Insider Threats: Potential Signs and Security Tips
In recent news, New York’s Stram Center for Integrative Medicine reported a security incident involving an employee misusing a patient’s payment card information. According to a breach report filed with the U.S. Department of Health and Human Services Office for Civil Rights, the incident may have involved 15,263 patients’ information—even though the bad actor only misused one patient’s payment card. The individual has been arrested and is no longer employed. According to the Stram Center, social security numbers are not involved, but it is offering complimentary credit monitoring and identity protection services to affected individuals.
When we hear “data breach,” we’re likely to think of ransomware incidents, business email compromises, and other cyberattacks from external threats. However, according to a Cybersecurity Insiders report, 83% of organizations reported at least one insider attack in 2024. According to IBM’s 2024 Cost of a Data Breach report, data breaches resulting from insider threats were the costliest, at $4.99 million on average. While insider threats may not make headlines as frequently, organizations should take measures to mitigate risks surrounding insider data incidents. Insider threats include unintentional errors, such as emailing personal information to the wrong recipient, misplacing documents, and speaking about personal information among those without authorized access. Insider threats also include malicious insider threats, such as disgruntled employees.
Organizations should monitor for several signs that may signal a malicious insider threat:
Timing of access – Malicious insiders may access the network and systems at unusual times. If an employee typically only works night shifts but the user’s access logs suddenly reflect daytime activity, this could indicate potential malicious activity.
Unexpected spikes in network traffic – Atypical spikes in network traffic might reflect that a user is downloading or copying large volumes of data.
Unusual requests – If a user is requesting access to applications or information that are beyond the scope of their role or unusual for team members in similar roles, this could signal malicious intent.
Several security practices can help organizations reduce the risk of insider attacks:
Endpoint monitoring – Constant endpoint monitoring can help organizations analyze user and entity behavior, scan networks, and detect potential early signs of insider activity.
Role-based access – Employees should only have access to the information that they need to fulfill their job responsibilities. Providing employees access on a least-privilege basis helps minimize the risk of unauthorized access and misuse.
Culture of awareness – Regular cybersecurity training, including on best practices such as locking one’s computer and maintaining proper password hygiene, can help minimize unauthorized insider access.
Since malicious insiders often already have some level of existing access to an organization’s systems and knowledge of business practices and organization policies, such threats can cause significant harm. Insider threat prevention should be an integral component of all organizations’ overall cybersecurity posture.
What Is the Meaning of a Whistleblower in Healthcare?
Learning how to report Medicare, Medicaid, TRICARE, FEHB, and VA health fraud, and other false claims involving federal funds is crucial when it comes to protecting patients as well as taxpayers and keeping these healthcare programs solvent. Most whistleblowers are ordinary workers who are just doing their job when they come across fraudulent practices of their employer. Acting as a healthcare whistleblower ensures that the U.S. healthcare industry prioritizes patients over profit.
What Is a Whistleblower?
A whistleblower is someone who reports evidence of fraud, waste, abuse, or other wrongdoing within an organization. In healthcare, whistleblowers are often nurses, doctors, medical office staff, pharmaceutical or EHR sales representatives, or other employees of healthcare organizations. To protect these taxpayer-funded health care programs, organizational insiders or whistleblowers (known as relators) can help.
Individuals who wish to report their employer for defrauding one or more of these government healthcare programs can do so by obtaining an experienced qui tam attorney. Under the False Claims Act, healthcare whistleblowers may be eligible to receive a financial reward and certain protection against retaliation when they report their employers for defrauding a government healthcare program. By reporting through a False Claims Act qui tam suit, they may be able to receive from 10% to 30% percent of the government’s total recovery when successful.
What Are the Most Common Types of Healthcare Fraud?
Some of the most common kinds of healthcare fraud include:
Medicare Advantage fraud: Medicare Advantage (Medicare Part C), an insurance program funded by taxpayers, has been enormously popular with seniors but is also subject to being defrauded. One common fraud by healthcare organizations and plans has been to make their patients appear sicker than they are to submit false and inflated claims for payment to the government program. Medicare Advantage insurers have paid settlements for such violations under the False Claims Act thanks to whistleblowers (individuals who reported their employer for defrauding the government).
Kickback schemes: Under the Stark Law, physicians are prohibited from making referrals that are connected to their own financial interests. However, many nursing homes, home healthcare providers, hospitals, provider groups, managed care organizations, pharmacies, drug manufacturers, laboratories, durable medical equipment (DME) providers, and other health care organizations have unlawfully offered financial incentives to induce referrals to obtain new Medicare, Medicaid, TRICARE and VA Health insured patients. Pharmaceutical companies have been held accountable under the False Claims Act when they provide doctors and their staff speaking fees, expensive dinners, sporting event tickets, airfare, and other benefits to physicians to induce them to prescribe their drugs and products. All of these are examples of kickbacks, which are illegal in government healthcare programs and can lead to the payment of damages and civil penalties and a reward for whistleblowers.
Upcoding and billing for services not rendered: Upcoding is fraudulent medical billing in which a government-insured claim is submitted for payment regarding a service that is more expensive than the service that was actually performed. Billing for services not rendered is just that: billing the government for services that were never provided to the patient. Both are illegal under the False Claims Act.
Billing for unnecessary services: Health care fraud is a leading source of False Claims Act qui tam settlements and judgments. These recoveries restore funds to federal programs such as Medicare, Medicaid, and TRICARE, the health care program for service members and their families. But just as important, in many cases, enforcement of the False Claims Act also protects patients from medically unnecessary or potentially harmful actions.
Pharmaceutical fraud: Pharmaceutical companies have unprecedented power in the American economy to set prices for lifesaving drugs and treatments. False Claims Act qui tam suits have involved allegations that drug companies conspired to fix the price of various generic drugs, which led to higher drug prices for federal health care programs. Other schemes involve underpaying rebates under the Medicaid fraud rebate program.
At home healthcare fraud: At home healthcare is a booming industry, with over 3 million Americans receiving skilled nursing or long-term care at home. However, approximately 84% of home health agencies are for-profit corporations, according to the CDC. Home health care is rife with opportunities for fraud as well as patient abuse. Examples include falsely certifying to the government the number of actual hours or care provided, claiming care was provided by qualified staff when it was done by unskilled individuals, billing for unnecessary services, upcoding and billing for services not rendered.
The Department of Justice recovered over $1.67 billion in the last fiscal year that was lost to healthcare fraud. This was in no small part to the actions healthcare whistleblowers who simply wanted to do the right thing. Over the course of the last fiscal year 2024, false claims from managed care providers, hospitals, pharmacies, pharmaceutical companies, laboratories, and physicians accounted for over half of the total federal fraud reported and recovered through qui tam lawsuits. During the same period, the relator shares for the individuals who exposed fraud and false claims by filing qui tam actions exceeded $400 million paid directly to these individuals who stepped up and did the right thing.
Why Is Whistleblowing Important in Healthcare?
Blowing the whistle on healthcare fraud protects patients and prevents the government health care programs (Medicare, Medicaid, FEHB, VA health, and TRICARE) from becoming insolvent. Whistleblowing can help to deter conduct whereby healthcare providers are influenced by improper financial considerations over providing patients the right care at the right time. Other conduct such as those identified here can put patients at risk of harm.
There is simply no reason why taxpayers should pay higher costs to line the pockets of fraudulent health care organizations or providers. Whistleblowers can also help government enforcement agencies to get rid of the bad apples in the health care industry, a goal the entire industry should be able to get behind. Reporting medical fraud allows patients to get the care they deserve and deter future misconduct of organizations and providers that attempt to take advantage of the system. Federally funded healthcare is in place to protect those who need and deserve a safety net for their care, including seniors (who will be all of us one day), U.S. military veterans, U.S. active duty military members and their families, lower-income Americans including children. Those who perpetrate healthcare fraud schemes take advantage of vulnerable populations and also reduce the pool of healthcare funds available for us all. Healthcare organizations and providers should not get to enrich themselves at the expense of patients and taxpayers.
What Is Qui Tam in Healthcare?
Qui tam is a provision of law that allows whistleblowers the opportunity to sue on behalf of the government and collect rewards. Whistleblowers are known as relators under the False Claims Act, which is the most powerful enforcement tool to recover misspent taxpayer funds. Qui tam suits in the healthcare space rest upon allegations involving healthcare organizations that submit or cause another organization to submit false claims to the government in order to wrongfully claim or keep funds under the Medicare, Medicaid, TRICARE, VA Health or FEHB programs. If you have information relating to Medicare Advantage fraud, health care kickback schemes, Stark violations, upcoding or billing for services not rendered, billing for unnecessary services, drug price-fixing or Medicaid best price or rebate violations, home health fraud, or any other kind of health care fraud committed by your employer or a competitor in your space, you may be able to become a qui tam relator and be eligible for a reward.
What Protections Do Healthcare Whistleblowers Receive?
If you report fraudulent practices such as these under the False Claims Act, you can receive protections if your employer retaliates or discriminates against you due to your disclosure. With a federal right of action, your qui tam attorney can sue on your behalf in order to receive:
Reinstatement at prior seniority level
Up to double back pay with interest
Front pay, in cases where reinstatement is not possible
Additional damages
Attorneys fees and costs
However, reporting as soon as possible is advisable in order to ensure that this statute applies. If you are fired before you are able to report fraud to the government, you may not only lose access to valuable information that can contribute to your claim, but you also may not be able to sue for FCA whistleblower protections.
2025 Updates to Washington’s Paid Sick Leave Law: What Employers Need to Know
Washington expanded the covered uses and definition of a family member under Washington’s paid sick leave law effective January 1, 2025.
Under Washington’s paid sick leave law employers must provide non-exempt employees with at least one hour of paid sick leave for every 40 hours the employee works. Leave accrual is not capped, which means there is no limit on the amount of paid sick leave hours an employee can accrue in one year. Employers are required to allow employees to carry over 40 unused hours each year.
Employees may use accrued paid sick leave for certain legally protected reasons, including: (1) the employee’s personal medical care; (2) to care for a family member with a mental or physical illness, injury, or health condition; (3) to care for a child when their school or place of care is closed by a public official for a health-related reason; (4) closure of the employee’s place of business for a health-related reason; or (5) for reasons under Washington’s Domestic Violence Leave Act.
The definition of who is considered an employee’s family member or child for purposes of using paid sick leave has been expanded as follows:
The definition of “family member” is revised to include any individual who regularly resides in the employee’s home and “who has a relationship with them that creates an expectation that they would take care of them during an illness.” Family member does not include an individual who resides in the same home with no expectation that the employee will care for the individual.
“Child” now also includes the spouse of the employee’s child.
“Grandchild” and “grandparent” will be defined to mean the employee’s grandchild or grandparent.
Estate Plan vs. Life Care Plan: Understanding the Difference and Why You May Need Both
When planning for the future, many people think of estate planning as the go-to solution. While an estate plan is an essential part of securing your legacy, it doesn’t address the practical and financial challenges of aging. That’s where a Life Care Plan comes in.
Both estate planning and life care planning help individuals and families prepare for the future, but they serve different purposes. Understanding the difference can help you make informed decisions about your long-term well-being and financial security.
What is an Estate Plan?
An estate plan is a legal strategy that ensures your assets, healthcare decisions, and legacy are managed according to your wishes—both during your lifetime and after your passing.
Key Elements of an Estate Plan:
Last Will and Testament: Outlines how your assets will be distributed after you pass away
Trusts: Can help manage assets during your lifetime and provide for your loved ones in a tax-efficient way
Financial Power of Attorney: Authorizes a trusted person to handle financial matters if you become incapacitated
Healthcare Power of Attorney & Living Will: Ensures medical decisions align with your preferences if you are unable to make them yourself
Guardianship Designations: Important for parents with minor children or those caring for a loved one with special needs
An Estate Planning Can:
Protect your assets and ensures they go to the right people
Minimize taxes and legal disputes
Prevent court involvement in decisions about your care and finances
Provide clear instructions for loved ones during difficult times
What is a Life Care Plan?
A Life Care Plan is a comprehensive roadmap for aging, focusing on quality of care, financial security, and long-term well-being. Unlike an estate plan, which primarily addresses what happens after you pass away, a Life Care Plan helps you and your family manage aging-related challenges while you’re alive.
Key Elements of a Life Care Plan:
Health & Safety Planning: Identifying risks and resources to help seniors remain at home safely for as long as possible
Care Coordination: Connecting with in-home caregivers, assisted living, or nursing home options as needs change and advocating for the best, most appropriate care
Financial Planning for Long-Term Care: Exploring options like Medicaid planning, VA benefits, and asset protection strategies to avoid exhausting personal savings
Legal Protections: Ensuring power of attorney, healthcare proxies, and other documents are in place to avoid guardianship proceedings
Support for Family Caregivers: Providing resources to ease the burden on loved ones who assist with care
Life Care Planning Can:
Help seniors stay independent while preparing for future care needs
Reduce financial strain by incorporating Medicaid and other benefits into the plan
Prevent families from having to make difficult care decisions in a crisis
Ensure the senior’s wishes are honored regarding medical care and living arrangements
Estate Plan vs. Life Care Plan: Which Do You Need?
Feature
Estate Plan
Life Care Plan
Focus
Asset distribution & legal affairs
Aging, care coordination, & financial planning
Timing
Addresses issues after death or incapacity
Addresses issues during aging & declining health
Legal Documents
Wills, trusts, power of attorney, healthcare proxy
Power of attorney, healthcare directives, Medicaid planning
Financial Protection
Minimizes taxes & probate costs
Helps protect assets from long-term care costs
Medical & Care Planning
Directs end-of-life healthcare choices
Coordinates medical providers, in-home care, assisted living, & nursing home options
Family Impact
Reduces legal disputes over inheritance
Reduces caregiver burden, family disputes over care,& financial stress
Why Having Both is Crucial
An estate plan alone is not enough to prepare for the challenges of aging. A Life Care Plan ensures that your care needs and finances are managed properly while you’re alive, while an Estate Plan ensures your legacy is handled as you wish after you pass.
For example, imagine an 85-year-old who has a will, but suddenly experiences cognitive decline. Their estate plan may dictate what happens to their assets after their death, but it won’t address who will manage their care, how they will afford it, or whether they can stay at home safely. That’s where a Life Care Plan steps in—helping them age in place, access benefits like Medicaid, and ensure their spouse isn’t left financially vulnerable.
Get Started with a Plan for Your Future
Whether you’re planning for your golden years or helping a loved one navigate aging, a well-structured Life Care Plan and Estate Plan work together to provide peace of mind.
As elder care attorneys, we help families:
Preserve assets while securing quality care
Avoid costly mistakes in Medicaid and long-term care planning
Reduce stress on family caregivers
Ensure legal protections are in place
Trump Administration Announces Changes to CMS Innovation Models
On March 12, 2025, the Centers for Medicare and Medicaid Services (CMS) Innovation Center (Center) announced it would make changes to its model portfolio to align with its statutory mandate and strategic goals of reducing program spending and maintaining or improving quality of care.
The Center develops and implements payment and service delivery models and conducts Congressionally mandated demonstrations to support health care transformation and increase access to high-quality care. The models reward health care providers for delivering high-quality and cost-efficient care. The models last for a set period and apply to a specific health condition, care episode, provider type, community or innovation within Medicare Advantage or Medicare Part D.
Value based care has been largely a bipartisan issue, however, each administration typically puts its mark on the Center’s implementation of existing innovation models. This announcement reflects the Trump Administration’s evaluation of current Center models and their determinations as to which models to end early, modify or potentially delay implementation of.
Models CMS Will End Early
CMS announced the following models will end early, by December 31, 2025:
Maryland Total Cost of Care (MTCC) Model;
Primary Care First (PCF) Model Options;
ESRD Treatment Choices (ETC) Model; and
Making Care Primary (MCP) Model.
MTCC Model 1
Expanding upon the Maryland All-Payer Model,2 the MTCC Model established pricing of medical services provided by hospitals, primary care doctors and specialists across all payers, becoming the first CMS model to hold a state fully accountable for risk for the total cost of care for Medicare beneficiaries. With approximately 550 participants, the MTCC Model specifically includes three programs that offer hospitals and non-hospital providers incentive-based payments specific for redesign activities aimed at improving quality of care and per beneficiary per month payments to cover care management services.
The original performance period for the MTCC Model was set to end on December 31, 2026.
PCF Model Options 3
The PCF Model Options is based on the principles underlying the existing Comprehensive Primary Care Plus (CPC+) model design: prioritizing the clinician-patient relationship; enhancing care for patients with complex chronic needs and focusing financial incentives on improved health outcomes. With approximately 2,100 practices across 26 regions, the PCF Model Options provides model payments to practices through a simple payment structure (e.g., flat payment, population-based payment and performance-based adjustment with a maximum 50% upside and 10% downside) and provides practice participants with performance transparency, through identifiable information. The original performance period for the PCF Model Options was to end December 31, 2026.
ETC Model 4
The ETC Model is a model that is mandatory for approximately 30% of ESRD facilities and certain clinicians. This model provides additional payment adjustments to providers who treat dual eligible patients, as well as Medicare beneficiaries who are eligible to receive assistance with prescription drug costs through the Part D program (Low-Income Subsidy).
The original performance period was set to end on December 31, 2027. CMS indicated it will terminate the ETC Model through rulemaking.
MCP Model 5
The MCP Model builds upon previous primary care models, such as the Comprehensive Primary Care (CPC), CPC+ and PCF Models, as well as the Maryland Primary Care Program. The MCP Model provides a pathway for primary care clinicians to gradually adopt prospective, population-based payments, while also building infrastructure to increase access to care, improve behavioral health and specialty integration and coordination.
With approximately 890 participants in eight states, the MCP Model offered three progressive tracks, where participants received either FFS payments, a 50/50 split of prospective, population-based payments and FFS payments, or only prospective, population-based payments depending on the stage of implementation efforts.
The original performance period for the PCF Model Options was set to end December 31, 2034.
Models CMS is Considering Changing
The Center also indicated it was considering options to reduce the size of the Integrated Care for Kids (InCK) Model6 awards or make other changes to the Model. The IncK Model is a child-centered local service delivery and state payment model that includes children under the age of 21 years and pregnant woman over age 21 covered by Medicaid and in some states, children covered by Children’s Health Insurance Program (CHIP). The Model was awarded to the state of Connecticut, North Carolina, New Jersey, New York, Ohio and the Egyptian Health Department and Lurie Children’s in Illinois. The IncK Model works with state and local health service providers to focus on early intervention and treatment for children at greatest risk for physical and behavioral health issues, including children with mental health and substance abuse challenges.
Models CMS Will No Longer Implement
The Center announced that it will no longer pursue the previously announced (but not yet implemented) Medicare $2 Drug List7 and Accelerating Clinical Evidence8 Models. The Models were originally developed to implement Executive Order 14087 – “Lowering Prescription Drug Costs for Americans,” a Biden Executive Order that was rescinded on January 20, 2025.
What to Expect Next
Impacted model participants will receive follow-up communication regarding timelines, technical assistance and other information regarding the wind-down and close-out. Additionally, the Center will support participants by advising those in state-specific total cost of care and primary care models of other regulatory options for advanced primary care payment.
[1] Maryland Total Cost of Care Model, Centers for Medicare & Medicaid Services, available at https://www.cms.gov/priorities/innovation/innovation-models/md-tccm.
[2] Established global budgets for certain Maryland hospitals to reduce Medicare hospital expenditures and improve quality of care for beneficiaries.
[3] Primary Care First Model Options, Centers for Medicare & Medicaid Services, available at https://www.cms.gov/priorities/innovation/innovation-models/primary-care-first-model-options.
[4] ESRD Treatment Choices (ETC) Model, Centers for Medicare & Medicaid Services, available at https://www.cms.gov/priorities/innovation/innovation-models/esrd-treatment-choices-model.
[5] Making Care Primary (MCP) Model, Centers for Medicare & Medicaid Services, available at https://www.cms.gov/priorities/innovation/innovation-models/making-care-primary.
[6] Integrated Care for Kids Model; Centers for Medicare & Medicaid Services, available at https://www.cms.gov/priorities/innovation/innovation-models/integrated-care-for-kids-model.
[7] Medicare Two Dollar Drug List Model; Centers for Medicare & Medicaid Services, available at https://www.cms.gov/priorities/innovation/innovation-models/medicare-two-dollar-drug-list-model.
[8] Newsroom: CMS Innovation Center’s One-Year Update on the Executive Order to Lower Prescription Drug Costs for Americans; available at https://www.cms.gov/blog/cms-innovation-centers-one-year-update-executive-order-lower-prescription-drug-costs-americans.
Kentucky Amends Consumer Privacy Law to Exempt Certain HIPAA-Covered Data
On March 15, 2025, Kentucky Governor Andy Beshear signed into law HB 473. The bill amends the Kentucky Consumer Data Protection Act (“KCDPA”) to exempt from the law’s application (1) information collected by health care providers acting as covered entities under HIPAA that maintain protected health information in accordance with HIPAA; and (2) information maintained in limited data sets by HIPAA covered entities in accordance with HIPAA’s relevant requirements. The KCDPA as amended will go into effect on January 1, 2026.
This Week in 340B: March 11 – 17, 2025
Find this week’s updates on 340B litigation to help you stay in the know on how 340B cases are developing across the country. Each week we comb through the dockets of more than 50 340B cases to provide you with a quick summary of relevant updates from the prior week in this industry-shaping body of litigation.
Issues at Stake: Rebate Model; Contract Pharmacy; Other
In three appealed cases challenging a proposed Louisiana law governing contract pharmacy arrangements, the appellee filed a motion to consolidate.
In a case challenging the US Department of Health and Human Services (HHS) and the Health Resources and Services Administration (HRSA’s) decision to prevent drug manufacturers from unilaterally implementing rebate models, defendants filed a cross motion for summary judgment and opposition to the plaintiff’s motion for summary judgment.
In a case challenging HRSA’s policy limiting the circumstances in which covered entities can use their group purchasing arrangements to purchase non-340B drugs, the plaintiff filed a motion for summary judgment.
In three cases challenging a proposed state law governing contract pharmacy arrangements in Missouri, defendants and intervenors in each case filed answers to amended complaints.
In four cases against HRSA alleging that HRSA unlawfully refused to approve drug manufacturers’ proposed rebate models:
In three cases, the defendants filed a cross motion for summary judgment and opposition to the plaintiff’s motion for summary judgment.
In one case, the plaintiffs filed a motion to strike portions of an amicus brief, and the amici filed a response.
Nadine Tejadilla contributed to this article.
What to Take Away from CMMI’s Early Termination of Four Demonstration Models
On March 12, 2025, in one of the Trump Administration’s first actions with respect to the Center for Medicare and Medicaid Innovation (CMMI), CMMI announced that it would prematurely terminate four alternative payment model (APM) demonstration models by December 31, 2025. CMMI’s decision was not entirely unexpected. In response to a 2021 report from a Congressional advisory committee recommending that CMMI “streamline” its portfolio of demonstrations, the Biden Administration initiated a 10-year “strategic refresh” of CMMI. Similarly, a critical report from the Congressional Budget Office (CBO) about the net cost initiated a wave of criticism from Republicans. Combined with the Trump Administration’s hyperfocus on reducing government spending (based on CMMI’s estimation, terminating the demonstrations early will save the federal government $750 million), it is not particularly surprising that CMMI was targeted for some cuts.
Less clear is why these specific demonstrations were targeted and whether CMMI’s decision to terminate the demonstrations is merely the continuation of a calculated, years-long push to reform the way CMMI operates, or whether it foreshadows the beginning of a significant pullback in the use of alternative payment model (APM) demonstrations to test out the use of value-based care in federal health care programs.
CMMI’s Plan to Terminate Demonstrations
The four demonstrations that CMMI will terminate at the end of the year are below, including their original performance periods:
Maryland Total Cost of Care (TCOC) (2019 – 2026). Building on prior demonstrations in Maryland, the TCOC implemented a “global budget” funding system through which hospitals in the state receive a population-based payment amount to cover all hospital services provided during the year rather than fee-for-service (FFS) payments. The TCOC also allowed hospitals that achieved savings under the TCOC to make incentive payments to nonhospital health care providers (e.g. physician groups) who partnered and collaborated with the hospital and performed care redesign activities aimed at improving care.
Primary Care First (PCF) (2021 – 2026). The PCF is a voluntary demonstration model offered in 26 states and regions to test whether delivery of advanced primary care can reduce the total cost of care. Through this demonstration, participating primary care practices receive a prospective population-based payment (based on the total number of Medicare FFS beneficiaries attributed to each practice, and adjusted for the acuity of the attributed beneficiaries) to provide primary care services, and flat visit fees for face-to-face encounters. Primary care practices are eligible for additional bonus payments based on performance on various quality metrics.
ESRD Treatment Choices (ETC) (2021 – 2027). The ETC is a mandatory demonstration designed to test payment adjustments for certain end-stage renal disease (“ESRD”) facilities and managing clinicians.
Making Care Primary (MCP) (2024 – 2034). The MCP is a demonstration designed to provide a pathway for primary care clinicians with varying levels of experience in value-based care to gradually adopt prospective, population-based payments while building infrastructure to improve behavioral health and specialty integration and increase access to care. While the other three models that CMMI will terminate early were already scheduled to terminate in the next year or two, the MCP model only started in July 2024 and was intended to run through 2034.
CMMI also stated that it intends to reduce, or look for opportunities to change the Integrated Care for Kids (2020 – 2026) demonstration and does not plan to move forward with the Medicare $2 Drug List and Accelerating Clinical Evidence demonstrations, which had been announced but had not yet been implemented.
CBO Report from September 2023 Indicated CMMI Increased Spending
CMMI was created by the Affordable Care Act (ACA) in 2010 to test payment models (i.e. demonstrations) in Medicare, Medicaid, and the Children’s Health Insurance Program (CHIP). That same year, CBO, which is an independent agency that provides Congress with analyses and estimates on federal economic and budgetary decisions, estimated that CMMI would save the federal government $10.3 billion over the following decade, offsetting the estimated $7.5 billion that CMMI was expected spend to operate the models. In September 2023, however, CBO reported that most of the CMMI demonstrations between 2011 and 2020 increased Medicare’s direct spending by $5.4 billion (or 0.1% of net Medicare spending). By April 2024, Republicans on the House Budget Committee were uniformly calling for an investigation into CMMI’s spending and operations.
A closer examination of the September 2023 CBO report creates a more complicated and nuanced picture of CMMI’s operations. For one, the September 2023 report did not include the Medicare Shared Savings Program (MSSP), which was also created by the ACA in its calculation of costs. While the MSSP is a permanent model operated by CMS rather than CMMI, CBO acknowledged the fact that its design has been informed by the CMMI’s ACO demonstrations. CBO estimated that this program generated small net savings for the government. The September 2023 report also only assessed demonstrations where provider participation was voluntary. While this decision was logical – most of the demonstrations that CMMI launched during the period were voluntary – mandatory versions of these models could have resulted in more significant net savings. Finally, CBO acknowledged in the report that six of the 49 demonstrations it analyzed produced net savings, including four of which have been certified by the CMS Office of the Actuary for expansion.
Nonetheless, it is not surprising that the new Administration, particularly given its purported focus on substantially cutting government spending, saw terminating CMMI demonstrations as a way to accomplish these goals. The March 12 announcement estimates that eliminating the demonstrations early will save the federal government $750 million (although no detail is provided on how CMMI calculated these potential savings).
MedPAC Report and Biden’s Strategy Refresh
Criticism of and initiatives to reform CMMI precede the September 2023 CBO report, however. In response to a 2021 report by the non-partisan Medicare Payment Advisory Committee (MedPAC), which advises Congress on Medicare payment reforms, CMMI had begun the process of “streamlining” its portfolio of demonstrations. While the 2021 MedPAC report identified a variety of concerns with CMMI, the biggest issue MedPAC focused on was the sheer number of simultaneous demonstrations being tested by CMMI, and the operational complexity they created. As noted, during that first decade, CMMI tested 49 APMs. While acknowledging the “valuable information” generated by the demonstrations, MedPAC ultimately concluded that CMMI’s large portfolio created significant overlap between various simultaneous demonstrations. As a result, many providers and beneficiaries were participating in multiple demonstrations at the same time, which MedPAC argued diluted the incentives imposed by each demonstration and complicated the ability of CMMI to properly analyze the impact of specific demonstrations. MedPAC ultimately recommended that CMMI streamline its portfolio. Among other things, MedPAC also noted that some of the demonstrations needed a longer performance period (which is typically five years) for the benefits to truly materialize, and further stated that CMMI’s heavy reliance on bonus payments to entice provider participation, which is a feature of the voluntary demonstrations, created some selection bias and often reduced the net savings of the demonstrations.
In response to the MedPAC report, the Biden Administration announced a “Strategy Refresh” in 2021 to incorporate lessons from the prior decade. Notably, this Strategy Refresh included a statement that CMMI was “undertaking an internal review of its portfolio of models,” and incorporated MedPAC’s recommendation to streamline its portfolio of demonstrations. As such, it is unclear whether the decision to prematurely terminate the demonstrations above represents a change by the new Administration, or whether they are indicative of pre-existing reforms that CMMI was undertaking.
The Case on Maryland
At first glance, the state most affected by the terminations is clearly Maryland, which has integrated its entire hospital system into the TCOC demonstration. Maryland has a rich history of utilizing APMs, having operated under federal waivers since 1977 that have allowed it to set hospital payments for all Medicare, Medicaid, and commercial payers. Until 2014, the state used prospective diagnosis-based payments for each hospital admission, similar to the Medicare hospital payment system, which successfully reduced the rate of spending per hospital admission. Corresponding increases in the volume of hospital admissions, however, limited the impact of this all-payer rate setting on controlling overall hospital spending. The TCOC model sought to address this issue by changing the payment methodology from prospective diagnosis-based reimbursement to a hospital global budget. By all indications, the TCOC has largely succeeded in generating a reduction in hospital spending.
For Maryland and its hospitals, the ultimate impact of the TCOC demonstration termination will likely not be significant because of forthcoming changes. Even though the TCOC was previously set to end at the end of 2026, the state was reportedly planning on winding the program down at the beginning of 2026 year anyway. Beginning in 2025, Maryland plans to implement a new CMMI demonstration waiver called the Advancing All-Payer Health Equity Approaches and Development (AHEAD) model, which is heavily inspired by the TCOC demonstration. While Maryland will be the only state participating in the AHEAD model in 2026, Connecticut, Hawaii, New York, and Vermont plan to implement the AHEAD model in 2027.
The impact of the early termination of the PCF demonstration on primary care providers in Maryland is more complicated, however. The AHEAD model also includes bonuses for participating primary care providers, although, unlike the TCOC, providers must agree to participate in the state’s Medicaid “transformation efforts.” It is unclear what percentage of Maryland primary care providers already participate in Medicaid, although historically, the share of Maryland physicians that participate in Medicaid has been lower than the percentage that participate in Medicare due to lower payment rates by the former program. As such, terminating the PCF model early may incentivize some Maryland primary care providers to begin participating in the AHEAD model, and thus accepting Medicaid patients, early. While this would benefit Medicaid beneficiaries by increasing their access to providers, the significant cuts to Medicaid that congressional Republicans are currently contemplating complicate the picture.
Looking Forward and AHEAD
For right now, the impact of the demonstration terminations appears to be limited, both for Maryland and more broadly for other stakeholders involved in other demonstrations. Recent Republican complaints notwithstanding, payment and delivery demonstrations have long enjoyed some level of bipartisan support. Notably, CMMI stated in the March 12 announcement that it had “determined its other active models can meet the Center’s statutory mandate—either as is or with future modification—and therefore will continue moving forward.” An unnamed source told the publication Axios that CMMI still planned on going forward with the AHEAD model.
As such, there is currently no indication that CMMI has imminent plans to announce the termination of other demonstrations, or terminate the AHEAD model, both of which would have a larger effect on stakeholders. Nonetheless, the wild card is the current Administration’s propensity for rapidly changing its approach to various issues without notice, and the potential for cuts to CMMI’s budget to pay for other priorities. With this in mind, nothing, including the future of CMMI demonstrations, should be considered certain.
The Top 3 Mistakes Health Club Operators Make in New Jersey
It might be a surprise, but many health club operators in New Jersey are not in compliance with the law. This can include the gym not being properly registered with the State’s Division of Consumer Affairs or the gym itself is missing key safety devices and staff training. This can leave a gym open to fines up to $5,000.00 from the Division of Consumer Affairs, as well as potential liability should a member experience a health hazard while at the gym.
As a new gym operator, these are the Top 3 concerns which must be addressed before opening day.
Registration with the Division of Consumer Affairs
Many gyms currently in operation either never registered with the Division of Consumer Affairs or failed to renew their registrations. This can potentially cost a gym in fines and negative publicity.
The Division of Consumer Affairs has in the past launched investigations against unregistered gyms. A 2014 investigation (https://nj.gov/oag/newsreleases14/pr20140410b.html) resulted in 53 Notice of Violations, including for unregistered fitness centers. Businesses who received notices included not only small family businesses, but franchised locations of well known fitness chains such as Curves, Snap Fitness, Retro Fitness and Crunch Fitness. This caused the franchisee to receive large fines and the franchisor to receive bad press. In 2016, a similar investigation (https://www.nj.gov/oag/newsreleases16/pr20160331a.html ) issued fines against 20 health club operators.
You can verify whether a health club has an active license at https://rgbportal.dca.njoag.gov/public-view/.
CPR/AED training of staff, and required automated external defibrillator
N.J.S.A. 2A:62A-31 requires that the owner or operator of a registered health club must have at least one automated external defibrillator (AED) located in an accessible location, that the AED is tested and well maintained, and that at least one on site employee is trained with a current certification with the AED.
This is a continual necessity for a health club operator which must be planned beyond opening day. An AED can expire, with the pads lasting approximately 2 years, a battery lasting approximately up to five years, and the AED itself possibly requiring replacement after a decade. Additionally, certifications typically last up to two years, meaning the same staff member will require regular training multiple times to keep their certifications active.
A surety bond on file with the Division of Consumer Affairs
N.J.S.A. 56:8-41 requires any health club operator to maintain a surety bond with the Division of Consumer Affairs of between $25,000.00 and $50,000.00 based on 10% of the gross income of that health club. Additionally, if a health club operator sells memberships during any period before the facility actually opens, the surety bond must be for $50,000.00 during the preopen. There are exceptions to the surety requirements – a gym operator can supply an irrevocable letter of credit from a bank or obtain acceptance to maintain their own funds. Whichever option, the purpose is to ensure an avenue for refunds should a health club never open or shut down unexpectedly after accepting money. A health club operator which requires a surety bond can be fined as much as $5,000.00 in addition to any other fines, meaning an unregistered and unbonded health club operator can receive multiple fines of $5,000.00 each.
Trending in Telehealth: February 2025
Trending in Telehealth highlights monthly state legislative and regulatory developments that impact the healthcare providers, telehealth and digital health companies, pharmacists and technology companies that deliver and facilitate the delivery of virtual care.
Trending in February:
Interstate compacts
Telepharmacy services
Veterinary services
Telehealth practice standards
A CLOSER LOOK
Proposed Legislation & Rulemaking:
North Dakota proposed amendments to the North Dakota Century Code related to optometrist licensure and standards for providing tele-optometry. The amendments delineate the circumstances under which a licensed optometrist may use telemedicine to provide care. Proposed practice standards include requirements to establish a proper provider-patient relationship and requirements related to informed consent.
In Indiana, Senate Bill 473 proposed amendments that would allow providers to prescribe certain agonist opioids through telemedicine technologies for the treatment or management of opioid dependence. Current law only allows partial agonist opioids to be prescribed virtually.
Finalized Legislation & Rulemaking Activity:
Ohio enacted Senate Bill 95, authorizing the operation of remote dispensing pharmacies, defined as pharmacies where the dispensing of drugs, patient counseling, and other pharmacist care is provided and monitored through telepharmacy systems.
The Texas Health and Human Services Commission adopted an amendment to the Texas Government Code, requiring that providers be reimbursed for teledentistry services. The amendment allows flexibility for a dentist to use synchronous audiovisual technologies to conduct an oral evaluation of an established client. This change makes oral evaluations more accessible and prevents unnecessary travel for clients in the Texas Health Steps Program.
The Arkansas governor signed Senate Bill 61 into law, authorizing the practice of veterinary telemedicine in the state. The bill includes practice standards for veterinary telemedicine and provision of emergency veterinary care.
Also in Arkansas, House Bill 1427 enacted the Healthy Moms, Healthy Babies Act. The act amends Arkansas law to improve maternal health and establish reimbursement procedures for remote ultrasounds.
Compact Activity:
Several states have advanced licensure compacts. These compacts enable certain categories of physicians to practice across state lines, whether in person or via telemedicine. The following states have introduced bills to enact these compacts:
Dietitian Licensure Compact: Mississippi, Kansas, and North Dakota.
Social Work Licensure Compact: Mississippi, Maryland, and North Dakota.
Occupational Therapy Licensure Compact: North Dakota and New Mexico.
Audiology and Speech Language Pathology Compact: New Mexico.
Why it matters:
States continue to expand practitioners’ ability to provide telehealth services across state lines. While telemedicine is often seen as an alternative method for care delivery, it can sometimes be the most effective and efficient option. Expanding interstate licensure compacts improves access to qualified practitioners, particularly in underserved and rural areas. These compacts also enhance career opportunities and reduce the burdens associated with obtaining multiple state licenses.
States continue to apply telehealth practice standards to various professions. Legislative and regulatory trends reflect recognition that telehealth can be used in a variety of specialty practices, including veterinary medicine, dentistry, and optometry.
Telehealth is an important development in care delivery, but the regulatory patchwork is complicated.
The DOL’s New Guidance on the Interplay of the Federal FMLA and State-Paid Family Medical Leave Programs
On Jan. 14, 2025, the U.S. Department of Labor (DOL) issued Opinion Letter FMLA2025-01-A, clarifying the complex interaction between (1) the federal Family and Medical Leave Act (FMLA), (2) state-paid family and medical leave program (PFML) benefits and (3) employer-provided accrued vacation, paid time off, and/or paid sick time (employer-paid leave).
The takeaway for employers under the DOL opinion letter is that when an employee is on FMLA leave and is receiving state-paid PFML benefits, the employer cannot unilaterally require the employee to simultaneously use employer-paid leave.
PFML Background
Generally speaking, PFML benefits – funded through employee payroll withholdings employers remit to the state government – provide state-paid partial wage replacement to qualifying employees while on a covered leave of absence, such as personal medical leave, family medical leave, and child bonding leave.
In the absence of the federal government providing for or requiring paid leave under its own leave laws, a growing number of states have implemented PFML benefits in recent years, including California, Colorado, Connecticut, Delaware (effective Jan. 1, 2025), the District of Columbia, Maine (effective Jan. 1, 2025), Maryland, Massachusetts, Minnesota (effective Jan. 1, 2026), New Jersey, New York, Oregon, Rhode Island, and Washington. Other states have proposed similar legislation to implement PFML programs.
PFML benefits can be a valuable source of income for employees during an otherwise unpaid leave of absence but are often not the only source. Many employers choose or are required under state or local law to provide employer-paid leave for certain absences, some of which may include the same leaves that qualify for PFML benefits.
FMLA Background
The FMLA provides eligible employees with a leave of absence up to 12 weeks for certain purposes, including personal medical leave, family medical leave, and child bonding leave.
While FMLA leave itself is unpaid, employers can – with one important exception noted below – require employees to simultaneously use employer-paid leave during FMLA leave. Employers often prefer required simultaneous use, both to ensure that employees have a source of pay during an otherwise unpaid leave, and to minimize the total amount of time that an employee is anticipated to be away from work in the foreseeable future.
An exception to this rule is when an employee receives workers’ compensation benefits or disability plan benefits during FMLA leave, in which case the employer cannot unilaterally require the employee to simultaneously use employer-paid leave. Instead, in this scenario, simultaneous use of employer-paid leave is only permitted if the employer and employee consent to it.
New DOL Guidance on Integration with PFML Benefits
Borrowing from the logic of the simultaneous use exception described above, the DOL’s opinion letter clarifies that when an employee receives PFML benefits during FMLA leave, the employer cannot unilaterally require the employee’s simultaneous use of employer-paid leave, though employers and employees may consent to it.
While the DOL’s opinion letter is not binding law, courts generally grant deference to agency guidance like it.
Employer Considerations
Employers should review their (and/or their third-party leave administrators’) policies and practices and consider appropriate steps, if any, if employees are required to use employer-paid leave (e.g., vacation, paid time off, or paid sick time) during a period of FMLA leave when the employee also receives PFML benefits.
Given that the DOL opinion letter was issued in the final days of the Biden administration, the Trump administration may withdraw it, just like other recently withdrawn agency guidance across various sectors. However, even if the Trump administration does so, employers must still review FMLA-analogous state leave of absence laws to determine whether the same rule still applies, which is the case, for instance, in California and New York.
Bufkin v. Collins (No. 23-713)
When a veteran seeks disability benefits, federal law provides that ties go to the applicant. But if the Veterans Administration decides it’s not a tie—that is, the preponderance of the evidence comes out against the veteran—then it has no occasion to apply this tiebreaking rule. That leads to a question only an appellate lawyer would ask: What standard of review applies to the VA’s determination that the evidence isn’t even: The de novo standard generally used for legal questions or the clear error one used for findings of fact? In Bufkin v. Collins (No. 23-713), a seven-Justice majority held that this is a best seen as a mixed question of law and fact where the fact piece dominates, meriting clear error review. That prompted a dissent from the two Justices perhaps most likely to favor the little guy against the big-bad government—Justices Jackson and Gorsuch—who thought the whole point of this tie-breaking rule was to thwart the VA’s historical reluctance to award veterans the disability benefits they should receive.
Joshua Bufkin and Norman Thornton are two veterans who applied for disability benefits for PTSD caused by their time in the military. Their claims began in local VA regional offices (the first port of call for veterans seeking disability benefits), where Bufkin’s claim was denied entirely, while Thornton received lower benefits than he sought. Both then appealed to the Board of Veterans’ Appeals, an Article I court that reviews the benefits decisions of VA regional offices. The Board affirmed both regional offices’ decisions. In doing so, it acknowledged that whenever “there is an approximate balance of positive and negative evidence” on any issue material to a veteran’s claim, the VA must “give the benefit of the doubt to the claimant.” 38 U.S.C. § 5107(b). But the Board concluded that the evidence was not approximately balanced, so Bufkin and Thornton weren’t entitled to that deferential standard.
Bufkin and Thornton then appealed their respective cases to the U.S. Court of Appeals for Veterans Claims (the “Veterans Court”), another Article I tribunal, which reviews decisions from the Board. There, they argued that the evidence supporting their claims was about equal to the evidence against them, and that they were therefore entitled to get the benefit of the doubt. Federal law provides that in reviewing Board decisions, the Veterans Court must “take due account” of this benefit-of-the-doubt rule. But the Veterans Court concluded that the account that was “due” wasn’t much: Seeing no clear error in the Board’s decision that evidence weighed more strongly against the veterans, it affirmed the Board.
Bufkin and Thornton then appealed the Veterans Court’s decisions to the U.S. Court of Appeals for the Federal Circuit, a genuine Article III court that (among a great many other things) reviews decisions from the Veterans Court. It agreed with the Veterans Court that clear error applies to the Board’s decision that the evidence wasn’t roughly 50-50, so it too affirmed the denial of benefits. These three rounds of appeals weren’t enough for Bufkin and Thornton, though, as they successfully convinced the Supreme Court to grant cert to address the appropriate standard of review.
Unfortunately for our persistent appellants, the Court affirmed all the courts below it in a 7-2 opinion authored by Justice Thomas. It began with the language of the statute which, as discussed above, requires the Veterans Court to take “due account” of the “benefit-of-the-doubt” rule in reviewing the Board’s decisions. But the phrase “due account” doesn’t have a lot of content on its own, so Thomas concluded the general standards of review called for by the veterans statutes are all the “account” that is “due.” Those statutes prescribe the ordinary standards of review appellate lawyers know well, calling for the Veterans Court to review conclusions of law de novo and findings of fact for clear error. So in which bucket fell the Board’s conclusion that the evidence wasn’t about equal, meaning there’s no “doubt” for the veteran to benefit from? For Thomas and majority, weighing up the evidence involves both legal and factual work, making it a mixed question of fact and law. And because this particular mixed question “is about as factual sounding as any question gets,” Thomas thought it was appropriately reviewed only for clear error.
Justice Thomas then brushed aside two objections to this reasoning. First, Bufkin and Thornton argued this interpretation of the legislative command that the Veterans Court take “due account” of the benefit-of-the-doubt rule made the “due account” provision surplusage. Thomas acknowledged that this objection was “a serious one,” but the problem was that it’s just as true if you apply the de novo standard Bufkin and Thornton asked for: Either way, you’re simply following the statute’s default standards of review. Thomas thus concluded that this wasn’t a context where the rule against surplusage could do any work. Second, the veterans observed that some mixed questions of law and fact—like probable cause determinations—are reviewed de novo. But for Thomas, probable cause determinations dwelt in the “constitutional realm,” giving rise to heightened scrutiny. The “benefit-of-the-doubt” standard, by contrast, was a create of statute. And further, probable cause asks the legal-sounding question of what the hypothetical reasonable man might think of a particular set of facts. The question here—whether the evidence is about equal—was just too fact-like for an appellate court to conduct de novo review.
In dissent, Justice Jackson, joined by Justice Gorsuch, disagreed on both points. In her view, the statutory mandate that the Veterans Court “take due account” of the benefit-of-the-doubt rule should be understood as superseding the general standard of review found in the statute, thereby mandating de novo review. And even if one were to apply the baseline standards of review, Jackson thought that the Board’s determination about whether the benefit-of-the-doubt rule applied looked more like a probable cause determination, meriting de novo review. Although couched in the language of textualism, Jackson’s dissent relied heavily on legislative history, pointing to past drafts of the statute and testimony from veterans groups to Congress, all of which suggested that the whole point of the “due account” provision was to override the Veterans Court’s perceived record of being too deferential to the Board. Finally, Jackson bolstered her ultimate conclusion with the so-called veterans canon, which provides that statutory provisions for the benefit of veterans should be construed in the beneficiary’s favor. It is notable that Justice Gorsuch signed on to a dissent that made such heavy use of legislative history. Perhaps he simply thought veterans should get the benefit of the doubt.