Breaking Down the New No Surprises Act FAQs Post-TMA III

On January 14, 2025, the US Departments of Labor, Health and Human Services (HHS), and the Treasury (collectively, the Departments), along with the Office of Personnel Management (OPM), jointly issued Part 69 of a series of frequently asked questions (FAQs) designed to help stakeholders understand and adhere to the federal No Surprises Act (NSA). This installment of the FAQs discusses how health plans and issuers should calculate the qualifying payment amount (QPA) and provides updates to disclosure and patient cost-sharing requirements following rulings by the US District Court for the Eastern District of Texas and the US Court of Appeals for the Fifth Circuit in Texas Medical Association, et al. v. United States Department of Health and Human Services, et al. (together, the TMA III decisions).

In Depth

BACKGROUND: THE LONG HISTORY OF THE NSA
The NSA was enacted under the first Trump administration as part of the Consolidated Appropriations Act, 2021 (Public Law No: 116-260). The Departments and OPM jointly implemented provisions of the NSA through the issuance of two interim final rules (IFRs) in July 2021 and October 2021.
The NSA prohibits out-of-network (OON) providers from balance billing patients for certain services furnished at an OON facility (in the case of emergency services) or in-network facility (in the case of non-emergency services provided by OON providers). The NSA protects patients from receiving these “surprise” bills, effectively limiting patient responsibility for some services to no more than the patients’ in-network cost-sharing amounts. (The NSA includes separate considerations related to air ambulance providers, which we do not address in this article.)
Per the NSA and as further implemented in the October 2021 IFR, plans and issuers are required to determine whether claims for items or services submitted by an OON provider or facility and subject to the NSA are covered under the plan or coverage and must send an initial payment or notice of denial of payment to the OON provider or facility no later than 30 calendar days after the provider or facility submitted the claim to the plan or issuer.
To the extent the claim is covered, the NSA also sets forth a methodology by which plans or issuers must calculate the OON rate for OON providers or facilities that rendered items or services subject to the NSA. Plans and issuers must pay the provider or facility an amount determined by an applicable All-Payer Model Agreement, and if none exists, an amount determined by applicable state law. If state law does not set forth a mechanism by which the OON rate should be determined, the plan or issuer may negotiate the rate with the provider or facility through an “open negotiation” process, which lasts 30 days.
If the parties are unable to agree to an OON rate by the expiration of the open negotiation period, either party may initiate a dispute under the federal independent dispute resolution (IDR) process established by the NSA. The IDR process involves several steps:

The disputing parties must agree on and select a third-party entity (referred to as a certified IDR entity) to oversee the process.
Each party must then submit payment offers to the IDR entity.
The IDR entity evaluates the payment offers and determines each party’s payment responsibility. The NSA requires that the IDR entity consider, among other factors, the QPA, defined as the median of the contracted rates that a plan or issuer recognizes for the same or similar service by a provider in the same or similar specialty in the same geographic area as the service at issue.
Once the IDR entity makes a payment determination, the plan or issuer must make the payment to the OON provider or facility within 30 calendar days.

In August 2022, the Departments issued final rules implementing provisions regarding certain disclosure requirements for plans and issuers (discussed further below) and modifying certain requirements pertaining to how IDR entities can take into account the QPA in determining the OON rate through the IDR process.
In theory, the IDR process is straightforward. However, the NSA and the IDR process, including the significance of the QPA in determining the OON rate, have been the subject of consistent litigation and operational issues, suggesting that in practice, providers and health plans continue to encounter implementation challenges.
HISTORY OF TMA LITIGATION
A string of litigation continues to shape the NSA and the related IDR process, which originated with a suit filed by the Texas Medical Association (TMA) against HHS in October 2021. In Texas Medical Association v. United States Department of Health and Human Services, et al. (TMA I), the district court vacated the Departments’ IFR requiring IDR entities to use a rebuttable presumption in favor of the QPA. The court held that the presumption conflicted with the NSA’s plain meaning, which lists a set of factors for consideration when determining the appropriate OON rate, only one of which is the QPA.
After the TMA I decision, the Departments issued the August 2022 final rules, which specified elements that IDR entities must consider in resolving OON payment disputes, including the extent to which the QPA should be taken into account. The August 2022 rules required that IDR entities:

First consider the QPA for the same or similar service.
Limit factors to information provided by the disputing party.
Document non-QPA factors relied upon in making a payment determination.

However, TMA challenged this rule in Texas Medical Association v. United States Department of Health and Human Services, et al. (TMA II), which the Fifth Circuit eventually vacated in TMA III. The Fifth Circuit stated that the Departments exceeded their authority by instructing IDR entities to prioritize one factor over others.
In August 2023, the district court issued a decision in TMA III, overturning key parts of the method set forth by the Departments to calculate the QPA. Following this ruling, the Departments have exercised their discretion in enforcing how QPAs are calculated, leading to uncertainty for plans and issuers as well as providers and facilities. The federal government appealed part of this decision, and on October 30, 2024, the Fifth Circuit issued a ruling on the TMA III case, partially reversing the district court’s decision, while upholding other parts.
The district court’s TMA III opinion found that the Departments’ methodology for calculating the QPA did not comply with the NSA. This noncompliance was due to:

The inclusion of “ghost rates” (i.e., contacted rates for services not actually provided by the contracting provider during the contract period).
The exclusion of risk-based incentive payments.
The allowance for self-insured plans administered by a third-party administrator to use other plans administered by the third-party administrator to calculate QPAs.

The district court also found that rules related to the timing and deadline for payment of OON claims subject to the NSA did not comply with the statute, because they started the 30-day payment clock on the date the plan or issuer received sufficient information to determine whether the submitted claim was a “clean claim,” rather than the date the provider or facility transmitted a “claim.”
Reversing the district court’s decision in part, the Fifth Circuit held that single-case arrangements will no longer be included in QPA calculations. The Fifth Circuit also reversed the district court’s decision that non-fee payments, such as quality bonuses and other incentives, must be included in QPA calculations. Regarding the timing of OON payments subject to the NSA, the Fifth Circuit affirmed the district court’s decision that starting the 30-day payment clock upon receipt of a “clean claim” conflicts with the text of the NSA. As decided by the district court, the 30-day prompt payment clock for NSA-eligible claims will begin on the date the provider transmits the bill, not when the plan or issuer receives the information necessary to determine whether the claim is a “clean claim.”
Regarding the QPA calculation, the Fifth Circuit reversed the district court’s decision to exclude from QPA calculations any contracts for items or services that contracting providers did not actually furnish under said contract during the designated plan year. Contracted rates can now be included in QPA calculations regardless of whether the provider actually furnished those services. However, the Fifth Circuit reiterated the statutory requirement that QPAs be calculated using contracts for the “same or similar item or service that is provided in the same or similar specialty.” This implies that “ghost rates” (e.g., anesthesia rates included in a primary care physician’s contract) must be excluded from QPA calculations.[1]
Following the TMA III decisions, the Departments stated on the Centers for Medicare and Medicaid Services’ NSA webpage in October 2024 that they were reviewing the Fifth Circuit’s decision and intended to “issue further enforcement guidance in the near future.”
NEW GUIDANCE ISSUED FOR QPA CALCULATIONS POST-TMA III DECISIONS
In the wake of the TMA III decisions, the Departments issued the FAQs addressing implementation of certain provisions of the NSA and responding to questions from stakeholders. Under the FAQs, the Departments and OPM will require health plans and issuers to calculate QPAs using a “good faith, reasonable interpretation of the applicable statutes and regulations that remain in effect following the decisions of both the Fifth Circuit and the district court in TMA III (the 2024 methodology)” once the Fifth Circuit issues its final order. Under Federal Rule of Appellate Procedure 41, a court of appeals’ mandate usually issues seven days after the deadline for rehearing petitions, unless a petition is filed. In this case, the Fifth Circuit withheld the mandate after the plaintiffs in TMA III filed a petition for rehearing en banc. Until the mandate is issued, the district court’s judgment continues to bind the Departments.
The Departments and OPM acknowledged the challenges of recalculating QPAs because of the Fifth Circuit’s decision and recognized the time and resources required for this task. Therefore, the Departments opted to prolong the existing period of “enforcement discretion” for any health plan or issuer that calculates a QPA using either the 2021 methodology (based on the IFRs and guidance issued in July 2021) or the 2023 methodology (based on the statutes and regulations that remained in effect after the district court’s decision in TMA III). Both methodologies can be used for items and services furnished before August 1, 2025, as long as they are based on a good faith, reasonable interpretation.
Once the mandate is issued, the Departments and OPM will also use their discretion to enforce the NSA for any health plan, issuer, or party involved in a payment dispute that uses a QPA calculated with the 2023 methodology for services provided before August 1, 2025. This enforcement discretion applies to patient cost-sharing, required disclosures with initial payments or notices of denials, and submissions under the IDR process. Similarly, HHS will exercise enforcement discretion for providers and facilities that bill patients based on a QPA calculated with the 2021 or 2023 methodology for services provided before August 1, 2025. Thus, the FAQs clarify that the enforcement discretion extends to providers in addition to health plans.
The FAQs encourage states, which primarily enforce the NSA, to adopt a similar approach, including that states will be considered compliant if they follow this approach. The Departments and OPM will reassess whether additional enforcement relief time is needed as health plans and issuers work to comply with the applicable laws and regulations following the TMA III decisions.
The new FAQs essentially preserve the existing circumstances, as the enforcement discretion has been operative since fall 2023 after the district court’s TMA III decision. Alongside the enforcement guidance, the Departments and OPM offer further clarifications regarding the existing QPA disclosure requirements and patient cost-sharing obligations.
DISCLOSURE REQUIREMENTS
In line with previous guidance, which remains unaffected by the TMA III decisions, health plans and issuers must continue to disclose information about the QPA. The QPA is used to determine the “recognized amount” for cost-sharing under the NSA. This recognized amount is calculated using the All-Payer Model Agreement, specified state law, or the lesser of the billed charge or QPA. A health plan or issuer may certify that a QPA was determined in compliance with applicable rules by using a good faith, reasonable interpretation of the statutes and regulations that remain in effect following the TMA III decisions.
The FAQs address questions regarding the 30-day notice and IDR process discussed earlier, and how the timing is affected when a plan sends the initial payment or denial notice electronically but provides the required disclosures in paper form. This can result in the provider receiving the payment or denial notice earlier than the disclosures. The Departments and OPM clarify that a plan must transmit the required disclosures on or near the date that it sends the initial payment or notice of denial of payment, and must ensure that both the initial payment or notice of denial of payment and the required disclosures are sent no later than 30 calendar days after the plan receives the information necessary to decide a claim for payment for the services billed by the provider.
The Departments and OPM also state in the FAQs that they recognize that sometimes providers and facilities receive required disclosures days after receiving the initial payment or denial notice. Since the 30-business-day period to start open negotiation begins when the payment or denial notice is received, this delay can shorten the time available to review the disclosures. If the disclosures are sent in paper form and arrive later than the electronic payment or denial notice, the 30-business-day period to start negotiations will be considered to begin once both the payment or denial notice and the disclosures are received. Providers can still choose to start negotiations after receiving the payment or denial notice but before receiving the disclosures.
PATIENT COST-SHARING
The Departments and OPM reiterate in the FAQs that patient cost-sharing rules under the NSA and the July 2021 IFR for OON emergency services and certain non-emergency services are based on the “recognized amount.” According to the Departments and OPM, some health plans have been found to increase cost-sharing amounts after an IDR payment determination, which is not allowed. Once an IDR entity makes a payment determination, plans cannot recalculate or increase the cost-sharing amount if it exceeds the permitted amount. The rules ensure that disputes between providers and payers do not affect the cost-sharing amount for individuals. Nonparticipating providers cannot bill individuals more than the allowed cost-sharing amount. Any payment owed to nonparticipating providers after an IDR determination must be paid in full without reducing the amount based on prohibited cost-sharing increases.
CONCLUSION/KEY TAKEAWAYS
As stated earlier, Part 69 of the FAQs extends the status quo of enforcement discretion around the calculation of the QPA. Any new regulations related to the QPA calculation will need to be drafted under the Trump administration, although the timing for issuing such regulations is unclear. If the Trump administration decides to draft new QPA regulations, it could make additional changes to the QPA methodology beyond those that have been the subject of litigation. While the courts have provided direction on what is permissible under the NSA and what aspects of previous regulations can and cannot stand, the rulings do not prevent the Trump administration from making other permissible regulatory changes as it deems appropriate, especially as stakeholders have challenged implementation of the law under the previous administration.
Beyond issuing this new set of regulations, the Trump administration also may need to deal with open operational questions and issues, including proposed regulations from the Biden administration that have yet to be finalized and whole provisions of the NSA that are yet to be implemented.[2] All of this means that, if it chooses to act, the Trump administration could decide to make its own imprint on the current NSA operations and policy.

Safety Basics X: Unpacking the Process of Effective Workplace Safety Self-Audits [Podcast]

In this installment of Ogletree Deakins’ Safety Basics podcast series, John Surma (shareholder, Houston) is joined by Robert Rodriguez (shareholder, Sacramento) to discuss the important process of workplace safety audits, specifically focusing on voluntary self-audits. In their discussion, Robert (who is co-chair of Ogletree’s Workplace Violence Prevention Practice Group) and John emphasize the value and benefits of these audits, such as the ability to identify potential hazards, ensure compliance, and enhance safety culture. They also address key considerations for maintaining confidentiality and privilege throughout the audit process.

PFAS Bans Go into Effect; Manufacturers Attempt to Push Back on Regulations

Many states have enacted or plan to enact new regulations regarding the manufacturing of products containing per- and polyfluoroalkyl substances (“PFAS”), also known as “forever chemicals,” because they do not easily break down in the environment and human body. For example, on January 1, 2025, both New York[1] and California[2] banned the sale of any new, not previously used, apparel and certain other products containing added PFAS, while Minnesota[3] banned broad categories of products containing PFAS. More specifically, the Minnesota statute, titled Amara’s Law, prohibits the sale or distribution of the following products if the product contains intentionally added PFAS: (1) carpets or rugs; (2) cleaning products; (3) cookware; (4) cosmetics; (5) dental floss; (6) fabric treatments; (7) juvenile products; (8) menstruation products; (9) textile furnishings; (10) ski wax; and (11) upholstered furniture. The law makes no exceptions for products in these categories, provides no extensions, even if no PFAS alternatives are available, and allows expansion to include additional products if the products contain intentionally added PFAS that are likely to harm Minnesota’s environment and natural resources. Violations of the statute can result in fines, civil penalties, or criminal prosecution. Other states have similar bans set to take effect over the next several years.[4]
Like many similar regulations, Amara’s Law is currently being challenged. The Cookware Sustainability Alliance (“CSA”), a national conglomerate of members who manufacture, offer, and sell cookware containing PFAS, recently filed a complaint in the United States District Court for the District of Minnesota.[5] CSA alleges that Amara’s Law violates the Constitution’s commerce clause and dormant commerce clause, imposes an undue burden on interstate commerce, and that its disclosure requirement (which goes into effect in 2026 and requires reporting PFAS products to the Minnesota Pollution Control Agency) violates the First Amendment in addition to being preempted by federal trade secret law. CSA filed a motion seeking a preliminary injunction to enjoin the enforcement of Amara’s Law, which was denied February 26, 2025. CSA has until March 28, 2025, to appeal the Judgment.
Thousands of lawsuits have already been filed across the country focused on the alleged harm caused by PFAS exposure, while state regulators, such as those noted above, attempt to limit their use. Some have called the proliferation of PFAS litigation the “next asbestos,” with significant potential liability to insurers and their corporate policyholders. With similar PFAS bans set to take effect in other states in the coming years, mounting litigation surrounding the use of PFAS, and an insurance landscape that is seeing a spike in PFAS-related claims leading to new PFAS-specific exclusions in policies, all eyes will surely be tracking these hot-button topics in 2025 and beyond.

[1] NY ECL §§ 37-0121, 71-3703.
[2] CA HLTH & S §§ 108970, 108971.
[3] Minn. Stat. § 116.943.
[4] See, e.g., Colo Rev Stat §§ 25-15-601 to 25-15-605, Me Rev Stat T. 38 § 1614, RI Gen Laws § 23-18.18-1, et seq.
[5] Cookware Sustainability Alliance v. Kessler, Civ. No. 0:25-cv-41, ECF No. 1.

Canada Releases Final State of PFAS Report and Proposed Risk Management Approach

On March 5, 2025, Environment and Climate Change Canada (ECCC) announced the availability of its final State of Per- and Polyfluoroalkyl Substances (PFAS) Report (State of PFAS Report) and proposed risk management approach for PFAS, excluding fluoropolymers. The State of PFAS Report concludes that the class of PFAS, excluding fluoropolymers, is harmful to human health and the environment. To address these risks, on March 8, 2025, Canada published a proposed order that would add the class of PFAS, excluding fluoropolymers, to Part 2 of Schedule 1 to the Canadian Environmental Protection Act, 1999 (CEPA). ECCC states in its March 5, 2025, press release that it will prioritize the protection of health and the environment while considering factors such as the availability of alternatives. Phase 1, starting in 2025, will address PFAS in firefighting foams to protect better firefighters and the environment. Phase 2 will focus on limiting exposure to PFAS in products that are not needed for the protection of human health, safety, or the environment. ECCC notes that this will include products like cosmetics, food packaging materials, and textiles. ECCC states that it will publish a final decision on the proposed addition of 131 individual PFAS to the National Pollutant Release Inventory (NPRI) with reporting to take place by June 2026 for PFAS releases that occurred during the 2025 calendar year. ECCC states that these data will improve its understanding of how PFAS are used in Canada, help it evaluate possible industrial PFAS contamination, and support efforts to reduce environmental and human exposure to harmful substances. Comments on the proposed risk management approach and the proposed order to add the class of PFAS, excluding fluoropolymers, to CEPA Schedule 1 Part 2 are due May 7, 2025.
State of PFAS Report
The State of PFAS Report provides a qualitative assessment of the fate, sources, occurrence, and potential impacts of PFAS on the environment and human health to inform decision-making on PFAS in Canada. The term PFAS refers to the Organisation for Economic Co-operation and Development’s definition, which is: “fluorinated substances that contain at least one fully fluorinated methyl or methylene carbon atom (without any H/Cl/Br/I atom attached to it), that is, with a few noted exceptions, any chemical with at least a perfluorinated methyl group (–CF3) or a perfluorinated methylene group (–CF2–) is a PFAS.” The class of PFAS is comprised of substances meeting this definition. ECCC states that the definition captures substances with a wide range of structures and properties, from discrete chemicals, such as perfluorocarboxylic acids, perfluorosulfonic acids, and fluorotelomer alcohols, to side-chain fluorinated polymers, perfluoropolyethers, and fluoropolymers. According to ECCC, some PFAS on the market also possess structural attributes other than perfluoroalkyl chains (for example, inclusion of ether linkages or chlorine atoms in the fluorinated hydrocarbon chains).
The State of PFAS Report notes that there is evidence to suggest that fluoropolymers may have significantly different exposure and hazard profiles when compared with other PFAS in the class. ECCC defines fluoropolymers as “polymers made by polymerization or copolymerization of olefinic monomers (at least 1 of which contains fluorine bonded to 1 or both of the olefinic carbon atoms) to form a carbon-only polymer backbone with fluorine atoms directly bonded to it.” According to ECCC, given information suggesting their differences from the other PFAS in the class, additional work on fluoropolymers is warranted. ECCC does not address PFAS meeting the definition of fluoropolymers within the State of PFAS Report. ECCC plans to consider them in a separate assessment.
According to the State of PFAS Report, the following is known on the basis of current information:

The broad use of PFAS, their transport in the environment, and their ubiquitous presence have resulted in continuous environmental and human exposure to multiple PFAS, a finding that is supported by both environmental monitoring and human biomonitoring studies, including higher exposures in certain human subpopulations;
Given that PFAS are extremely persistent and have a broad range of uses leading to continued releases to the environment, the amount of PFAS in the environment is expected to increase;
Exposure to well-studied PFAS can affect multiple systems and organs in both humans and wildlife. Recent information demonstrates that effects on human health occur at lower levels than indicated by previous studies;
Some well-studied PFAS have demonstrated the potential to bioaccumulate and biomagnify in food webs to an extent that can cause adverse effects in biota, even at low environmental concentrations; and
Potential for cumulative exposure and effects are important considerations as most humans and wildlife exposures occur to unknown mixtures of PFAS.

On the basis of what is known about well-studied PFAS and the potential for other PFAS to behave similarly, and on the expectation that combined exposures to multiple PFAS increase the likelihood of detrimental impacts, ECCC states that it concludes that the class of PFAS, excluding fluoropolymers, meets the criteria under CEPA Section 64(a) as these substances are entering or may enter the environment in a quantity or concentration or under conditions that have or may have immediate or long-term harmful effects on the environment or its biological diversity. ECCC concludes that the class of PFAS, excluding fluoropolymers, does not meet the criteria under CEPA Section 64(b), however, as these substances are not entering the environment in a quantity or concentration or under conditions that constitute or may constitute a danger to the environment on which life depends.
According to the State of PFAS Report, on the basis of what is known about well-studied PFAS and the potential for other PFAS to behave similarly, and on the expectation that combined exposures to multiple PFAS increase the likelihood of detrimental impacts, ECCC concludes that the class of PFAS, excluding fluoropolymers, meets the criteria under CEPA Section 64(c) as these substances are entering or may enter the environment in a quantity or concentration or under conditions that constitute or may constitute a danger in Canada to human life or health.
ECCC therefore concludes that the class of PFAS, excluding fluoropolymers, meets one or more of the criteria set out in CEPA Section 64.
According to the State of PFAS Report, well-studied PFAS meet the persistence criteria set out in the Persistence and Bioaccumulation Regulations of CEPA. Based on available information and structural similarities, ECCC expects that other substances within the class of PFAS are also highly persistent or transform to persistent PFAS. ECCC states that it therefore determines that the class of PFAS meets the persistence criteria as set out in the Persistence and Bioaccumulation Regulations of CEPA. ECCC notes that given that fluoropolymers have been excluded from this assessment, they are also excluded from this determination with regard to the Persistence and Bioaccumulation Regulations of CEPA.
ECCC states that there is a high concern identified for the biomagnification (BMF) and trophic magnification (TMF) potential of well-studied PFAS in air-breathing organisms; the numeric criteria for bioaccumulation, outlined in the Persistence and Bioaccumulation Regulations, however, are based on bioaccumulation data for freshwater aquatic species that do not account for biomagnification potential. Therefore, application of the criteria would not reflect the concern for dietary-based biomagnification, the primary route of food web exposure identified for well-studied PFAS. As a result, according to ECCC, the bioaccumulation potential of PFAS cannot reasonably be determined according to the regulatory criteria set out in the Persistence and Bioaccumulation Regulations of CEPA.
Proposed Risk Management Approach
ECCC concludes that the class of PFAS, excluding fluoropolymers, meet the criteria under CEPA Sections 64(a) and (c), as these substances are entering or may enter the environment in a quantity or concentration or under conditions that have or may have immediate or long-term harmful effects on the environment or its biological diversity, and that constitute or may constitute a danger in Canada to human life or health.
For the purpose of CEPA Section 77(6)(c)(i), ECCC proposes the following new risk management actions through a phased prohibition under CEPA:

Phase 1: Prohibition of the use of PFAS, excluding fluoropolymers, not currently regulated in firefighting foams, due to high potential for environmental and human exposure.
Phase 2: Prohibition of the uses of PFAS, excluding fluoropolymers, not needed for the protection of health, safety, or the environment, which includes consumer applications. ECCC states that prioritization of uses for prohibition is based on, and will take into account, costs and benefits, availability of suitable alternatives, and other socio-economic considerations. Proposed uses to be regulated in Phase 2 include:
 

Cosmetics;
 
Natural health products and non-prescription drugs;
 
Food packaging materials, food additives, and non-industrial food contact products such as paper plates, bowls, and cups;
 
Paint and coating, adhesive and sealant, and other building materials available to consumers;
 
Consumer mixtures such as cleaning products, waxes, and polishes;
 
Textile uses (including in personal protective equipment (PPE) such as firefighting turnout gear); and
 
Ski waxes.
 

Phase 3: Prohibition of the uses of PFAS, excluding fluoropolymers, requiring further evaluation of the role of PFAS for which currently there may not be feasible alternatives and taking into consideration socio-economic factors, including:
 

Fluorinated gas applications;
 
Prescription drugs (human and veterinary);
 
Medical devices;
 
Industrial food contact materials;
 
Industrial sectors such as mining and petroleum; and
 
Transport and military applications.

ECCC states that at each phase of risk management it will consider exemptions, when necessary, with attention to feasible alternatives and socio-economic factors. To inform ECCC’s risk management decision-making, information on the following topics should be provided by May 7, 2025):

Availability of alternatives to PFAS, or lack thereof, in products and applications in which they are currently used;
Estimated timeframe to transition to alternatives to PFAS, including any challenges;
Socio-economic impacts of replacing PFAS, including costs and feasibility of elimination or replacement; and
Quantities and concentrations of PFAS (including Chemical Abstracts Service Registry Number® (CAS RN®), units of measurement, and applications) in products manufactured in, imported into, and sold in Canada (if not already provided through the July 27, 2024, Section 71 notice).

Commentary
Canada’s release of the State of PFAS Report, proposed risk management approach, and proposed order to add PFAS, excluding fluoropolymers, to Part 2 of CEPA Schedule 1 follows soon after the January 29, 2025, deadline for mandatory reporting for 312 PFAS. In its July 27, 2024, Canada Gazette notice, Canada stated that it required information for the purpose of assessing whether the 312 PFAS listed in the notice “are toxic or are capable of becoming toxic, or for the purpose of assessing whether to control, or the manner in which to control the listed substances.” The March 8, 2025, proposed order acknowledges that “[t]he annual quantity of PFAS used in Canada is unknown, as the information required to estimate this parameter (for example type and concentrations of PFAS in products available to consumers and in commercial and industrial applications) was not identified at the time of this analysis.” Canada states that it anticipates that the mandatory survey will “provide insight on annual quantities of PFAS used in Canada,” but it may be more likely that the survey will highlight the complexity of the supply chain and the difficulty in obtaining information from suppliers.
Stakeholders should carefully review the proposed risk management approach. Canada requests information on the availability of PFAS alternatives, the estimated timeframe to transition to alternatives, the costs and feasibility of elimination or replacement, and the quantities and concentrations of PFAS in products manufactured in, imported into, and sold in Canada (if not already reported through the mandatory survey). It is unlikely many entities will volunteer such specific information on PFAS in their products and companies that were not subject to the mandatory survey may not know. Yet without evidence on the critical use of PFAS in products and the lack of alternatives, Canada may begin prohibiting uses.
Most agree that ultimately the proposal will succeed, and PFAS will be deemed CEPA toxic and listed on Part 2 of CEPA Schedule 1. Given the PFAS risk evaluations of many other authoritative bodies, it is more likely than not that ECCC’s scientific determination is defensible. That the proposal seeks to exempt fluoropolymers is noteworthy, however, and stakeholders may wish to support the exemption.

Healthcare Preview for the Week of: March 24, 2025 [PODCAST]

Congress Returns for Three Weeks

Lawmakers are back in Washington, DC, after a week-long recess. Both chambers will be in town for three weeks before a two-week Easter recess in mid-April. With the government funded through the end of this fiscal year, focus will be on advancing reconciliation and confirming Trump appointees.
The bulk of work this week will happen behind the scenes. House Speaker Mike Johnson (R-LA) and Senate Majority Leader John Thune (R-SD) will meet on Tuesday to discuss aligning their budget resolutions. The House and Senate each passed differing resolutions earlier this year, and now they must pass a unified budget resolution through both chambers of Congress in order to move the reconciliation process forward. The House version included an extension of Trump-era tax cuts and a minimum of $1.5 trillion in spending cuts, including at least $880 billion from House Energy and Commerce Committee jurisdiction. Given the committee’s jurisdiction, many of those savings would come from Medicaid. The Senate’s “skinny” budget resolution focused on energy and immigration policy, with the goal of completing an additional reconciliation package later this year that would include tax cut extensions. Republicans aim to pass their aligned budget resolution before the Easter recess, in order to complete reconciliation as expeditiously as possible.
The Congressional Budget Office is also expected to release its debt limit prediction this week, which will include the “X date” when the United States is predicted to reach the debt limit. That date is expected to fall as early as this summer, and it will influence reconciliation. The House budget resolution included raising the debt limit, but if the reconciliation timeline slips, lawmakers may have to address the debt limit through separate legislation, which would likely need bipartisan support to pass.
The Senate Finance Committee is scheduled to vote Tuesday on the nomination of Mehmet Oz, MD, to serve as administrator of the Centers for Medicare & Medicaid Services (CMS). He is expected to advance out of committee. He will join other healthcare nominees – including Martin Makary, MD, nominated for US Food and Drug Administration commissioner, and Jay Bhattacharya, MD, PhD, nominated for director of the National Institutes of Health – who await full Senate confirmation. Their floor votes could happen as early as next week and are likely to be advanced before the Easter recess.
Today’s Podcast

In this week’s Healthcare Preview, Debbie Curtis and Rodney Whitlock join Maddie News to discuss what’s brewing on Capitol Hill, including budget reconciliation, the debt limit, and pending agency leadership nominations.

CMS’s ACA Marketplace Integrity and Affordability Proposed Rule – What it may mean for Health Plans

Earlier this month, the Centers for Medicare & Medicaid Services (CMS) released its 2025 Marketplace Integrity and Affordability Proposed Rule (Proposed Rule), proposing a number of enrollment and eligibility policies impacting both Federal and State Exchanges. While CMS frames these policies as necessary to combat fraud and abuse, the impact will be a reduction in enrollment in the ACA Marketplace – with the Proposed Rule estimating that between 750,000 and 2 million fewer individuals enroll in health insurance plans on the Exchanges in 2026. 
The effective date of most of these provisions also coincides with the expiration of the enhanced premium subsidies, which the Biden administration extended through December 31, 2025 through the Inflation Reduction Act (IRA). These enhanced subsidiaries increased the amount of financial assistance individuals received and expanded eligibility for assistance. On December 5, 2024, the Congressional Budget Office wrote a letter to Congress indicating that the failure to extend these subsidies would result in 2.2 million individuals losing coverage in 2026 and an increase in premiums by 4.3%. 
This article outlines the major provisions of the Proposed Rule, followed by a discussion of their potential impact on plans participating in the ACA Marketplace.
Key Provisions of the Proposed Rule
Income Verification Policies. In its Proposed Rule, CMS proposes several changes to the income verification process for applicants to apply through the Exchanges. Although CMS stated that these policies are necessary to combat fraud, CMS provided limited examples and evidence of fraud. Such policies include:

Removing the exception allowing Exchanges to rely on an applicant’s self-attestation of projected income, if the Internal Revenue Service (IRS) does not have tax return data to verify household income and family size. Exchanges would need to verify individuals’ enrollment, requiring enrollees to provide additional documentation.
Requiring additional income verification in instances where an applicant’s self-reported projected household income is between 100% and 400% of the Federal poverty level (FPL) but federal tax or other data shows that an applicant’s prior year’s income was below 100%. Individuals would have to prove that their income for the upcoming year is between 100% to 400% of the FPL or be unable to enroll in a plan on an Exchange. This change intends to attempt to identify individuals who may “overinflate” their income to be eligible for coverage. Currently, no income verification is required if the applicant projects a higher income than in their tax return.
Eliminating an automatic 60-day extension (in addition to the general 90-day deadline) when documentation is needed to verify household income in instances of income inconsistency.

Allowing Insurers to Deny Coverage for Past Due Premiums. CMS proposes to repeal a provision which currently prohibits insurers from requiring enrollees to pay past-due premium amounts in order to receive coverage under a new insurance policy or contract term. CMS consequently proposes, subject to state law, to allow insurers to add an enrollee’s past-due premium amount to the initial premium amount the enrollee must pay to effectuate coverage under a new policy or contract term and allow insurers to deny coverage to individuals if the total of past-due premiums and the initial premium amount are not paid in full. The stated purpose of this policy is (i) to curtail individuals from taking advantage of guaranteed coverage and seeking coverage when they need health care services, and (ii) to strengthen the risk pool and lower gross premiums. 
Revision of Premium Payment Thresholds. CMS proposes to remove flexibilities that currently allow insurers to implement a fixed dollar and/or gross percentage-based premium payment threshold. Under current rules, insurers may consider enrollees to have fully paid their premiums if (i) under the fixed-dollar premium payment threshold, the enrollee has paid a total premium amount such that the unpaid remainder is $10 or less (adjusted for inflation), or (ii) under the gross percentage-based premium payment threshold, the enrollee has paid a total premium amount sufficient to achieve 98% or greater of the total gross monthly premium of the policy before the application of the advance premium tax credit (APTC). Under the Proposed Rule, insurers would only be allowed to implement a net premium percentage-based payment method where enrollees can meet the threshold by paying a total premium amount sufficient to achieve 95% or greater of the total net monthly premium amount owed.
Ineligibility for APTCs after one Year of Failing to Reconcile. CMS proposes to revise the “failure to file and reconcile process” by reinstating a 2015 policy that requires Exchanges to determine whether an individual is ineligible for the APTC if he or she did not file a Federal income tax return and reconcile their APTC amount in any given year. Currently, individuals will be deemed ineligible for failure to file and reconcile for a two-year span. 
Changes to Open and Special Enrollment Periods. Under the Proposed Rule, CMS also seeks to shorten the Open Enrollment Period (OEP) and make several changes to Special Enrollment Periods (SEPs), including:

Shortening the OEP for all individual market Exchanges and off-Exchange individual health insurance (that are non-grandfathered) from November 1st to January 15th to November 1st to December 15th. 
Removing the “low-income SEP” from both the Federal and State Exchanges. Currently, individuals whose projected household income is at or below 150% of the FPL have a SEP under the Federal and most State-based Exchanges whereby they can enroll or change plans on a monthly basis. CMS is proposing to remove this SEP. The stated purpose of this action is to reduce adverse selection (i.e., reduce the number of enrollees who sign up for health insurance only when they need coverage).
Requiring pre-enrollment verifications for applicants seeking coverage through a SEP. Currently, the Exchanges allow applicants to self-attest that, due to a change of circumstance, they qualify for a SEP (e.g., loss of employer coverage, marriage). The Proposed Rule would change the ability to self-attest and require applicants to submit documentation to the Exchanges. 

Requiring Active Re-Enrollment. CMS also seeks to eliminate automatic re-enrollment for fully subsidized enrollees by proposing to require that enrollees whose premium payment amount would be $0 after application of the APTC, would be required to pay a $5 monthly premium until they update their Exchange application with an eligibility redetermination confirming their eligibility for the APTC.
Repeal of Bronze to Silver Plan Cross-Walking. CMS proposes to repeal regulations that currently allow Exchanges to move enrollees eligible for cost sharing reduction, which covers the cost of out-of-pocket healthcare costs and deductibles, from a bronze Qualified Health Plan (QHP) to a silver QHP for an upcoming plan year if a silver QHP is available (i) in the same product, (ii) with the same provider network, and (iii) with a lower or equivalent net premium post APTC-application.
Ineligibility of DACA Recipients. CMS proposes to remove Deferred Action for Childhood Arrivals (DACA) recipients from the definition of “lawfully present,” which in effect renders DACA recipients ineligible for enrollment in a QHP through the Exchange. 
Prohibition of Coverage of Gender Affirming Care. CMS proposes to prohibit health insurance plans subject to the ACA’s essential health benefits (EHBs) from providing sex-trait modification, also commonly known as gender-affirming care, beginning Plan Year 2026. EHBs are ACA required minimum coverage categories that plans subject to the ACA must cover; EHBs are state or region specific and are determined based upon comparison to an EHB-benchmark plan that all other plans must mirror. This prohibition would in effect restrict all non-grandfathered insurance plans in the individual and small group markets, on- and off- Exchange, from covering sex-trait modification services. 
Updates to the Premium Adjustment Methodology. CMS further seeks to update the premium adjustment methodology, which is used to set several different coverage parameters, including maximum out-of-pocket cost-sharing (MOOP), premiums, and tax credits. By way of background, the current premium adjustment methodology took a more stable approach given the uncertainty of premiums during the end of the COVID-19 Public Health Emergency. Under the Proposed Rule, beginning in 2026, CMS is proposing using an adjusted private individual and group market health insurance premium measure. Such a change will likely cause an increase of MOOP and an increase in premiums.
Updating De Minimis Thresholds. Plans on the Exchange are considered bronze, silver, gold, and platinum based on their actuarial value – whereby bronze plans must cover 60% of an average enrollee’s costs, silver plans cover 70%, gold plans cover 80%, and platinum plans cover 90%. Insurers may offer a specific plan if it is within a “de minis range” of this target value – for example, insurers may offer bronze plans so long as the actuarial value is within +5% and -2% of 60%. Similarly, insurers can offer a silver, gold, and platinum plan, if its value is within +2/-2 percentage points. CMS proposes to change the de minimis ranges to +2/-4 percentage points for all individual and small group market plans subject to the actuarial value, except expanded bronze plans. Further, CMS seeks to include a de minims range of +1/-1 percentage points for income-based silver cost-share reduction plan variations (which was previously −0/+1 percentage points). In the Proposed Rule, CMS estimates that this proposal would decrease premiums by one percent; however, it is likely to reduce the APTCs available.
Evidentiary Standard for Terminating Agents and Brokers. The Proposed Rule seeks to revise the standard for the Department of Health and Human Services (HHS) to terminate for-cause agents, brokers, and web-brokers from the Federally-facilitated Exchange by adding a “preponderance of the evidence” standard of proof regarding issues of fact. HHS may terminate its agreements with agents, brokers, and web-brokers for-cause for instances of non-compliance, fraud, and abusive conduct. Currently, regulations do not indicate an evidentiary standard HHS must apply; instead, the regulation states that HHS may terminate “in HHS’s determination.” CMS states that this change would “improve transparency in the process of holding agents, brokers, and web-brokers accountable for compliance.” 
Potential Impacts to Plans
This Proposed Rule will have a direct impact on enrollment in the Exchanges. By adding measures that will increase premiums, reduce APTCs, and increase the administrative burden of applying and verifying enrollment, CMS will in effect discourage enrollment and decrease the number of individuals eligible for enrollment. Further, the changing rules may specifically discourage younger and/or healthier individuals from enrolling. This decrease in enrollment, coupled with the expected decrease in enrollment due to the expiration of the enhanced subsidies, could threaten the stability of the ACA Marketplace in the long run. 

DEA Telemedicine Rules Further Delayed Until (Nearly) 2026

Those waiting anxiously for the rules expanding the prescribing of buprenorphine via telemedicine and the controlled substance prescribing for patients at the Department of Veterans Affairs to officially go into effect will now have to wait until New Year’s Eve—December 31, 2025.
Practitioners will, however, be allowed to continue prescribing via telemedicine without first having an in-person visit with the patient, owing to COVID-19 Telemedicine Flexibilities for Prescription of Controlled Medications, in effect through the same end-of-year date.
A seven-page document released by the Department of Justice’s Drug Enforcement Administration (DOJ, DEA) and Department of Health and Human Services (HHS)—scheduled to be published in the Federal Register on March 24—further delays the effective dates of the “Expansion of Buprenorphine Treatment via Telemedicine Encounter” Final Rule and the “Continuity of Care for Veterans Affairs Patients” Final Rule, both dated January 17, 2025 .
As we alerted you in February, these same two rules, collectively referred to as the “Buprenorphine and VA Telemedicine Prescribing Rules,” were originally scheduled to become final on February 18, 2025 but were delayed until March 21, 2025.
The first delay stemmed from the January 20, 2025, Presidential Memorandum titled “Regulatory Freeze Pending Review” (the “Freeze Memo”) that empowered federal departments and agencies to “consider postponing” the dates of rules published but not yet in effect.
After reviewing the 32 comments that the first delay generated, the DOJ now “wishes to further postpone the effective dates for the purpose of further reviewing any questions of fact, law, and policy that the rules may raise,” despite the fact that 13 of the 32 commenters wished to finalize the effective date of the two rules as soon as possible.
The Rules
The Buprenorphine and VA Telemedicine Prescribing Rules amended previous regulations to expand the circumstances under which:

practitioners registered by DEA are authorized to prescribe schedule III-V controlled substances approved by the FDA for treatment of opioid use disorder via a telemedicine encounter; and
VA practitioners acting within the scope of their VA employment are authorized to prescribe schedule II-IV controlled substances via telemedicine to a VA patient with whom they have not conducted an in-person medical evaluation, if another VA practitioner has, at any time, previously conducted an in-person medical evaluation of the VA patient, subject to conditions.

The EBG team continues to monitor any changes to the Buprenorphine and VA Telemedicine Prescribing Rules.
Additional Author: David Shillcutt

The Ketamine Administration Market: A Legal Guide for Healthcare Entities

Ketamine is rapidly gaining attention as a legitimate treatment for depression, PTSD, and chronic pain. While traditionally used as an anesthetic, its off-label therapeutic benefits have driven significant growth in ketamine infusion clinics and home-treatment models. This has created an exciting but complex opportunity for healthcare entities eager to expand into the market.
Key Considerations for Entering the Market
Before establishing a ketamine administration service, it’s crucial to understand the regulatory landscape. Ketamine is classified as a Schedule III controlled substance, meaning there are strict federal and state rules regarding its prescribing, storage, and administration. Healthcare providers must register with the Drug Enforcement Administration (DEA) and adhere closely to rules surrounding controlled substances. Additionally, federal telehealth regulations—which significantly impact home-based ketamine therapies—are evolving, meaning businesses must stay informed about changing compliance requirements.
In New York and similarly regulated states, only licensed healthcare professionals, typically physicians, can own or operate medical practices administering ketamine. Non-physician entrepreneurs must navigate carefully structured arrangements, like Management Services Organizations (MSOs), to legally participate in the business side without violating state regulations. It’s also critical to recognize that, beyond federal regulations, state laws and requirements can vary widely. Healthcare entities planning to operate across state lines must ensure compliance with each individual state’s rules.
Risks and Liabilities
Entering the ketamine treatment field brings significant responsibilities. Safety and patient oversight are primary concerns, especially given the drug’s potential side effects. Whether treatments are administered in-clinic or at-home, appropriate medical supervision and thorough patient monitoring are essential to protect patient health and mitigate legal risks. Moreover, improper handling or prescribing of ketamine can lead to serious regulatory penalties or malpractice claims. Ensuring strict adherence to patient screening, informed consent practices, secure drug storage, and detailed record-keeping is fundamental. Providers must also consider robust emergency protocols specifically tailored for ketamine administration.

Understanding MSO Agreements: Key Considerations for Healthcare Providers

As healthcare providers look to streamline operations and improve efficiency, Management Service Organizations (“MSOs”) have become increasingly vital in helping medical practices, dental offices, and other healthcare entities manage non-clinical functions. MSOs typically provide administrative support, including billing, non-clinical human resources, IT management, and compliance services. These partnerships enable healthcare providers to focus on delivering quality patient care while MSOs handle the back-office tasks.
However, entering into an MSO agreement is a significant decision that requires careful legal consideration. 
What is an MSO Agreement?
An MSO agreement is a contract between a healthcare provider (such as a physician practice) and an MSO. The MSO provides non-clinical services such as management, billing, non-clinical human resources, compliance, and office administration, allowing a healthcare practice to focus solely on patient care. By entering into this agreement, healthcare providers can streamline operations, reduce overhead, and enhance efficiency without sacrificing quality.
That said, MSO agreements are more than just administrative contract – they often carry substantial legal and regulatory implications. Ensuring that your MSO agreement is structured correctly is critical for your practice’s success and legal compliance.
Key Considerations in MSO Agreements
1. Compliance with Healthcare Regulations Healthcare is one of the most heavily regulated industries, and MSO agreements must comply with numerous federal and state laws, including the Stark Law, Anti-Kickback Statute, and other regulatory guidelines. MSOs must not provide services in a way that would violate these laws, particularly when they involve relationships between healthcare providers and third-party vendors.
Pro Tip: Always consult with legal counsel to ensure that the MSO agreement is structured to avoid conflicts of interest and potential regulatory violations.
2. Ownership and Control One of the central issues in any MSO agreement is determining who controls the business operations. While an MSO can offer significant operational support, healthcare providers must always maintain clinical autonomy. The agreement must clearly define the scope of services, ensuring that the MSO does not infringe upon the practice’s medical decision-making.
Pro Tip: Ensure that the agreement specifies that clinical decisions remain under the control of the healthcare providers and that MSOs only handle non-clinical functions.
3. Fee Structure and Compensation The financial terms of an MSO agreement are critical. The fee arrangement should
reflect fair market value and should be structured in a way that aligns with both parties’ interests. For example, the MSO might be compensated on a flat fee, percentage of revenue, or another model. It is essential to carefully negotiate this provision to avoid potential legal risks.
Pro Tip: Work with a healthcare law expert to establish a fair and transparent fee structure that avoids any potential for abuse under fraud, waste and abuse laws.
4. Termination and Exit Strategy MSO agreements often last for a set period, but healthcare practices should plan for the possibility of termination or acquisition by private equity investors. It is important to outline clear terms for contract termination, including any notice periods and exit strategies. These provisions protect both parties and provide clarity if either party wishes to end the relationship or modify the terms.
Pro Tip: Ensure that the contract includes adequate safeguards for data protection, patient confidentiality, and transition planning in the event of termination. Further, being that a successful MSO model in a practice is particularly attractive to private equity investors, it is crucial that the agreement is structured in a way that would allow for the acquisition of the practice in the future.
5. Liability and Risk Management MSOs often provide services that carry legal risks, including billing, compliance, and human resources. It is essential that the MSO agreement clearly delineates liability, particularly regarding errors in services provided by the MSO. Any misstep in these areas can lead to significant exposure for the healthcare provider.
Pro Tip: Consider including indemnity clauses and releases that protect the healthcare provider from liability for the MSO’s mistakes or negligence.

Health Fitness, OCR’s Risk Analysis Initiative, and the ERISA Fiduciary Duty to Select Plan Service Providers

On Friday, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced the fifth enforcement action under its Risk Analysis Initiative. In this case, OCR reached a settlement with Health Fitness Corporation (Health Fitness), a wellness vendor providing services to employer-sponsored group health plans.
This announcement is interesting for several reasons. It furthers the OCR’s Risk Analysis Initiative. The enforcement action is a reminder to business associates about HIPAA compliance. The development also points to a significant development under ERISA for plan fiduciaries and service providers to their plans.
The OCR Risk Analysis Initiative
Anyone who takes a look at prior OCR enforcement actions will notice several trends. One of those trends relates to enforcement actions following a data breach. In those cases, the OCR frequently alleges the target of the action failed to satisfy the risk analysis standard under the Security Rule. This standard is fundamental – it involves assessing the threats and vulnerabilities to electronic protected health information (ePHI), a process that helps to shape the covered entity or business associate’s approach to the other standards, and goes beyond a simply gap analysis.
“Conducting an accurate and thorough risk analysis is not only required but is also the first step to prevent or mitigate breaches of electronic protected health information,” said OCR Acting Director Anthony Archeval. “Effective cybersecurity includes knowing who has access to electronic health information and ensuring that it is secure.”
For those wondering how committed the OCR is to its enforcement initiatives, you need not look further than its Right to Access Initiative. On March 6, 2025, the agency announced its 53rd enforcement action. According to that announcement, it involved a $200,000 civil monetary penalty imposed against a public academic health center and research university for violating an individual’s right to timely access her medical records through a personal representative.
The DOL Cybersecurity Rule
Businesses that sponsor a group health plan or other ERISA employee benefit plans might want to review the OCR’s announcement and resolution agreement concerning Health Fitness a little more carefully. In 2024, the DOL’s Employee Benefits Security Administration (EBSA) issued Compliance Assistance Release No. 2024-01. That release makes clear that the fiduciary obligation to assess the cybersecurity of plan service providers applies to all ERISA-covered employee benefit plans, including wellness programs for group health plans.
OCR commenced it investigation of Health Fitness after receiving four reports from Health Fitness, over a three-month period (October 15, 2018, to January 25, 2019), of breaches of PHI. According to the OCR, “Health Fitness reported that beginning approximately in August 2015, ePHI became discoverable on the internet and was exposed to automated search devices (web crawlers) resulting from a software misconfiguration on the server housing the ePHI.” Despite these breaches, according to the OCR, Health Fitness had failed to conduct an accurate and thorough risk analysis, until January 19, 2024.
For Health Fitness, it agreed to implement a corrective action plan that OCR will monitor for two years and paid $227,816 to OCR. For ERISA plan fiduciaries, an important question is what they need to do to assess the cybersecurity of plan service providers like Health Fitness during the procurement process and beyond.
We provide some thoughts in our earlier article and want to emphasize that plan fiduciaries need to be involved in the process. Cybersecurity is often a risk left to the IT department. However, doing so may leave even the most ardent IT professional ill equipped or insufficiently informed about the threats and vulnerabilities of the particular service provider. When it come to ERISA plans, this means properly assessing the threats and vulnerabilities as they relate to the aspects of plan administration being handled by the service provider.
Third-party plan service providers and plan fiduciaries should begin taking reasonable and prudent steps to implement safeguards that will adequately protect plan data. EBSA’s guidance should help the responsible parties get there, along with the plan fiduciaries and plan sponsors’ trusted counsel and other advisors.

The Ninth Circuit Confirms That Liability Insurers Are Entitled to Corroborating Medical Documentation Before Settling a Third-Party Bodily Injury Claim

Liability insurers often receive policy limit demands from third-party claimants that allege serious injuries without corroborating medical records or bills. Since the enactment of California Civil Procedure Code section 999 et seq. in 2023, these demands are typically made by “unrepresented” claimants who are actually receiving guidance from attorneys behind the scenes.
When insurers ask the claimants for corroborating medical documentation – or medical authorizations and sufficient time to use them – their requests are often ignored. Nevertheless, after the demands expire, the insurers are confronted with accusations that they acted in “bad faith” by failing to accept the uncorroborated demands. 
In McGranahan v. GEICO Indemnity Company, GEICO was sued for bad faith based on these very circumstances. GEICO’s summary judgment victory in that case was recently affirmed by the Ninth Circuit, which held that GEICO acted reasonably – as a matter of law – when it declined to settle for its policy limit before receiving corroborating medical records and bills. McGranahan v. GEICO Indem. Co., 2025 WL 869306 (9th Cir. Mar. 20, 2025). 
In McGranahan, GEICO’s insured was involved in an accident with a motorcyclist (McGranahan). During its investigation, GEICO spoke with McGranahan’s girlfriend, who claimed that McGranahan had suffered serious injuries and had been hospitalized for several weeks. GEICO asked the girlfriend for medical bills or records so that it could evaluate McGranahan’s claim. GEICO also requested that McGranahan sign and return a medical authorization so that GEICO could order the necessary medical documentation. Despite multiple follow-up requests, neither McGranahan nor his girlfriend provided GEICO with any medical records or bills, or a signed medical authorization.
Instead, after consulting with an attorney, McGranahan sent GEICO a handwritten letter demanding that GEICO pay him its $100,000 policy limit. In his demand letter, McGranahan claimed, among other things, that he suffered “significant injuries” and had “over a million dollars” in medical bills. 
GEICO responded by again asking McGranahan to provide corroborating medical documentation, which GEICO explained was “essential” to evaluate the claim. GEICO also asked for an extension to respond to the demand. After McGranahan ignored those requests, GEICO advised him that it could neither accept nor reject his demand until it had adequate supporting documentation. GEICO also continued to send follow-up requests for medical documentation, which continued to go unanswered. 
It was not until after McGranahan filed suit against GEICO’s insured that GEICO was first able to obtain corroborating medical documentation via formal discovery in the lawsuit. GEICO then offered McGranahan the policy limit, which he rejected based on his contention that the policy was “open” because GEICO had acted in bad faith by not accepting his prior policy limit demand. 
After reaching an agreement to resolve that lawsuit for a stipulated judgment in the amount of $1.5 million, McGranahan obtained an assignment of the insured’s rights and sued GEICO for bad faith failure to settle. Judge Aenlle-Rocha of the Central District of California granted summary judgment in favor of GEICO finding, as a matter of law, that GEICO did not act in bad faith. McGranahan v. GEICO Indem. Co., 714 F. Supp. 3d 1187 (C.D. Cal. 2024). In particular, the court concluded that it was reasonable for GEICO to seek corroborating medical documentation before settling McGranahan’s claim, and that GEICO made reasonable efforts to obtain that information. Id. at 1196-97. 
On March 20, 2025, the Ninth Circuit affirmed. McGranahan v. GEICO Indem. Co., 2025 WL 869306 (9th Cir. Mar. 20, 2025). In doing so, the Court made several significant rulings, including:

“An insurance company is entitled to receive medical records and bills to aid it in evaluating a settlement offer”; and
GEICO’s multiple requests for McGranahan’s medical bills/records or a signed medical authorization constituted a reasonable and adequate investigation (rejecting McGranahan’s argument that GEICO was required to send someone to meet with him or his girlfriend in person). 

The Ninth Circuit’s ruling in McGranahan is consistent with its prior published decision in Du v. Allstate Ins. Co., 697 F.3d 753, 759 (9th Cir. 2012), where it also recognized that an insurer is not required to accept bodily injury claims that are uncorroborated by medical documentation. Both of these decisions affirm the common-sense principle that liability insurers are entitled to corroborating medical documentation when evaluating a third-party bodily injury claim before their settlement duties are triggered. 
Rulings like this will help liability insurers defend themselves in bad faith lawsuits arising out of claims involving purportedly “unrepresented” claimants who submit policy limit demands without supporting medical documentation – a scenario that has become more commonplace after the enactment of California Civil Procedure Code section 999, et seq. 

HSE Publishes UK REACH Report (2023 to 2024) and Work Programme (2024 to 2025)

The United Kingdom’s (UK) Health and Safety Executive (HSE) announced on March 21, 2025, that it has published the following annual report and work program on activities under the UK regulation on the Registration, Evaluation, Authorisation and Restriction of Chemicals (UK REACH):

UK REACH Report, which outlines the relevant activities covering the 2023 to 2024 Work Programme; and
UK REACH Work Programme, which describes operational work for 2024 to 2025.

The UK REACH Report provides a summary of achievements, including:

Topic
Deliverable
Target
Outcome

Registration
Complete the processing of all Article 26 inquiries and, within three weeks of receipt, all new UK REACH registrations
100 percent
Met

Dossier evaluation
Meet legal obligations in relation to compliance checking of registration dossiers 
Examine testing proposals included in the registration dossiers to ensure that unnecessary animal testing is avoided
No fewer than 20 percent to meet legal obligations 
100 percent
 
Met

Substance evaluation
Evaluate substances in the Rolling Action Plan (RAP)
Evaluate one
Met

Authorization
Complete the processing of received applications within the statutory deadline
100 percent
Met

Substance of very high concern (SVHC) identification
Undertake an initial assessment of substances that have been submitted for SVHC identification under the European Union (EU) REACH during 2022/23 and consider if they are appropriate for SVHC identification under UK REACH
Assess up to five
Met

Regulatory management option analysis (RMOA)
Complete RMOAs initiated in 2022-2023 
Initiate RMOAs for substances identified as priorities
Up to ten 
Up to five
One completed, nine ongoing 
None prioritized

Restriction
Complete ongoing restriction opinions 
Begin Annex 15 restriction dossiers
Initiate scoping work for restrictions
Two 
One
Two
One complete, one delayed 
Met (March 2023)
Met

HSE notes that in preparing the UK REACH Work Programme, the Department for Environment Food and Rural Affairs (Defra), and the Scottish and Welsh governments (the Appropriate Authorities) work closely with HSE and the Environment Agency to prioritize issues for regulatory action under UK REACH. The UK REACH Work Programme summary of objectives includes the following:

Topic
Deliverable
Target

Registration/Product and Process Orientated Research and Development (PPORD)
Complete the processing of all Article 26 inquiries and, within three weeks of receipt, all new UK REACH registrations
100 percent

Dossier evaluation
Meet legal obligations in relation to compliance checking of registration dossiers 
Examine testing proposals included in registration dossiers to ensure that unnecessary animal testing is avoided
No fewer than 20 percent of received registration dossiers, to meet legal obligations 
100 percent
 

Substance evaluation
Complete the evaluation of substances in the RAP
Complete one

Authorization
Complete the processing of received applications within the statutory deadline
100 percent

SVHC identification
Undertake an initial assessment of substances that have been submitted for SVHC identification under EU REACH during 2023/24 and consider if they are appropriate for SVHC identification under UK REACH
Assess up to six

RMOA
Complete RMOAs
Up to nine

Restriction
Complete ongoing restriction opinions (lead in ammunition) 
Complete Annex 15 restriction dossiers for public consultation (per- and polyfluoroalkyl substances (PFAS) in firefighting foam (FFF))
One
One