Health Care Litigation: Seven Considerations in Forum Selection
Choosing where to resolve a health care dispute can be overwhelming at first glance. After all, in addition to determining where a case can be brought in the first place, there is the question of where it should be brought. The answer will vary based on each case’s unique situation. However, there are at least seven factors that should be considered in all cases.
1. Favorability and Availability of Precedent
Generally, the law will not meaningfully vary between federal jurisdictions or even their state-court counterparts. Nevertheless, researching how the law operates in the various courts may be the difference between winning and losing in a particular case. Whether it is because the law itself is different, the law has been interpreted differently, or there is simply a lack of favorable precedent in one jurisdiction and an abundance in another, there are many ways the law in a particular forum may compel a winning or losing result.
Similarly, particularly complex cases brought before courts with little experience in such cases may result in unexpected or disadvantageous decisions. Consequently, if there is limited precedent in a particular forum, it may be more advantageous to resolve the dispute in another court that regularly deals with the type of case presented, even if precedent in the other forum is slightly less favorable.
2. Evidentiary Considerations
Federal courts, state courts, and arbitration proceedings each may employ different rules of evidence. Federal courts are required to adhere to the Federal Rules of Evidence, while state courts and arbitration proceedings are generally free to adopt any evidentiary rules. Although the rules are often similar, which set of rules is utilized can ultimately influence a particular case’s success, especially in health care litigation.
Consider, for example, that under the Federal Rules portions of learned treatises—referring to a published work considered authoritative in its field—may be used as substantive and impeachment evidence.[1] In contrast, in some state courts, such as Florida, learned treatises may only be used as impeachment evidence. Thus, if a particular case hinges on the fact finder relying upon a learned treatise to prove or disprove a fact or issue, evidentiary considerations suggest the case would be better litigated in federal court.
3. Resolution Speed
Arbitration proceedings are favored for their speed and efficiency as compared to traditional litigation in federal and state courts. Indeed, according to a 2017 published study administered by the American Arbitration Association, cases adjudicated by arbitration take on average 11.6 months to get to trial.[2] Meanwhile, the median time in 2024 for a civil case to get to trial in federal court was 31 months.[3] This efficiency is typically the result of focused discovery, streamlined procedures, and flexible rules. Quickly resolving litigation may be particularly important to health care companies because litigation may impact a company’s valuation, which can have downstream consequences for a merger or acquisition, or ability to borrow.
That said, not all federal and state courts are created equal. Some courts are known for their speedy resolution of cases, such as the Eastern District of Virginia, which in 2024 reported taking a median time of 14.2 months from the filing of a case to the start of a civil trial.[4]
4. Convenience
Parties, witnesses, experts, counsel, and locations pertinent to the litigation may be far away from where a particular courthouse is located. This distance can make it difficult for parties to gather evidence and participate in court proceedings. In arbitration, parties typically agree on where the proceeding will take place to avoid these burdens, and the proceeding may occur in less formal locations, such as a conference room.
5. Costs
Because litigation tends to take longer than arbitration, there will be greater legal fees involved when taking a case to trial. These legal costs will further increase if a case is appealed, which is often unavailable for arbitral decisions except on limited grounds.
Additionally, costs associated with gathering evidence and traveling to court proceedings will be reduced if one courthouse is closer than another. Keep in mind that each court system may charge different fees, and fee amounts can quickly add up.
6. Privacy
Most court proceedings are open to the public, absent certain crimes and cases involving minors. In contrast, arbitration proceedings are held in private. Keep in mind, however, that private does not mean confidential. Thus, although arbitration proceedings are generally conducted behind closed doors and away from the media, parties may be free to disseminate information related to the arbitration.
7. Probable Necessity of an Appeal
If a party anticipates their success will depend upon an appeal, perhaps because of a need to overturn a statute or precedent, arbitration will not likely be advantageous because an arbitrator’s decisions are generally binding on the parties and only appealable on limited grounds, such as fraud, misconduct, or bias. In contrast, state and federal trial court decisions are routinely appealed on substantive, procedural, and constitutional grounds.
In summary, choosing where to resolve a health case dispute is an important and complex decision. An experienced health care attorney can offer thoughtful and insightful advice to help guide you through every step of the decision.
[1] See Fed. R. Evid. 803(18).
[2] Roy Weinstein et. al., Efficiency and Economic Benefits of Dispute Resolution through Arbitration Compared with U.S. District Court Proceedings, Micronomics Economic Research and Consulting (March 2017), 2, http://go.adr.org/rs/294-SFS–516/images/Economic%20Impact%20of%20Delay%20Micronomics%20Final%20Report%20%282017-03-07%29.pdf
[3] United States Courts, https://www.uscourts.gov/data-table-numbers/c-5 (download the Excel spreadsheet “U.S. District Courts – Median Time From Filing to Disposition of Civil Cases, by Action Taken” for the period ending December 31, 2024), Column K, Row 8.
[4] Id. at Column K, Row 37
California’s Workplace Violence Law, Part I: Lessons Learned One Year Into SB 553 [Podcast]
In part one of our three-part series on California’s new workplace violence prevention law, Robert Rodriguez (shareholder, Sacramento) and Karen Tynan (shareholder, Sacramento) discuss the lessons employers have learned about workplace violence inspections during the law’s first year of implementation. Karen and Robert, who are co-chairs of the firm’s Workplace Violence Prevention Practice Group, explore how the enforcement of the new law, which took effect on July 1, 2024, is being managed and offer insights into Cal/OSHA’s approach to these inspections. The discussion highlights practical tips for employers, the importance of customized training, and the role of the Bureau of Investigation in incidents of workplace violence.
Study Projects Steep Price Increases if Seed Oils Were to be Banned
Secretary of Health and Human Services Robert F. Kennedy Jr. has been critical of seed oils, alleging that they are harmful to human health and that consumers have been “unknowingly poisoned.” (See Twitter Post). This view is not shared by most of the scientific community. Indeed, FDA has approved qualified health claims for canola, corn, and soybean oils (all types of seed oils) and reduction in the risk of coronary heart disease. See Qualified Health Claims: Letters of Enforcement Discretion | FDA. However, this has not stopped Sweetgreen from announcing a seed-oil free menu earlier this year.
Although no seed oils bans have been proposed, a recent study conducted by the World Agricultural Economic and Environmental Association found that any such ban would significantly increase consumer vegetable oil prices and would have deleterious effects on the U.S. farm industry (non-seed oils like olive, palm, and peanut oil are largely imported).
Specifically, the study found that per capita spending on vegetable oils and fats would be 42.8% higher per year if overall vegetable oil consumption remained the same (non-seed vegetable oils substituted completely for seed oils). A second scenario assumed that the oils are not fully substitutable, resulting in a 21.1 pound per capita drop in vegetable oil consumption and an 8% greater per capita spending on vegetable oils per year.
The study characterizes the simulated effects as having an unprecedented shock on the oilseed market.
Think ADA Recovery Is Limited to Employees With Disabilities? The Seventh Circuit Says Think Again
On April 1, 2025, the Seventh Circuit Court of Appeals clarified the remedies available to nondisabled employees subjected to improper medical examinations or inquiries under the Americans with Disabilities Act (ADA).
The court’s decision in Nawara v. Cook County establishes that nondisabled employees may recover back pay if subjected to improper medical examinations or inquiries.
Quick Hits
The Seventh Circuit reiterated that the ADA’s limitation on medical exams and inquiries applies to all employees, not just those with a disability under the ADA.
Hence, a nondisabled employee subjected to unlawful medical exams or inquiries may recover back pay if, for instance, the employee is off work without pay for some period or is discharged for refusing to undergo an improper medical examination.
The court’s ruling highlights the importance of properly determining whether to require an employee to undergo a medical or mental health exam, i.e., to ensure that any such exam or inquiry is job-related and consistent with business necessity.
Correctional officer John Nawara had several heated altercations with his supervisor and a heated interaction with human resources and a nurse. The Cook County sheriff’s office placed Nawara on paid leave and mandated he undergo a fitness-for-duty examination and sign medical authorization forms before he could return to work. Nawara refused, and when his paid leave expired, he was placed on unpaid leave. Four months later, Nawara decided to return to the sheriff’s office and returned the authorization forms and underwent a fitness-for-duty examination. Nawara was declared fit for duty and returned to work as a correctional officer.
While on leave, Nawara sued Cook County and the sheriff, alleging the compulsory fitness-for-duty examination and inquiry into his mental health violated §12112(d)(4) of the ADA, which provides:
[An employer] shall not require a medical examination and shall not make inquiries of an employee as to whether such an employee is an individual with a disability or as to the nature or severity of the disability, unless such examination or inquiry is shown to be job-related and consistent with business necessity.
A jury found for Nawara, determining that requiring him to have a fitness-for-duty exam and to complete medical authorization forms violated the ADA, but it awarded no damages. Nawara subsequently moved the district court to reinstate his seniority and award him back pay. The district court restored Nawara’s seniority but declined to award him back pay, finding that a plaintiff must have a disability under the ADA for a violation of §12112(d)(4) to constitute discrimination on account of disability and, thereby, support back pay.
The Seventh Circuit affirmed the judge’s determination on seniority but reversed on the denial of back pay. The court first noted the ADA provides: “No [employer] shall discriminate against a qualified individual with a disability ….” Id. §12112(a). Second, “[t]he prohibition against discrimination … in subsection (a) shall include medical examinations and inquiries.” Id. §12112(d)(1). And, as to current employees, this means: “[An employer] shall not require a medical examination … of an employee …, unless such examination … is shown to be job-related and consistent with business necessity.” Id. §12112(d)(4)(A) (emphasis added).
The Seventh Circuit read these provisions together to mean that “to prove a violation of §12112(d)(4) is to prove discrimination on the basis of disability under §12112(a).” In other words, because the restriction on medical exams applies to “an employee,” not just disabled employees, and an improper medical exam constitutes discrimination on account of disability under the ADA, nondisabled employees may recover back pay for the ADA violation. The Seventh Circuit remanded the case to the district court to determine back pay.
NYC’s Aggressive Enforcement of the Earned Safe and Sick Leave and Fair Workweek Laws [Podcast]
In this podcast, Diana Nehro (shareholder, New York/Boston) sits down with Jamie Haar (of counsel, New York) to discuss the New York City Department of Consumer and Worker Protection’s (DCWP) rigorous enforcement of the Earned Safe and Sick Leave Law and the Fair Workweek Law. Jamie and Diana provide an overview of these laws, including their requirements, compliance challenges, and the significant penalties for violations. Diana and Jamie also offer best practices for employers to mitigate risks and discuss the DCWP’s audit and investigatory processes.
Trending in Telehealth: March 2025
Trending in Telehealth highlights monthly state legislative and regulatory developments that impact the healthcare providers, telehealth and digital health companies, pharmacists, and technology companies that deliver and facilitate the delivery of virtual care.
Trending in March:
Youth counseling and mental health services
Insurance coverage
Interstate compacts
A CLOSER LOOK
Proposed Regulations and Legislation:
In Hawaii, the House proposed House Bill (HB) 951 to allow a patient seen in person by another health care provider in the same medical group as the prescribing physician to be prescribed opiates for a three-day supply or less via telehealth.
Tennessee proposed Senate Bill (SB) 231 to require health benefit plan coverage of speech therapy, both in person and via telehealth.
Oklahoma proposed amendments revising the office location requirements for tele-dentistry. While dentists were previously required to maintain office locations in Oklahoma, the amendment increases flexibility by allowing dentists to maintain office locations in Oklahoma or in states adjacent to Oklahoma, so long as the offices are located within 50 miles of an Oklahoma border of a state with an interstate dental and dental hygienist compact.
Both chambers of the Tennessee legislature passed SB 1122 to create a youth mental health service program, which includes the use of telehealth.
Both chambers of the Maryland legislature passed SB 94, an amendment that would require Medicaid to cover maternal health self-measured blood pressure monitoring for all eligible recipients. Specifically, the program must cover the provision of validated home blood pressure monitors and reimbursement of health care providers and other staff time used for patient training, remote patient monitoring, transmission of blood pressure data, interpretation of readings, and the delivery of co-interventions.
Also in Maryland, the House proposed an amendment that would allow certain out-of-state providers to deliver clinical professional counseling services via telehealth to students. Among other changes, the amendment removes limitations that previously capped counseling services at five days per month and 15 days per calendar year.
West Virginia’s SB 299 would require legislative telehealth rules to include a prohibition on prescribing or dispensing gender-altering medication.
In Colorado, the Department of Regulatory Agencies and the Medical Board proposed a rule imposing requirements for physicians and physician groups entering into collaborating agreements. Physicians must actively practice medicine in Colorado and, for purposes of the rule, practicing medicine based primarily on telehealth technologies does not constitute as “actively practicing medicine.”
Finalized Regulatory and Legislative Activity:
Virginia passed HB 1945, requiring that each school board consider developing and implementing policies that allow public school students to schedule and participate in telehealth services and mental health teletherapy services during regular school hours with parental consent. The bill mandates that any such policies developed by a school board must (i) require each school to designate a location for student use for such telehealth appointments, (ii) implement measures to ensure the safety and privacy of any student participating in a telehealth appointment, and (iii) prohibit any student from being subject to disciplinary measures for participating in an appointment during regular school hours.
The Mississippi governor signed SB 2415 into law, mandating that health insurance plans cover telemedicine services to the same extent as in-person consultations. Similarly, the bill requires that all health insurance and employee benefit plans in Mississippi reimburse out-of-network providers for telemedicine services under the same reimbursement policies applicable to other out-of-network providers.
North Dakota adopted an amendment revising telehealth licensure requirements for optometrists. Notably, the bill removes previous certification requirements, permits licensed optometrists to use telemedicine to provide care, and imposes new informed consent obligations.
Utah finalized three telehealth bills:
HB 39 requires the US Department of Health and Human Services to contract with a telehealth psychiatric consultation provider to offer consultation services to staff responsible for inmates’ psychiatric care.
SB 64 allows medical providers to electronically renew a recommendation to a medical cannabis patient cardholder or guardian cardholder using telehealth services.
HB 281 clarifies that only licensed psychologists, social workers, and counselors can provide mental health services in school settings, except as provided in a student’s individualized education plan or Section 504 accommodation plan, and other students may not be present when services are provided. Additionally, the school or provider must obtain written parental consent before providing or facilitating telehealth or another health care service to a student within a public school.
Virginia passed SB 1041, enabling healthcare providers to conduct telehealth sexual assault forensic examinations for victims of sexual assault if a forensic examiner is not readily available.
Colorado enacted HB 1132. The bill creates the military family behavioral health grant program to provide grants to local nonprofit organizations for the establishment and expansion of community behavioral health programs that provide behavioral health services to service members, veterans, and family members of service members and veterans. The bill requires the program to reimburse providers for telehealth visits at the same rate as in-person visits.
In Ohio, the Department of Mental Health and Addiction Services finalized a rule regarding mobile response and stabilization services (MRSS), structured intervention and support services designed for people under the age of 21 who are experiencing emotional symptoms, behaviors, or traumatic circumstances. The rule delineates the circumstances in which MRSS can be delivered using a telehealth modality, including, but not limited to, when the young person or family requests telehealth services or there is a contagious medical condition present in the home.
Compact Activity:
Several states have advanced licensure compacts. These compacts enable certain healthcare professionals to practice across state lines, whether in person or via telemedicine. The following states have introduced bills to enact these compacts:
Dietitian Licensure Compact: South Carolina, North Dakota, Iowa, and Oklahoma
Counseling Compact: New Mexico
Social Work Licensure Compact: North Dakota
Why it matters:
As youth mental health concerns rise, states increasingly turn to telehealth. Virginia, Tennessee, Utah, Maryland, and Ohio all advanced legislation or regulations to expand youth access to telehealth services, particularly for virtual counseling services in schools. Telehealth providers may be well-positioned to collaborate with teachers, caregivers, and school counselors to bridge gaps in youth healthcare.
States are increasingly adopting coverage parity legislation. Tennessee proposed a bill requiring health benefit plan coverage of speech therapy services provided via telehealth while Mississippi enacted broader legislation mandating health insurance coverage of telehealth services to the same extent as in-person services. These coverage parity initiatives improve telehealth access by ensuring that providers are equally incentivized to provide virtual and in-person services.
States continue to expand practitioners’ ability to provide telehealth services across state lines. Expanding interstate licensure compacts improves access to qualified practitioners, particularly in underserved and rural areas. These compacts also enhance career opportunities and reduce the burdens associated with obtaining multiple state licenses.
Telehealth is an important development in care delivery, but the regulatory patchwork is complicated. The McDermott digital health team works alongside the industry’s leading providers, payors, and technology innovators to help them enter new markets, break down barriers to delivering accessible care, and mitigate enforcement risk through proactive compliance.
Supreme Court Ends Circuit Split with Ruling That Plaintiffs Can Seek RICO Damages for Certain Personal Injury Claims
Resolving a deep split among federal circuit courts, the U.S. Supreme Court has broadened plaintiffs’ ability to sue under the Racketeer Influenced and Corrupt Organizations Act (RICO) for economic loss stemming from personal injury. The decision stands to permit plaintiffs to bring federal claims — particularly against generic drug and medical device manufacturers — utilizing an avenue many courts previously believed was foreclosed.
In a 5-4 ruling, Justice Amy Coney Barrett wrote for the court in Medical Marijuana, Inc. v. Horn that RICO’s Section 1964(c), while “implicitly denying” plaintiffs from suing to recover for personal injuries, permits plaintiffs to recover for “business and property loss that derives from a personal injury.” (emphasis added).
Barrett wrote on behalf of Justices Sonia Sotomayor, Elena Kagan, Neil Gorsuch, and Ketanji Brown Jackson. Justice Brett Kavanaugh was joined in dissent by Chief Justice John Roberts and Justice Samual Alito. Justice Clarence Thomas, who also dissented, wrote separately.
The case centered on a truck driver, Douglas Horn, who had injured his back and shoulder. When traditional therapies were unsuccessful in alleviating Horn’s chronic pain, he resorted to a CBD product sold by Medical Marijuana, Inc. Concerned about any positive drug test that might cost him his job, Horn was attracted to the company’s product, which Medical Marijuana, Inc. described as “0% THC” and “legal to consume both here in the U.S. and in many countries abroad.” A customer service representative reinforced the company’s statements. When Horn later tested positive for THC and was fired, he sued, alleging that the company was a RICO enterprise, with its “false or misleading advertising” constituting mail and wire fraud and a “pattern of racketeering activity.” See 18 U.S.C. §§1961(1), (5); 18 U.S.C. §§ 1341, 1343.
The district court had ruled for the company, reasoning that because Horn’s firing was “derivative of” a personal injury — ingesting THC — and because a plaintiff cannot sue under RICO for a personal injury, Horn was also unable to recover for business or property harm that flowed from a THC-related injury. The U.S. Court of Appeals for the Second Circuit later reversed that ruling, holding that Section 1964(c)’s use of “business” includes an individual’s employment and that nothing in the RICO statute excludes recovery for economic loss caused by personal injury.
Analyzing the statute’s text and surveying civil RICO precedent, the Supreme Court ultimately sided with the Second Circuit’s view, closing the book on what had become a 3-2 circuit split. The Sixth, Seventh, and Eleventh Circuits had interpreted Section 1964(c) to bar the sort of claims at issue. The Ninth and Second Circuits had gone the other way.
The principal dissent expressed concern that the Supreme Court’s decision will enable plaintiffs to “circumvent RICO’s categorical exclusion of personal-injury suits simply by alleging that a personal injury resulted in losses of business or property,” effectively federalizing traditional state tort suits. The dissent continued: “When enacting civil RICO in 1970, Congress did not purport to usher in such a massive change to the American tort system.”
The majority opinion left a variety of questions unanswered, including (1) whether the Second Circuit correctly interpreted “business” to include a person’s employment, (2) whether Section 1964(c)’s “injured in his . . . property” covers all economic loss, and (3) whether Horn’s THC consumption, which led to termination, actually constituted an “antecedent personal injury.” (After all, Horn argued in the lower courts that Medical Marijuana, Inc. had harmed his ability to earn a living rather than injured his body.)
More broadly, the decision stands to open a pathway for plaintiffs to bring federal claims against generic drug and medical device manufacturers where other doors have been tightly shut. The Supreme Court has already held that federal law preempts — and thus bars — state law failure-to-warn claims against generic drug manufacturers, see PLIVA, Inc. v. Mensing, 564 U.S. 604, 609 (2011), as well as design-defect claims under state law against the same, see Mut. Pharm. Co., Inc. v. Bartlett, 570 U.S. 472, 476 (2013).
Seeking the prospect of treble damages under RICO, Foley anticipates that plaintiffs will attempt to use the Court’s most recent decision to expand the scope of claims in the pharmaceutical and consumer product manufacturing space, where federal preemption has kept most of the plaintiffs’ bar’s liability theories at bay. Foley will continue to monitor the state of affairs and provide updated guidance accordingly.
Breaches Within Breaches: Contractual Obligations After a Security Incident
We often cover consumer class action complaints against companies regarding the privacy and security of personal information. However, litigation can also arise from alleged breach of contract between two companies. This week, we will analyze a medical diagnostic testing laboratory’s April 2025 complaint against its managed services provider for its alleged failure to satisfy its HIPAA Security Rule and indemnification obligations under the HIPAA Business Associate Agreement (BAA) between the parties.
Complaint Background
According to the complaint, the laboratory – Molecular Testing Labs (MTL) – is a Covered Entity under HIPAA, and Ntirety is its Business Associate. Reportedly, the parties entered into a BAA in September 2018. The BAA’s intent was to “ensure that [Ntirety] will establish and implement appropriate safeguards” for protected health information (PHI) it handles in connection to the functions it performs on behalf of MTL. The complaint points to various provisions of the BAA related to Ntirety’s obligations, including complying with the HIPAA Security Rule. According to MTL, the BAA also includes an indemnification provision that requires Ntirety to indemnify, defend, and hold harmless MTL against losses and expenses due to a breach caused by Ntirety’s negligence.
Alleged HIPAA Violations
MTL asserts that around March 12, 2025, it received information about a material data breach involving data “that was required to have been secured by Ntirety under the BAA.” The complaint is unclear about how or from whom MTL received that information.
The complaint asserts that MTL’s forensic investigation determined that Ntirety had faced a ransomware attack, potentially from Russian threat actors. MTL’s forensic investigation determined that Ntirety had “significant deficiencies, shortcomings, and omissions” in its procedures and practices that enabled the threat actors to access Ntirety’s computer systems and MTL’s confidential information.
In addition, MTL alleges that “Ntirety failed to provide material support to MTL for weeks” and that the support offered was conducted “slowly and incompetently.” Allegedly, Ntirety informed MTL that it would charge MTL for such efforts. MTL argues that under its BAA obligations, Ntirety was required to support MTL in its efforts to respond to and mitigate the security incident’s harmful effects.
Alleged Breach of Contract – Indemnification Demand
MTL also asserts that it has incurred or expects to incur various damages related to “remediation efforts, HIPAA notification requirements, possible legal and regulatory actions, and direct and indirect harm to MTL’s business.” Specifically, MTL claims it has already incurred damages related to the forensic investigation and anticipates further damages associated with fulfilling HIPAA PHI breach notifications and providing credit monitoring services. MTL also expects to suffer harm to its business as a result of the breach and to be subject to lawsuits and regulatory action.
Reportedly, on March 25, 2025, and April 3, 2025, MTL sent formal demands to Ntirety for indemnification under the BAA for losses incurred as a result of the breach, but Ntirety “has provided no substantive response to MTL’s indemnification demands.”
Lessons Learned
After discovering a breach, companies have numerous obligations, such as determining whether data has been corrupted, containing the incident, conducting a forensic investigation, and identifying individuals whose data may have been involved. It can often take weeks or even months to understand the scope and extent of a breach, but companies should also promptly assess their contractual obligations post-breach. Whether in a BAA or another service agreement, companies may be required to let their vendors and other partners know about an incident.
In addition, companies should consider whether to communicate about the incident at a high level to their vendors and partners, even absent contractual requirements, particularly if news about the incident has already leaked. The risk of such communications includes potentially providing premature information that is likely to change as the forensic investigation unfolds. On the flip side, partners might appreciate the transparency and direct acknowledgment. There can be many legal and regulatory consequences of a data breach, but with adherence to contractual obligations and appropriate communication, a breach of contract claim doesn’t have to be one of them.
Northeast Radiology Settles with OCR
The Office for Civil Rights (OCR) announced on April 10, 2025, that it has settled alleged HIPAA Security Rule violations with Northeast Radiology for $350,000.
The investigation followed a breach report by Northeast Radiology to OCR in March 2020 after unauthorized individuals accessed radiology images stored in PAC servers. Northeast Radiology notified 298,532 patients of the breach. The OCR alleges that, during the investigation, Northeast Radiology “failed to conduct an accurate and thorough risk analysis to determine the potential risks and vulnerabilities to the ePHI in NERAD’s information systems.”
Northeast Radiology agreed to enter into a resolution agreement with OCR that included a settlement payment of $350,000 and a supervised corrective action plan for two years.
CMS Issues CY 2026 Medicare Advantage and Part D Final Rule
On April 4, 2025, the Centers for Medicare & Medicaid Services (“CMS”) released the contract year (“CY”) 2026 final rule for the Medicare Advantage (“MA”) program, Medicare Prescription Drug Benefit Program (“Part D”), Medicare Cost Plan Program, and Programs of All-Inclusive Care for the Elderly (the “Final Rule”). While CMS finalized several proposals of its Proposed Rule, it did not finalize many of its key proposals, including on anti-obesity medication (“AOM”) coverage, enhanced guardrails for artificial intelligence (“AI”), and various health equity related initiatives in MA and Part D.
Summarized below are some of the key provisions of the Final Rule.
MA and Part D Proposals Not Finalized
Perhaps most notable from the CY 2026 Final Rule are those proposals that CMS did not finalize. These include the following:
Part D Coverage of Anti-Obesity Medications (AOMs) and Application to the Medicaid Program—CMS declined to finalize a proposal to “reinterpret” the statutory definition of a covered Part D drug at section 1860D–2(e)(2) of the Social Security Act (SSA), which excludes coverage for certain drugs and uses, including those that may be excluded by Medicaid under SSA § 1927(d)(2) as ‘‘agents when used for . . . weight loss.’’ The proposal would have applied to both Medicare and Medicaid to allow coverage for AOMs when used for the treatment of obesity, with a hefty, estimated price tag of $25 billion in Medicare spending and $15 billion in Medicaid spending over the course of a decade. As the proposal was not finalized, the current policy remains in place—the Medicare and Medicaid programs will only cover AOMs when used to treat another medically accepted condition (e.g., type 2 diabetes or cardiovascular risk).
Enhancing Health Equity Analyses: Annual Health Equity Analysis of Utilization Management Policies and Procedures — CMS did not finalize its proposal to require Medicare Advantage organizations to conduct annual health equity analyses of utilization management policies. CMS stated that this proposal remains under review for potential future rulemaking in line with Executive Order 14192’s directive to ensure consistency and avoid unnecessary burden.
Guardrails for Artificial Intelligence (AI) / Ensuring Equitable Access to Medicare Advantage Services — CMS opted not to finalize proposals related to the use of AI and algorithmic decision-making in MA, including proposals requiring plans to utilize AI in a manner that preserves equitable access, to adhere to existing Medicare regulations prohibiting discrimination, and requiring disclosure of use of AI tools. In declining to finalize these proposals, CMS acknowledged strong stakeholder interest and stated that the agency would “consider the extent to which it may be appropriate to engage in future rulemaking in this area.”
Behavioral Health Parity — Although CMS acknowledged significant stakeholder concern regarding access to behavioral health care in MA plans, it did not finalize proposals to establish stricter parity protections or expand network adequacy standards in the Final Rule. The proposed behavioral health parity provisions would have applied new requirements to ensure equitable access to mental health and substance use disorder services in Medicare Advantage plans. CMS acknowledged ongoing concerns, especially in dual-eligible special needs plans, but stated that the proposed changes are still under review. Future rulemaking may revisit these policies in coordination with broader parity and access initiatives.
Prior Authorization — While CMS finalized prior authorization requirements applicable to inpatient admissions (discussed below), CMS did not finalize proposals to establish guardrails on the use of AI in prior authorization processes.
Agent and Broker Oversight — Despite recent scrutiny of agent and broker practices, CMS did not finalize key proposed marketing reforms. Among other things, these included broadening the definition of “marketing” to enhance agency oversight of materials submitted to CMS as well as promoting informed choice by requiring agents and brokers to provide more comprehensive information to potential enrollees, such as low-income assistance options and implications of switching to traditional Medicare.
Promoting Transparency for Pharmacies — CMS did not finalize or address a proposal to require Part D sponsors (or their FDRs) to allow pharmacies the right to terminate their network contracts without cause following the same notice period that Part D sponsors have for terminating contracts without cause. Had this proposal been finalized, it would have likely faced legal challenges for violating the Part D statute’s noninterference requirement.
Formulary Placement of Generics and Biosimilars — CMS did not finalize a proposal to include an additional step in the formulary review process to check that Part D sponsors provide broad access to generics, biosimilars, and other lower cost drugs. However, CMS noted that “may consider codifying additional requirements regarding formularies in future rulemaking if necessary.”
Administration of Supplemental Benefits through Debit Cards — CMS did not finalize its proposal to impose new requirements on the use debit cards to administer plan-covered benefits, including new guardrails to ensure that beneficiaries are fully aware of covered supplemental benefits and how to access those benefits.
Community-Based Services and In-Home Service Contractors — CMS did not finalize or directly address proposals related to improving transparency and beneficiary protections through expanded provider directory requirements. These proposals included codifying definitions for community-based organizations and in-home supplemental benefit providers, and requiring their inclusion in provider directories.
Part D Medication Therapy Management (“MTM”) Program — CMS deferred for subsequent rulemaking a proposal to expand the regulatory list of core chronic diseases used to identify Part D enrollees who have multiple chronic diseases for purposes of determining eligibility for Medication Therapy Management (“MTM”) enrollment to include other causes of dementia in addition to Alzheimer’s.
Moreover, CMS indicated that various currently effective regulations and policies are currently under review by the Trump Administration “to ensure consistency with the Executive Order 14192, Unleashing Prosperity Through Deregulation.” According to CMS, policies currently under review include the following:
Health Equity Index Reward for the Parts C and D Star Ratings
Annual health equity analysis of utilization management policies and procedures
Requirements for MA plans to provide culturally and linguistically appropriate services
Quality improvement and health risk assessments (“HRAs”) focused on equity and social determinants of health (“SDOH”)
FINALIZED MA AND PART D PROPOSALS
Covered Insulin Products and Vaccines
CMS finalized a proposal to codify a relatively modest expansion of the definition of a “covered insulin product” to include Part D coverage for drug products that are a combination of more than one type of insulin or both insulin and non-insulin drugs, which is consistent with existing CMS guidance. CMS also finalized proposals to eliminate cost sharing for both covered insulin products and for adult vaccines recommended by the Advisory Committee on Immunization Practices (ACIP) covered under Part D.
Medicare Prescription Payment Plan
CMS finalized regulatory requirements for the Medicare Prescription Payment Plan for 2026 and subsequent years, codifying provisions previously established in two-part guidance for 2025. The program, created under section 11202 of the Inflation Reduction Act, requires all Medicare Part D and MA-PD plan sponsors to offer enrollees the option to pay capped monthly installments on their out-of-pocket Part D drug costs, rather than paying the full amount at the point of sale. The goal is to ease financial pressure—especially for beneficiaries who incur high drug costs early in the year.
Most provisions from prior guidance were finalized without modification, including operational processes, election procedures, and outreach requirements. CMS also finalized several new provisions:
Automatic Renewal: Beginning in 2026, enrollees who participate in the program will be automatically re-enrolled the following year unless they opt out. A separate renewal notice must be sent after the end of the annual election period and include the plan’s upcoming terms and conditions.
Voluntary Termination: CMS adjusted its original proposal and will now require plan sponsors to process opt-out requests within 3 calendar days, rather than the initially proposed 24-hour timeframe, to reduce administrative burden.
Standardized Communications: New requirements were finalized for model and standardized materials, including the “likely to benefit” notice, voluntary and involuntary termination notices, and renewal notices. Part D sponsor websites must also display information about the program.
Waiver for LI NET: CMS confirmed that the Medicare Prescription Payment Plan requirements will not apply to the Limited Income Newly Eligible Transition (LI NET) program, consistent with prior guidance.
Election Processing and Real-Time Requirements: While CMS finalized the 24-hour processing requirement for election requests received during the plan year, it did not finalize a proposed real-time processing requirement for phone or web-based requests, citing stakeholder concerns about operational feasibility. CMS may revisit this in future rulemaking.
CMS stated that its approach was intended to limit disruption, reduce burden on plans, and give stakeholders time to gain experience with the program. The agency will continue to evaluate program implementation and consider refinements in future years.
Timely Submission Requirements for Prescription Drug Event (PDE) Records
CMS has finalized new regulatory requirements under § 423.325 to codify timely submission of Prescription Drug Event (PDE) records by Medicare Part D sponsors. These records are essential for payment accuracy and program integrity, especially for programs like the Coverage Gap Discount Program, the Manufacturer Discount Program, and the Medicare Drug Price Negotiation Program.
Previously guided by subregulatory policy, CMS now formalizes specific submission timelines:
General PDEs: Within 30 days of claim receipt.
Adjustments/deletions: Within 90 days of issue discovery.
Rejected PDEs: Resubmitted within 90 days of rejection notice.
Selected drugs (Negotiation Program): Initial PDEs due within 7 days to support timely Manufacturer Fair Price refunds.
Despite concerns about the 7-day timeline, CMS finalized it without changes, citing that most PDEs are already submitted within this window. The 90-day deadlines for adjustments and rejections remain unchanged. These timelines are now enforceable, and noncompliance may trigger CMS actions.
Medicare Transaction Facilitator Requirements for Network Pharmacy Agreements
CMS finalized the proposal requiring that Part D sponsors’ network participation agreements with contracting pharmacies, including any FDR contracts, require network pharmacies to be enrolled in the Medicare Drug Price Negotiation Program’s (‘‘Negotiation Program’’) Medicare Transaction Facilitator Data Module (‘‘MTF DM’’) and that such pharmacies certify the accuracy and completeness of their enrollment information in the MTF DM. According to CMS, the MTF DM will contain several key functionalities that are necessary and appropriate for administration of the Negotiation Program and the Part D program. Through each of these functionalities, the dispensing pharmacy’s enrollment in the MTF DM would help ensure continued access to selected drugs that are covered under Part D for beneficiaries and pharmacies and help maintain the accuracy of Part D claims information and payment. These functionalities are:
The MTF DM will provide pharmacies enrolled in the MTF DM with remittances or ERAs to reconcile Maximum Fair Price (“MFP”) refund payments when a Primary Manufacturer of a drug selected by CMS for price negotiation chooses to pass payment to the pharmacy through the MTF PM rather than prospectively ensuring that the price paid by the pharmacy entity when acquiring the drug is no greater than the MFP.
There will be streamlined access for pharmacies that are enrolled in the MTF DM to submit complaints and disputes within the MTF DM to help identify issues with timely MFP refund payment, supporting pharmacies to continue efficient operations and prevent undue financial hardship, while maintaining accuracy of Part D claims information and payment.
The MTF DM will serve as a central repository for information about pharmacies enrolled in the MTF DM that self-report that they anticipate material cashflow concerns due to the reliance on retrospective MFP refunds within the 14-day prompt MFP payment window.
CMS intends that pharmacies will be able to view the status of MFP refunds from Primary Manufacturers through the MTF DM.
The MTF DM will collect and share financial information belonging to pharmacies enrolled in the MTF DM with Primary Manufacturers that pay MFP refunds to pharmacies outside the MTF PM.
CMS published new guidance on its webpage on Tuesday, April 8th to provide pharmacies and other dispensing entities with resources for engaging with the new MTF system. Enrollment in the MTF is expected to begin in June 2025.
Clarifying MA Organization Determinations to Enhance Enrollee Protections in Inpatient Settings
In the Final Rule, CMS clarifies and expands the definition of “organization determinations” under § 422.566 to explicitly include decisions made while a beneficiary is receiving care, particularly inpatient services. The key reforms include the following:
Whether a decision is made before, during, or after a service is provided, it must be treated as a formal organization determination. This change is intended to prevent MA plans from not affording appeal rights by reclassifying care decisions as claims reviews.
MA organizations may not retroactively deny or downgrade previously authorized inpatient admissions, even based on clinical data collected after admission. The only exceptions are fraud or qualifying good cause.
The Final Rule also clarifies that a beneficiary’s financial liability does not attach until an MA plan has made a formal claim determination, aligning liability with appeal rights.
These finalized requirements are intended to eliminate surprise denials, ensure transparency for providers and beneficiaries, and create a consistent standard across MA plans for inpatient decision-making. The Final Rule also introduces certain limited protections for beneficiaries and providers navigating MA plans’ prior authorization (“PA”) processes, including several provisions that restrict a plan’s ability to retroactively deny care after initial approval. Beginning in 2026:
Approved services, including inpatient admissions, cannot be retroactively denied unless there is evidence of fraud or a valid reason under CMS’s “good cause” standard as defined in 42 CFR § 405.986.
All coverage decisions made during or after an inpatient stay must be treated as formal determinations, granting enrollees full appeal rights.
Plans must notify both providers and enrollees of all coverage decisions, and beneficiaries cannot be held financially responsible until a claims payment determination is made.
Non-Allowable Special Supplemental Benefits for the Chronically Ill (SSBCI)
In the Final Rule, CMS adopts new regulatory restrictions for SSBCI. With some modifications from the Proposed Rule, CMS finalized a non-exhaustive list of non-allowable SSBCI benefits, codified at 42 C.F.R. § 422.102(f)(1)(iii).
Under existing regulations, SSBCI are not required to be primarily health related but must have a reasonable expectation of improving or maintaining the health or overall function of the enrollee, as established by the MA plan based on a bibliography of relevant acceptable evidence. In the Final Rule, CMS adopts a non-exhaustive list of non-primarily health related items or services that do not meet the standard of having a reasonable expectation of improving or maintaining the health or overall function of the enrollee. As finalized at 42 C.F.R. § 422.102(f)(1)(iii), examples of items or services that may not be offered as SSBCI include all of the following:
Procedures that are solely cosmetic in nature and do not extend upon Traditional Medicare coverage (for example, cosmetic surgery, such as facelifts, or cosmetic treatments for facial lines, atrophy of collagen and fat, and bone loss due to aging)
Hospital indemnity insurance
Funeral planning and expenses
Life insurance
Alcohol
Tobacco
Cannabis products
Broad membership programs inclusive of multiple unrelated services and discounts
Non-healthy food
Modifications from the Proposed Rule include the addition of “non-healthy food” to the non-allowable SSBCI list. According to CMS, the addition of non-healthy food addresses comments requesting clarification on how plans may provide “Food is Medicine” (an initiative of HHS’ Office of Disease Prevention and Health Promotion) within the parameters of supplemental benefit requirements. In addition, CMS did not finalize proposals to expressly incorporate as non-allowable SSBCI “cash and monetary rebates” (which are prohibited by SSA § 1851(h)(4)(A)) or “gambling items (e.g., online casino games, lottery tickets), firearms and ammunition.”
Improving Experiences for Dually Eligible Enrollees
CMS finalized its proposed requirements for certain dual-eligible Special Needs Plans (“D-SNPs”) to further streamline and integrate care delivery for dual eligible beneficiaries. Specifically, finalized proposals include:
Requiring integrated member ID cards for both Medicare and Medicaid plans. The proposal is limited to Applicable Integrated Plans (“AIPs”);
Requiring AIPs to conduct a single, integrated Health Risk Assessment (“HRA”) for both Medicare and Medicaid, replacing the separate HRAs currently utilized for each. However, CMS delayed the implementation date of this provision to January 1, 2027.
Codifying timeframes for all SNPs to conduct HRAs and develop Individualized Care Plans (“ICPs”), emphasizing active participation by enrollees or their representatives in the ICP development process. Specifically, CMS proposes to require that SNPs conduct the initial HRA within 90 days of the effective date of enrollment.
Establish new requirements for all SNPs related to outreach to enrollees regarding completion of the HRA. Specifically, SNPs make at least three non-automated phone call attempts, unless the enrollee agrees or declines to participate in the HRA before three attempts are made, on different days at different times. If the enrollee has not responded, the SNP must send a follow-up letter. The SNP must document attempts to contact the enrollee, and if applicable, the enrollee’s choice not to participate.
Require that SNPs update ICPs as warranted when there are changes in an enrollee’s health status or they have a healthcare transition.
Risk Adjustment Data
CMS finalized as proposed various technical changes to the definitions related to risk adjustment data, including a technical change to the definition of Hierarchical Condition Categories (HCCs) at § 422.2 to remove the reference to a specific version of the ICD to keep the HCC definition current as newer versions of the ICD become available and are adopted by CMS, as well as substituting the terms “disease codes” with “diagnosis codes” and “disease groupings” with “diagnosis groupings” to be consistent with ICD terminology. CMS also finalized its proposal to codify existing practice of requiring mandatory submission of risk adjustment data by PACE organizations and Section 1876 Cost plans, consistent with the risk adjustment data requirements applicable to MA plans.
Medical Loss Ratio (MLR) Reporting
In the Proposed Rule, CMS proposed a number of regulatory changes intended to improve the meaningfulness and comparability of the MLR across plan contracts, as well as align the MA and Part D MLR regulations with the regulations in the commercial and Medicaid MLR programs. However, in the Final Rule, CMS adopted only one MLR-related proposal — to exclude Medicare Prescription Payment Plan unsettled balances from the MLR numerator.
MLR related proposals that were not finalized include the following:
Requiring provider incentive and bonus arrangements are tied to clinical or quality improvement standards in order to be included in the MA MLR numerator;
Requiring administrative costs to be excluded from quality-improving activities in the MA and Part D MLR numerators; and
Codifying the current practice by which MA and Part D MLR reports include a description of how expenses are allocated across lines of business.
Listen to this post
Seventh Circuit Reverses Conviction in Landmark Anti-Kickback Case
In a pivotal decision on April 14, 2025, the Seventh Circuit Court of Appeals overturned the conviction of Mark Sorensen, owner of SyMed Inc. (SyMed), finding insufficient evidence to support a violation of the federal Anti-Kickback Statute (AKS).1 The Court’s ruling delineates the boundaries between lawful marketing practices and illegal kickbacks in the health care industry. It also underscores that compensation arrangements with non-physicians are not categorically prohibited under the AKS so long as they do not compromise the independent judgment of health care providers.
Mark Sorensen, owner and operator of a Chicago-based DME distributor, SyMed, was convicted of conspiracy and multiple counts of offering and paying kickbacks related to marketing orthopedic braces to Medicare beneficiaries and sentenced to 42 months in prison and a nearly $2 million forfeiture judgment. The government alleged that Mr. Sorensen paid illegal kickbacks to two marketing firms based on the number of leads generated, to a DME manufacturer based on the percentage of funds SyMed collected from Medicare and to a billing company with the funds SyMed retained. The business model included marketing firms publishing advertisements for orthopedic braces, and interested patients would respond via electronic forms providing their names, addresses and doctors’ contact information. That information was then sent to a call center where a sales agent would fax a prefilled but unsigned prescription form to the patient’s physician. When a physician signed the prescription, SyMed directed the manufacturer to ship the product and the billing agency billed Medicare for SyMed.
The Seventh Circuit unanimously reversed Sorensen’s criminal AKS conviction concluding Sorensen’s payments did not violate the AKS because there was insufficient evidence that any of the payees leveraged any influence or power over health care decisions or authorized any medical care. Focusing on the fact that 80% of the prescriptions were never signed and instead returned by physicians, the Court concluded that while “physicians and non-physicians alike may exert formal or informal influence on patients’ choice of health care providers” that was not the case in this instance as the physicians clearly retained independent decision-making authority over patient care. While the Court characterized Sorensen’s marketing tactics as “aggressive advertising efforts,” such efforts were not equivalent to unlawful referrals of patients.
The ruling highlights that the AKS is intended to primarily target payments to individuals who can influence patient decisions, such as physicians, underscoring the necessity for prosecutors to demonstrate actual influence over health care decisions when alleging AKS violations.
Key Takeaways:
Under the Court’s ruling: (1) a mere recommendation for health care services is not necessarily an illegal referral, and (2) percentage-based compensation structures or per lead compensation are not per se unlawful.
While this is a very significant decision and opens the door for nuanced arguments under the AKS, other Circuits have not adopted this narrow approach.
As such, health care providers should seek counsel on how they structure compensation arrangements, including those involving marketing and sales, in order to ensure compliance with the AKS and meet safe harbor protections where applicable.
[1] United States v. Sorensen, No. 24-1557, 2025 WL 1099080 (7th Cir. Apr. 14, 2025).
CMS Releases Final Rate Announcement for 2026 MA, Part D Payment Rates and Policies
The Centers for Medicare & Medicaid Services (CMS) recently finalized the 2026 Medicare Advantage (MA) and Part D Payment Rates and Policies, including a net 5.06% increase in payments to MA plans before accounting for coding trends. The overall increase reflects an average county benchmark growth rate of 9.04% along with continued phase-in of changes to the MA risk model and rebasing of county benchmark amounts. The updates and changes to payment policies are important for plans in preparing offerings and bids for 2026, as well as providers and others who do business with MA plans or are thinking about engaging with MA.
Read on as we explore the final rate notice summary and its implications for stakeholders.
Read More Here