASM low-back pain to calculate the ASM performance category score.[3]
Improvement Activities: CMS will evaluate clinical care coordination and patient engagement by whether a clinician (1) is connecting to primary care and ensuring completion of health-related social needs screening, and (2) establishing communication and collaboration expectations with primary care through Collaborative Care Agreements.[4]
Interoperability: To measure specialist performance in the interoperability performance category, CMS will review use of certified electronic health record technology (“CEHRT”), which also align with MIPS requirements. ASM participants must provide CMS evidence of their use of CEHRT by providing their EHR’s CMS identification ID from CMS’s Certified Health IT Product List.
Insights
The ASM aims to drive participating specialists to transition from a volume-based to a value-based care model by emphasizing early intervention, evidence-based treatment, and strong collaboration with primary care clinicians and ACOs.
Clinicians will need to redesign workflows around longitudinal patient management, adopt tools for capturing functional outcomes, and ensure accurate documentation of conditions, interventions, and coordination efforts. Given the model’s two-sided risk, practices should consider modeling potential financial exposure and planning accordingly. The shift also presents opportunities for those who proactively embrace data-driven management and conservative, outcomes-oriented care. Because each individual clinician’s performance will be assessed relative to regional peers, understanding cost drivers and practice variation will be essential to success.
The ASM’s introduction also intersects with other value-based frameworks, most notably ACOs and the MIPS and its evolving MVPs. For specialists affiliated with ACOs, the ASM adds a layer of accountability that may overlap with total cost of care benchmarks. Coordination will be critical to align incentives and avoid attribution conflicts. We also note that not only will ASM participation be assessed yearly, but MIPS-eligible clinicians that participate in the ASM will be exempt from MIPS reporting requirements for the performance years they are also included in ASM. Clinicians participating in MIPS or MVP reporting will need to harmonize measure selection and reporting strategies, as ASM domains closely mirror MIPS categories but operate under distinct benchmarks.
Beyond the ASM, the final rule includes separate conversion factors for Qualifying APM Participants (QPs) and non-QPs, efficiency adjustments for technology adoption, and site-neutral payment and telehealth expansion policies. These updates reinforce CMS’s goal of linking reimbursement to care outcomes rather than service volume. Further technical guidance, including episode definitions and risk adjustment details, is expected in 2026.
Healthcare organizations and specialty practices should consider preparing for ASM participation immediately. Practices may assess eligibility, conduct readiness evaluations, and review CEHRT capabilities. Specialty clinicians already participating in ACOs or MIPS would benefit from mapping existing quality measures to ASM domains to avoid duplication. Financial modeling is essential to anticipate exposure under two-sided risk, while governance structures should incorporate compliance oversight and value-based strategy alignment.
Key Client Takeaways for Consideration
Assess eligibility – Confirm whether your practice meets the 20-episode threshold and monitor CMS’s participant list.
Readiness planning – Conduct operational gap analyses focusing on data, CEHRT, care coordination, and outcome measurement.
Align value-based strategies – Coordinate ASM implementation with ACO participation and existing value-based contracts to ensure alignment with required performance categories under the ASM.
Harmonize reporting frameworks – Identify overlaps between ASM and MIPS/MVP reporting to streamline compliance, which may require clinicians to modify measures they report to conform to required ASM performance standards.
Model financial exposure – Project the impact of the ±9% adjustment range in early years to inform investment decisions.
Governance and compliance oversight – Update governance charters to oversee ASM participation and clinician engagement.
Conclusion
The ASM underscores CMS’s intent to expand value-based accountability into specialty care. By prioritizing care coordination, interoperability, and outcomes measurement, CMS aims to reduce costs and improve care quality for high-spend conditions such as heart failure and low-back pain. Practices should evaluate their readiness from a data, workflow, risk management, and strategic alignment perspective. Specialists who proactively prepare will be best positioned to mitigate downside risk and achieve performance-based gains.
FOOTNOTES
[1] 42 CFR §§ 512.725(b) and (c).
[2] 42 CFR §§ 512.725(d).
[3] 42 CFR §§ 512.730.
[4] 42 CFR § 512.735(c).
Listen to this article
Joel Dankwa contributed to this article
OSHA Recordkeeping and Reporting Guidance for Employers, Part I- Foundations of OSHA Injury and Illness Recordkeeping
This three-part series on OSHA recordkeeping and reporting provides tips for employers on maintaining compliance with Occupational Safety and Health Administration (OSHA) requirements.
Part I, which follows below, covers the foundational aspects of determining recordability, including the use of OSHA Forms 300, 301, and 300A, as well as the criteria for recording work-related injuries and illnesses.
Part II offers a step-by-step walkthrough for completing these forms accurately, and Part III details the reporting responsibilities for severe incidents such as fatalities, in-patient hospitalizations, amputations, and loss of an eye, emphasizing the importance of timely and accurate reporting.
Employers first determine whether they must keep Occupational Safety and Health Administration (OSHA) injury and illness records and, if so, which forms apply. Most employers must maintain the OSHA Form 300 Log (“Log” or “300”), prepare an OSHA Form 301 Incident Report (301) for each recordable case, and prepare and post the OSHA Form 300A Annual Summary (300A).
Employers with ten or fewer employees in the prior year and those in industries listed in OSHA’s partial-exemption appendix are generally exempt from routine recordkeeping duties but must still report severe events and respond to government data requests, such as those from the Bureau of Labor Statistics (BLS).
Each recordable case must be entered on the Log and documented on a 301 within seven calendar days of receiving information that the case is recordable. Employers must post the 300A from February 1 through April 30 and retain the 300, 300A, and 301 for five years, updating the 300 during that period if new information comes to the employer that suggests an entry was erroneous.
Quick Hits
Employers must determine if they need to keep OSHA injury and illness records, which include the OSHA Form 300 Log, the OSHA Form 301 Incident Report for each recordable case, and the OSHA Form 300A Annual Summary, which has to be posted from February 1 through April 30.
Determining whether a case is recordable involves confirming an injury or illness, assessing work-relatedness, identifying if it is a new case, and applying general recording criteria such as death, days away from work, or medical treatment beyond first aid.
Employers must ensure accurate recordkeeping, involve employees in the process, and provide access to records while maintaining privacy and data integrity, especially for special recordkeeping categories like hearing loss, needlestick injuries, and privacy concern cases.
Determining Whether a Case Is Recordable and Work-Related
Determining whether a case is recordable follows a structured sequence that begins with confirming that an injury or illness has occurred. OSHA defines “injury or illness” broadly as an “abnormal condition or disorder,” acute or chronic, that reflects an adverse change of some significance; normal end‑of‑day fatigue or mood changes are not injuries or illnesses.
Employers next determine work-relatedness under OSHA’s geographic presumption that events or exposures in the work environment are work-related unless a specific regulatory exception applies. Exceptions include symptoms arising at work that result solely from a nonwork event, voluntary wellness or recreational activities, personal tasks outside working hours, personal food consumption, self‑medication for a nonwork condition, and common colds or influenza. Work performed at home is recordable only when the injury or illness occurs while the employee is performing paid work and is directly related to the performance of that work rather than the home environment. OSHA’s website includes many answers to “frequently asked questions” and standard interpretations that help employers determine whether a work-related injury or illness occurred.
New Cases vs. Continuations of Previously Recorded Conditions
If the case is work-related, employers determine whether it is a new case rather than a continuation of a previously recorded condition. A new case exists when the employee has not previously experienced an injury or illness of the same type affecting the same body part, or when the employee had fully recovered, and a new workplace event or exposure caused the condition to recur. Chronic diseases that persist regardless of new workplace exposure are recorded once, while sensitization conditions that flare with new exposures are recorded when those exposures occur. If the case is new and work-related, employers apply the general recording criteria: death; one or more calendar days away from work; restricted work or job transfer; medical treatment beyond first aid; loss of consciousness; or a significant diagnosed injury or illness such as a punctured eardrum, a fractured rib, or a broken toe.
Medical Treatment vs. First Aid
Distinguishing medical treatment from first aid is central to consistent and compliant recordability.
Medical treatment includes the management and care of a patient to combat disease or disorder and excludes diagnostic procedures and observation-only visits. OSHA provides an exclusive list of first aid measures that are never medical treatment, regardless of who provides them.
First aid includes nonprescription medicines at nonprescription strength, cleaning and bandaging wounds, butterfly bandages and Steri‑Strips, hot or cold therapy, non‑rigid supports, temporary immobilization for transport, draining a blister, removing superficial splinters, finger guards, massage as a standalone measure, and drinking fluids for heat stress. Treatments not on the first‑aid list, such as sutures, tissue adhesives, prescription medications, physical therapy, or any wound‑closure device other than butterfly bandages or Steri‑Strips, are medical treatment. The definition of what constitutes first aid tends to shift and narrow over time, so employers are encouraged to review OSHA’s website to ensure that the current definition meets their understanding of the definition.
Counting Days Away and Days of Restriction or Transfer
Counting days away and days of restriction or transfer requires careful application of OSHA’s rules. Employers record calendar days, including weekends, holidays, and vacation days, beginning the day after the incident. If a licensed healthcare professional recommends days away or restricted duty, the employer records the recommended days even if the employee works; if the employee stays out longer than recommended, the employer records only the recommended days. The combined total of days away and days restricted or transferred is capped at 180 for each case. Where providers disagree, employers resolve the difference by selecting the most authoritative recommendation and documenting the basis for that choice. If a recordable injury happens after July 1 of any given calendar year, the count of days away, restricted, or transferred ends at the end of that calendar year.
Special Recordkeeping Categories
Special recordkeeping categories require tailored treatment. Recordable work‑related hearing loss requires both a standard threshold shift under the noise standard and an average hearing level of 25 decibels or more at 2,000, 3,000, and 4,000 hertz in the affected ear. Needlestick injuries or cuts from sharps contaminated with another person’s blood or other potentially infectious materials are recordable as injuries regardless of other criteria, and employers must update the Log if a related infection is later diagnosed. Medical removals required by specific substance standards are recorded as days away or restricted work, as applicable. Privacy-concern cases—including injuries to intimate body parts, sexual assaults, mental illnesses, HIV, hepatitis, tuberculosis, and contaminated sharps injuries—must omit the employee’s name on the Log, with a confidential list maintained to cross‑reference case numbers to names.
Employee Involvement and Access
Employers must also ensure employee involvement and access. Employers must inform employees how to report injuries and illnesses, provide access to recordkeeping forms within specified timeframes, and ensure that reporting procedures are reasonable and nonretaliatory. Employees and their personal representatives may access the Form 301 for that employee’s case, while authorized employee representatives may access the narrative “how the incident happened” portion for cases at the establishment with personal identifiers redacted. Employers must provide records to OSHA and other authorized government representatives promptly upon request.
Key Takeaways
With the definition, work‑relatedness, new‑case status, and recording criteria resolved, employers must translate those decisions into accurate entries on Forms 301, 300, and 300A.
Part II of this series walks through each form, step by step, using information commonly at hand, and explains how to maintain objectivity, privacy, and data integrity as case outcomes evolve.
Update on Processing of Telehealth Claims Impacted During the Government Shutdown
The recent government shutdown caused multiple Medicare statutory payment provisions to lapse on October 1, 2025, due to the absence of Congressional action. With the passage of the Continuing Appropriations, Agriculture, Legislative Branch, Military Construction and Veterans Affairs, and Extensions Act, 2026 (Pub. L. 119-37), (discussed here), Congress has retroactively restored many of these provisions. The looming question at the time of the passage was whether there would be retroactive payments.
On November 21, 2025, Centers for Medicare and Medicaid Services (CMS) issued a Special Edition to clarify retroactive processing of claims.
Telehealth and Acute Hospital Care at Home Claims
On November 6, 2025, CMS instructed Medicare Administrative Contractors (MACs) to return certain telehealth claims submitted on or before November 10, 2025, that were previously non-payable after the lapse of statutory provisions. These claims are now payable if they meet all Medicare requirements.
Practitioners should resubmit returned claims and any held telehealth claims. Refund any beneficiary payments for services now retroactively covered. The prior instructions to append the “GY “modifier are rescinded.
Similarly, beginning November 10, 2025, MACs returned claims for the Acute Hospital Care at Home initiative for dates of service on or after October 1, 2025. Hospitals may resubmit these claims.
Next Steps for ProvidersFacilities, practitioners, and suppliers should expect a return to normal processing operations soon.
California AB 1415: Expanded Oversight for Private Equity and Hedge Fund Investors in Healthcare Deals
Go-To Guide:
California’s AB 1415 expands the scope of entities required to submit advance notice to the Office of Health Care Affordability (OHCA) in advance of a proposed agreement or transaction.
The new law requires private equity, hedge fund investors, and management service organizations (MSOs), and other “noticing entities” to notify OHCA 90 days prior to any proposed agreement or transaction.
AB 1415 defines “noticing entity” as a (i) private equity group or hedge fund, (ii) newly created business entity created for the purpose of entering into agreements or transactions with a health care entity, (iii) management services organization, or (iv) an entity that owns, operates, or controls a provider, regardless of whether the provider is currently operating, providing health care services, or has a pending or suspended license.” See, Cal. Health & Safety Code Section 127507(h).
It is unclear whether monetary thresholds for a material change transaction pursuant to existing law will extend to noticing entities in the forthcoming regulations.
Existing law requires health care entities that meet specified revenue thresholds, among other requirements, to provide notice to OHCA at least 90 days prior to the closing date to allow OHCA to review the transaction and determine whether such transaction will be further evaluated under a “cost and market impact review” (CMIR). “Health care entities” are defined as payors, providers such as hospitals, physician organizations, clinics, ambulatory surgery centers, laboratories, and imaging facilities, fully integrated delivery systems, pharmacy benefit managers (PBMs), including parent, subsidiary, or affiliated entities that act on behalf of a payer.
A “material change transaction” is defined as a merger, acquisition, corporate affiliation, or agreement that involves a transfer of assets or control that would affect the provision of health care services in California and transactions that meet specified materiality thresholds. A material change transaction does not include transactions that occur in the ordinary course of business, such as corporate restructuring – if the health care entity already directly or indirectly through intermediary entity controls – is controlled by or under common control with all parties to the transaction.
I.
A health care entity that is a party to (as buyer, seller, or both), or subject of, a material change transaction that meets at least one element in Section I and at least one element in Section II must file a pre-transaction notice with OHCA if:
–
It has annual revenue of at least $25 million or owns or controls California assets of at least $25 million;
–
It has annual revenue of at least $10 million or owns or controls California assets of at least $10 million, and is a party to or subject of a transaction with:
–
any health care entity that has annual revenue of at least $25 million or owns or controls California assets of at least $25 million, or
–
any entity that owns or controls a health care entity that has annual revenue of at least $25 million or owns or controls California assets of at least $25 million.
–
It is a provider or fully integrated delivery system that provides health care services in a designated primary care health professional shortage area (HPSA) in California.
Notably, health care entities such as affiliates or subsidiaries that are not listed as parties to the purchase agreement may still be deemed “subject of” a material change transaction if, as a result of the transaction, their assets, governance, responsibility, or operational control will be transferred.
II.
A health care entity (buyer, seller, or both) meets the criteria for a material transaction if it meets any one of the elements in Section I and any one of the elements listed below:
–
The proposed fair market value of the transaction is $25 million or more, and the transaction is for the provision of health care services;
–
The transaction is more likely than not to increase annual California-derived revenue of any health care entity that is a party to or subject to the transaction by either $10 million or more or 20% or more of the annual California-derived revenue;
–
The transaction involves the sale, transfer, lease, exchange, option, encumbrance, or other disposition of 25% or more of the total California assets of the submitter entity;
–
The transaction involves the transfer of control, responsibility, or governance in whole or in part of the submitter entity;
–
The transaction will result in an entity contracting with payers on behalf of consolidated or combined providers and is more likely than not to increase annual California-derived revenue of any provider in the transaction by either $10 million or more or 20% or more of annual California-derived revenue;
–
The transaction involves the formation of a new health care entity, affiliation, partnership, joint venture, or parent corporation for purposes of providing health care services in California and it is projected to have at least $25 million in annual California-derived revenue or the transfer or control of California assets related to such health care services valued at $25 million or more;
–
The transaction is part of a series of related transactions for the same or related health care services (otherwise known as a Roll up) occurring over the past 10 years involving the same health care entities or affiliated entities and those combined transactions comprise a single transaction for purposes of determining revenue thresholds, including asset and control circumstances; or
–
The transaction involves the acquisition of a health care entity by another entity, and the acquiring entity has consummated similar transactions in the past 10 years with a health care entity that provides the same or related health care services and the proposed transaction plus the prior similar transactions will be treated as a single transaction for determining revenue thresholds, including asset and control circumstances.
AB 1415 (Bonta) amends the California Health & Safety Code §§127500 et seq. to broaden definitions for entities subject to the OHCA pre-transaction notice obligations. Effective Jan. 1, 2026, management service organizations, private equity, hedge fund managers, any newly created business entities created for the purpose of entering into agreements or transactions with a health care entity (otherwise known as NewCos), and an entity that “owns, operates, or controls a provider, regardless of whether the provider is currently operating, providing health care services, or has a pending or suspended license” defined as “noticing entities” must provide written notice to OHCA regarding proposed agreements or transactions between:
1.
A noticing entity and a health care entity;
2.
A noticing entity and MSO; or
3.
A noticing entity and an entity that owns or controls the health care entity or MSO.
OHCA is expected to issue a notice of proposed rulemaking that will provide additional guidance for management service organizations, including clarifying regulations intended to prevent duplicative notice filings. It remains unclear, however, whether the forthcoming regulations will address monetary thresholds for determining a “material change transaction” under existing law, and whether those thresholds will extend to noticing entities.
Gov. Newsom vetoed a similar bill introduced last year, AB 3129 (Wood). In his veto message, Newsom wrote, “However, OHCA was created as the responsible state entity to review proposed health care transactions, and it would be more appropriate for the OHCA to oversee these consolidation issues as it is already doing much of this work.” Unlike AB 1415 (Bonta) pre-transaction notice requirement, AB 3129 (Wood) would have mandated a pre-consent process for private equity backed healthcare transactions.
There is an upward trend across the country towards greater oversight of private equity investments in the healthcare industry. In a press statement, Assemblymember Mia Bonta revealed her perspective on private equity investments in healthcare: “Research shows that as market consolidation rises, so do prices. Over the past decade, hospital mergers have steadily increased, often leading to service reductions or closures as profits are prioritized over community needs.”
Gov. Newsom additionally signed SB 351 (Cabaldon), which codifies the corporate practice of medicine and authorizes the California attorney general to enforce the corporate bar against private equity groups or hedge funds that interfere with the professional clinical judgment of physicians or dentists. The new statute additionally prohibits certain clauses in practice management contracts that would (i) limit provider competition with the practice in the event of termination or resignation, or (ii) disparaging, opining, or commenting on the practice on any issues relating to quality of care, utilization, ethical, or professional challenges in the practice of medicine, dentistry, or revenue-increasing strategies used by the private equity group or hedge fund. Together with the forthcoming OHCA regulations, SB 351 underscores the importance for investors and health care organizations to review existing arrangements to ensure alignment with state law requirements.
Additional states with proposed legislation include states like Massachusetts1, Illinois2, and Pennsylvania3.
Outstanding Issues
This bill adds to the growing patchwork of state laws that may differ from federal regulations.
It is unclear whether a noticing entity’s internal corporate restructuring would fall under the purview of AB 1415.
What constitutes “material amount of assets or operations” in a proposed transaction remains unclear.
Considerations
Private equity and hedge fund investors may wish to:
Proactively assess whether their active or proposed transaction falls within the parameters of AB 1415 and adjust timelines accordingly;
Actively review MSO/PC arrangements and harmonize with new laws; and
Monitor and consider engaging in OHCA regulatory rulemaking process (proposed regulations forthcoming).
1 See, S.868.
2 See, SB 1998.3 See, HB 1460.
Actualizing Therapy from Psychedelic Compounds Requires Acknowledging the Past Pioneers as well as Encouraging Cooperation from Current Market Players
In this era of industrialized capitalism, there are serious economic incentives to promote products in nascent industries. Intellectual property and the corresponding legal framework help achieve this promotion. Applying existing legal constructs to manufacturing products in burgeoning fields allows both the industry itself to grow and allows the players within those industries to profit from the growth that their innovation furthers within those industries. These players, however, are not necessarily only limited to the employees within the companies that make up the early competitive landscape. These players also include those pioneers that invented the foundational knowledge that has provided the original opportunities for these industries to exist. For example, biotechnology—including pharmaceuticals and biologics—has benefitted from the guidance that the Food and Drug Administration (“FDA”) and the United States Patent and Trademark Office (“USPTO”) have promulgated over the years. While some of that has been codified statutorily, some only has been communicated outside of legislation through guidance and regulation.
Compounds that have been traditionally traced to psychedelic practice (e.g., LSD, ketamine, and psilocybin) have recently been chemically modified to negate their hallucinogenic properties. Researchers have done so by replacing functional groups off of the integral carbon rings that make up the chemical compounds that hypothetically alter the binding behavior of the receptors. Thus, there exists a unique opportunity to apply these compounds therapeutically. Furthermore, there also exists an unmet need for such medicine as there has been an increase in mental health issues globally which therapies using these compounds may be able to address. Thus, the incentive to expedite the possibility of providing therapy derived from these compounds has become increasingly important. The vehicle enabling such a possible medical breakthrough has yet to be established. We propose applying the already-existing patent system to this nascent industry, which would not only improve the financial situation of the players within the field (pioneers and market participants) as well as validate the science such that the therapeutic options that come from it are safe and trusted.
As basic research continues to unlock the potential of psychedelic compounds to alleviate treatment-resistant symptoms of psychological illnesses like major depressive disorder and post-traumatic stress disorder, there are certain problems that arise with the regulation of the fruits of this research as well as the research itself. As the number of patents issued covering therapeutic uses for psychedelic drugs has escalated rapidly, the industry itself faces urgency in regulating the growth.
Recently, Nature Medicine published online guidelines—Reporting of Setting in Psychedelic Clinical Trails (ReSPCT)—that outline a standardized protocol for psychedelic clinical trials that take into account the necessary safety considerations when administering psychedelics as well as the potential for their effective therapeutic potential. As of now, clinical trials for psychedelics do not provide the necessary framework to properly test the drugs for the FDA to readily rely upon the clinical endpoints that these protocols set. The ReSPCT framework consists of thirty variables, some of which include the environment in which the patients are administered the psychedelic drugs to be tested, how the drugs themselves are dosed and by whom, how the practitioners are supposed to intake the patients, and the actual therapeutic experience of the patients themselves. The guidelines acknowledge that there is fear within the industry that these drugs may in fact harm the patients, but these guidelines take such fear into consideration. While the ceiling for their therapy is high, there still needs to be motivation within the industry for a new regulatory framework as well as more attention toward basic research and clinical testing with the hopes that such attention to detail could ensure that the drugs work and that the patients would eventually not be harmed.
Such guidelines would help regulate the drug development of these dangerous compounds which would go a long way in ensuring the resulting therapies that such clinical research produces are both safe and effective. The FDA currently regulates the underlying clinical research required to approve pharmaceuticals and biologics, requiring market entrants to file a New Drug Application (“NDA”) for new pharmaceutical treatments and a Biologics License Application (“BLA”) for new biologic therapy. Within these submissions, drug manufacturers are required to include detailed information that must comply with the FDA’s strict quality standards before any medication can be administered to the public outside of those patients enrolled in the clinical trials detailed in these applications. These ReSPCT guidelines provide a framework that sets such a requirement in motion for treatment or therapy derived from psychedelic compounds.
Still, even with these guidelines, there remains a warranted recommendation to account for the pioneers that have been researching these compounds for hundreds of years privately. Porta Sophia is a nonprofit designed to address the difficulty in finding prior art that researchers and patent examiners face when designing and evaluating patent applications. Porta Sophia has collected thousands of prior art references from both common and uncommon spaces in an easily accessible database. Such a database’s benefit is at least four-fold: inventors can build on existing knowledge, investors can avoid losses on research that cannot be patented for lack of novelty, Indigenous practitioners are protected from external claims on their traditional knowledge, and potential patients have access to a broader scope of alternatives in the public domain. Thus, having a library that collects any sort of publicly-available information that chronicles the pioneering work of Indigenous traditional practice of psychedelic therapy would go a long way in preserving that knowledge for important laboratory-supported research that would inevitably legitimize the advancement of this knowledge as well as provide a verifiable collection of contemporaneous evidence to support any efforts to financially-reward the pioneers of the advancement of this field of study if such advancement were to transition into more scientifically-approved forums.
Preserving the Indigenous people’s ability to continue their traditional practices also has to be acknowledged. One potential regulation could be created a “ceremonial use” defense to patent infringement for psychedelic compounds and their methods of use. This defense would protect users from claims of infringement related to religious practices when either the plant or the underlying psychedelic compound had a prior religious use. This defense would be analogous to the existing doctrine of prior user rights, where a patent owner cannot sue for infringement based on continued use of a technology which was practiced in private before the patent was issued. The protections could be similar to the “safe harbor” provision of the Hatch-Waxman Act, which allows for the use of patented technology in the development of drugs. The current statutory framework is insufficient to protect ceremonial users because it only covers commercial uses of a technology, so further legislation is needed.
Finally, if the market transitions from nascent to profitable, such that the number of entrants would require the members to compete, industry players could agree to cooperate, similar to how early mRNA companies agreed to coexist during the pandemic. Specifically, the concept of patent pledges amongst these companies became common place. A patent pledge is when inventors commit to limiting the enforcement of their patents, typically spurring market forces to produce affordable copies of the invention for the public benefit. For instance, the Open Covid Pledge was designed to address the public health emergency of the COVID-19 pandemic by curbing enforcement of intellectual property related to treatments. Although the empirical analysis of whether patent pledges work to foster follow-on innovation is thin, there is data to support the idea that pledged patents stimulate start-up activities and provide the basis for further research. The downside of a purely voluntary patent pledge is that it can be difficult to enforce in court, frequently including stipulations and reservations of enforcement rights under certain conditions, adding substantial risk to follow-on research investments. Further legislation may be needed to reform the regulatory framework and provide a clear and predictable legal foundation for research using patented technologies in order to spur additional discovery.
The shifting political landscape has also affected the tenor of the debate around psychedelic medications, with HHS Secretary R.F.K. Jr. pushing an ambitious plan in June 2025 to have new psychedelic drugs rolled out to clinical settings within twelve months. Meanwhile, earlier in the month, Texas Governor Greg Abbot signed a law that invested $50 million into psychedelic clinical trials. Psychedelic research has bipartisan support, uniting politicians like Rep. Alexandria Ocasio-Cortez, D-NY, with Rep. Dan Crenshaw, R-Texas, who both supported the House National Defense Authorization Act’s allowance of medical research on psychedelics. With both scientific and political aspects at an inflection point, psychedelic patent law is ripe for new regulatory legislation to provide structure, predictability, and support to all stakeholders.
It seems apparent at least to the authors of this article that therapy derived from psychedelic compounds providing treatment backed by the FDA and supported by the USPTO has entered or at least will very soon enter into this era of industrialized capitalism. Its foundations outside of the commonly-assumed origins of biotechnology—specifically, laboratory-backed basic research—should not be discounted, but acknowledged. Such acknowledgement not only extends to the science that has developed over centuries, but the pioneers who have fostered this development. The pioneers’ anti-establishment proclivities shouldn’t preclude us from rewarding these pioneers. Further, given psychedelic therapy’s entrance, we can be the arbiters of the industry’s success. Promoting legal systems and providing legislative structure that has helped grow other science-derived industries should help ensure that the resulting treatment is both safe and effective.
This article was co-authored by Jonathan Shelnutt (J.D. Candidate at Georgetown Law School).