Community and Environmental Groups File TSCA Section 21 Petition Seeking the Phase Out of Hydrogen Fluoride in Domestic Oil Refining
The Natural Resources Defense Council (NRDC) announced on February 11, 2025, that community and environmental groups submitted a petition under Section 21 of the Toxic Substances Control Act (TSCA) to the U.S. Environmental Protection Agency (EPA) to prohibit the use of hydrogen fluoride in domestic oil refining “to eliminate the extreme and unreasonable risks this use presents to public health and the environment.” Brought by NRDC, Clean Air Council (CAC), and Communities for a Better Environment (CBE), the petition states that EPA must issue a TSCA Section 6(a) rule prohibiting the use of hydrogen fluoride in domestic oil refining to eliminate unreasonable risks to public health and the environment. According to the petition, “TSCA requires EPA to issue such a rule because this petition identifies (1) a ‘chemical substance’ ([hydrogen fluoride]) that presents, (2) under one or more ‘conditions of use’ (the use of HF for alkylation at U.S. refineries, and the rail and truck transportation needed to supply HF to those refineries), (3) an unreasonable risk to health or the environment.” The petition notes that hydrogen fluoride can take different forms and that anhydrous hydrogen fluoride tends to form hydrofluoric acid when it mixes with water. As reported in our November 13, 2019, blog item, in 2019, EPA denied a similar TSCA Section 21 petition to prohibit the use of hydrofluoric acid in manufacturing processes at oil refineries. EPA denied the 2019 petition because it lacked the analysis that would be expected in a TSCA risk evaluation preceding a Section 6(a) rulemaking, such as “discussion of the appropriate hazard threshold, exposure estimates, assessment of risks, or how the facts presented allow EPA to comply with its duties under section 26 or other statutory requirements in making an unreasonable risk determination.” Absent such information, EPA “cannot make the threshold determinations necessary to substantively assess and grant a petition for a TSCA section 6(a) rulemaking.”
TSCA requires EPA to grant or deny the petition within 90 days from the day the petition is filed. If EPA grants the petition, EPA must promptly commence an appropriate proceeding. If EPA denies the petition, EPA must publish the reasons for denial in the Federal Register.
HHS Security Rule NPRM Proposes Makeover for Administrative Safeguard Compliance for Regulated Entities
In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we are exploring the proposed updates to the HIPAA Security Rule’s administrative safeguards requirement (45 C.F.R. § 164.308).
Background
Currently, HIPAA regulated entities must generally implement nine standards for administrative safeguards protecting electronic protected health information (ePHI):
Security Management Process
Assigned Security Responsibility
Workforce Security
Information Access Management
Security Awareness and Training
Security Incident Procedures
Contingency Plan
Evaluation
Business Associate Contracts and Other Arrangements
Entities are already familiar with these requirements and their implementation specifications. The existing requirements either do not identify the specific control methods or technologies to implement or are otherwise “addressable” as opposed to “required” in some circumstances for regulated entities. As noted throughout this series, HHS has proposed removing the distinction between “required” and “addressable” implementation specifications, providing for specific guidelines for implementation with limited exceptions for certain safeguards, as well as introducing new safeguards.
New Administrative Safeguard Requirements
The NPRM proposes updates to the following administrative safeguards: risk analyses, workforce security, and information access management. HHS also introduced a new administrative safeguard, technology inventory management and mapping. These updated or new administrative requirements are summarized here:
Asset Inventory Management – The HIPAA Security Rule does not explicitly mandate a formal asset inventory, but HHS informal guidance and audits suggest that inventorying assets that create, receive, maintain, or transmit ePHI is a critical step in evaluating security risks. The NPRM proposes a new administrative safeguard provision requiring regulated entities to conduct and maintain written inventories of any technological assets (e.g., hardware, software, electronic media, data, etc.) capable of creating, receiving, maintaining, or transmitting ePHI, and to illustrate a network map showing the movement of ePHI throughout the organization. HHS would require these inventories and maps to be periodically reviewed and updated at least once every 12 months andwhen certain events prompt changes in how regulated entities protect ePHI, such as new, or updates to, technological assets; new threats to ePHI; transactions that impact all or part of regulated entities; security incidents; or changes in laws.
Risk Analysis – While conducting a risk analysis has always been a required administrative safeguard, the NPRM proposes more-detailed content specifications around items that need to be addressed in the written risk assessment, including reviewing the technology asset inventory; identifying reasonably anticipated threats and vulnerabilities; documenting security measures, policies and procedures for documenting risks and vulnerabilities to ePHI systems; and making documented “reasonable determinations” of the likelihood and potential impact of each threat and vulnerability identified.
Workforce Security and Information Access Management – The NPRM proposes that, with respect to its ePHI or relevant electronic information systems, regulated entities would need to establish and implement written procedures that (1) determine whether access is appropriate based on a workforce member’s role; (2) authorize access consistent with the Minimum Necessary Rule; and (3) grant and revise access consistent with role-based access policies. Under the NPRM, these administrative safeguard specifications would no longer be “addressable,” as previously classified, meaning these policies and procedures would now be mandatory for regulated entities. In addition, the NPRM develops specific standards for the content and timing for training workforce members of Security Rule compliance beyond the previous general requirements.
2025 Outlook – the Department of Health and Human Services Under the Second Trump Administration – Diagnosing Health Care [Video, Podcast]
New from the Diagnosing Health Care Video Podcast: It is critical for health care and life sciences businesses to understand what might and might not change during this transitionary period.
How can you advocate for your needs and priorities in a time of such uncertainty?
On this episode, Epstein Becker Green (EBG) attorneys James Boiani, Rachel Snyder Good, Marjorie Scher, and Rob Wanerman discuss the proposed leadership of the U.S. Department of Health and Human Services under the second Trump administration and the top-ticket items for these potential new leaders.
Chevron deference article mentioned in today’s show
This podcast was recorded on January 23, 2025. Since then, EBG has put out several important free resources in response to President Trump’s executive orders and other executive actions to make sure EBG subscribers have the information they need to navigate any uncertainty. Some examples include:
DEI and Affirmative Action Programs Blitzed, While Executive Order 11246 Is Revoked
Navigating Executive Orders: Insights and What Lies Ahead
The Trump Administration’s Immigration Enforcement Policy: What Hospitals and Health Care Providers Must Know for Their Patients, Staff, and Visitors
The Future of Gender-Affirming Care: Legal, Ethical, and Practical Considerations for Providers
Recent policy shifts have placed gender-affirming care at the center of a legal and political battle that has profound implications for healthcare providers, patients, and institutions. A newly issued executive order has created uncertainty for hospitals, medical schools, and healthcare systems that provide these critical services, raising concerns about potential restrictions tied to federal funding, regulatory enforcement, and ethical obligations.
At its core, gender-affirming care encompasses a range of medical and psychological interventions that support transgender and nonbinary individuals. Major medical organizations, including the American Medical Association, the American Academy of Pediatrics, and the Endocrine Society, have long affirmed that these services are not only necessary but also life-saving for many patients. Treatments such as puberty blockers, hormone therapy, and surgical interventions have been standard components of medical care for gender-diverse individuals, following decades of research and clinical best practices. Despite this, the current policy climate has introduced new risks and challenges for providers and institutions committed to evidence-based care.
One of the most immediate concerns is the potential threat to federal funding for institutions that continue to offer gender-affirming services to minors. Federal research grants, medical education funds, and Medicare and Medicaid reimbursements could all be leveraged as enforcement mechanisms to discourage or prevent the provision of this care. The executive order signals an intent to use regulatory measures to impose restrictions, but it remains unclear how agencies will interpret and enforce these directives. Providers and institutions will need to monitor how federal agencies, such as the Department of Health and Human Services and the Centers for Medicare & Medicaid Services, implement these policies and whether legal challenges will limit or delay enforcement.
The legal landscape surrounding gender-affirming care is complex. Federal agencies have broad discretion in setting funding conditions, but they cannot do so in ways that violate constitutional protections or existing statutory laws. The Affordable Care Act’s Section 1557, for example, prohibits discrimination in healthcare settings based on gender identity. Recent court rulings have reinforced these protections, and legal challenges to any new restrictions will likely invoke these precedents. Several states and civil rights organizations have already initiated lawsuits, arguing that the executive order infringes on medical autonomy, equal protection rights, and existing federal nondiscrimination laws.
Beyond the legal and financial implications, healthcare institutions must also consider the ethical and reputational consequences of their response. Many hospitals and health systems have made public commitments to diversity, equity, and inclusion. A decision to scale back or eliminate gender-affirming services could undermine these commitments and erode trust within the communities they serve. For providers, the ethical obligation to deliver medically necessary care remains paramount. Professional organizations have repeatedly warned that restricting access to gender-affirming care can lead to severe mental health consequences, including increased rates of anxiety, depression, and suicidal ideation among transgender youth.
In light of these challenges, healthcare institutions should take proactive steps to prepare for potential regulatory changes and legal disputes. A critical first step is conducting a thorough review of federal funding streams to assess how dependent the organization is on grants, Medicaid, and Medicare reimbursements. Understanding the precise legal and financial risks will help inform decision-making. Institutions should also engage with legal and policy experts to explore compliance strategies that align with their commitment to patient care. In addition, collaboration with state and local governments may offer alternative funding mechanisms and legal protections that can mitigate federal enforcement risks.
Healthcare leaders must also consider the broader implications for access to care. In states where gender-affirming services remain protected under state law, institutions may still face federal pressure but will have legal support to continue providing care. In states where gender-affirming care is already restricted or under attack, providers may need to explore partnerships with out-of-state institutions, telehealth models, and other innovative solutions to ensure patients can still access the care they need.
As legal and policy battles over gender-affirming care continue to evolve, healthcare institutions will need to remain adaptable. The shifting regulatory environment requires a careful balance between compliance, financial sustainability, and institutional commitments to patient care. The coming months will likely bring new legal challenges, agency guidance, and policy shifts that could further shape the landscape. Healthcare leaders should proactively assess their organizational risk, consult legal and policy experts, and remain engaged in discussions about how best to navigate these complexities while ensuring access to appropriate care within the bounds of applicable laws.
Listen to this post
This Week in 340B: February 4 – 10, 2025
Find this week’s updates on 340B litigation to help you stay in the know on how 340B cases are developing across the country. Each week we comb through the dockets of more than 50 340B cases to provide you with a quick summary of relevant updates from the prior week in this industry-shaping body of litigation.
Issues at Stake: HRSA Audit Process; Rebate Model; Other
In a case brought by a 340B covered entity against the Health Resources and Services Administration (HRSA) alleging that HRSA prevented the covered entity from accessing the 340B Program, the covered entity filed a notice of voluntary dismissal.
In a case challenging HRSA’s policy prohibiting all manufacturer conditions on 340B transactions, plaintiffs filed a motion for summary judgment.
In a Freedom of Information Act (FOIA) case, the plaintiff filed a motion to strike HRSA’s motion for summary judgment.
In one HRSA audit process case, the plaintiff filed a brief in opposition to a drug manufacturer’s motion for leave to file as amicus curiae.
In four HRSA audit process cases, the parties filed joint stipulations that the government will provide to the plaintiffs thirty days’ written notice before termination of the plaintiffs from the 340B Program.
In five cases against HRSA alleging that HRSA unlawfully refused to approve drug manufacturers’ proposed rebate models:
In two cases, each drug manufacturer plaintiff filed a motion for summary judgment and a group of interested parties filed a motion to intervene.
In one case, two patient advocacy groups filed a motion for leave to file as amicus curiae.
In one case, the drug manufacturer plaintiff filed a motion for summary judgment, a group of interested parties filed a motion to intervene, and two patient advocacy groups filed a motion for leave to file as amicus curiae.
In one case, a group of interested parties filed a motion to intervene.
Kelsey Reinhardt and Nadine Tejadilla also contributed to this article.
End of an Era: Cal/OSHA’s COVID Non-Emergency Standard Sunsets
As of February 3, 2025, most of Cal/OSHA’s COVID-19 Prevention Non-Emergency Standards have officially come to an end. This marks a significant shift for California employers who have been navigating these regulations and their predecessor emergency temporary standards for the past four years.
Despite the expiration of most obligations under this standard, employers are required to comply with certain recordkeeping requirements under Title 8, Subsection 3205(j) until February 3, 2026. As a practical matter, what does this require? There is some ambiguity in how the regulation is drafted.
To set the stage: While the Non-Emergency Standards were in effect, employers were required to keep detailed records of all COVID-19 cases, including the employee’s name, contact information, occupation, workplace location, last day at the workplace, and the date of the positive COVID-19 test or diagnosis.
Going forward, the requirement that employers comply with recordkeeping requirements through February 3, 2026, could be interpreted in either of two ways:
First, the simplest reading is:
With respect to COVID-19 cases that occurred up to February 3, 2025, employers must maintain these detailed records for two years or until February 3, 2026, whichever date comes first.
Alternatively, a more conservative reading of the regulation leads to the following:
Employers must continue to record and track COVID-19 cases that occur through February 3, 2026. Records of COVID-19 cases must be kept for two years. For example, records of a COVID-19 case in January 2026 would need to be maintained through January 2028.
The second interpretation raises additional questions. For instance, why would employers need to record and track COVID-19 cases when all of the related requirements from the Non-Emergency Regulations have expired (such as notifying employees, providing testing, etc.)?
Absent further guidance on this point, the answer is unclear. Cal/OSHA could be expecting employers to keep track of COVID-19 trends and respond to safety concerns through California’s Injury and Illness Prevention Program (IIPP) requirement.
To that point, even though the specific COVID-19 prevention regulations have ended, employers must still adhere to general workplace safety requirements:
Employers are required to maintain a safe and healthful workplace as mandated by Labor Code section 6400.
Employers must continue to implement and maintain an effective IIPP as required by Title 8, California Code of Regulations, sections 1509 (Construction) and 3203 (General Industry).
If COVID-19 is identified as a workplace hazard, employers must evaluate and correct any unsafe conditions, work practices, or procedures associated with it.
While the end of Cal/OSHA’s COVID-19 Prevention Non-Emergency Standards signifies a return to pre-pandemic regulatory conditions, employers must remain vigilant in maintaining workplace safety and complying with ongoing recordkeeping requirements.
The 340B Reimbursement Battle: What Hospitals and Insurers Need to Know
The U.S. Supreme Court’s ruling in American Hospital Association (“AHA”) v. Becerra (2022) sent shockwaves through the 340B drug pricing program when it held that CMS’ reduction of reimbursement for drugs purchased under the 340B program was not permitted by law.
The Supreme Court chose not to address potential remedies and remanded the case back to the D.C. District Court for further proceedings on how to correct the underpayments. Instead of vacating the unlawful reimbursement rates, the District Court decided to remand without vacatur, allowing HHS the opportunity to remediate its underpayments.[1] AHA v. Becerra (2023).
In response, the Centers for Medicare & Medicaid Services (CMS) issued a 2023 Final Rule mandating a retroactive lump-sum reimbursement to 340B participating hospitals for 340B underpayments made between 2018 and 2022. The Supreme Court’s decision, coupled with CMS’s administrative action, has led to significant contractual disputes and regulatory challenges as 340B contract hospitals seek restitution for past financial shortfalls while Medicare Advantage organizations (“MAOs”) grapple with the fiscal implications of these payment adjustments. The stakes are high, with hospitals seeking significant back payments and MAOs pushing back, arguing that their obligations are dictated by contracts, not federal rulemaking. As legal battles unfold, the question remains: Who is financially responsible for correcting these underpayments? This article analyzes these developments, focusing on the litigation between hospitals and MAOs and offering strategic contractual considerations in this shifting landscape.
Historical and Legal Context
The Supreme Court’s ruling in AHA v. Becerra represents a pivotal moment in healthcare law, particularly for hospitals participating in the 340B program. The litigation centered on the legality of CMS’s previous reductions in reimbursement rates for 340B drugs, a policy the Court ultimately found to be incompatible with statutory mandates. Hospitals that rely on the 340B program had long contended that CMS’s payment reductions disproportionately impacted their ability to provide essential care to economically disadvantaged populations. By invalidating CMS’s reimbursement policy, the Court reaffirmed that federal payment methodologies must meet certain statutory processes that support transparent and non-discriminatory reimbursement practices.
Following the ruling, CMS issued the 2023 Final Rule to remedy previous underpayments by providing a lump-sum reimbursement to 340B participating hospitals for the period spanning 2018 to 2022. CMS, however, did not extend this corrective measure to MAOs, which negotiate contracts independently with healthcare providers.[2] This regulatory gap has resulted in legal disputes over whether MAOs bear a similar obligation to rectify past underpayments.[3] Given the absence of explicit regulatory directives, hospitals and MAOs are now engaged in legal disputes with potentially far-reaching consequences for reimbursement policy and contractual obligations.
Medicare Advantage Regulatory Framework – Federal Law Considerations
Medicare Advantage (Part C) plans operate under federal law (42 U.S.C. § 1395w-22 et seq.), with regulations from the Centers for Medicare and Medicaid Services (CMS) (42 C.F.R. § 422.504) mandating that MAOs contracting with CMS must provide benefits that are “at least as favorable” as those under traditional Medicare Fee-for-Service (FFS) structure. Hospitals may argue that this federal requirement implies an obligation for MAOs to reimburse 340B providers at corrected rates, particularly in light of CMS’s 2023 Final Rule. They may further contend that CMS’s failure to extend the same correction to MAO reimbursements constitutes an arbitrary and capricious action under the Administrative Procedure Act (APA), as it undermines the statutory requirement for parity between MAO and FFS coverage.
However, MAOs will likely argue that CMS regulations do not require payment parity with 340B participating hospitals. Moreover, because reimbursement rates are determined through contractual agreements rather than statutory mandates, CMS’s decision to correct 340B payments for FFS Medicare does not automatically extend to MAOs. This position is supported by cases such as Caris MPI v. UnitedHealthcare, Inc. (5th Cir. 2024) and Wise v. UnitedHealthcare of Florida, Inc. (M.D. FLA. 2019), where courts upheld MAOs’ autonomy in structuring reimbursement rates with providers, distinguishing them from traditional Medicare FFS.
At their core, these legal disputes revolve around the interpretation of contractual terms and obligations. The outcomes hinge on how courts construe key provisions governing pricing, reimbursements, and program compliance. Provider agreements that specify reimbursement at the Medicare allowable rates and in accordance with Medicare Advantage rules, laws and regulations, raises the question of whether CMS’s retroactive correction of 340B underpayments creates contractual obligation for MAOs to make corresponding adjustment, even in the absence of explicit regulatory mandates. Hospitals argue that references to Medicare rates imply a duty for MAOs to adhere to CMS’s updated methodology. See Baptist Health v. Health Value Management, Inc. (2024); see also University of Alabama Hospital v. UnitedHealthCare of Alabama, Inc. et al., (2024). However, MAOs will likely assert that their contractual obligations are limited to the reimbursement rates “in effect at the time services were rendered.” Further, because CMS’s remedy was issued post hoc, MAOs may contend that it does not alter historical payment obligations, thus precluding any duty to make retrospective adjustments. In support, MAOs may cite cases like UnitedHealthcare Ins. Co. v. Becerra, (2021) and Bowen v. Georgetown University Hospital (1988), where courts sided with insurers, concluding that CMS’s policy guidance did not mandate retroactive application. Moreover, many MAO contracts employ independently negotiated rate structures rather than directly incorporating Medicare payment policies, further complicating claims of automatic applicability.
State Law Considerations
The specific language in provider contracts is critical in determining payment obligations. Courts will assess whether MAOs agreed to pay Medicare-equivalent rates, whether contracts reference CMS payment policies, and whether such references include retroactive corrections. If contract language is ambiguous, courts may construe terms against the drafter (usually the MAO) under standard rules of contract interpretation.
Further, most states recognize an implied duty of good faith and fair dealing in contracts. Hospitals may argue that MAOs acted in bad faith by refusing to adjust payments after CMS corrected its 340B policy. MAOs, however, will likely assert that they followed their contracts as written and that good faith does not translate into retroactive payments unless explicitly stated. Courts have previously ruled in Empire HealthChoice Assurance, Inc. v. McVeigh, (2006) that contract disputes in federally regulated insurance contexts require explicit statutory or regulatory guidance to override private agreements.
Hospitals may also bring equitable claims, asserting that MAOs benefited financially from lower reimbursement rates while hospitals unfairly bore the losses. In Maine Community Health Options v. United States, (2020), the Supreme Court recognized the federal government’s obligation to honor payment commitments under statutory frameworks, which may be used to argue that similar obligations apply to MAOs operating under Medicare Advantage. Under quantum meruit (fair value claims), hospitals might argue that they provided services at a discounted rate due to an unlawful payment cut and should be reimbursed at corrected rates. MAOs will likely counter that they were not unjustly enriched, since they paid in accordance with contractual agreements at the time.
MAOs may also argue that federal law preempts state contract law in Medicare Advantage disputes, which could limit hospitals’ ability to seek remedies under state law. Prior cases, such as UnitedHealthcare Ins. Co. v. Becerra (2021) and Empire Health Foundation v. Becerra (2022), illustrate courts’ deference to clear CMS regulatory guidance in contractual disputes. Courts deferring to CMS’s lack of explicit guidance requiring retroactive MAO reimbursements, could further limit hospital recourse under state contract laws.
Additionally, statutes of limitations could play a role in determining the viability of hospitals’ claims. Federal law typically imposes a six-year statute of limitations for claims involving Medicare payments, while state contract laws vary widely, ranging from three to ten years depending on the jurisdiction. Further, some contracts contain “claim reconciliation” provisions, which establish a time limit for providers to submit adjustments or appeals for payment discrepancies. MAOs may use these statutory and/or contractual deadlines as a defense, arguing that claims for underpayments made in earlier years are time-barred, limiting hospitals’ ability to recover retroactively. Hospitals seeking reimbursement must be mindful of these limitations, as failure to file claims within the applicable timeframe could preclude recovery.
Given the complex interaction between federal administrative law and state contract enforcement mechanisms, courts will need to assess whether claims fall within permissible legal timeframes or if they are procedurally barred due to expiration of applicable statutes of limitations. In Heckler v. Community Health Services of Crawford County, (1984), the Supreme Court examined equitable tolling in Medicare disputes, a concept that could be relevant in assessing whether hospitals’ claims should be extended due to CMS’s prior miscalculations. In Sebelius v. Auburn Regional Medical Center, (2013), the Supreme Court ruled that administrative appeals involving Medicare payments are subject to strict statutory deadlines, which could be relevant in determining whether hospitals’ reimbursement claims are time-barred.
Further, if MAOs knowingly underpaid hospitals despite CMS’s acknowledgment that its 340B reductions were unlawful, they could face claims under state bad faith insurance laws or deceptive trade practice statutes.
Budget Neutrality and Fiscal Considerations
A critical consideration in this area is CMS’s budget neutrality principle, which offsets the cost of the 340B reimbursement correction by reducing future outpatient payments to hospitals. CMS’s approach to correcting underpayments for 340B participating hospitals adhered to this principle by offsetting increased payments with corresponding reductions. However, the application of budget neutrality in the Medicare Advantage context is less defined, raising questions about how funding structures impact reimbursement obligations. Because the corresponding reductions are spread out over sixteen (16) years, it raises questions as to how the MAOs might benefit from this split process. However, CMS plans to adjust premiums for reductions beginning in 2026, so MAOs will likely argue they do not benefit from the split process. See CMS’s January 10, 2025 Advance Notice.
Hospitals may contend that MAOs should apply a similar adjustment framework, given that CMS’s corrective action was internally funded within the Medicare system. Without requiring MAOs to adjust payments, financial disparities could be further exacerbated, disproportionately impacting 340B hospitals already burdened by CMS’s budget neutrality offsets.
Conversely, MAOs may highlight that CMS’s corrective action did not allocate funding for retroactive adjustments to MAOs. MAOs operate within a fixed payment framework, with capitation rates determined by CMS based on actuarial assumptions. If compelled to issue retroactive payments to hospitals, MAOs may argue that such obligations would disrupt the actuarial stability of their reimbursement models and create an unanticipated financial burden. Unlike traditional Medicare, where CMS can implement budget-neutral adjustments across the broader system, MAOs do not have a direct mechanism to recover additional expenditures incurred due to retroactive payment obligations. They argue that imposing reimbursement obligations without corresponding federal compensation would constitute an unfunded mandate, contravening CMS’s budget neutrality principle. This raises other complex questions regarding whether requiring MAOs to adopt CMS’s revised methodology would necessitate a recalibration of their funding structure, potentially leading to increased premiums or reduced benefits for beneficiaries.
Key Takeaways – Strategic Considerations for Hospitals and MAOs
Hospitals pursuing retroactive reimbursement from MAOs should undertake a detailed review of their agreements with those MAOs to ascertain whether their reimbursement provisions provide a contractual basis for such claims. Key considerations include explicit references to Medicare FFS methodologies, provisions regarding compliance with CMS payment policies, and any clauses addressing retroactive adjustments. In cases where contractual language supports reimbursement at corrected Medicare rates, hospitals may pursue breach of contract claims or seek recovery for unjust enrichment, particularly where MAOs benefited from reduced payments now deemed unlawful.
Conversely, MAOs should conduct a rigorous evaluation of their contractual obligations to determine the extent to which retroactive adjustments may be required. If agreements do not explicitly incorporate Medicare FFS revisions, MAOs may argue that any retroactive payment obligations fall outside the scope of their contractual responsibilities.
Consequently, both hospitals and MAOs should consider negotiating more precise contractual terms regarding the applicability of CMS rate adjustments—particularly those with retroactive implications—to minimize financial uncertainty and potential disputes.
Conclusion
The battle over 340B reimbursement through MAO-hospital relationships highlights the complex interplay between contractual obligations, regulatory policies, and financial feasibility under Medicare’s budget neutrality framework. As this conundrum continues to unfold, hospitals and MAOs must carefully assess their contractual positions and financial exposure while remaining attuned to judicial and regulatory developments that will shape the future of 340B reimbursement obligations.
ENDNOTES
[1] The court reasoned that vacatur would be highly disruptive due to the complexity of the Medicare system and potential budget neutrality concerns.
[2] Per 42 U.S.C. § 1395w-24(a)(6)(B), CMS is prohibited from requiring a particular payment structure in contracts between MAOs and providers.
[3] CMS’s 2023 Final Rule restates that MAOs must pay non-contract hospitals at least the amount such hospitals receive under Original Medicare payment rules but fails to comment on MAOs obligations with respect to contracted hospitals. See 88 FR 77150, 77184.
Blast from the Past: The Potential Ripple Effect of the ‘Return to In-Person Work’ Executive Order on the Private Sector and Key Considerations for Employers
President Donald Trump’s “Return to In-Person Work” executive order (EO) mandates that federal employees return to full-time office work. This EO effectively ended the widespread hybrid and remote work arrangements that had become common in the government sector. Federal agencies must now “take all necessary steps” to enforce in-person attendance. While the EO does not apply to the private sector, it may encourage private employers to implement similar policies. Although employers generally have the right to require in-person work, they must ensure that such requirements comply with the law.
Reasonable Accommodations & Remote Work
One of the most pressing legal issues tied to return-to-office mandates is the question of reasonable accommodation under federal and state disability laws. The Americans with Disabilities Act (ADA) requires employers to provide reasonable accommodations for employees with disabilities. In recent years, many employees with disabilities requested remote work as an accommodation. Pre-COVID-19, many employers were skeptical of remote work. In the wake of the pandemic shutdown that necessitated remote work, many employers had to revisit this issue and determine whether remote work might be a reasonable accommodation.
Key Considerations for Employers When Providing Reasonable Accommodations
The duty to accommodate under the ADA arises once the employer is aware of an employee’s disability. While the employee generally bears the responsibility to request accommodation, some courts require employers to provide accommodations if they knew or should have known about the disability and need for accommodation. You have to engage in the interactive process in making your determination. In doing so, employers should consider the following:
Essential Job Functions
The key factor in evaluating whether remote work is a reasonable accommodation of an employee’s disability is whether the employee can perform the essential job functions remotely. You should review job descriptions to determine if in-office presence is necessary. If you think it is, you may request medical documentation to confirm the disability and why remote work is medically necessary (and for how long). Remember that you do not have to remove any essential job functions. You should also make sure that other employees are not currently performing this job remotely (and have not done so in the past).
Undue Hardship
Employers must determine if remote work would cause an undue hardship by considering:
The nature and cost of the accommodation
The facility’s financial resources, workforce size, and expenses
The employer’s overall resources, size, and locations
The impact on operations and workforce structure
The effect on facility operations
Frankly, proving an undue hardship, particularly in connection with a remote work request, is an uphill battle.
The Choice is Yours
As organizations implement return-to-office policies, it’s crucial to balance business needs with compliance under the ADA. Employers should enforce in-person attendance but should not automatically reject an employee’s request for remote work as an accommodation. Have a good process in place to ensure all requests are evaluated in accordance with the law.
Listen to this post
OSH Law Primer, Part XI: Understanding and Contesting OSHA Citations: An Overview
This is the eleventh installment in a series of articles intended to provide the reader with a very high-level overview of the Occupational Safety and Health (OSH) Act of 1970 and the Occupational Safety and Health Administration (OSHA) and how both influence workplaces in the United States.
By the time this series is complete, the reader should be conversant in the subjects covered and have developed a deeper understanding of how the OSH Act and OSHA work. The series is not—not can it be, of course—a comprehensive study of the OSH Act or OSHA capable of equipping the reader to address every issue that might arise.
The first article in this series provided a general overview of the OSH Act and OSHA; the second article examined OSHA’s rulemaking process; the third article reviewed an employer’s duty to comply with standards; the fourth article discussed the general duty clause; the fifth article addressed OSHA’s recordkeeping requirements; the sixth article covered employees’ and employers’ respective rights; the seventh article addressed whistleblower issues; the eighth article covered the intersection of employment law and safety issues; the ninth article discussed OSHA’s Hazard Communication Standard (HCS); and the tenth article examined voluntary safety and health self-audits. In this eleventh article in the series, we focus on OSHA’s citation process.
Quick Hits
The OSH Act requires that OSHA detail violations with specific reference to the standards breached and descriptions of the noncompliant conditions or conduct found.
OSHA classifies a citation as one of four categories—“willful,” “repeat,” “serious,” and “other”—each with a degree of severity and associated penalties, adjusted annually for inflation.
An employer receiving an OSHA citation must first post the citation in a prominent place, at or near the worksite referenced in the citation.
The employer may contest the citation within fifteen working days (during which OSHA typically schedules an informal conference) and settle the case with OSHA at any time via a signed, written agreement that addresses all material terms and resolves all contested issues. The parties must file the notice of settlement with an administrative law judge of the Occupational Safety and Health Review Commission (OSHRC).
No employer wants to be inspected; if inspected, every employer hopes to escape citation. However, the Occupational Safety and Health Administration (OSHA) frequently issues citations at the conclusion of inspections. What does a citation mean for an employer, and what can an employer do with it once received?
Understanding the Alleged Violation and Potential Consequences
The Occupational Safety and Health (OSH) Act requires the agency to “describe with particularity” the violation(s), which consists of a reference to the standard(s) believed to have been violated and usually a one- or two-paragraph description—called the “alleged violation description” (AVD)—of the noncompliant condition or conduct found.
Along with the violation and AVD, OSHA classifies citations into one of four categories: (1) “Willful”; (2) “Repeat”; (3) “Serious”; and (4) “Other.” Willful violations are the most severe classification of violation. A violation is “willful” if it is “an act done voluntarily with either an intentional disregard of, or plain indifference to, the OSH Act’s requirements.”While the OSH Act does not define the term “Repeat Violation,” courts typically require proof that the respondent violated the same standard on an earlier occasion in a substantially similar fashion. The OSH Act does not limit how far back OSHA may look for a Repeat violation, but the agency currently confines itself to a five-year lookback with regard to an employer’s citation history nationwide. Serious violations are the most commonly cited violations. OSHA classifies a violation as “Serious” when the hazard created by the violated standard has a substantial probability of causing death or serious physical harm to an employee. “Other” violations, sometimes also referred to as “Other Than Serious” violations, are cited when an employer violates a standard, but the hazard is not capable of causing death or serious physical harm. OSHA typically reserves “Other” violations for paperwork violations, such as failures to keep proper OSHA 300 logs.
A citation will also contain a proposed penalty. The amount can vary depending on the gravity and severity of the violation, including the likelihood of severe injury and the number of employees exposed to the hazard. Pursuant to the Federal Civil Penalties Inflation Adjustment Act of 2015, OSHA increases the penalty amounts every year based on the annual inflation rates. As of January 15, 2025, the maximum penalties increased to $165,514 for Willful and Repeat violations, and $16,550 for Serious and Other Than Serious violations.
To reward and incentivize good-faith efforts to implement an effective safety and health management system in the workplace, the agency may reduce a penalty. In considering good faith, OSHA reviews the employer’s overall safety and health program. If the agency determines the employer has an effective written safety and health program, covering all relevant OSHA standards, OSHA may reduce the proposed penalty by up to 25 percent.However, OSHA will not reduce penalties for willful and repeat violations.
Typically, OSHA proposes one penalty for each OSHA regulation (or “standard”) violated, even though multiple employees may have been exposed to the violation and even though an employer may have multiple instances of the same violation. For example, an employer’s failure to install safety guards on ten identical machines is ordinarily cited and penalized as one violation, not ten. Furthermore, OSHA normally would propose one penalty for a machine guarding violation, regardless of the number of employees using the machine. However, under a policy OSHA developed for “egregious” violations, the agency may treat each instance of a violation as a separate violation, thus multiplying the potential penalty amount.
Abatement Requirements
The OSH Act requires employers to abate, or correct, violative conditions. The citation will provide a deadline for the employer to abate the citation. It will not include any directive or recommendation for abatement, unless the citation is for a violation of the General Duty Clause, also known as Section 5(a)(1) of the OSH Act. Employers must provide proof of abatement to OSHA by the deadline, although an employer can receive an extension if it can persuade OSHA or OSHRC to grant one. OSHA commonly accepts photographs of corrective action, but sometimes a statement from the employer detailing the abatement methods can suffice. When in doubt, a telephone call to the compliance officer or area director can often clarify the ambiguity and provide guidance on required actions needed to satisfy abatement.
Addressing an OSHA Citation
Any employer receiving a citation must first post the citation in a prominent place, at or near the worksite referenced in the citation. Typically, posting on the employee bulletin board containing the mandatory U.S. Department of Labor (DOL) postings relating to minimum wage, etc., will suffice. OSHA permits an employer to redact the penalty amounts.
Companies not familiar with OSHA are often unsure of their rights to contest a citation. An invoice is attached to the citation; many assume they cannot appeal the matter and simply pay the penalty. While accepting the citation is one possible resolution, the employer has the right to challenge (called “contest”) any citation it receives.
If the employer decides the citation is valid, or at least not worth litigating, the employer need do nothing but abate the hazard within the time specified on the citation and remit the penalty amount to OSHA.
If the employer requests one, OSHA will conduct an informal conference. These conferences are typically scheduled during the fifteen–working-day contest period and allow the employer and the agency to discuss the citations in an informal setting, usually with an area director or assistant area director. The agency will usually make a settlement offer, generally consisting of lower penalty amounts; sometimes the agency withdraws one or more violations, but the agency has the authority to change classifications and AVD language, too.
Importantly, the informal conference does not suspend or delay the fifteen-working-day deadline for an employer to contest a citation.
If the employer sends OSHA a notice of contest, it may still settle the case at any time, very similar to the manner done at informal settlement. The only prerequisite required is that OSHA and the employer reach an agreement on all material terms and reduce their understanding to a signed, written document. Once the parties reach a full settlement agreement—resolving all issues contested—they file a notice of settlement with the administrative law judge (i.e., an OSHRC judge), which terminates the case.
Keeping Cool: Understanding Nevada OSHA’s Heat Illness Prevention Guidance
As temperatures rise, the risk of heat-related illnesses in the workplace becomes a significant concern. To address this, the Nevada Occupational Safety and Health Administration (Nevada OSHA) has implemented a new regulation to protect employees from heat illness. Recently, Nevada OSHA released guidance for its heat illness prevention regulation. Nevada OSHA will begin enforcement of its heat illness prevention regulation on April 29, 2025.
Quick Hits
Nevada OSHA has introduced a new regulation to protect employees from heat illness, with enforcement starting on April 29, 2025.
The heat illness regulation requires Nevada employers with more than ten employees to create a written safety program and conduct a job hazard analysis (JHA).
Employers are required to provide training on heat illness prevention, provide rest breaks, ensure access to potable water, and designate a person to monitor working conditions and emergency responses.
Scope and Coverage
The heat illness regulation applies to all employers in Nevada with more than ten employees, requiring them to establish written safety programs, and to employers that engage in the manufacture of explosives, regardless of the number of employees. Although employers that do not meet these criteria are exempt from the specific requirements of the heat illness regulation, employers must still protect their employees from recognized hazards, including heat illness, under the General Duty Clause.
Key Requirements
Job Hazard Analysis (JHA)
Employers must conduct a one-time, written JHA before a task is undertaken for the first time. There is no specific form or template employers must fill out. Instead, Nevada OSHA requires the following specific information be contained in the JHA:
a list of all job classifications in which the majority of employees in those classifications have occupational exposure to heat illness for more than thirty minutes of any sixty-minute period, not including breaks;
a list of all tasks and procedures, or groups of closely related tasks and procedures, performed by employees in which occupational exposure to heat illness may occur and which are performed by employees in the job classifications above;
identification of working conditions that may cause occupational exposure to heat illness; and
identification of measures to mitigate or eliminate the heat illness hazard if identified.
The JHA must be reviewed and revised if a task materially changes or following an accident. Nevada OSHA recommends involving employees in the JHA that perform the work due to their unique understanding of the job they perform. If an employer conducts a JHA and determines that employees are not exposed to hazardous working conditions that may cause occupational exposure to heat illness, then the employer should document its analysis in writing.
(Note: Nevada OSHA will request a JHA and issue citation(s) for noncompliance.)
Written Safety Program
The program must include provisions for potable water, rest breaks, cooling measures, emergency medical response procedures, identification and mitigation of any work process that may generate additional heat or humidity, and training.
Employers must designate a person responsible for monitoring working conditions and ensuring compliance with the safety program.
Monitoring and Emergency Response by the Designated Employee
The designated employee must monitor working conditions that could create occupational exposure to heat illness and have a plan for emergency medical response if an employee shows signs of heat illness.
Nevada OSHA recommends the designated employee be part of the crew or work unit performing the work. Nevada OSHA also recommends designating a backup designee.
For remote workers, the guidance recommends that employers should establish a monitoring plan that includes the frequency of monitoring, contingencies when responses are not provided, and emergency response procedures.
Training
Employers are required to train employees to recognize the hazards of heat illness and the procedures to minimize these risks.
The guidance recommends that employers provide training before employees begin their work duties, and refresh the training annually.
Nevada OSHA’s Best Practices to Mitigate or Eliminate Heat Illness
Engineering controls: Use air conditioning, increase ventilation, provide cooling fans, and use reflective shields to block radiant heat.
Administrative controls: Schedule hot jobs for cooler parts of the day, provide adequate drinking water, and use work/rest schedules.
Personal protective equipment: Provide hats for outdoor work, cooling vests, and appropriate clothing to prevent heat stress.
Acclimatization: Allow new workers to gradually acclimate to hot environments over seven to fourteen days and inform employees of health risk factors that may increase their susceptibility to heat illness.
Indoor Workplaces
For indoor workers in climate-controlled environments, including those who work in motor vehicles, the regulation does not require the employer to conduct a JHA, designate a person to perform certain functions, create a plan in the written safety program, or provide training. However, if the climate control system fails, employers must implement measures to address potential heat hazards until the system is restored.
Nevada OSHA’s Enforcement Guidance
In addition to programmed and unprogrammed inspections, Nevada OSHA will conduct inspections on “heat priority days,” which is any day where the temperature reaches or exceeds ninety degrees Fahrenheit. During inspections, Nevada OSHA compliance safety health officers will request the documents, including but not limited to the following:
The current Nevada state business license
Workers’ compensation coverage
Injury and illness records (i.e., OSHA 300 Logs)
Documents of rights and responsibilities
The written safety program
Employee training records
Documentation of workplace inspections
Documentation of employee disciplinary records
Manufacturer’s information related to equipment related to the violation/inspection
The JHA
A Changing Enforcement Landscape Under the New Administration
As the Trump Administration embarks on its second term, significant shifts in government enforcement priorities are quickly taking shape. Not surprisingly, this administration appears to be focusing on immigration, drug and violent crime offenses, and traditional fraud rather than more novel white-collar enforcement. Additionally, it appears as though the Department of Justice will face potential resource issues due to the efforts of the Department of Government Efficiency (DOGE). Whether that is through hiring freezes, resignations resulting from ending remote work, layoffs, and potential buyouts of federal employees, the reduction of resources could have a substantial impact on staffing for white-collar enforcement cases, which tend to be resource intensive. Nonetheless, businesses and industry professionals should be aware of these evolving trends to ensure compliance and readiness for potential government investigations. Below we highlight what we expect to see throughout this administration’s term.
Immigration: The Trump Administration has reaffirmed its commitment to stringent immigration enforcement. Prior to this administration taking office, agencies like the Department of Labor had been focused on underage labor violations and holding businesses accountable for third party staffing companies. Now, however, the focus will shift to the removal of anyone not legally in the United States, likely leading to an increase in ICE raids and I-9 audits, including in places like hospitals, schools and places of worship, all of which used to be safe havens for this type of enforcement activity.
DEI and False Claims Act Liability: President: President Trump’s executive order aimed at eliminating diversity, equity, and inclusion (DEI) policies introduces new compliance challenges for federal contractors and grant recipients. The order reverses federal contracting requirements dating back nearly 60 years, which obligated federal contractors and subcontractors to implement affirmative action programs. The January 21, 2025, executive order requires federal contractors and grant recipients to agree that their “compliance in all respects with all applicable Federal anti-discrimination laws is material to the government’s payment decisions” under the False Claims Act (FCA). Second, it requires federal contractors and grant recipients to certify that they do “not operate any programs promoting DEI that violate any applicable Federal anti-discrimination laws.” The new certification and materiality requirements create heightened FCA risk for clients who participate in government programs and may incentivize whistleblowers to initiate qui tam actions.
Health Care: Health care enforcement, particularly those involving the FCA, is anticipated to continue at a steady pace. During President Trump’s first term, health care enforcement actions increased in his second year and remained steady thereafter, so we can likely expect a similar trend this term. Additionally, the newly established Department of Government Efficiency (DOGE) is taking steps to actively mine data for fraud, particularly in Medicare and Medicaid, which could lead to an increase in enforcement activities in the healthcare sector.
Foreign Corrupt Practices Act: While the Department of Justice (DOJ) achieved record enforcement levels for Foreign Corrupt Practices Act (FCPA) cases during the previous term, President Trump has signed an executive order directing the DOJ to pause criminal prosecutions related to the bribing of foreign government officials under the FCPA and instructing Attorney General Pam Bondi to prepare new guidelines for enforcement. The executive order comes a week after Attorney General Pam Bondi had already announced via a memo that the DOJ would be scaling back laws governing foreign lobbying transparency and bribes of foreign officials. In the memo, Attorney General Bondi also disbanded the National Security Division’s corporate enforcement unit and directed the Department of Justice’s money laundering office to prioritize cartels and transnational crime.
SEC Enforcement: We expect a major scaling back on the SEC’s focus on cryptocurrency, internal accounting and disclosure control violations. President Trump’s nominee as SEC chairman, Paul Atkins, is a known supporter of the crypto industry. Instead, we anticipate a renewed focus on traditional securities fraud cases, including like retail investor protection, Ponzi schemes, and insider trading. Under Chair Gensler, corporate penalties and disgorgement reached record highs, but with a Republican-controlled SEC we are likely to see smaller penalties and an adherence to disgorgement limitations set by the Supreme Court.
Antitrust: Antitrust enforcement is expected to pivot away from merger scrutiny towards addressing concerns related to “Big Tech” and alleged censorship. Additionally, there may be enforcement actions targeting alleged collusion on DEI issues, reflecting the administration’s executive orders and stated policy goals. Industries under high public scrutiny and foreign corporations should be particularly vigilant in preparing for potential agency scrutiny.
As the enforcement landscape continues to evolve, it will be crucial to stay informed and proactive.
The NIH IDC – Where Are We Now
On February 7, the National Institutes of Health (“NIH”) issued a Notice (NOT-OD-25-068) entitled “Supplemental Guidance to the 2024 NIH Grants Policy Statement: Indirect Cost Rates” (the “Notice”), though which NIH announced the adoption of a uniform indirect cost rate (“IDC Rate”) of 15% applicable to all new grants, and to existing grants awarded to Institutions of Higher Education (“IHEs”) – encompassing the vast majority of postsecondary educational institutions in the United States – as of the date the Notice was issued (February 7, 2025). The Notice also indicates the policy will apply for “all current grants for go forward expenses from February 10, 2025 as well as for all new grants issued.”
The Notice, as written and supported by underlying regulations, appears to apply the 15% IDC Rate to existing awards only for IHE recipients (see the Notice’s acknowledgment that “NIH may deviate from the negotiated rate both for future grant awards and, in the case of grants to institutions of higher education (“IHEs”), for existing grant awards. See 45 CFR Appendix III to Part 75, § C.7.a; see 45 C.F.R. 75.414(c)(1).” (emphasis added)). However, there is some ambiguity in the wording and existing non-IHE awardees should be prepared for a possibly broader read by the NIH. The IDC Rate covers “facilities” and “administration” costs of the grantee institution. As a general matter, an institution’s IDC Rate is pre-negotiated and although the NIH cited 27-28% as the average negotiated IDC Rate, it has been reported that many institutions negotiate upwards of 50-60%, with some even as high as 75%.
The NIH justified its action under 45 C.F.R. § 75.414(c)(1), pursuant to which “[a]n HHS awarding agency may use a rate different from the negotiated rate for a class of Federal awards or a single Federal award only when required by Federal statute or regulation, or when approved by a Federal awarding agency head or delegate based on documented justification as described in paragraph (c)(3) of this section.” Paragraph (c)(3) goes on to require that “[t]he HHS awarding agency must implement, and make publicly available, the policies, procedures and general decision-making criteria that their programs will follow to seek and justify deviations from negotiated rates.” Presumably the NIH is taking the position that this Notice serves as the publication of the criteria it will follow (and is following in real time through the Notice) to seek and justify this likely downward deviation from already negotiated rates held by grantee institutions for existing awards.
The NIH Notice was challenged in two different motions for temporary restraining orders (“TRO”): one filed by a collection of State Attorneys General (see Commonwealth of Massachusetts vs. National Institutes of Health, Case # 1:25-cv-10338) and the other by the Association of American Medical Colleges and other similar associations (Case # 1:25-cv-10340). The motions are based on several similar arguments: (1) the indirect rate change is arbitrary and capricious, (2) the rate change violates Section 224 of the Further Consolidated Appropriations Act, 2024, (3) NIH failed to comply with its own regulations for indirect cost rates, (4) NIH has no authority to make retroactive changes to indirect cost rates, and (5) notice and comment procedures are required because this is a substantive change because it imposes a new obligation that did not exist previously.
On February 10, the District Court for the District of Massachusetts granted the State Attorneys General’s request and entered a TRO blocking the implementation, application, and enforcement of the Notice within the Plaintiff States (i.e., within Massachusetts, Illinois, Michigan, Arizona, California, Connecticut, Colorado, Delaware, Hawaii, Maine, Maryland, Minnesota, Nevada, New Jersey, New Mexico, New York, North Carolina, Oregon, Rhode Island, Vermont, Washington and Wisconsin) until further order is issued by the Court. A hearing date has been set for February 21, 2025 at 10 a.m.
In a separate ongoing litigation, State of New York v. Trump (C.A. No. 25-cv-39-JJM-PAS), the District Court of Rhode Island issued a TRO on January 31, 2025, prohibiting the Defendants from freezing federal funding based on the Trump administration’s Executive Orders or the OMB Memorandum M-24-13 dated January 27, 2025 (“Temporary Pause of Agency Grant, Loan, and Other Financial Assistance Programs”). On February 10, 2025, the same day as the motions to block the NIH’s uniform IDC, the judge in that matter, Chief Judge John J. McConnell, Jr. issued an Order to enforce the funding-freeze TRO in response to Plaintiff’s emergency motion, indicating that the Defendants must take certain steps to both restore funding and refrain from further violation of the TRO. Some media outlets have reported this Order as also blocking the NIH’s Notice related to IDCs. It is unclear at this time whether the NIH’s action in the Notice could be deemed to fall within the scope of the Executive Orders or the OMB Memo, and it does not appear this argument was made in the two motions for TROs brought against the NIH on February 10, 2025. That said, it is possible a cognizable claim could be made that the NIH’s actions constitute an attempt to cut off funding under another “name or title,” which was explicitly incorporated into the TRO issued by Judge McConnell (“Defendants shall also be restrained and prohibited from reissuing, adopting, implementing, or otherwise giving effect to the OMB Directive under any other name or title or through any other Defendants (or agency supervised, administered, or controlled by any Defendant), such as the continued implementation identified by the White House Press Secretary’s statement of January 29, 2025.”).
Given the NIH’s Notice and the various ongoing litigations, Institutions will also have to carefully evaluate their approach to submitting new grant applications and administering current awards.