City of Los Angeles Passes Olympic Wage Increases and Other Entitlements for Hotel and Airport Workers
On May 27, the City of Los Angeles passed amendments to the Living Wage Ordinance (LWO) and the Hotel Worker Minimum Wage Ordinance (HWMO). The development of these amendments began in December 2024, and since then have been the subject of debate and public comment.
Here is what hotel and airport employers need to know about the amendments.
Hotel Worker Amendments
The amendments include increases to the minimum wage, an hourly health benefit payment, and training for covered hotel workers. These amendments apply to workers in hotels with at least 60 guest rooms. The provisions of the ordinance may be waived pursuant to a bona fide collective bargaining agreement but only if the waiver is expressly set forth.
The minimum wage rates will increase as follows:
Effective Date
Minimum Wage
July 1, 2025
$22.50
July 1, 2026
$25.00
July 1, 2027
$27.50
July 1, 2028
$30.00
July 1, 2029, and annually
Adjusted based on Consumer Price Index
Furthermore, effective July 1, 2026, if a hotel employer does not provide a worker with health benefits, the worker must be paid the wage rate indicated above plus an additional hourly wage rate equal to the health benefit payment in effect for an employer servicing LAX.
In addition to the above entitlements, hotel workers must be provided at least 6 hours of live and interactive instruction covering the following topics:
Hotel worker rights and hotel employer responsibilities.
Best practices for identifying and responding to suspected instances of human trafficking, domestic violence, or violent or threatening conduct.
Effective cleaning techniques to prevent the spread of disease.
Identifying and avoiding insect or vermin infestations.
Identifying and responding to other potential criminal activities
The training requirements take effect December 1, 2025.
Airport Employee Amendments
The amendments also increase airport employee minimum wage and health benefit payments as follows:
Date
Minimum Wage
July 1, 2025
$22.50
July 1, 2026
$25.00
July 1, 2027
$27.50
July 1, 2028
$30.00
July 1, 2029, and annually
Adjusted based on Consumer Price Index
Beginning on July 1, 2025, the hourly health benefit payment provided to an airport employee must be at least $7.65 an hour. On July 1, 2026, the hourly health benefit payment will be adjusted by a percentage equal to the percentage increase in the California Department of Managed Healthcare’s Large Group Aggregate Rates.
AB 1415 Passed by California Assembly with Amendments
Key Takeaways
While MSOs and certain parent entities are no longer defined as “health care entities,” they must still notify OHCA when entering into material change transactions with health care entities.
The amendments clarify and narrow several definitions, affecting how and when notice obligations apply under AB 1415.
OHCA’s authority would expand to evaluate and potentially regulate additional entities, signaling increased oversight of health care transactions in California.
On May 15, 2025, the California Assembly passed AB 1415 with some amendments. AB 1415 seeks to expand the jurisdiction of the California Office of Health Care Affordability (OHCA) by requiring additional entities to notify OHCA when entering into material change transactions.1 Among other changes detailed below, the amendments slightly narrowed the notice requirements for management services organizations (MSOs) by requiring them to submit notice to OHCA only when entering into material change transactions with a “health care entity.” The bill is now under consideration with the California Senate, which has until the end of the legislative session (August 31, 2025) to act on the bill.
The amendments to AB 1415 include the following:
MSOs and certain parent entities that own, operate or control a provider were removed from the definition of “health care entity.” However, such entities would be required to submit notice to OHCA when entering into material change transactions with health care entities. These amendments slightly narrow the scope of notice requirements for such entities to those transactions where the counterparty is a health care entity.
The word “hospital,” for purposes of defining a “health system,” was clarified to include general acute care hospitals, acute psychiatric hospitals, specialty hospitals, psychiatric health facilities and chemical dependency recovery hospitals.
The definition of “health system” was expanded to include combinations of hospitals and other providers, rather than hospitals and physician organizations.
The definition of “provider” was amended to remove entities that own, operate or control other entities identified under the definition of “provider.”
OHCA would be empowered to research and evaluate payors, providers, MSOs and fully integrated delivery systems to determine if the definitions and provisions of OHCA’s governing statute include entities that significantly affect health care cost, quality, equity and workforce stability. The current law does not include MSOs within OHCA’s scope of research and evaluation.
OHCA would be empowered to establish requirements for MSOs to submit data “as necessary to carry out the functions of the office.”
These amendments demonstrate California’s interest in expanding OHCA’s jurisdiction to review a greater number of health care transactions occurring within the state. Even with these amendments, the passage of AB 1415 would require MSOs and companies that own, control or operate a provider to submit transaction notices to OHCA when entering into material change transactions with health care entities, adding to the existing health care regulatory and filing burdens already in place and potentially delaying further investment by some in the California health care sector.
[1] Our prior discussion of AB 1415 can be found here: https://www.polsinelli.com/publications/california-bill-seeks-to-expand-scope-of-ohca-review
New York Department of Health Publishes Material Transactions Reporting Form
In our February 14, 2025, blog post, we detailed a proposed expansion of Article 45-A of New York’s Public Health Law (hereinafter, the Disclosure of Material Transactions Law) included in the proposed Fiscal Year 2026 New York State Executive Budget (FY 26 Executive Budget). The amendment was dropped from the final FY 26 Executive Budget’s Health and Mental Hygiene Article VII Legislation, which was signed into law by Governor Hochul on May 9, 2025. The Memorandum of Support accompanying the proposed legislation touted the amendment as a way to strengthen New York State Department of Health’s (DOH) oversight of material health care transactions, contending that it would allow DOH to gather more quantitative information to assess the transaction’s potential and actual post-closure impact. The legislation would have increased oversight by altering notice and disclosure requirements, permitting DOH to require a full cost and market impact review, and empowering DOH to delay the transaction’s closing to allow for a fulsome cost and market impact review. However, with the rejection of the amendment from the final FY 26 Executive Budget, the Disclosure of Material Transactions Law will remain in effect as it has been since August 1, 2023.
Though the proposed amendment to Article 45-A did not make the cut, the first half of 2025 has certainly not been devoid of developments for the Disclosure of Material Transactions Law. In fact, DOH has taken proactive steps to guide stakeholders, their legal counsel, and the public toward deeper understanding of and compliance with the Disclosure of Material Transactions Law. First, nearly a year and a half after the Disclosure of Material Transactions Law took effect, DOH published long-awaited Public Health Law Article 54-A, Material Transactions Frequently Asked Questions. Just over a month later, DOH published an electronic Material Transactions Reporting Form to be used for submitting notice of a material health care transaction. Until publication of the Material Transactions Reporting Form, parties to a “material transaction” had submitted such notice via email to DOH. Now, according to the DOH website, email submissions will no longer be accepted, and effective immediately, all new notices must be reported using the Material Transactions Reporting Form at least 30 days prior to the proposed transaction’s closing.
The Material Transactions Reporting Form formalizes and expands the categories of information that health care entities involved in a “material transaction” are required to submit to DOH. Health care entities are strongly encouraged to download the cover sheet to the Material Transactions Reporting Form and the PDF of the Material Transactions Reporting Form Questions to further understand the requirements. Critically, DOH notes that the PDF of the Material Transactions Reporting Form Questions is intended as guidance only and that parties cannot complete the paper form and submit it to DOH in lieu of electronic submission. The Material Transactions Reporting Form requires submission of the following information, which we note is not a comprehensive summary of the form’s requirements:
Parties to Material Transaction: The form requires disclosure of each party’s legal name, address, jurisdiction of incorporation, principal jurisdiction of business, and all other jurisdictions where the entity conducts business. Additionally, the form requires disclosure of any instance where an officer, director, manager, partner, owner, trustee, or member of a party has been (1) charged, pled guilty, or been convicted of a criminal offense, (b) party to a civil action involving dishonesty, breach of trust, or a financial dispute, or (c) charged with wrongdoing by any government agency or authority.
Pre-Closing Organizational Chart: The form requires identification of all persons known to control, to be controlled by, or under common control with, each party, and further must include voting percentages for each person listed. As detailed in our previous posts, “control” includes the right to direct or cause the direction of the management or administrative functions of a health care entity whether by voting rights or contract.
Post-Closing Organizational Chart: Parties must disclose a post-closing organizational chart demonstrating the surviving entity and its interrelationships after the closing of the material transaction. Information regarding the transaction and the surviving entity’s finances, including the purchase price and projected annual revenue for three years, as well as applicable prior material transaction history must also be disclosed.
Financial Statements: Parties must submit financial statements for the last two fiscal years, including balance sheets, income statements, and cash flow statements, along with projected financial statements for the surviving entity dated one day after closing.
Impact of Material Transaction: Parties must respond to several questions aimed at determining the material transaction’s impact on cost, quality, access, health equity, and competition in New York during the five years following the closing date. Further, DOH asks parties to provide statistics regarding current and anticipated service to Medicaid beneficiaries, uninsured patients, and “historically underserved populations or groups.”
NY’s decision not to pursue the proposed amendment may signal a win for health care investors and other stakeholders, particularly in a time where other states are increasing their regulation of health care transactions, whether through notice or pre-closing approval requirements. While the abandonment of the proposed amendment to the Disclosure of Material Transactions Law reflects New York’s current reluctance to adopt a more comprehensive review and approval framework for health care transactions, the release of the Material Transactions Reporting Form underscores New York’s commitment to systematically capturing detailed information about material transactions within the state. DOH has only received 2 additional notices of material transactions in 2025, bringing the total number of notices received since the law’s enactment to 11. Parties contemplating entering a material transactions in New York should consider how it will provide all documentation and information required, particularly those documents that require future projections.
PBM Legislation in the Reconciliation Bill is Far From Sweeping PBM Reform
Over the past few years, Congress has attempted to pass “federal PBM reform.” Members of Congress have held numerous hearings related to PBMs and introduced numerous bills seeking to regulate PBMs (we regularly track these federal actions through our quarterly PBM Policy and Legislative Updates). Despite the rhetoric in Washington about bipartisan support to regulate PBMs, Congress has not been able to pass meaningful PBM reform. This brings us to the One Big Beautiful Bill (Reconciliation Bill), which includes some PBM measures but remains far from the sweeping reform Congress previously introduced and from what we are seeing at the state level. The House passed the Reconciliation Bill on May 22, 2025, with a slim margin of 215 to 214. The Reconciliation Bill will now move to the Senate, where the Senate will need to approve it with a simple majority for it to become law.
The PBM provisions included in the Reconciliation Bill are unlikely to significantly impact the drug supply chain or PBMs’ practices. As discussed in further detail below, PBMs are generally already complying with many of the requirements set forth in the Reconciliation Bill. This blog will outline the key provisions of the Reconciliation Bill and their impact (or potential lack thereof) on PBM operations.
Definition of a PBM
The Reconciliation Bill defines a “pharmacy benefit manager” broadly to include “any person or entity that, directly or through an intermediary, acts as a price negotiator or a group purchaser …or manages the prescription drug benefits” on behalf of or provided by a state, managed care company, or “other specified entity,” regardless of whether the entity calls itself a PBM. The definition states that managing the prescription drug benefit may include processing claims, performing drug utilization review, processing prior authorizations, or contracting with pharmacies. The definition also states that a “pharmacy benefit manager” will include (i) “any entity that acts as a price negotiator (with regard to payment amounts to pharmacies and providers for covered outpatient drugs)” on behalf of a state, managed care entity, or other entity, or (ii) any entity that carries out one or more of the activities discussed in the prior sentence. This definition is intended to and will likely encompass entities beyond traditional PBMs, including rebate aggregators and utilization management entities.
Prohibition of Spread Pricing in Medicaid
The Reconciliation Bill requires that contracts between the state and (i) a PBM, or (ii) a Medicaid managed care entity (MCO) that includes drug coverage, be based on a pass-through pricing model prohibiting spread pricing. Under the pass-through pricing model:
Payments to pharmacies for drugs must be (i) limited to the ingredient cost of the drug and a professional dispensing fee that is not less than the professional dispensing fee a state would pay if the state were making the payment directly in accordance with the state Medicaid plan; (ii) equivalent to the amounts that the PBM charges the state or MCO for the drug such that the full amount of the payment to the PBM is “passed through” to the pharmacy dispensing the drug (with exceptions for state laws and regulations in response to FWA); and (iii) in a manner consistent with federal regulations specifying upper payment limits CMS will pay for drugs under the state Medicaid program.
Payment for administrative services is limited to an administrative fee that reflects FMV.
Upon request, the PBM or MCO must report to the state on a drug-level basis all costs and payments related to the covered outpatient drug and the accompanying administrative service fees.
The Reconciliation Bill would condition the federal match of Medicaid payments on the prohibition of “spread pricing.”
This prohibition of spread pricing in Medicaid is not a new practice and many states already prohibit it. Further, given several lawsuits and settlements with Medicaid MCOs in 2021 and 2022 stemming from spread pricing, Medicaid MCOs generally prohibit spread pricing as well. Therefore, it is unlikely the Reconciliation Bill will significantly change current practice in Medicaid.
Transparency Requirements in Medicare Part D
The Reconciliation Bill requires PBMs contracting with a Medicare Part D prescription drug plan sponsor (PDP Sponsor) to, among other things, (i) consistently and transparently define, interpret, and apply terms related to their performance of pricing guarantees or similar cost performance measurements related to rebates, discounts, price concessions, or net costs set forth in agreements between PDP Sponsors and PBMs, and (ii) annually report to HHS and the PDP Sponsor detailed information related to dispensed drugs, including, but not limited to, rebates received by manufacturers, and total manufacturer-derived revenue (including bona fide service fees retained by PBM and PBM affiliates).
“Delinking” PBM Payments
The proposed bill would prohibit PBMs from receiving income for services in any form other than a bona fide service fee (BFSF) defined as (i) a flat fee, (ii) consistent with fair market value (FMV), (iii) for services actually performed by the PBM or its affiliate on behalf of the PDP Sponsor that the PDP Sponsor would otherwise perform itself if not for the arrangement with the PBM, (iv) not based or contingent upon drug price, remuneration (such as rebates, discounts, and other fees), coverage decisions, formulary placement, the volume or value of referrals or business generated between the PBM and PDP Sponsor, or other criteria prohibited by the Secretary, and (v) not passed on to a client or customer (regardless of who takes title to the drug).
This definition of BFSF differs from the definition used in current Medicare Part D and Medicaid laws and creates immediate tension by requiring that the fee be flat and simultaneously FMV given that the volume of services to be provided is often unknown at the time agreements are formed. Further, the proposed bill indicates that “incentive payments” paid by PDP Sponsors to PBMs will be deemed BFSF so long as they meet the relevant BFSF requirements.
Rebates, discounts, and other price concessions received by a PBM from manufacturers, even if calculated as a percentage of a drug’s price, would not be in violation of this provision if such amounts are fully passed through to the PDP Sponsor and reported in accordance with applicable DIR requirements. PBMs would be required to pass through to the PDP Sponsor any remuneration in violation of the BFSF requirements; and further, PBMs would be required to enter into written agreements with their affiliates to require such affiliates to identify and pass through to the PDP Sponsor any remuneration beyond payments as described above (e.g., BFSF, permitted incentive payments and rebates, discounts, and price concessions). Finally, agreements between PBMs and PDP Sponsors would be subject to review by the Secretary of HHS for determination of FMV of remuneration.
Again, this provision will likely not materially change how PBMs operate in the Part D space today, as most PBMs already fully pass through rebates to the PDP Sponsors in Part D.
Conclusion
The Reconciliation Bill is not the broad, sweeping, PBM reform package that Congress has been working towards. Notably, the provisions discussed above are limited to Medicaid and Medicare. The Reconciliation Bill does not include PBM reforms applicable to commercial plans.
HHS-OCR Risk Analysis Enforcement Initiative Continues Under New Administration
In April 2025, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR)[1] announced a settlement marking its eighth enforcement action in its Risk Analysis Initiative.[2] Since its introduction in October 2024, the initiative already has resulted in combined settlement payments of nearly $900,000 from eight different health care organizations.
When announcing the initiative in October 2024, the OCR Director stated that “failure to conduct a HIPAA Security Rule risk analysis leaves health care entities vulnerable to cyberattacks, such as ransomware. Knowing where your ePHI is held and the security measures in place to protect that information is essential for compliance with HIPAA.”[3] The Director expressed that OCR created the initiative to “highlight the need for more attention and better compliance with this Security Rule requirement.”
The initiative follows a compliance audit conducted by OCR in 2016–2017, from which OCR concluded that only 14 percent of covered entities were substantially fulfilling their regulatory responsibilities to safeguard ePHI through risk analysis activities.[4]
Notably, the two most recent settlements under the risk analysis initiative were obtained in February 2025 and announced in April 2025, indicating that the Trump Administration is continuing to pursue the initiative first announced by the Biden Administration. The ongoing enforcement initiative underscores the importance of health care organizations understanding the Security Rule’s requirements and conducting a proper risk analysis.
What Exactly Is a Risk Analysis?
HIPAA’s Security Rule requires organizations to conduct a “risk analysis” that includes “an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by a covered entity or business associate.”[5]
According to HHS,[6] conducting a risk analysis is the “first step” and a “foundational element” in an organization’s Security Rule compliance.[7] However, the Security Rule does not specify a precise methodology for conducting a risk analysis.[8] According to HHS, “there are numerous methods of performing [a] risk analysis and there is no single method or ‘best practice’ that guarantees compliance with the Security Rule.”[9] While this grants organizations some flexibility, it also creates uncertainty as to precisely what constitutes compliance with the risk analysis requirement.
To reduce some of this uncertainty, HHS issued guidance on “several elements a risk analysis must incorporate, regardless of the method employed.”[10] Those elements include the following:
Document where ePHI is stored and transmitted (data inventory and mapping). The scope of the risk analysis must include all ePHI in all forms of electronic media. Examples include portable devices such as thumb drives, laptops, and mobile phones as well as individual desktops, email accounts, fax machines, printers, network storage devices such as file servers and backup servers, cloud storage servers, and electronic medical record (EMR) servers. Other examples may be specific to an organization’s practice, such as a medication dispensing system or imaging devices, if they store or transmit ePHI. The risk analysis should include an inventory that identifies and documents all places where ePHI is stored or transmitted and map how data flows to, from, and within the organization.
Document Potential Threats and Vulnerabilities. For each place where ePHI is stored or transmitted, the organization must identify and document reasonably anticipated threats and vulnerabilities to ePHI in each location. For example, if ePHI is stored and transmitted in email accounts, one vulnerability is a compromise of the credentials for the email account. If ePHI is stored and transmitted on the local hard drives of portable devices such as laptops or smartphones, another vulnerability is unauthorized access to the data on the device, should it be lost or stolen.
Document Current Security Measures. For each place where ePHI is stored or transmitted, the organization must document its current security measures protecting that location from threats and vulnerabilities. Using the example of portable devices, the organization may encrypt locally stored data at the hardware level or implement remote access tools that administrators can use to delete the device’s contents.
Determine the Level of Risk. While the Security Rule does not specifically define “risk,” HHS guidance defines risk as a function of (1) the probability that a particular threat will trigger or exploit a particular vulnerability and (2) the impact to the organization should this occur. HHS recognizes that this process could be quantitative or qualitative. For example, an organization could quantify risk on a scale of 1 to 10. Alternatively, an organization could characterize risk as low, medium, or high.
Document Risk Analysis. The organization must document the results of its risk analysis, including each step of the process outlined above. A short summary report will likely not be sufficient to demonstrate that the risk analysis was “accurate and thorough.” Documenting the risk analysis is especially important when an organization is being audited by OCR after experiencing a data breach, as OCR often requests copies of all risk analysis reports going back as far as six years.
Repeat Analysis. HHS recognizes that the Security Rule does not specify how frequently an organization must perform a risk analysis. HHS guidance states that organizations should conduct risk analysis annually, biennially, or every three years. However, the department’s recent Notice of Proposed Rulemaking would require organizations to conduct a risk analysis at least annually.[11] HHS guidance also maintains that organizations should conduct a risk analysis whenever an organization makes a material change to its operations. HHS provides examples of situations that might require an updated risk analysis, including a security incident, a change in ownership, turnover in key staff or management, or the incorporation of new technology.
Common Deficiencies
The HHS Senior Advisor for Cybersecurity presented a webinar in October 2023 that elaborated on the risk analysis requirements.[12] During the webinar, the presenter emphasized that a risk analysis must be “accurate and thorough,” noting that a common deficiency in risk analyses is the failure to conduct an inventory of all systems that store or transmit ePHI. The presenter also acknowledged that organizations often conflate a HIPAA compliance gap assessment with a risk analysis, which are two different things.
Other common deficiencies include the use of template forms or generic tools in conducting a security risk analysis. OCR has specified that the risk analysis must pertain to the specific operations of the organization. Template forms and generic tools may fail to account for the unique aspects of an organization’s network and fail to identify specific risks posed to that environment.
Where to Begin
Again, the Security Rule allows organizations flexibility in how they conduct their risk analysis. HHS points to NIST Special Publication 800-30 as one example of a guide for conducting a risk analysis.[13] In addition, the Office of the National Coordinator for Health Information Technology (ONC), in collaboration with OCR, developed a Security Risk Assessment Tool (SRA Tool). The SRA Tool is a computer application designed to walk health care organizations through the steps of a risk analysis.[14]
While the SRA Tool may be helpful as a starting point, HHS maintains that it is provided for informational purposes only.[15] HIPAA does not require its use, and its use does not guarantee compliance with HIPAA.[16] Fundamentally, the SRA Tool still requires organizations to make their own judgments regarding the probability, impact, and risk posed by any particular threat or vulnerability.
For support in identifying threats and vulnerabilities, making judgments about risk, and developing risk management plans, organizations often engage subject matter experts such as cybersecurity firms and law firms to help conduct a risk analysis. In light of OCR’s ongoing enforcement initiative and the risks posed by cybersecurity incidents, health care organizations will benefit from conducting a thorough risk analysis at their earliest opportunity.
[1] The OCR within HHS is the primary enforcement agency for HIPAA. They conduct investigations, compliance reviews, and take enforcement actions against covered entities that violate the Privacy or Security Rules.
[2] U.S. Dept. of Health and Human Services, “HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation with Neurology Practice” (April 25, 2025) available at https://www.hhs.gov/press-room/ocr-hipaa-racap-np.html (last accessed May 14, 2025).
[3] U.S. Dept. of Health and Human Services, “HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $90,000” (October 31, 2024) available at https://us.pagefreezer.com/en-US/wa/browse/0a7f82bb-be6e-448a-ae11-373d22c37842?url=https:%2F%2Fwww.hhs.gov%2Fabout%2Fnews%2Findex.html×tamp=2025-01-19T07:02:28Z (last accessed May 14, 2025)
[4] 90 FR 915
[5] 45 C.F.R. § 164.308(a)(1)(ii)(A).
[6] As the arbiter of HIPAA regulations, HHS is also charged with providing guidance to medical providers as to interpreting and implementing the requirements set forth by the regulations.
[7] U.S. Dept. of Health and Human Services, Office for Civil Rights, “Guidance on Risk Analysis” (July 14, 2010), available at https://www.hhs.gov/hipaa/for-professionals/security/guidance/guidance-risk-analysis/index.html (last accessed May 14, 2025).
[8] Id.
[9] Id.
[10] Id. Notably, OCR issued a Notice of Proposed Rule Making in January 2025, seeking to amend the Security Rule’s risk analysis requirement to explicitly incorporate these elements. 90 FR 898.
[11] 90 FR 1012.
[12] OCR Webinar: The HIPAA Security Rule Risk Analysis Requirement, available at https://www.youtube.com/watch?v=hxfxhokzKEU (last accessed on May 14, 2025).
[13] U.S. Dept. of Health and Human Services, Office for Civil Rights, “Guidance on Risk Analysis” (July 14, 2010), available at https://www.hhs.gov/hipaa/for-professionals/security/guidance/guidance-risk-analysis/index.html (last accessed May 14, 2025); see also NIST SP 800-30, available at https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/nist800-30.pdf?language=es (last accessed May 14, 2025).
[14] Office of the National Coordinator for Health IT, “Security Risk assessment Tool,” available at https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool (last accessed May 14, 2025)
[15] Id.
[16] Id.
Proposed Rule on Medicaid Tax Waivers: CMS Moves to Close a Loophole Shifting Costs to the Federal Government
On May 15, 2025, the Centers for Medicare & Medicaid Services (“CMS”) released a proposed rule, entitled “Preserving Medicaid Funding for Vulnerable Populations – Closing a Health Care-Related Tax Loophole” to address a financing loophole that allows states to shift more Medicaid costs to the federal government than intended (the “Proposed Rule”). If finalized as proposed, states that received CMS-approved waivers for state healthcare-related taxes within the last year—including California, New York, Michigan, and Massachusetts—would be required to modify or eliminate those state taxes immediately or risk losing federal matching funds for expenditures paid using those tax revenues. Comments from stakeholders are due by July 14, 2025.
The major policy change in the Proposed Rule would eliminate an existing waiver process that allows states to obtain approval from CMS for certain health care-related taxes, which seven states, including California, New York, Michigan, and Massachusetts, have relied on to finance their share of Medicaid costs.
Under existing federal law and regulations, when a state imposes a tax on healthcare providers and uses the revenue to support Medicaid payments, the federal government provides matching funds, so long as the tax complies with specific statutory requirements set forth by Section 1903(w) of the Social Security Act.
To ensure that states are not simply recycling money back to taxed providers to draw down more federal funding, the law requires that health care-related taxes be broad-based, uniform, and not include “hold harmless” arrangements—where providers are effectively reimbursed for the taxes they pay. States can request a waiver from the “broad-based” and “uniform” requirements if they can show the tax is generally redistributive—i.e., it generally derives revenue from taxes on non-Medicaid services and uses them to finance the State’s share of Medicaid payments for services. Since 1993, CMS has used specific statistical tests to assess whether a waiver-eligible tax is generally redistributive.
However, CMS is concerned that states have found ways to structure their taxes that technically pass the statistical test for a waiver of the “uniformity” requirement, but that actually impose more of the tax burden on Medicaid services than non-Medicaid services—such as by imposing higher tax rates on Medicaid services than on commercial services—and therefore are not “generally redistributive.” CMS highlighted several examples of taxes imposed on managed care organizations (MCOs) where a disproportionate share of the tax burden is imposed on Medicaid member-months. CMS believes that these arrangements undermine the federal-state cost-sharing structure of Medicaid.
The Proposed Rule seeks to close this loophole by refining how CMS evaluates whether a health care-related tax is generally redistributive. It introduces more stringent requirements to ensure that taxes do not disproportionately target Medicaid providers and that the distribution of the tax burden reflects a true cross-section of the provider market. According to CMS, closing this loophole could save the federal government over $33 billion over five years.[1]
Specifically, CMS proposes to keep the two existing statistical tests for waivers of the broad-based and uniformity requirements, respectively, but to add new requirements that must be met even if the applicable statistical test(s) are satisfied. This represents a significant shift in CMS’s approach, moving from a focus on statistical form to economic substance. Under the Proposed Rule, a tax that meets the applicable statistical tests still is not “generally redistributive” and will not be approved by CMS if: (i) the tax rate imposed on any taxpayer or taxpayer group based on its Medicaid taxable-units is higher than the tax rate imposed on non-Medicaid taxable units (e.g., an MCO tax where Medicaid member months are taxed at $200 per member-month and non-Medicaid member months are taxed at $20 per member month; (ii) the tax rate imposed on a taxpayer or taxpayer group that is defined based on its Medicaid volume or percentage is lower for the lower-Medicaid volume group and higher for the higher-Medicaid volume group (e.g., a higher tax rate for nursing facilities with a Medicaid inpatient utilization rate greater than 5% than the tax rate for nursing facilities with a Medicaid inpatient utilization rate less than 5%).
CMS explains that all seven of the existing approved State tax waivers would fail (i) and at least one existing State tax waiver would also fail (ii). CMS also proposes that any State tax that has the same effect as either (i) or (ii) – that is, where a State is using a substitute definition, measure, or attribute as a proxy for Medicaid to achieve the same effect—would not be generally redistributive and would not be approved.
To implement this change, CMS also proposes to define new terms for “Medicaid taxable unit” and “non-Medicaid taxable unit” to distinguish between units that the basis of Medicaid payment (like Medicaid bed-days, Medicaid revenues or Medicaid charges) or otherwise associated with the Medicaid program and units that are not associated with the Medicaid program. States may need to reassess how they define tax bases for taxpayers and classes of providers to ensure they do not disproportionately burden Medicaid utilization.
The Proposed Rule would provide a one-year transition period for any State tax that does not comply with the new requirements, but only if CMS approved the tax waiver more than two years prior to the effective date of any final rule. By contrast, state taxes that obtained waivers more recently (i.e., less than two years prior to the effective date of any final rule), such as California, Michigan, Massachusetts, and New York, would not be eligible for a transition period and would be required to comply with the new requirements as of the effective date of the final rule or risk a reduction in federal Medicaid funding.[2] With no transition period for recent waivers, states like New York may have as little as 60 days to comply after the final rule is published. States, their Medicaid agencies, and stakeholders should begin internal reviews now to avoid rushed changes to avoid losses in federal funding.
Date CMS Approved Waiver
Effective Date of Final Rule
Eligible for Transition Period?
State Fiscal Year Begins
Compliance Deadline
July 1, 2016
January 1, 2026
Yes
April 1
April 1, 2027*
July 1, 2016
February 1, 2026
Yes
January 1
January 1, 2028**
December 10, 2024
January 1, 2026
No
N/A
January 1, 2026
December 10, 2024
February 1, 2026
No
N/A
February 1, 2026
* Under existing regulations, a modified waiver package would need to be submitted to CMS for approval by June 30, 2027 to have a retroactive April 1, 2027 effective date. CMS is also considering a number of different alternatives for the transition period, including on the one hand, narrowing the availability of the transition period to state taxes with waivers approved more than three years prior to the effective date, and on the other hand, extending the transition period to one year for states with more recent tax waiver approvals (i.e., within the last two or three years) and two years for states with older tax waiver approvals.
States with recent waiver approvals, such as New York, California, Michigan, and Massachusetts, may need to act quickly to re-evaluate their existing tax structures. This may include identifying Medicaid-heavy tax metrics, engaging affected providers, and assessing whether changes in state laws or regulations related to state taxes are needed. CMS’s stated position that existing tax waivers do not meet the new requirements suggests that significant structural changes, not just technical adjustments, may be needed. States can no longer rely on prior approvals and may consider preparing now to modify their tax structures to meet the proposed requirements as of the effective date of any final rule.
Notably, this regulatory effort coincides with legislative activity in Congress on the same topic. On May 14, the House Energy and Commerce Committee advanced its portion of the fiscal year 2025 budget reconciliation bill, which includes multiple amendments to the Medicaid statute to limit states’ use of health care-related taxes. The Bill would impose a federal moratorium on new or increased provider taxes, and proposes to codify in the Medicaid statute conditions for when a health care-related tax is not “generally distributive.”[3] The conditions outlined in the bill are substantially similar to the conditions CMS included in the Proposed Rule. The bill also would authorize the Secretary to determine an appropriate transition period, not to exceed three fiscal years. If enacted by Congress later this summer, that may accelerate the time frames for compliance with the new requirements compared to the time required for CMS to consider submitted comments and finalize the Proposed Rule.
FOOTNOTES
[1] Preserving Medicaid Funding for Vulnerable Populations – Closing a Health Care-Related Tax Loophole Proposed Rule, Ctrs. For Medicare & Medicaid Servs. (May 12, 2025).
[2] Id.
[3] Comm. Print Providing for Reconciliation Pursuant to H. Con. Res. 14, Subtitle D—Health, § 44131, 44132,44134, 119th Cong. (2025).
Listen to this post
The Intersection of AI, Digital Health, and the TCPA: What You Need to Know
Artificial intelligence (AI) is widely transforming digital health, including by automating certain patient communications. However, as health care companies consider deploying AI-driven chatbots, texting platforms, and virtual assistants, they should not forget about the highly consequential, and highly litigated, Telephone Consumer Protection Act (TCPA).
Many digital health companies mistakenly assume that they only need to consider the Health Insurance Portability and Accountability Act (HIPAA) when considering whether to text or otherwise communicate with patients via various means. HIPAA governs the privacy and security of protected health information. The TCPA, by contrast, protects consumer rights around how and why patients are contacted.
The TCPA has become a key regulatory consideration for any digital health company that uses technology to communicate with patients by telephone or text message. As AI enables more scalable and automated outreach, understanding the TCPA’s boundaries is key to ensuring regulatory compliance and avoiding costly litigation.
Why the TCPA Matters in an AI-Enabled Health Environment
The TCPA restricts certain calls and texts made using an “automatic telephone dialing system” (ATDS), as well as prerecorded or artificial voice messages, without prior express consent. When such communications are made for marketing purposes, prior express written consent may be required. Even health care companies that use AI-powered systems to send appointment reminders, refill prompts, or wellness check-ins by telephone or text — as opposed to marketing, user engagement, or upselling services — may fall within the TCPA’s scope, especially if those communications are automated. Note that although the TCPA includes exemptions for certain health care messages, there are numerous parameters for meeting this exception and we urge caution in relying on it.
Even though the Supreme Court’s 2021 decision in Facebook v. Duguid narrowed the definition of an ATDS, TCPA compliance remains a moving target. Further, some states have their own version of the TCPA that may define ATDS or similar technology in a different way. This creates real legal risk even for digital health companies with no robocall or telemarketing intent.
AI Chatbots and Virtual Assistants: Are They “Artificial Voices”?
One of the most pressing legal questions, and a focus of plaintiffs’ attorneys, is whether AI-powered voicebots or chatbots qualify as “artificial or prerecorded voice” communications under the TCPA. Although the Federal Communications Commission’s (FCC) 2024 ruling clarified that AI-generated voices fall into this definition, reaffirming that these types of communications are subject to the TCPA’s consent requirements, the legal landscape remains unsettled.
Courts continue to wrestle with how this interpretation applies to emerging technologies like chatbots, especially text-based systems that do not emit sound but still automate patient communication. Some plaintiffs argue that such AI technology, even if it responds dynamically to user input, meets the statutory definition of “artificial voice” because it lacks a live human on the line. If courts agree, this could impose significant restrictions on AI-driven patient engagement tools unless proper consent is obtained.
The FCC’s authority, although influential, does not fully preempt judicial interpretation, and differing court decisions may shape how the TCPA applies to various forms of AI-powered communication. As a result, companies must stay alert to both regulatory guidance and case law developments.
What Digital Health Companies Should Do Now
Below are four practical steps to stay on the right side of TCPA compliance in the AI era:
1. Conduct a TCPA Risk Assessment
Review all patient outreach channels (SMS, voice, chat, etc.) and determine which systems are AI-driven or automated. Flag any that fall within the TCPA’s scope. Consider any differing requirements under state versions of the TCPA applicable to your business.
2. Audit Your Consent Flows
Ensure that your consent language clearly distinguishes between HIPAA and TCPA compliance. For marketing communications, confirm you have prior express written consent. Consider “marketing” to be broadly defined.
3. Consent is King
When in doubt, obtain prior express written consent for communications in your user flow.
4. Monitor Litigation Trends
Stay current on case law developments regarding AI, chatbots, and “artificial voice” interpretations. Legal interpretations are evolving quickly.
Final Thoughts
AI is revolutionizing patient communication, but it can also amplify regulatory exposure. The TCPA remains a favorite tool for class-action lawsuits, and digital health companies should treat it with the same seriousness as they treat their HIPAA compliance.
As AI capabilities grow, the gap between innovation and regulation is widening. Thoughtful contracting, consent design, and legal review can help digital health companies lead with compliance, while still delivering smarter, scalable care.
OSHA Heat Rule Moving Forward
Despite predictions by many that the Biden-era proposed heat rule would be scrapped, it appears that it is moving forward. While there may be some changes to the proposal, it seems we may have a heat rule sooner rather than later.
The US Occupational Safety and Health Administration (OSHA) has confirmed a public hearing on June 16, signaling significant progress.
The proposed rule establishes key temperature thresholds, requiring employers to implement protective measures when the heat index reaches 80°F, with heightened precautions at 90°F. While proponents argue it is essential for worker safety, the business community has raised concerns over its scope and operational burdens, particularly the 20% acclimatization period.
If your business could be affected by these changes, now is the time to prepare. Reach out to stay informed and ensure compliance with evolving regulations.
“There are political considerations, so it’s conceivable that what they will do is promulgate a rule, but the rule will be watered down,” said Michael Duff, a professor of law at St. Louis University School of Law. “In other words, you’re not hit with a one-size-fits-all rule that would be applied no matter what, you’re allowed to take into account workplace specific conditions.”
news.bloomberglaw.com/…
CMS Issues Guidance and Requests Information to Promote Hospital Price Transparency Compliance and Enforcement Efforts
On May 22, 2025, the Centers for Medicare & Medicaid Services (CMS) took a series of actions to promote enhanced price transparency compliance by hospitals and identify challenges thereto, in order to inform future price transparency enforcement activities and policies. These actions were taken in furtherance of the President’s February 2025 Executive Order No. 14221 (which we previously analyzed here), and include the following actions of particular relevance for hospitals:
CMS issued updated Price Transparency Guidance here emphasizing that:
Hospitals must include dollar amounts in their machine-readable files (MRFs) (if they can be calculated) in order to make hospital pricing more transparent, “including the amount negotiated for the item or service, the base rate negotiated for a service package, and a dollar amount if the standard charge is based on a percentage of a known fee schedule”; and
Hospitals should no longer include the code “999999999 (nine 9s)” in MRFs for estimated allowed amounts and “should instead encode an actual dollar amount.”
CMS issued a Request for Information here (RFI) that is intended to “identify challenges and improve compliance and enforcement processes” related to hospital price transparency efforts, and specifically in connection with concerns regarding the “accuracy and completeness of” standard charge information in hospital MRFs.
The RFI seeks information from stakeholders in response to the following questions from CMS:
Should CMS specifically define the terms “accuracy of data” and “completeness of data” in the context of HPT requirements, and, if yes, then how?
What are your concerns about the accuracy and completeness of the HPT MRF data? Please be as specific as possible.
Do concerns about accuracy and completeness of the MRF data affect your ability to use hospital pricing information effectively? For example, are there additional data elements that could be added, or others modified, to improve your ability to use the data? Please provide examples.
Are there external sources of information that may be leveraged to evaluate the accuracy and completeness of the data in the MRF? If so, please identify those sources and how they can be used.
What specific suggestions do you have for improving the HPT compliance and enforcement processes to ensure that the hospital pricing data is accurate, complete, and meaningful? For example, are there any changes that CMS should consider making to the CMS validator tool, which is available to hospitals to help ensure they are complying with HPT requirements, so as to improve accuracy and completeness?
Do you have any other suggestions for CMS to help improve the overall quality of the MRF data?
Responses to the CMS RFI are due by midnight on July 21, 2025, and must be submitted on that same webpage. CMS is interested in feedback from a variety of stakeholders who interact with MRFs and/or rely on the price transparency tools, including hospitals, payers, employers, innovators, and consumers.
We will continue to monitor oversight and enforcement of federal price transparency laws, and the impact these activities may have on hospitals and other health care organizations.
OSHA Issues Updated Guidance for Site-Specific Targeting Inspection Program
On April 8, 2025, the Occupational Safety and Health Administration (OSHA) released Directive CPL 02-01-067, updating its Site-Specific Targeting (SST) inspection program. The revised directive outlines procedures for selecting and inspecting general industry establishments with twenty or more employees, based on employer-submitted injury and illness data from calendar years 2021 through 2023. Whereas the prior version of the program essentially targeted all employers and workplaces, this version is more narrowly tailored.
Quick Hits
OSHA’s updated SST program targets general industry establishments (excluding construction) with twenty or more employees, using Form 300A data from 2021–2023.
The program prioritizes inspections at establishments with high or upward-trending injury and illness rates, as well as those that failed to submit required data.
The directive replaces the previous SST guidance (CPL 02-01-064, February 7, 2023) and will remain in effect for two years unless superseded.
Background
The SST program is OSHA’s primary programmed inspection initiative for non-construction workplaces. It leverages objective injury and illness data submitted under 29 C.F.R. § 1904.41 to focus enforcement resources on establishments with elevated rates of occupational injuries and illnesses. The program aims to ensure that employers maintain safe and healthful workplaces by directing inspections where they are most needed. From April 2023 to December 2024, the SST program resulted in 652 inspections, with a higher rate of violations and noncompliance compared to other non-construction programmed inspections, reinforcing the program’s effectiveness.
Key Changes in the 2025 SST Directive
Inspection selection is now based on 2023 Form 300A data for high-rate establishments, and 2021–2023 data for establishments with upward-trending rates. The low-rate and non-responder lists are also generated using 2023 data, updating from the previous use of 2021 data. The directive clarifies procedures for scheduling, prioritizing, and documenting inspections, and provides updated guidance on the use of the SST OSHA Tools Dashboard for managing inspection lists.
Inspection List Selection Criteria
OSHA will generate inspection lists for:
High-rate establishments: Selected based on 2023 DART (Days Away, Restricted, or Transferred) rates, with separate thresholds for manufacturing and non-manufacturing sectors.
Upward-trending establishments: Identified by rates at or above twice the private-sector national average in 2022, with continued annual increases from 2021–2023.
Low-rate establishments: Randomly sampled to verify the accuracy of reported data.
Non-responders: Randomly sampled from establishments that failed to submit required 2023 Form 300A data.
Scheduling and Inspection Procedures
Area offices (AOs) are responsible for maintaining and documenting inspection cycles, using the SST web-based application to generate and update inspection lists. Inspections are comprehensive in scope and may be expanded to include health hazards based on prior inspection history or industry classification. During inspections, compliance officers will review OSHA 300 logs, 300A summaries, and 301 incident reports for 2021–2023, and evaluate the adequacy of the employer’s safety and health management system. Establishments that received a comprehensive inspection within the past thirty-six months, are public-sector employers, or are participants in OSHA’s Voluntary Protection Programs (VPP) or Safety and Health Achievement Recognition Program (SHARP) are generally excluded from the inspection list. Small employers that are not required to submit their OSHA Form 300A electronically will not be subject to the program.
Deferrals and Deletions
SHARP and VPP participants are deferred or deleted from programmed inspection lists for specified periods. Establishments with ongoing OSHA On-Site Consultation visits may receive deferrals of up to ninety days. AOs must document all deletions and deferrals, including rationale and supporting information.
State Plan Impact
States with OSHA-approved state plans must adopt inspection targeting systems at least as effective as the federal SST program. States are required to notify OSHA of their intent to adopt identical or different policies within sixty days and implement any changes within six months.
Conclusion
The updated SST directive reflects OSHA’s ongoing commitment to data-driven enforcement and targeted inspections in general industry. Employers may want to ensure timely and accurate submission of injury and illness data and maintain robust safety and health management systems to mitigate the risk of inspection and potential citations.
States Move Forward with Privacy Protections to Close HIPAA Gaps for Health, Reproductive Health Info
Takeaways
Multiple state laws are strengthening protections for health data, increasingly going beyond HIPAA, healthcare providers and health plans.
Certain categories of health information, such as reproductive health, have greater privacy protections.
Organizations cannot look solely to HIPAA when assessing privacy compliance.
Related links
My Health, My Data Act (Washington State)
Washington State’s My Health, My Data Act Sent to Governor
Nevada’s Governor Signs Health Data Privacy Act
Virginia Amended Consumer Protection Act (SB754)
California Consumer Privacy Act, California Privacy Rights Act FAQs for Covered Businesses
Colorado Becomes Third State to Enact a Comprehensive Privacy Law
Article
When it comes to safeguarding health data, the Health Insurance Portability and Accountability Act (HIPAA) is paramount. HIPAA’s extensive reach encompasses nearly all healthcare providers and all health plans, affecting just about every American. However, its coverage is not complete. States are stepping in to address the gaps and tackle specific areas of concern, such as reproductive health information.
Businesses will want to closely monitor state law developments even if they are not healthcare providers or health plans covered by HIPAA. This is especially important for businesses operating across multiple states. Even for covered entities or business associates under HIPAA, certain aspects of state laws still may raise compliance issues to consider.
To illustrate, consider the laws of Washington, Nevada, Virginia, and New York.
Washington
Washington’s My Health, My Data Act is considered one of the first comprehensive state laws addressing certain health data not covered by HIPAA. The legislative findings explain part of the thinking:
Washingtonians expect that their health data is protected under laws like the health information portability and accountability act (HIPAA). However, HIPAA only covers health data collected by specific healthcare entities, including most healthcare providers. Health data collected by noncovered entities, including certain apps and websites, are not afforded the same protections. This act works to close the gap between consumer knowledge and industry practice by providing stronger privacy protections for all Washington consumers’ health data.
The Washington law applies to “regulated entities” — entities that
Conduct business in Washington, or produce or provide products or services targeted to consumers in Washington; and
Alone or jointly with others, determine the purposes and means of collecting, processing, sharing, or selling consumer health data.
The law’s application is not limited to providers or plans. Further, although the law covers the typical categories of health information, such as health condition or diagnosis, it also addresses more specific categories of health information, including:
Gender-affirming care information.
Reproductive or sexual health information.
Biometric data.
Genetic data.
Precise location information that could reasonably indicate a consumer’s attempt to acquire or receive health services and supplies.
Violations are enforceable by the prosecution by the state’s Attorney General’s Office or by private actions brought by affected consumers.
Nevada
In 2023, Nevada enacted protections like those under Washington’s My Health, My Data Act. However, the Nevada law does not include a private right of action.
Virginia
Virginia recently amended its Consumer Protection Act (VCPA), effective July 1, 2025, focusing on safeguarding reproductive and sexual health information. The VCPA regulates “suppliers,” defined as a “seller, lessor, licensor, or professional that advertises, solicits, or engages in consumer transactions, or a manufacturer, distributor, or licensor that advertises and sells, leases, or licenses goods or services to be resold, leased, or sublicensed by other persons in consumer transactions.” Based on this definition, the compliance obligations, along with litigation and enforcement risks, extend beyond HIPAA in several respects. The amendments to the VCPA aim to bolster consumer protection, particularly in managing reproductive and sexual health information.
Key points for businesses:
Prohibition on Collection and Disclosure Without Explicit Consent: The law strictly prohibits the collection, disclosure, sale, or dissemination of consumers’ reproductive or sexual health information unless explicit consent is obtained. “Consent” means “a clear affirmative act signifying a consumer’s freely given, specific, informed, and unambiguous agreement to process personal data relating to the consumer.”
Broad Definition: The definition of “reproductive or sexual health information” is broad and includes data related to past, present, or future reproductive or sexual health, such as efforts to obtain reproductive health services, use of contraceptives, health status (e.g., pregnancy and menstruation), and treatments or surgeries.
Exclusions: The law excludes HIPAA-protected data and records related to substance use disorder treatment.
Private Right of Action and Enforcement: Individuals may bring an action for violations and can potentially recover the greater of actual damages or $500. The state attorney general may also investigate violations and seek civil penalties of up to $2,500 for willful violations.
New York
Earlier this year, New York passed Senate Bill 929, the “New York Health Information Privacy Act” or “New York HIPA.” (If it becomes law, referring to these laws will become a little more confusing: HIPAA, HIPPA, HIPA, and so on.) HIPA generally follows the approaches taken by the state laws discussed above. It does not provide a private right of action but grants the state attorney general authority to seek civil penalties of up to $15,000 per violation or 20% of revenue obtained from New York consumers within the past fiscal year, whichever is greater, as well as other forms of relief.
Comprehensive State Privacy Laws
Many states have adopted comprehensive privacy laws that protect personal information in general, including health-related data. While the definitions of covered entities may vary, they should be considered when assessing compliance.
The California Privacy Rights Act (CPRA), for example, has a broad definition of sensitive data that includes mental or physical health conditions and sexual orientation. Similar to Virginia, the CPRA aims to protect consumers’ personal information, but it expands the scope to include sex life, which Virginia’s VCPA does not. The Colorado Privacy Act also includes “sex life” in its definition of sensitive data. These a just a few differences in how states define and protect categories of sensitive data.
Even before the Trump Administration began to reimagine the federal government’s role in regulatory and enforcement activities, states had already identified gaps in HIPAA’s protections for health information and begun to address them. Consequently, a broader range of entities must now revisit their handling of health information, especially if they have been outside of HIPAA’s reach.
Healthcare Preview for the Week of: May 27, 2025 [Podcast]
Short Congressional Recess, Short Preview
While Congress is in recess this week, we are still on reconciliation watch as consideration of the One Big Beautiful Bill Act moves to the Senate. We are on the lookout for a printed version of the full bill as it was passed (we currently only have this Rules Committee version of the package and the separate manager’s amendment). We are also waiting for an official, complete score from the Congressional Budget Office, which will affect Senate consideration.
Over the weekend, House Speaker Mike Johnson made pleas for the Senate not to make significant changes to the bill since it will be difficult to get through the House again. But we can anticipate that the Senate will insist on putting its mark on the package. This week we will watch for signs of Senate Republican agreement around new or adjusted bill provisions. We know they have thoughts on tax; however, it is less clear how many changes are coming in healthcare.
We will also be watching for additional administrative input on reconciliation, potentially seeing the president’s full fiscal year 2026 budget (in follow up to the “skinny budget” released earlier this month), or any number of other regulations, executive orders, or unanticipated activities.
And, finally, a reminder that our Medicare Physician Fee Schedule Preview Webinar is happening this Wednesday at 3:00 pm EDT. Register here to join us.
Today’s Podcast
Debbie Curtis and Rodney Whitlock join Julia Grabo to discuss what we know (and don’t know) about the House-passed reconciliation package and what we are watching for in the Senate.