Ceramtec GMBH v. Coorstek Biocermanics LLC
This case examines the application of trademark functionality doctrine in the medical device industry, specifically addressing whether the pink color of ceramic hip components can be protected as a trademark. The case provides important guidance on how courts evaluate functionality claims and the intersection between patent and trademark protection for product features.
Background
Ceramtec manufactures artificial hip components using zirconia-toughened alumina (“ZTA”) ceramic material containing chromium oxide (chromia). The chromia gives their products, marketed under the name “Biolox Delta,” a distinctive pink color. Prior to seeking trademark protection, Ceramtec held U.S. Patent 5,830,816 covering their ceramic composition, which expired in January 2013.
In January 2012, Ceramtec applied for two trademarks claiming protection for the color pink used in ceramic hip components. The marks were registered on the Supplemental Register in April 2013, covering both a “hip joint ball” and an “acetabular shell or fossa.”
Coorstek, a competitor in the medical implant market, manufactures two different ZTA ceramic materials: CeraSurf-p, which contains chromia and is pink, and CeraSurf-w, which does not contain chromia and is white. On March 3, 2014, Coorstek filed both a lawsuit in the District of Colorado and a cancellation petition with the Trademark Trial and Appeal Board (TTAB), arguing that the pink color was functional and therefore ineligible for trademark protection.
The TTAB ruled in favor of Coorstek, finding that the pink color was functional and cancelling Ceramtec’s trademark registrations. The Board based its decision on evidence from Ceramtec’s expired patent and their technical publications showing that chromia provided material benefits to the ceramic components. Ceramtec appealed this decision to the Federal Circuit, challenging both the Board’s functionality finding and its handling of the unclean hands defense.
Issue(s)
Whether the pink color of Ceramtec’s ceramic hip components is functional and thus ineligible for trademark protection.
Holding
The Federal Circuit affirmed the TTAB’s decision canceling Ceramtec’s trademarks, finding that the pink color was functional and therefore not eligible for trademark protection.
Reasoning
The Federal Circuit’s analysis centered on the Morton-Norwich factors, a four-part test established in In re Morton-Norwich Products, Inc. that courts use to determine whether a product feature is functional. These factors examine: (1) the existence of a utility patent disclosing the utilitarian advantages of the design; (2) advertising materials in which the originator of the design touts its utilitarian advantages; (3) the availability to competitors of functionally equivalent designs; and (4) facts indicating the design results in a comparatively simple or cheap method of manufacturing.
Applying these factors to Ceramtec’s case:
The court found that Ceramtec’s expired patent disclosing the use of chromia in ZTA ceramics provided strong evidence that the pink color was functional, as it resulted from a feature that provided material benefits.
The court considered Ceramtec’s advertising materials and public communications, which disclosed that chromia provides material benefits to the ZTA ceramics, further supporting functionality.
Regarding the availability to competitors, the court found no evidence that alternative designs would work as well, making this factor neutral in the analysis.
The court determined that evidence about manufacturing costs and methods was inconclusive and treated this factor as neutral.
Particularly significant was the relationship between Ceramtec’s expired patent and their trademark claims. The court emphasized that features previously protected by a patent cannot later be protected through trademark law if they are functional, as this would effectively extend patent protection indefinitely.
The court also rejected Ceramtec’s argument that the Board improperly applied the “unclean hands” doctrine, finding that the Board properly considered the public interest in removing registrations for functional marks from the trademark register.
Through this decision, the Federal Circuit reinforced the principle that functional product features, even if they create a distinctive appearance, cannot be protected as trademarks when they serve a utilitarian purpose essential to the product’s use or manufacture.
Listen to this post
DEA Tightens Buprenorphine Telemedicine Prescribing Rules
The Drug Enforcement Administration (DEA) and the U.S. Department of Health & Human Services (HHS) just finalized their March 2023 proposed rule regarding telemedicine prescribing of buprenorphine. The final rule, effective February 17, 2025, allows DEA‑registered practitioners to prescribe Schedule III-V controlled substances, i.e., buprenorphine, to treat opioid use disorder (OUD) through audio-video visits and through audio-only visits in specific circumstances after certain requirements are met. Although these practices are currently allowed under the COVID-era telemedicine prescribing flexibilities through the end of the 2025, the final rule introduces additional requirements for these prescriptions.
Requirements of the Final Rule
PDMP Check
Before prescribing a Schedule III-V controlled substance approved by the U.S. Food & Drug Administration (FDA) to treat OUD via telemedicine (currently limited to buprenorphine), DEA-registered practitioners must review the prescription drug monitoring program (PDMP) database of the state in which the patient is located at the time of the encounter.
Scope of Review: Practitioners must check PDMP data for any controlled substances issued to the patient within the past year. If less than a year of data is available, practitioners must review the entire available period.
Initial Prescription:
After reviewing the PDMP data and documenting the review, practitioners may issue an initial six-month supply of buprenorphine, which may be divided across several prescriptions, totaling six calendar months.
If the PDMP data is not available but the attempt to access it is documented, practitioners may prescribe only a seven-day supply of buprenorphine. Practitioners must continue to check the PDMP database to issue subsequent prescriptions. If, after checking, the PDMP remains unavailable and access attempts are documented, practitioners may prescribe subsequent seven-day supplies, up to the six-month limit.
Follow-Up Prescriptions
After the initial six-month supply, practitioners may issue additional prescriptions if they either:
Conduct an in-person medical exam; or
Meet one of the seven narrow exceptions under the Ryan Haight Act (discussed below) for telemedicine practitioners.
Once an in-person medical exam has been conducted, the practitioner and patient are no longer considered to be engaged in the practice of telemedicine, and the obligations outlined in the final rule will no longer apply.
Pharmacist Verification
Before dispensing these prescriptions, pharmacists must verify the identity of the patient using one of the following:
A state government-issued ID;
A federal government-issued ID; or
Other acceptable documentation, such as a paycheck, bank or credit card statement, utility bill, tax bill, or voter registration card.
A Brief History
The rules stem from the Ryan Haight Act, which amended the Controlled Substances Act to restrict practitioners from prescribing controlled substances unless the practitioner conducts an in-person examination of the patient. The Ryan Haight Act (at 21 U.S.C. § 802(54)) outlines seven exceptions under which practitioners may prescribe controlled substances via telemedicine without an in-person exam. The fifth exception involves practitioners who have obtained the long-awaited special registration. (Stay tuned for our discussion on the DEA’s proposed rule establishing a special registration.) The seventh exception involves other circumstances specified by regulation.
During the COVID-19 Public Health Emergency (PHE), the DEA issued letters on March 25, 2020, and March 31, 2020, granting temporary exceptions to the Ryan Haight Act and its implementing rules that enabled DEA-registered practitioners to prescribe controlled substances without an in-person exam and with a DEA registration in only one state. These telemedicine flexibilities enabled practitioners to prescribe Schedule II-V controlled substances through audio-video visits and audio-only visits. Audio-only visits are permitted if the practitioner has the capability to use audio-video, but the patient is either unable to use video or does not consent to it.
In March 2023, in anticipation of the PHE ending, the DEA issued a proposed rule regarding the expansion of telemedicine prescribing of buprenorphine, which received significant criticism from stakeholders. In response, the DEA quickly rescinded the proposed rule and extended the COVID-era flexibilities in May 2023. The flexibilities were subsequently extended in October 2023 and November 2024 and are now set to expire on December 31, 2025. (For more details, see our previous discussions on the DEA’s proposed rules for telemedicine prescribing of controlled substances and the first, second, and third temporary rules extending COVID-era flexibilities.) Now, in an effort to not lose ground on the expansion of telemedicine prescribing of buprenorphine, especially if the telemedicine flexibilities expire with the incoming Trump administration, the DEA and HHS have revised and finalized their proposed buprenorphine rule.
Comparing the Proposed and Final Rules
The final rule introduces several changes to the proposed rule, some of which are described below:
Supply Limitation: The initial 30-day prescription supply limitation via audio-only was increased to a six-month supply.
In-Person Medical Evaluation: The requirement to have an in-person medical evaluation, with three options for conducting it, to prescribe more than the initial supply of buprenorphine was removed.
Recordkeeping: The detailed recordkeeping requirements for each prescription a practitioner issues through a telemedicine encounter, such as whether the encounter was conducted via audio-video or audio-only, were removed.
PDMP Review: Although reviewing the PDMP database of the state in which the patient is located at the time of the encounter is still required, the specifications and recordkeeping requirements for the review were changed.
The DEA and HHS state that these changes are likely to address and alleviate many of the concerns raised by commentors, acknowledging that some of the previously proposed requirements would have placed undue burdens on both patients and practitioners.
Conclusion
We anticipate that many stakeholders will be dissatisfied with the final rule, particularly with the six-month duration for an initial supply, which may still be too short, and the nationwide PDMP check requirement, which is overly burdensome given the absence of a nationwide PDMP database — a burden the DEA continues to underestimate.
If the COVID-era telemedicine prescribing flexibilities expire without further extension, the final rule offers protection for prescribing buprenorphine to treat OUD. However, that protection is contingent on establishing a legitimate special registration process, which the DEA has yet to propose or implement. Given the uncertainty surrounding the incoming Trump administration’s priorities and its views on telemedicine prescribing of controlled substances, it is unclear whether the final rule will be withdrawn or left as-is. There is also uncertainty about whether the telemedicine prescribing flexibilities will expire after 2025.
Tickled Pink No More
Federal Circuit Affirms Cancellation of CeramTec’s Trademarks for Pink Ceramic Hip Implants
January 16, 2025
Color trademarks have traditionally been difficult to obtain. Of the over 4 million trademark registrations, there were less than 1000 color trademarks as of 2019.[1] To be eligible for trademark registration, a color must have acquired distinctiveness and must not be functional. Recently, the Federal Circuit examined the functional component of the analysis and explained why it presents such a hurdle to registration—particularly when a party also obtains patent protection.
On January 3, 2025, the U.S. Court of Appeals for the Federal Circuit upheld the Trademark Trial and Appeal Board (TTAB) decision canceling trademarks claiming protection for the pink color of ceramic hip components.
CeramTec, a manufacturer of ceramic components for artificial hip implants, developed zirconia toughened alumina (ZTA) containing chromia, which imparts pink color and increased hardness. This material was protected under CeramTec’s U.S. Patent No. 5,830,816, which expired in January 2013. In 2012, CeramTec sought trademark protection for the pink color of its ceramic components. CoorsTek, a competitor, successfully petitioned the TTAB to cancel the trademarks, arguing that the pink color was functional.
On appeal, the Federal Circuit affirmed the TTAB decision, emphasizing that trademarks are not registrable or enforceable if the design is functional. The court analyzed the TTAB’s application of the Morton–Norwich factors to determine functionality:
the existence of a utility patent disclosing the utilitarian advantages of the design;
advertising materials in which the originator of the design touts the design’s utilitarian advantages;
the availability to competitors of functionally equivalent designs; and
facts indicating that the design results in a comparatively simple or cheap method of manufacturing the product.
CeramTec GmbH v. Coorstek Bioceramics LLC, No. 2023-1502, 2025 WL 29252 (Fed. Cir. Jan. 3, 2025).
The court also considered TrafFix Devices, Inc. v. Mktg. Displays, Inc., 532 U.S. 23 (2001), which establishes that utility patents are strong evidence of functionality. The Federal Circuit noted that the functionality doctrine ensures the public is free to use innovations after a patent expires.
Based on these findings, the court affirmed that CeramTec’s pink trademarks are functional and therefore ineligible for protection.
If you have any questions about the impact of these changes, please contact your Miller Canfield attorney or the authors of this alert.
[1] Wang, Xiaoren, Should We Worry about Color Depletion? An Empirical Study of USPTO Single-color Trademark Registrations (January 18, 2022). Available at SSRN: https://ssrn.com/abstract=4011677 or http://dx.doi.org/10.2139/ssrn.4011677
California Attorney General Issues Two Advisories Summarizing Law Applicable to AI
If you are looking for a high-level summary of California laws regulating artificial intelligence (AI), check out the two legal advisories issued by California Attorney General Rob Bonta. The first advisory is directed at consumers and entities about their rights and obligations under the state’s consumer protection, civil rights, competition, and data privacy laws. The second advisory focuses on healthcare entities.
“AI might be changing, innovating, and evolving quickly, but the fifth largest economy in the world is not the wild west; existing California laws apply to both the development and use of AI.” Attorney General Bonta
The advisories summarize existing California laws that may apply to entities who develop, sell, or use AI. They also address several new California AI laws that went into effect on January 1, 2025.
The first advisory points to several existing laws, such as California’s Unfair Competition Law and Civil Rights Laws, designed to protect consumers from unfair and fraudulent business practices, anticompetitive harm, discrimination and bias, and abuse of their data.
California’s Unfair Competition Law, for example, protects the state’s residents against unlawful, unfair, or fraudulent business acts or practices. The advisory notes that “AI provides new tools for businesses and consumers alike, and also creates new opportunity to deceive Californians.” Under a similar federal law, the Federal Trade Commission (FTC) recently ordered an online marketer to pay $1 million resulting from allegations concerning deceptive claims that the company’s AI product could make websites compliant with accessibility guidelines. Considering the explosive growth of AI products and services, organizations should be revisiting their procurement and vendor assessment practices to be sure they are appropriately vetting vendors of AI systems.
Additionally, the California Fair Employment and Housing Act (FEHA) protects Californians from harassment or discrimination in employment or housing based on a number of protected characteristics, including sex, race, disability, age, criminal history, and veteran or military status. These FEHA protections extend to uses of AI systems when developed for and used in the workplace. Expect new regulations soon as the California Civil Rights Counsel continues to mull proposed AI regulations under the FEHA.
Recognizing that “data is the bedrock underlying the massive growth in AI,” the advisory points to the state’s constitutional right to privacy, applicable to both government and private entities, as well as to the California Consumer Privacy Act (CCPA). Of course, California has several other privacy laws that may need to be considered when developing and deploying AI systems – the California Invasion of Privacy Act (CIPA), the Student Online Personal Information Protection Act (SOPIPA), and the Confidentiality of Medical Information Act (CMIA).
Beyond these existing laws, the advisory also summarizes new laws in California directed at AI, including:
Disclosure Requirements for Businesses
Unauthorized Use of Likeness
Use of AI in Election and Campaign Materials
Prohibition and Reporting of Exploitative Uses of AI
The second advisory recounts many of the same risks and concerns about AI as relevant to the healthcare sector. Consumer protection, anti-discrimination, patient privacy and other concerns all are challenges entities in the healthcare sector face when developing or deploying AI. The advisory provides examples of applications of AI systems in healthcare that may be unlawful, here are a couple:
Denying health insurance claims using AI or other automated decisionmaking systems in a manner that overrides doctors’ views about necessary treatment.
Use generative AI or other automated decisionmaking tools to draft patient notes, communications, or medical orders that include erroneous or misleading information, including information based on stereotypes relating to race or other protected classifications.
The advisory also addresses data privacy, reminding readers that the state’s CMIA may be more protective in some respects than the popular federal healthcare privacy law, HIPAA. It also discusses recent changes to the CMIA that require providers and electronic health records (EHR) and digital health companies enable patients to keep their reproductive and sexual health information confidential and separate from the rest of their medical records. These and other requirements need to be taken into account when incorporating AI into EHRs and related applications.
In both advisories, the Attorney General makes clear that in addition to the laws referenced above, other California laws—including tort, public nuisance, environmental and business regulation, and criminal law—apply to AI. In short:
Conduct that is illegal if engaged in without the involvement of AI is equally unlawful if AI is involved, and the fact that AI is involved is not a defense to liability under any law.
Both advisories provide a helpful summary of laws potentially applicable to AI systems, and can be useful resources when building policies and procedures around the development and/or deployment of AI systems.
Whistleblower Awarded $1.8 Million for Reporting Hospital Admissions Kickback Scheme
Healthcare professionals play a critical role in ensuring the integrity of the industry. However, unlawful kickbacks and fraudulent claims, if left unreported, undermine the quality of patient care and solvency of government-funded healthcare programs. A recent case involving Oroville Hospital highlights not just the consequences of violating regulations such as the False Claims Act and Anti-Kickback Statute but also the importance of whistleblowers in combatting such schemes.
Oroville Hospital Settlement Details
Oroville Hospital has agreed to pay $10.25 million to resolve allegations of participating in an illegal kickback and self-referral scheme. The settlement is divided, with $9,518,954 going to the federal government and $731,046 to the State of California.
The allegations claim that Oroville Hospital:
Paid Illegal Kickbacks to Physicians – Oroville Hospital allegedly incentivized physicians responsible for inpatient admissions by offering bonuses tied to how many patients they admitted. This practice incentivized unnecessary hospital stays, jeopardizing patient welfare and inflating healthcare costs.
Falsely Billed Medicare and Medi-Cal – The hospital allegedly admitted patients who did not need inpatient care. Furthermore, they also allegedly added false diagnosis codes such as systemic inflammatory response syndrome (SIRS) to claims, inflating reimbursements from Medicare and Medicaid (Medi-Cal in California).
The Vital Role of Whistleblowers in Healthcare Compliance
The Oroville Hospital case underscores the critical importance of whistleblowers in protecting healthcare systems from unlawful practices. The allegations in this case were originally brought forward by a private individual under the qui tam provisions of the False Claims Act.
Under the qui tam provision, whistleblowers can file lawsuits on behalf of the government and potentially receive a portion of any monetary recovery resulting from the case. The whistleblower received approximately $1.8 million or about 17% of the settlement for her role in exposing these unlawful activities.
Why Whistleblowers Are Essential
Whistleblowers are often employees or professionals working within the healthcare system who become aware of illegal or unethical practices. Here is why their role is indispensable:
1. Preventing Patient HarmUnethical behavior, such as unnecessary hospitalizations or improper medical diagnoses, can seriously harm patients. Whistleblowers bring attention to these issues and ensure medical practices prioritize patient health over profit.
2. Protecting Government ResourcesFraudulent claims and improper billing practices drain billions of dollars each year from federal programs such as Medicare, Medicaid, TRICARE, and FEHB. Whistleblowers help uncover these schemes, ensuring that taxpayer funds are used effectively and healthcare remains affordable.
3. Encouraging Transparency and AccountabilityBy exposing unlawful actions, whistleblowers hold organizations accountable and encourage others in the industry to comply with regulations such as the Anti-Kickback Statute and the False Claims Act.
4. Facilitating Internal ImprovementsWhen courts order companies to implement Corporate Integrity Agreements or similar oversight measures as a result of whistleblower actions, healthcare organizations are compelled to implement stronger compliance frameworks, reducing the risk of future violations.
New York City Publishes Updated FAQs for Earned Safe and Sick Time Act
On September 26, 2024, New York City published updated frequently asked questions (FAQs) for the New York City Earned Safe and Sick Time Act (ESSTA) in light of the New York City Department of Consumer and Worker Protection’s (DCWP) adoption of the October 2023 amended rules and the January 2024 law creating a private right of action for ESSTA violations.
While the FAQs provide some clarification and guidance regarding the amended rules and processes and procedures in pursuing a private right of action, they also leave some questions unanswered. In addition, the FAQs provide guidance on topics that were not included in the amended rules, including outlining possible additional uses of safe and sick leave that were not explicitly contemplated.
Quick Hits
On September 26, 2024, New York City released updated FAQs for the Earned Safe and Sick Time Act (ESSTA) to address the October 2023 amended rules and the January 2024 law allowing private rights of action for ESSTA violations.
The updated FAQs clarify and provide guidance regarding the amended rules, processes, and procedures in pursuing a private right of action, while also leaving some questions unanswered.
The updated FAQs provide guidance on additional topics regarding written safe and sick leave policies and additional uses of leave for weather-related health conditions and funerals.
Telecommuting and Remote Employees
With the advent of remote work and telecommuting, the amended rules clarify that an employee who is based outside of New York City is eligible to use safe and sick leave if the employee is “expected to regularly perform work in New York City during a calendar year” but only hours worked by such an employee in New York City will count toward the accrual of safe and sick leave. Additionally, the employee can only use accrued safe and sick leave while performing work in New York City.
While the amended rules provide some examples of how this will apply, the FAQs leave unanswered what “regularly perform work” means for purposes of determining eligibility.
Written Safe and Sick Leave Policies
For employers that have general paid time off policies, the FAQs clarify that employers must maintain written safe and sick leave policies in a single writing. Policies are not in a single writing “if they are split up across multiple documents or locations. An employer may supplement a national policy with an NYC-specific policy, provided that the national and local policies are not confusing or contradictory.”
Despite this guidance, the FAQs do not expound on the meaning of “confusing or contradictory.”
DCWP Investigations and Private Right of Action
As employees can now file a civil action in court and file a complaint with the DCWP, the FAQs provide guidance regarding those processes and procedures. As an initial matter, the FAQs clarify that there are no prerequisites to filing a lawsuit in court for ESSTA violations, and are not required to file a complaint with the DCWP first. Should an employee decide to file complaints in court and with the DCWP for the same alleged violations, the DCWP will stay its investigation until it is notified that “such a civil action has been withdrawn or dismissed without prejudice.” After a final judgment or settlement, the DCWP will then dismiss the complaint unless it “determines the complaint alleges a violation not resolved by such judgment or settlement.”
Additional Uses: Health Conditions Related to Weather Events and Funerals
The FAQs provide that employees may be able to use safe and sick leave for weather-related events, when, for example, weather-related conditions impact the health of employees or their family members such as extreme heat or poor air quality or if exposure to certain weather would pose a risk to the employee or family member due to an underlying medical condition.
In addition, the FAQs state that an employee may use safe and sick leave to attend a funeral if an employee is experiencing anxiety or depression or if a family member needs care for a mental or physical health condition.
Exhausting Available Safe and Sick Leave
Under the ESSTA, generally, it is the employee who decides whether to use safe and sick leave and how much accrued safe and sick leave to use. In reaffirming this rule, the FAQs provide that employers are “prohibited from deducting from an employee’s leave bank when the employee does not wish to use safe and sick leave to cover an absence.” Notwithstanding, the FAQs clarify that the ESSTA “does not require an employer to provide unpaid time off when an employee does not wish to use safe and sick leave to cover an absence and is not eligible for other paid leave.” However, the FAQs note that other laws may require an employer to grant unpaid time off.
Pay Statement Requirements and Unlimited Paid Time Off
The ESSTA requires employers to inform employees on their paystubs of the amount of safe and sick leave used during the pay period and the balance of accrued time remaining.
For those employers that offer unlimited safe and sick leave or unlimited paid time off, the FAQs state that “in very limited circumstances,” an employer will not be required to provide documentation showing accrual, use, and balance information each pay period. Whether this exception applies will depend on “the nature of the employer’s written safe and sick leave policy, including whether any restrictions apply, and whether in practice leave is truly unlimited.”
Even if an exception applies, the FAQs clarify that employers must still keep records showing compliance with the ESSTA.
Next Steps
Employers based in or with remote employees in New York City may wish to review their current policies and make any necessary revisions based on the updated FAQs. Employers may also want to review with and train supervisors and human resources professionals to ensure compliance and update existing practices to align with the above updates to minimize the potential for enforcement actions by the DCWP or for lawsuits by employees.
New Year, New Leave Laws – Understanding State Leave Law Updates Effective January 1, 2025
When did you last look at your employee leave policies? As the calendar turns to a new year, new changes often arrive, and 2025 is no exception. Employers should take note of the recent updates to state leave laws that went into effect on January 1, 2025.
Here are some states have implemented new or expanded leave laws as of January 1, 2025:
Connecticut
Employers with 25 or more employees working in the state of Connecticut must provide paid sick leave to all employees. Employees can accrue one hour of paid sick leave for every 30 hours worked, up to a maximum of 40 hours per year. Employers now have the option to frontload the paid sick leave at the beginning of each year, rather than being required to carry over unused leave to the next year. This leave can be used for the diagnosis, care, or treatment of an employee’s or their family member’s illness or injury, or for specific needs related to family violence or sexual assault.
Delaware
Employers with 10 or more employees primarily working in Delaware must begin making payroll deductions for the Delaware Paid Family and Medical Leave Program. Employers are required to contribute 0.8% of wages, and they can require their employees to pay up to 50% of the cost of the program. The first contribution payment is due by April 30, 2025.
Maine
Maine employers are also required to begin making payroll deductions to the state’s Paid Family and Medical Leave Program. Unlike Delaware, the law applies to any employer with at least one employee based in Maine. Employers with 15 or more employees must contribute 1% of wages to the program, with the option to deduct up to 50% of this contribution from employees’ wages. Employers with fewer than 15 employees must contribute 0.5% of wages, and they can deduct the entire contribution from employees’ wages. Employers covered by this law must ensure they are registered in the Maine Leave Contributions Portal to start making payments. The first payment is due by April 30, 2025.
New York
New York now requires employers to provide all employees residing in the state with an additional 20 hours of paid prenatal personal leave for any healthcare services related to pregnancy. This includes services such as physical exams, medical procedures, testing, consultations with healthcare providers, end of pregnancy care, and fertility treatment. This leave is available only to the pregnant employee receiving healthcare services and does not extend to spouses, partners, or other support persons. Pregnant employees using this leave will be paid at their regular rate of pay or the applicable minimum wage rate, whichever is greater. Once the pregnancy concludes, the employee is no longer eligible for this additional leave.
Upcoming Changes in Other States
These are just a few of the state leave laws that took effect at the start of 2025. However, additional changes are on the horizon, including Michigan’s Earned Sick Time Act, effective February 21, 2025; Missouri’s paid sick leave law, effective May 1, 2025; and Nebraska’s paid sick leave law, effective October 1, 2025. As more laws are introduced throughout the year, staying informed about these changes is essential for ensuring compliance and effectively supporting employees.
Listen to this post
EnforceMintz —Could the Supreme Court’s Decision in Jarkesy Mean the End to HHS Civil Monetary Penalty Authorities as We Know Them?
Last June, the Supreme Court issued its decision in Securities and Exchange Commission v. Jarkesy, which holds that the Seventh Amendment entitles a defendant to a jury trial when the Securities and Exchange Commission (SEC) seeks to impose civil monetary penalties (CMPs) for a securities fraud violation. While the Jarkesy decision focused on the SEC’s administrative process, enforcement actions involving CMPs brought by other federal agencies, such as the Department of Health and Human Services (HHS), also proceed through an agency tribunal as opposed to a jury trial. In particular, the Centers for Medicare & Medicaid Services (CMS), which is part of HHS, has the authority to issue CMPs in countless circumstances.
As of the date of this article, we are not aware of any federal court case that specifically challenges HHS’s administrative CMP process, but parties are starting to assert Jarkesy-based arguments in appealing HHS administrative actions. For example, in November, the HHS Departmental Appeals Board (DAB) issued a decision on an appeal filed by a skilled nursing facility (SNF) that raised Jarkesy-based arguments. The SNF had challenged an administrative law judge’s (ALJ) decision to grant summary judgment in favor of CMS in a case where CMS imposed a CMP of $1,103 per day for 109 days of noncompliance with certain Medicare participation requirements. In pertinent part, the SNF moved for the DAB to remand and refund its CMP. The SNF argued that, based on Jarkesy, the ALJ proceeding to review the imposition of CMPs was “void ab initio,” that the ALJ did not have the constitutional authority to conduct its review, and that the CMP appeal should have been heard before a jury.
Ultimately, the DAB vacated the ALJ’s decision and remanded the matter for further proceedings consistent with the DAB’s decision. Notably, however, the DAB rejected the SNF’s Jarkesy arguments because (i) the SNF’s case concerns “an entirely separate statutory authority and regulatory scheme…as administered by [HHS],” (ii) Jarkesy does not apply to the Medicare administrative appeal regime, and (iii) the Supreme Court did not hold that every agency’s attempt to impose and support CMPs necessarily is a suit at common law that must be adjudicated by an Article III court (a point that was key to the Supreme Court’s decision). The DAB also emphasized that it is not the DAB’s role to invalidate any part of the Social Security Act or its implementing regulations. This point was consistent with the DAB’s longstanding approach that ALJs may not declare a statute or regulation to be unconstitutional or refuse to apply or follow a statute or regulation on that basis.
Surely, this proceeding will not be the last time the agency encounters a Jarkesy-based argument. It is only a matter of time before the question of whether and how Jarkesy applies to HHS’s CMP authorities finds its way before the courts. If such a challenge were to succeed, it could upend the agency’s enforcement process as we know it and lead to seismic shifts in the types of enforcement matters HHS prioritizes and pursues. For now, we imagine that HHS (and other agencies) are likely reviewing their CMP procedures and reliance on ALJs to oversee these proceedings for Jarkesy-related vulnerabilities.
EnforceMintz — Novel Criminal Charges and Emerging Civil Trends from Opioid Enforcement in 2024
In past years we have discussed how opioid-related enforcement efforts have remained a top federal and state priority (here, here, and here). In 2024, opioid-related enforcement efforts continued across the entire opioid supply chain, and two themes dominated the most significant opioid cases and resolutions of 2024. First, two major settlements from the past year highlight examples of allegations that crossed a line, prompting the government to pursue criminal charges. Second, a number of recent cases against pharmacies involve a common theory of liability based on the Controlled Substances Act (CSA), which served as the basis for civil liability under the False Claims Act (FCA).
Opioid-Related Criminal Resolutions
In February 2024, Endo, a pharmaceutical manufacturer that previously filed for bankruptcy, reached a global resolution of various criminal and civil investigations into the company’s sales and marketing of opioid drugs. The company agreed to pay the government $464.9 million over 10 years (though the actual total payment amount will likely be much lower due to bankruptcy).
To resolve the criminal investigation, Endo agreed to plead guilty to a one-count misdemeanor charge for violations of the federal Food, Drug, and Cosmetic Act (FDCA). That charge related to the company’s marketing of the drug’s purported abuse deterrence, tamper-resistant, or crush-resistant properties to prescribers, despite a lack of supporting clinical data. In the plea agreement, the company admitted responsibility for misbranding its opioid drug by marketing the drug with a label that failed to include adequate directions for its claimed abuse deterrence use, in violation of the FDCA.
More recently, in December 2024, McKinsey & Company, a worldwide management consulting firm, agreed to pay $650 million to resolve criminal and civil investigations related to the firm’s consulting work for Purdue Pharma, the maker of OxyContin. As noted in the government’s press release, the McKinsey resolution was the first time a management consulting firm has been held criminally responsible for its advice resulting in a client’s criminal conduct.
The two-count criminal charging document accused McKinsey of conspiring to misbrand a controlled substance and obstruction of justice. The conspiracy charge related to McKinsey’s work to “turbocharge” OxyContin sales by targeting high-volume opioid prescribers. The obstruction charge arose from the alleged deletion by a senior partner of certain documents related to the company’s work for Purdue. To resolve those charges, McKinsey entered into a five-year deferred prosecution agreement (DPA). Under the DPA, McKinsey agreed not to do any consulting work related to the marketing, sale, or distribution of controlled substances and agreed to implement significant changes to its compliance program. Separately, the former McKinsey senior partner who allegedly destroyed records relating to the company’s work for Purdue was charged with obstruction of justice and agreed to plead guilty to that charge.
These two resolutions are relevant to all entities in the opioid supply chain, from manufacturers to consultants and all stakeholders in between. Sales and marketing practices, or abuse deterrence claims or practices targeting prescribers based on volume, can lead to both civil liability and potential criminal exposure.
Pharmacies Face Potential FCA Liability Based on CSA Violations
On the civil side, three opioid enforcement actions were particularly noteworthy. Three years ago, we highlighted some of the first pharmacy-related resolutions, which showed that pharmacies were “next in line” for opioid related enforcement. In 2024, two substantial settlements involved alleged CSA violations giving rise to FCA liability. A third FCA lawsuit filed in December 2024 against the nation’s largest pharmacy shows that this trend will likely continue in 2025 and beyond.
In July 2024, Rite Aid and its affiliates agreed to settle allegations brought by the government related to its opioid dispensing practices. Rite Aid had previously filed for bankruptcy, so the settlement agreement involved a payment of $7.5 million, plus a general unsecured claim of $401.8 million in the bankruptcy case.
The government alleged that Rite Aid pharmacists dispensed unlawful prescriptions and failed to investigate “red flags” before dispensing opioid prescriptions, then improperly submitted claims to the government for reimbursement of those prescriptions. The government alleged that the company dispensed unlawful prescriptions by (1) filling so-called “trinity” prescriptions, which are a combination of opioid, benzodiazepine, and muscle relaxants; (2) filling excessive quantities of opioid prescriptions; and (3) filling prescriptions written by prescribers previously identified as suspicious by pharmacists.
Similarly, in December 2024, Food City, a regional grocery store and pharmacy based in Virginia agreed to pay $8.48 million to resolve allegations that it dispensed opioids and other controlled substances in violation of the CSA and the FCA. Like the Rite Aid case, the government alleged that these prescriptions were medically unnecessary, lacked a legitimate medical purpose, or were not dispensed pursuant to valid prescriptions. The government alleged that Food City ignored “red flags” including, among other things, (1) prescribers who wrote unusually large opioid prescriptions; (2) early refills of opioids; (3) prescriptions for unusual quantities or combinations of opioids; and (4) patients who were filling prescriptions for someone else, driving long distances to fill prescriptions, or paying cash for prescriptions.
Also in December 2024, the Department of Justice announced that it had intervened in a nationwide lawsuit alleging that CVS Pharmacy filled unlawful prescriptions in violation of the CSA and sought reimbursement for those prescriptions in violation of the FCA. The lawsuit is currently pending. The theory of liability asserted against CVS is similar to the Rite Aid and Food City cases: CVS allegedly filled unlawful prescriptions, ignored “red flags” of abuse and diversion, and sought reimbursement from federal health care programs for unlawful prescriptions in violation of the FCA.
Under the CSA and applicable regulations, pharmacists dispensing controlled substances, like opioids, have a “corresponding responsibility” to ensure that the prescription was issued for a legitimate medical purpose. 21 C.F.R. § 1306.04(a). Exercising that corresponding responsibility requires identifying and resolving “red flags” before filling a prescription. There is no defined list of what the government deems to constitute “red flags” and determining the existence of red flags is often context dependent. Because FCA lawsuits based on alleged CSA violations appear to be a growing trend, these three cases provide helpful guidance for companies seeking to mitigate risk by implementing corporate compliance programs designed to identify and resolve “red flags” related to opioid prescriptions.
California AG Issues AI-Related Legal Guidelines for Developers and Healthcare Entities
The California Attorney General published two legal advisories this week:
Legal Advisory on the Application of Existing California Laws to Artificial Intelligence
Legal Advisory on the Application of Existing California Law to Artificial Intelligence in Healthcare
These advisories seek to remind businesses of consumer rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, CCPA), and to advise developers who create, sell, or use artificial intelligence (AI) about their obligations under the CCPA.
Attorney General Rob Bonta said, “California is an economic powerhouse built in large part on technological innovation. And right alongside that economic might is a strong commitment to economic justice, workers’ rights, and competitive markets. We’re not successful in spite of that commitment — we’re successful because of it [. . .] AI might be changing, innovating, and evolving quickly, but the fifth largest economy in the world is not the wild west; existing California laws apply to both the development and use of AI. Companies, including healthcare entities, are responsible for complying with new and existing California laws and must take full accountability for their actions, decisions, and products.”
Advisory No. 1: Application of Existing California Laws to Artificial Intelligence
This advisory:
Provides an overview of existing California laws (i.e., consumer protection, civil rights, competition, data protection laws, and election misinformation laws) that may apply to companies that develop, sell, or use AI;
Summarizes the new California AI law that went into effect on January 1, 2025, such as:
Disclosure Requirements for Businesses
Unauthorized Use of Likeness
Use of AI in Election and Campaign Materials
Prohibition and Reporting of Exploitative Uses of AI
Advisory No. 2: Application of Existing California Law to Artificial Intelligence in Healthcare
AI tools are used for tasks such as appointment scheduling, medical risk assessment, and medical diagnosis and treatment decisions. This advisory:
Provides guidance under California law, i.e., consumer protection, civil rights, data privacy, and professional licensing laws—for healthcare providers, insurers, vendors, investors, and other healthcare entities that develop, sell, and use AI and other automated decision systems;
Reminds such entities that AI carries harmful risks and that all AI systems must be tested, validated, and audited for safe, ethical, and lawful use;
Informs such entities that they must be transparent about using patient data to train AI systems and alert patients on how they are using AI to make decisions affecting their health and/or care;
This is yet another example of how issues related to the safe and ethical use of AI will likely be at the forefront for many regulators across many industries.
EnforceMintz — Long Tail of Pandemic Fraud Schemes Will Likely Result in Continued Enforcement for Years to Come
In last year’s edition of EnforceMintz, we predicted that 2024 would bring an increase in False Claims Act (FCA) enforcement activity related to COVID-19 pandemic fraud. Those predictions proved correct. The COVID-19 Fraud Enforcement Task Force (CFETF), in conjunction with five COVID Fraud Enforcement Strike Forces and other government agencies, has resolved many significant criminal and civil pandemic fraud cases over the past year. In April 2024, the CFETF released a COVID-19 Fraud Enforcement Task Force 2024 Report (the CFETF Report) describing the CFETF’s recent efforts and including a plea for more fraud enforcement funding, which suggests that additional enforcement activity is on the horizon. While that funding request has thus far gone unheeded, we expect more civil pandemic fraud enforcement actions (and continuing criminal actions) in 2025.
Civil and Criminal Paycheck Protection Program (PPP) Fraud Enforcement
Since 2020, criminal PPP fraud has dominated COVID-19 fraud enforcement headlines, and 2024 was no different. Criminal fraud schemes have concerned common fact patterns involving fraudsters who (i) obtained funding to which they were not entitled, (ii) submitted false certifications or inaccurate information in a loan application, or (iii) submitted false certifications or inaccurate information in seeking loan forgiveness. However, in the past year, civil PPP fraud enforcement has begun to evolve.
In 2024, criminal PPP fraud enforcement broke up multiple COVID-19 fraud rings involving actors who fraudulently obtained loans for fictitious businesses, packed PPP applications with false documentation (provided in exchange for kickbacks), and falsely certified information regarding the number of employees and payroll expenses that would entitle them to PPP funding. Typical charges in these cases included wire fraud, bank fraud, making false statements to federally insured financial institutions, conspiracy, and money laundering.
On the civil side, PPP fraud enforcement seemed to increase in 2024. Interestingly, some civil PPP fraud cases involved schemes similar to criminal actions. Often the government’s decision to pursue such cases as civil, criminal, or both depends on the evidence of intentional fraud. For example, in January 2024, a clinic and its owners agreed to a $2 million judgment in connection with multiple fraudulent acts, including PPP fraud arising from their certification that they were not engaged in illegal activity and that their business suffered quarterly or year-over-year losses, therefore entitling them to PPP funding. In October 2024, one FCA recovery totaling $399,990 involved a home health agency and its owner who received two PPP loans after certifying that the company would receive only one. More recently, in December 2024, a private asset management company and its owner agreed to pay $680,000 to settle FCA allegations brought by a relator. The company and its owner allegedly falsely certified that PPP loans were economically necessary and included false statements in the information submitted when seeking forgiveness for the loan. Cases of this nature apparently did not rise to the level of criminal wrongdoing, in the government’s view.
A number of civil PPP fraud FCA cases from the past year involved increasingly complex theories and allegations. These more complicated fact patterns require years of investigation and are expensive. As a result, such fraud enforcement actions may have a “long tail” and continue for years to come.
For example, in May 2024, a private lender of PPP loans agreed to resolve allegations that it knowingly awarded inflated and fraudulent loans to maximize its profits, then sold its assets and bankrupted the company. The lawsuit was initiated by whistleblowers (known under the FCA as “relators”), including an accountant and former analyst in the lender’s collection department. As part of the settlement with the lender, the United States received a general unsecured claim in the bankruptcy proceeding of up to $120 million.
More recently, in December 2024, the United States intervened in a complaint against certain former executives of the lender who allegedly violated the FCA by submitting and causing the submission of false claims for loan forgiveness, loan guarantees, and processing fees to the Small Business Administration (SBA) in connection with lender’s participation in the PPP. When we discussed this case previously, we noted that we expected to see similar cases in the future brought against private lenders who failed to safeguard government funds. More broadly, we expect the trend of increasingly complex civil PPP fraud actions will continue in 2025.
Fraud Enforcement Involving Programs Administrated by the Health Resources and Services Administration (HRSA)
Provider Relief Fund (PRF) and Uninsured Program (UIP) fraud enforcement picked up in 2024. As described in the CFETF Report, the CFETF has leveraged an interagency network to make strategic improvements in how it investigates fraud. (Interagency collaboration is another theme from 2024, which we discuss more here.) The CFETF Report also describes a department-wide effort by the Department of Justice (DOJ) to roll out database tools to all US Attorney’s Offices to detect and investigate fraud. According to the CFETF Report, DOJ has analyzed more than 225 million claims paid by HRSA, the entity that dispensed PRF and UIP loans during the height of the pandemic. Closer investigatory scrutiny has led to increased enforcement actions.
PRF Fraud
Criminal PRF fraud enforcement resembled PPP enforcement from prior years, which was often based on theft or misappropriation theories. These enforcement actions often include charges against PRF recipients who either (i) retained funds to which they were not entitled or (ii) used PRF funds for ineligible expenses, like luxury goods. For example, in April 2024, a defendant who operated a primary care clinic pleaded guilty to theft and misappropriation of PRF funds. The defendant had certified that PRF funds would be used by the clinic only to prevent, prepare for, and respond to COVID-19. Despite making this representation, the clinic operator used the PRF funds for personal purposes, including cash withdrawals and the purchase of personal real estate, a luxury vehicle, a boat, and a trailer.
UIP Fraud
There were a number of noteworthy criminal UIP enforcement actions in 2024. In March 2024, a defendant was charged with filing fraudulent COVID-19 testing reimbursement, through the laboratory he managed, for COVID-19 testing that was never provided. The defendant allegedly obtained and used the personal identifying information of incarcerated or deceased individuals in connection with those claims. The indictment alleged that the defendant received $5.6 million in reimbursement and used those UIP funds to purchase property in South Florida.
Enforcement actions involving UIP funds involved significant alleged losses by the government. In February 2024, a defendant pleaded guilty to mail fraud and identity theft charges in what the government called “one of the largest COVID fraud schemes ever prosecuted.” The defendant and her co-conspirators filed more than 5,000 fraudulent COVID-19 unemployment insurance claims using stolen identities to unlawfully obtain more than $30 million in UIP fund benefits. To execute the scheme, the defendant and others created fake employers and employee lists using the personally identifiable information of identity theft victims. The defendant was sentenced to 12 years in prison, and seven co-conspirators have also pleaded guilty in connection with this large fraudulent scheme.
In one major civil FCA resolution, in June 2024, a group of affiliated urgent care providers agreed to pay $12 million to resolve allegations that they submitted or caused the submission of false claims for COVID-19 testing to the HRSA UIP. The government alleged that the providers knew their patients were insured at the time of testing (and in some instances had insurance cards on file for certain patients), yet they submitted claims (and caused laboratories to submit claims) to HRSA’s UIP for reimbursement. The resolution is noteworthy because the providers received a relatively low FCA damages multiplier as credit for cooperating with the government in its investigation under DOJ’s Guidelines for Taking Disclosure, Cooperation, and Remediation into Account in False Claims Act Matters. More information on DOJ’s efforts to encourage voluntary self-disclosure can be found in our related EnforceMintz article here.
Fraud Schemes Involving Respiratory Pathogen Panels
Fraud involving expensive respiratory pathogen panels (RPPs) has been in the spotlight since the beginning of the pandemic. In 2022, the Office of Inspector General for the Department of Health and Human Services (OIG) warned about laboratories with questionably high billing for tests submitted for reimbursement alongside COVID-19 tests, including RPPs. The OIG deemed this scenario as deserving of “further scrutiny.” Medicare reimbursed some outlier laboratories approximately $666 dollars for COVID-19 testing paired with other add-on tests while Medicare reimbursed approximately $89 for this same testing to the majority of laboratories. The trend in RPP fraud enforcement that we discussed last year continued in 2024: enforcement actions involved a mix of criminal and civil RPP fraud cases involving significant damages.
One laboratory owner was criminally charged with submitting $79 million in fraudulent claims to Medicare and Texas Medicaid for medically unnecessary RPP tests. The laboratory owner used the personal information of a physician — without the physician’s knowledge — to submit the claims even though the physician had no prior relationship with the test recipients, was not treating the recipients, and did not use the test results to treat the recipients. The government seized over $15 million in cash from this defendant.
In another case involving both criminal and civil charges, a Georgia-based laboratory and its owner agreed to pay $14.3 million to resolve claims that they paid independent contractor sales representatives volume-based commissions to recommend RPP testing to senior communities interested only in COVID-19 testing. The independent sales contractors used forged physician signatures and sham diagnosis codes to add RPP testing to requisition forms ordering only COVID-19 testing. The whistleblower in this case — the laboratory’s manager — is set to receive $2.86 million of the recovery.
As the government continues to deploy data analytics to identify outlier cases, we suspect enforcement actions involving COVID-19 companion testing will continue.
Future of COVID-19 Enforcement
Over four years from the enactment of the CARES Act, COVID-19 fraud enforcement continues to evolve. Since the beginning, the government has consistently pursued criminal cases involving misused or fraudulently obtained funds, fake COVID cures, and fake COVID testing. In 2022, the government extended the statute of limitations for PPP fraud from five to ten years, recognizing that more time was needed to investigate and prosecute fraud on these programs.
This past year, a broader range of pandemic fraud schemes were prosecuted criminally and civilly. These often data-heavy or analytics-based cases require a significant investment of time and resources. Recognizing the resources required for these more complicated matters, the CFETF called for increased funding and an extension of the statute of limitations for all pandemic-related fraud in the CFETF Report. As of the date of this publication, that request has not yet been answered. It thus appears the funding request will be determined by the new administration.
Despite uncertainty around future funding for COVID-19 fraud enforcement, we anticipate more criminal and high-dollar civil enforcement actions in 2025. The CFETF Report described 1,200 civil pandemic fraud matters pending as of April 1, 2024, for which DOJ had obtained more than 400 judgments or settlements totaling over $100 million. This leaves approximately 800 pending civil matters, and untold billions in fraudulently obtained funds still in the hands of fraudsters. Despite uncertainty around future fraud enforcement funding, as a general matter, fraud enforcement has bipartisan support. Either way, employees, related parties, and patient relators — with the support of sophisticated relator’s counsel — will likely continue to bring pandemic fraud cases in the coming years. Overall, COVID-19 fraud enforcement is unlikely to slow down in 2025.
EnforceMintz — Medicare Advantage and Part D Programs to Remain in the Enforcement Spotlight in 2025
As government scrutiny and enforcement targeting the Medicare Advantage (Medicare Part C) program continued in 2024, the industry’s response to agency actions escalated. Last year also resulted in the first sizable Part D False Claims Act settlement. Year over year, as the number of enrollees in Medicare Advantage plans and Part D plans has steadily increased, the total federal spending on Medicare Advantage and Part D has likewise risen and the spotlight on these programs and those who participate in them has intensified.
As seen in years past, the Department of Justice (DOJ) as well as the two agencies that regulate Medicare Advantage Organizations (MAOs) and Part D plan sponsors (PDP Sponsors), the Centers for Medicare & Medicaid Services (CMS), and the Office of Inspector General for the Department of Health and Human Services (OIG), focused much of their attention on risk adjustment activities. DOJ remained in active litigation against many of the largest MAOs in the country while CMS and the OIG began conducting risk adjustment audits subject to extrapolation. Throughout 2024, the industry challenged CMS’s regulatory actions relating to Star Ratings and rules for communicating with Medicare beneficiaries who are considering Medicare Advantage and Part D plans. Finally, On December 9, 2024, CMS also finalized its updated Overpayment Rule for MAOs and PDP Sponsors in the 2025 Physician Fee Schedule Rule.
With Medicare Advantage expected to remain a top enforcement priority in 2025 and Part D enforcement growing, we anticipate that DOJ and CMS will continue to target the actions not only MAOs and PDP Sponsors, but also vendors and third-party entities that touch the Part C and D programs. In 2025, we will also be closely watching for court decisions in ongoing litigation matters that will undoubtedly influence future theories of liability and test the strength of defenses raised by MAOs, PDP Sponsors, and their vendors.
Recent Settlements Demonstrate that DOJ’s Enforcement Interest Spans the Industry
In 2024, DOJ settled two notable False Claims Act (FCA) matters relating to Medicare Advantage, which demonstrate that DOJ’s enforcement interests are not limited to MAOs, but also include vendors and other third-party entities engaged in risk adjustment practices and more. Plus, DOJ settled a large Part D matter relating to how drug costs are reported to and impact Medicare Part D payments from CMS.
Last year, Principal Deputy Assistant Attorney General Brian M. Boynton underscored DOJ’s “commitment to holding accountable third parties that cause the submission of false claims” and the government’s intention to “expand its focus on the Medicare Part C Program to include an examination of the role that vendors and providers play in the diagnoses that are submitted to the government.” DOJ made good on this promise.
For example, DOJ targeted entities involved in marketing efforts to Medicare Advantage patients. In September, Oak Street Health (Oak Street) agreed to pay $60 million to resolve the government’s allegations that it paid kickbacks to third-party insurance agents in exchange for recruiting Medicare beneficiaries to Oak Street’s primary care clinics in violation of the FCA. More specifically, DOJ alleged that Oak Street violated the Anti-Kickback Statute when, in exchange for referring Medicare beneficiaries to Oak Street, Oak Street paid insurance agents (who were acting as agents for MAOs) $200 per beneficiary referred or recommended to Oak Street’s primary care clinics. DOJ further alleged that the insurance agents delivered targeted messages to eligible seniors designed to generate interest in Oak Street and that the payments received incentivized those agents to base their referrals and recommendations on the financial motivations of Oak Street rather than the best interests of seniors. The complaint was filed by a relator who partnered with insurance agents and was contacted by Oak Street, and DOJ intervened in September for purposes of settlement. Although this settlement was with a provider organization (as explained further in), the conduct focused on Medicare Advantage members and their interactions with agents and brokers. CMS similarly highlighted its concerns regarding misleading communications to Medicare beneficiaries in its updated Medicare Advantage and Part D communication rules discussed below.
DOJ also reached a settlement agreement with a risk adjustment coding vendor this December. DOJ kicked off the holiday season by announcing the long-awaited settlement with MAO Independent Health Association, its wholly owned subsidiary and risk adjustment vendor DxID, and DxID’s former CEO, totaling up to $100 million across the three defendants. The government alleged that DxID improperly coded diagnoses from member medical records to inflate Medicare’s payments to Independent Health, including by coding from improper sources, coding conditions for which patients were not treated, and sending addenda to providers months or years after the service occurred. The parties have seemingly been engaged in settlement discussions for years, jointly requesting continual extensions of time for defendants to answer DOJ’s complaint since 2023.
Under this settlement structured based on Independent Health’s ability to pay, Independent Health will make guaranteed payments of $34.5 million and contingent payments of up to $63.5 million on behalf of itself and DxID, which ceased operations in 2021. DxID’s CEO, Betsy Gaffney, will independently pay $2 million. While Independent Health did not admit fault under the settlement agreement, the MAO also entered into a five-year Corporate Integrity Agreement (CIA) with HHS-OIG requiring that Independent Health hire an Independent Review Organization to annually review a sample of its Medicare Advantage beneficiary medical records and its internal controls to help ensure appropriate risk adjustment payments.
Additionally, following years of CMS voicing concerns over Part D Direct and Indirect Remuneration (DIR) and beneficiary protections, DOJ for the first time settled a significant matter relating to Part D DIR reporting. In July, DOJ entered into a settlement agreement with Elixir Insurance Company (Part D plan sponsor), Rite Aid Corporation (Parent Organization), and Elixir Rx Solutions (PBM) for a total of $121 million to resolve allegations that the defendants failed to appropriately report drug rebates through the Medicare Part D DIR reporting mechanism that is used by CMS to reconcile and calculate payments to Part D plan sponsors. Because Rite Aid Corporation, the parent organization, had declared bankruptcy, a portion of the settlement ($20 million) was granted as an allowed, unsubordinated, general unsecured claim in Rite Aid’s bankruptcy case in the District of New Jersey.
This is the first substantial Part D settlement focusing on Part D DIR, and it aligns with a theory of liability that DOJ has been considering for almost a decade. DOJ alleged that amounts that should have been reported as DIR (and therefore would have reduced the amount of revenue the government would pay a PDP Sponsor) were instead falsely reported as fees that do not qualify as DIR, and therefore the PDP Sponsor received and retained government payments to which it was not entitled.
Ongoing Litigation is Likely to Shape Risk Adjustment Enforcement in 2025 and Beyond
As previewed in last year’s report, DOJ continued to litigate three large FCA risk adjustment-focused cases last year against United Healthcare, Kaiser Foundation Health Plans and their affiliated medical groups, and Anthem. Because DOJ’s regulatory expectations of MAOs are often borne out through enforcement actions, judicial instruction on this topic is likely to shape future government actions and exemplify the standard of due diligence MAOs are expected to uphold when engaging in risk adjustment coding activities.
We summarized the current status and next steps for these three key cases below:
UnitedHealthcare. Litigation continued last year between the country’s largest MAO and DOJ in US ex rel. Poehling v. UnitedHealth Group, Inc. et al. (C.D. Cal.), reaching a key milestone this summer when the parties filed cross motions for summary judgment. In its Complaint in Intervention filed back in 2017, DOJ alleged that United failed to delete inaccurate diagnosis codes that it knew were unsupported by the medical records and thus resulted in overpayments. As one of the few Medicare Advantage lawsuits to reach this stage of litigation, we are watching closely for a summary judgment decision in the new year focused on the elements required to prove liability under the FCA’s reverse false claims provision.
Anthem. The government raised similar allegations against Anthem in United States v. Anthem, Inc. (S.D.N.Y), arguing that Anthem failed to identify and remove inaccurate diagnosis codes as part of its chart review program. DOJ and Anthem spent 2024 litigating discovery disputes and are set to remain in discovery through 2026.
Kaiser. DOJ also remained in active discovery with Kaiser in the lawsuit US ex rel. Osinek v. Kaiser Permanente (N.D. Cal.). The government’s Complaint in Intervention, filed in 2021, focuses on Kaiser’s use of addenda in medical records. DOJ alleges that Kaiser pressured physicians to create addenda often months after the patient encounter to retroactively add unsupported diagnoses, and that Kaiser used “data mining” programs to identify missed diagnoses and create the addenda. Following the denial of Kaiser’s motion to dismiss, the parties spent 2024 litigating discovery disputes before a magistrate judge. The case will remain in the discovery phase at least through 2025, with dispositive motions not scheduled until 2026, and a trial date currently set over two years out in 2027.
CMS and The OIG Take Active Role in Regulating Medicare Advantage and Part D with New Rules and the Impact of Extrapolation
Similar to DOJ’s expanded enforcement approach discussed above, both CMS and the OIG continued to focus on risk adjustment activities while CMS also began more heavily regulating agents and brokers who communicate with Medicare beneficiaries.
Risk Adjustment, RADV Audits, and Overpayment Rule: As it relates to risk adjustment, the OIG issued a second report concerning MAOs’ alleged use of in-home health risk assessments (IH-HRAs) to drive up payments. IH-HRAs are exams conducted by health care providers (typically nurse practitioners) in a member’s home to collect information regarding that patient’s health. In its report, the OIG identified 20 MAOs that it believes are outliers for their use of IH-HRAs as a tool to report diagnoses of their members to CMS. The OIG published a similar report in 2021 concluding that IH-HRAs and chart reviews are vulnerable to misuse by MAOs, which has likely driven DOJ enforcement action targeting these practices since.
CMS and the OIG regularly conduct audits of the diagnosis codes that MAOs submitted for their members. Critically, in 2024, the OIG finalized and CMS initiated risk adjustment audits that reached Payment Year (PY) 2018, which is the first year that extrapolation under the CMS final rule applies. Under this rule (42 C.F.R. 422.310(e)) which was finalized in February 2023, CMS has the authority to extrapolate risk adjustment audit findings covering diagnosis codes MAOs submitted in PY 2018 and forward. For years prior to PY 2018, MAOs have only had to repay overpayments identified in the actual sample that CMS or the OIG reviewed.
Last year CMS selected the MAOs that will be subject to PY 2018 Risk Adjustment Data Validation (RADV) Audits and has initiated that process with the selected MAOs. The OIG has already completed certain audits that include PY 2018 and the monetary impact of extrapolation of the findings is immediately apparent. For example, Humana’s final report for diagnosis-targeted audits imposed an overpayment obligation of just $274,000 for diagnoses audited from PY 2017 (no extrapolation) as compared to over $6.5 million in estimated overpayments for diagnosis codes audited from PY 2018 (with extrapolation). Similarly, Health Assurance of Pennsylvania’s final report auditing diagnosis codes in PYs 2018 and 2019 with extrapolation totaled $4.2 million in overpayments.
Additionally, in early December, CMS finalized the Overpayment Rule that requires MAOs and Part D plan sponsors to report and return overpayments within 60 days of an identification. The Rule was initially adopted in 2014 and held MAOs and Part D plan sponsors to a “reasonable diligence” standard when determining when an overpayment had been “identified.” The “reasonable diligence” standard was struck down in United Healthcare Insurance Company v. Azar when the district court held that the standard was impermissibly being used to establish False Claims Act liability. The updated Overpayment Rule, proposed in December 2022, has now replaced the “reasonable diligence” standard with the knowledge standard from the False Claims Act. An MAO is now considered to have “identified” an overpayment when it knowingly (either with actual knowledge, or through reckless disregard or deliberate ignorance) receives or retains an overpayment.
Medicare Advantage and Part D Communication Rules: CMS adopted changes to the Medicare Advantage and Part D Communication regulations for 2025 that, according to CMS, seek to increase transparency and protect Medicare beneficiaries from receiving misleading information about coverage options. CMS expressed concern that agents and brokers who were contracted with MAOs and Part D plan sponsors were enrolling beneficiaries into plans based on which plans paid the agents and brokers the most money, rather than the plan that was in each beneficiary’s best interests.
To address this concern, the revised regulations: (1) prohibit MAOs and Part D plan sponsors from having contract provisions that could directly or indirectly create an incentive that would reasonably be expected to inhibit an agent or broker’s ability to objectively assess and recommend which plan best fits the health care needs of the beneficiary, (2) recognize that MAOs and Part D plan sponsors may pay agents and brokers and Third-Party Marketing Organizations (TPMOs) for certain administrative and overhead expenses but limit the payment for such services to $100 per member enrolled by the agent, broker, or TPMO, previously there was no express limit other than that the values of such payments must not exceed those within the market), and (3) adopt more stringent consent requirements needed in order for a beneficiary’s information to be shared by a TPMO with a third party, including related third parties. As described further below, many entities that provide agent and broker services, referred to as field marketing organizations, or FMOs, sued CMS over these rule changes.
Following these regulatory changes and DOJ actions against brokers and agents, the OIG also weighed in when in December it issued a Special Fraud Alert warning the industry regarding its perceived risks of marketing arrangements between MAOs and health care providers or between providers and agents and brokers for MAOs. We discuss this alert further in our article here.
Industry Actions are on the Rise following the Demise of Chevron Deference
As has been widely reported, the US Supreme Court issued in June a landmark decision in Loper Bright Enterprises v. Raimondo, which struck down the longstanding doctrine of so-called “Chevron deference” to federal agency interpretation of ambiguous statutes and substantially expanded judicial review of such statutes. As expected, Loper Bright has already led to increased scrutiny of, and challenges to, agency action, including in the Medicare space. While “enforcement” against agencies is not typical government “enforcement,” it affects government enforcement matters because it impacts how agencies can take enforcement actions and what rules are enforceable.
In May 2024, certain FMOs sued CMS in the United States District Court for the Northern District of Texas, seeking to invalidate certain portions of the 2025 Medicare Advantage and Part D Communications regulations. The FMOs argued that the provision of these rules, summarized above in the Medicare Advantage and Part D Communication Rules section, violated the Administrative Procedure Act (APA). They argued that the rule was arbitrary and capricious under the APA, claiming that CMS finalized the rule based on “pure speculation,” ignored objections from the public, and failed to acknowledge reliance interests of brokers. The FMOs further contended that the rule failed to properly adhere to the notice and comment procedural requirements because CMS relied upon evidence not presented during notice and comment rulemaking. Less than a week after the Loper Bright decision, the court granted the FMOs’ request for a preliminary injunction relating to the regulation that restricted contract terms and limited administrative fee payments, finding that the rules were not reasonable.
Also, last fall four of the largest MAOs, UnitedHealthcare, Centene, Elevance, and Humana, all challenged how CMS calculated their specific Star Ratings, and, more recently, at least two Blues plans have also sued CMS. Star Ratings is the system that CMS uses to rate the performance of MAO and PDP plan sponsors. A plan’s Star Rating impacts how and when it can be marketed, and in Medicare Advantage, impacts how the plan is paid and when CMS can terminate a plan’s contract. United and Centene’s cases were relatively similar, focusing on how CMS evaluated and calculated a certain call center measure. Humana and Elevance each had arguments specific to their circumstances, and also included broader complaints regarding how CMS calculates Stars. Humana specifically challenged CMS’s unwillingness to share industry data with MAOs to ensure appropriate calculations. On November 22, 2024, the Eastern District of Texas granted summary judgment for UnitedHealthcare and ordered CMS to recalculate the MAO’s Star Rating by removing the one call center measure in dispute. In early December, Centene reported that CMS recalculated its Star Rating for 2025 following its challenge. The other cases are ongoing.
The challenges to Star Ratings are an important enforcement development because these lawsuits may force CMS to rethink how it operates the Star Ratings program and may impact whether CMS can terminate contracts that CMS believes are low performing.
Conclusion
Following another year of intense scrutiny, the Medicare Advantage industry is set to remain a government enforcement priority in 2025, and PDP plan sponsors will likely attract similar scrutiny. Both MAOs as well as third-party entities involved in the Part C program should continue to monitor DOJ enforcement activity and decisions in ongoing litigation to evaluate their risk adjustment practices. Moreover, with the danger of extrapolation of risk adjustment audits evident, MAOs must be mindful to engage in robust compliance efforts and to review published OIG reports and related guidance to mitigate enforcement risk. PDP Sponsors and their vendors should expect increased scrutiny following the Elixir settlement, the continued rollout of the Inflation Reduction Act and the intense national discussion regarding prescription drug costs. We will continue to monitor the evolving enforcement actions against MAOs and PDP Sponsors and watch closely for updated guidance whether via agency regulations and reports or court decisions in 2025 and beyond.