Maine Enacts Ban on Reporting Medical Debt to Credit Bureaus

On June 9, Maine Governor Janet Mills signed into law LD558, which prohibits the reporting of medical debt to consumer reporting agencies. The law bars medical creditors, debt collectors, and debt buyers from furnishing information about medical debt to credit bureaus, regardless of payment status or consumer repayment activity.
The new statute amends the Maine Fair Credit Reporting Act by replacing the term “medical expenses” with “medical debt” and eliminating carveouts that had previously allowed reporting in limited situations. 
Putting It Into Practice: Maine’s statute comes just weeks after the CFPB formally withdrew its proposed rule that would have barred medical debt reporting nationwide (previously discussed here), and follows Vermont’s law that banned medical debt in consumer reporting statewide (previously discussed here). Companies operating in other jurisdictions should expect the trend to continue and plan accordingly.
Listen to this post

Supreme Court Upholds Tennessee’s Ban on Gender-Affirming Care

On June 18, 2025, in the case of United States v. Skrmetti, the U.S. Supreme Court upheld Tennessee’s ban on gender-affirming care—concluding that the law does not violate the Equal Protection Clause of the Fourteenth Amendment of the U.S. Constitution.
The decision marks the first time the Supreme Court considered the application of the Equal Protection Clause to transgender youth, despite the decision skirting the question of whether transgender status should be considered a protected class. 
The decision has broad implications, although many legal issues in this area remain unresolved.
Tennessee SB 1—which took effect on July 1, 2023, and is now codified as Tenn. Code Ann. § 68-33-103(a)(1)—comprehensively bans all medical treatments from being administered to or performed on minors when the purpose of the medical procedure is to (1) “enable a minor to identify with, or live as, a purported identity inconsistent with the minor’s sex” or (2) treat “purported discomfort or distress from a discordance between the minor’s sex and asserted identity.” Tenn. Code Ann. § 68-33-103(a)(1).
In a 6-3 opinion authored by Chief Justice John Roberts, the Court in Skrmetti affirmed the U.S. Court of Appeals for the Sixth Circuit,[1] which held in September 2023 that (1) the Tennessee law does not discriminate on the basis of sex for purposes of equal protection, and (2) that it was subject only to rational basis review.
“SB1 does not classify on any bases that warrant heightened review,” the Supreme Court wrote. It concluded that the Tennessee law incorporates only two classifications: (1) age (allowing certain medical treatments for adults but not minors), and (2) medical use (allowing puberty blockers for minors for some conditions but not others). These two classifications warranted only rational basis review, the Court said.
And the Court dodged the question of whether transgender status should be considered a protected class equivalent to race or gender. “This case, in any event, does not raise that question because SB1 does not classify on transgender status.”
The Court rejected that argument as well as arguments that SB 1 relies on impermissible sex-based classifications or that it enforces a government preference that individuals conform to expectations about their sex.
“This Court has never suggested that mere reference to sex is sufficient to trigger heightened scrutiny,” Chief Justice Roberts wrote. “Such an approach, moreover, would be especially inappropriate in the medical context [as] some treatments and procedures are uniquely bound up in sex.”
The Court felt no need to address whether the 2020 case of Bostock v. Clayton County—holding that for an employer to discriminate against employees for being homosexual or transgender, the employer must intentionally discriminate on the basis of sex[2]—reaches beyond the context of Title VII of the Civil Rights Act of 1964 and into the question in front of the Court in Skrmetti.
Finally, the Court concluded that there was a rational basis for SB1’s classifications: “Tennessee concluded that there is an ongoing debate among medical experts regarding the risks and benefits associated with administering puberty blockers and hormones to treat gender dysphoria, gender identity disorder, and gender incongruence. SB1’s ban on such treatments responds directly to that uncertainty.”
Concurrences and Dissent
Justice Clarence Thomas concurred, asserting that Bostock was wrongly decided, and, in any event, there was “no reason to import Bostock’s Title VII analysis into the Equal Protection Clause.” He also felt no need to defer to “so-called expert consensus” regarding the necessity for gender-affirming care.
“States have an interest in ensuring that minor patients have the time and capacity to fully understand the irreversible treatments they may undergo,” Thomas wrote.
Justice Amy Coney Barrett also concurred, writing separately to explain why, in her view, transgender status would not constitute a suspect class, concluding that such status was not marked by the same sort of “obvious, immutable, or distinguishing characteristics as race or sex.” Nor is the transgender population the kind of discrete group that the case law would require.
“Holding that transgender people constitute a suspect class would require courts to oversee all manner of policy choices normally committed to legislative discretion,” she wrote. And Justice Barrett did not find that transgender individuals suffered a history of de jure discrimination.
Justice Thomas Alito found a “strong argument” that SB1 classified on the basis of transgender status—yet agreed that the classification would not warrant heightened scrutiny, concluding that neither transgender status nor gender identity is a suspect or quasi-suspect class. Further, Justice Alito did not believe that the reasoning in Bostock applied when determining whether a law classifies based on sex for equal protection purposes.
Justices Elena Kagan, Sonia Sotomayor, and Ketanji Brown Jackson dissented, asserting that SB1 “expressly classifies on the basis of sex and transgender status, warranting intermediate scrutiny.” (Justice Kagan, meanwhile, declined to expressly consider how SB1 might fare under heightened scrutiny, stopping her analysis with the relevant test.)
“The Court abandons transgender children and their families to political whims,” Justice Sotomayor wrote. “In sadness, I dissent.”
Background
The medical community uses “gender-affirming care” as an umbrella term covering a range of medical interventions—not just surgical care—used to support gender diverse and transgender individuals when there is a conflict between the individual’s gender identity and the gender they were assigned at birth. Some interventions are reversible and others are not. Individual states may apply their own definitions of gender-affirming care as well.
Approximately two million Americans are transgender by this definition, with 1.6 million aged 13 and older. Research has indicated an increased risk of anxiety, depression, and suicide in this group. In Skrmetti, the appellant’s briefs, as well as several amicus briefs, cite to research that concludes gender-affirming care procedures are scientifically demonstrated to reduce these risks. The plaintiffs in Skrmetti were not challenging the law with respect to surgical procedures in their Supreme Court appeal, which was limited to the use of medication.
The District Court for the Middle District of Tennessee had preliminarily enjoined enforcement of the Tennessee law, concluding that the transgender ban was subject to heightened scrutiny because, in the lower court’s view, it (1) discriminates based on sex and (2) targets transgender individuals, who it deemed a quasi-suspect class.
The American Civil Liberties Union (ACLU), which is among those representing the plaintiffs in the case, challenged the law owing to its prohibition on hormone replacement therapy and puberty blockers in some minors and not others on the basis of sex (under the Tennessee law, a doctor can, for example, prescribe estrogen to a cisgender girl or testosterone for a cisgender boy). The plaintiffs—three transgender adolescents and a doctor from Tennessee who treats adolescents with gender dysphoria—argued that the ban discriminates on the basis of sex and transgender status.
The Biden administration intervened in the case on the side of the families and petitioned the Supreme Court for a writ of certiorari in November 2023. The petition, led by now-former Solicitor General Elizabeth B. Prelogar, argued that “Tennessee’s law is part of a wave of similar bans preventing transgender adolescents from obtaining medical care that they, their parents, and their doctors have all concluded is necessary.”
The case was heard by the Supreme Court in December 2024. On February 7, 2025, following the change in presidential administrations, the deputy solicitor general reversed course on its position that SB 1 violated the Fourteenth Amendment’s Equal Protection Clause and notified the Court that “the government’s previously stated views no longer represent the United States’ position.” Additionally, the letter stated that “[t]he Department [of Justice] has now determined that SB1 does not deny equal protection on account of sex or any other characteristic.”
Other Circuits
The Fourth and Ninth Circuits have held that gender identity is at least a “quasi-suspect class,” warranting heightened scrutiny for equal protection purposes.[3] The Eighth Circuit has held that Arkansas’ law banning gender-affirming care discriminates on the basis of sex in violation of the Equal Protection Clause, warranting heightened scrutiny.[4]
The Sixth Circuit in its 2023 Skrmetti decision, however, declined to follow the district court’s reasoning that the Tennessee statute improperly discriminates on the basis of sex and that transgender persons constitute a quasi-suspect class. Therefore, the Sixth Circuit applied the lesser standard of rational basis review—concluding that neither it nor the Supreme Court has recognized transgender status as a suspect class. “Until that changes, rational basis review applies,” the Sixth Circuit wrote.
That court further concluded that the Tennessee law treated similarly situated individuals “evenhandedly”—and that a law that treats individuals “evenhandedly” does not trigger heightened review.
In 2023, the Eleventh Circuit similarly concluded that Alabama’s ban on puberty blockers or cross-sex hormone treatments did not classify on the basis of sex or any other protected characteristic, and, thus, was subject only to a rational basis review.[5]
What the Supreme Court Did Not Decide
The Supreme Court’s decision in Skrmetti does not resolve questions in the following five key areas:
(1) Right to Privacy
Executive Order 14187 of January 28, 2025, “Protecting Children from Chemical and Surgical Mutilation,” directed the Department of Health and Human Services (HHS) to withdraw its March 2, 2022, guidance document titled “HHS Notice and Guidance on Gender Affirming Care, Civil Rights, and Patient Privacy” (“2022 Guidance”). HHS did so in a notice dated February 20, 2025 (“2025 Recission Notice”).
Under “Basis for Recission,” the 2025 Recission Notice asserted that the 2022 Guidance “lacks adequate legal basis under federal privacy laws, including the [Health Insurance Portability and Accountability Act (HIPAA)] Privacy, Security, and Breach Notification Rules.” In the 2025 Recission Notice, HHS seemed to find the language in the 2022 Guidance unnecessary. The 2022 Guidance—as described by then-HHS Secretary Xavier Becerra—stated that “health care providers are not required to disclose private patient information related to gender-affirming care” and noted that “HIPAA prohibits disclosure of gender-affirming care that is [protected health information (PHI)] without an individual’s consent except in limited circumstances”:
[The Office for Civil Rights] reminds covered entities (health plans, health care providers, health care clearinghouses) and business associates that the HIPAA Privacy Rule permits, but does not require, covered entities and business associates to disclose PHI about an individual, without the individual’s authorization, when such disclosure is required by another law and the disclosure complies with the requirements of the other law. This “required by law” exception to the authorization requirement is limited to “a mandate contained in law that compels an entity to make a use or disclosure of PHI and that is enforceable in a court of law.” Where a disclosure is required by law, the disclosure is limited to the relevant requirements of such law. Disclosures of PHI that do not meet the “required by law definition” or exceed what is required by such law do not qualify as permissible disclosures under this exception.
(2) Parents’ Rights
Based on the Due Process Clause of the Fourteenth Amendment, the Supreme Court has recognized a parent’s fundamental right to direct the care, custody, and control of their children. However, the way that right extends in the context of gender-affirming care is a contentious one. The Skrmetti decision leaves that major issue yet to be decided. 
Some assert that the promotion or protection of gender-affirming care for minors in federal mandates interferes with parental rights to be free of gender ideologies. Others have argued, for example, that an Idaho law banning gender-affirming care, HB 71, interferes with parental rights when those parents wish to choose gender-affirming care for their minor children. The Supreme Court, in the 2024 case of Labrador v. Poe, stayed a district court’s preliminary injunction of the Idaho law to the extent that it bars Idaho from enforcing any aspect of the law against any person in the state; the injunction remains in place pending appeal regarding the two minor plaintiffs.[6]
On March 18, 2025, Ohio’s Court of Appeals held that a state law banning gender-affirming pharmaceutical medical care for transgender adolescents diagnosed with gender dysphoria violated the Ohio Constitution. The Ohio court concluded that HB 68 violated the substantive due process right of parents to direct the care and upbringing of children under the state’s Due Course of Law Clause. To interpret the latter, the Ohio court looked to the decisions of the U.S. Supreme Court, noting “that parents have an ‘essential’ and ‘basic civil right’ to raise their children and a ‘fundamental liberty interest’ in the care, custody, and management of their children.”[7]
Applying strict scrutiny, the Ohio court refused to hold that the state’s interest in protecting children from allegedly dangerous medical treatments justified the categorical ban on puberty blockers and hormone therapy for minors diagnosed with gender dysphoria. And the court declined to limit parental rights to seek traditional medical treatments for their children: “[W]e conclude that parents have a fundamental right to seek medical care for their children, which naturally includes the right of parents to, ‘in conjunction with their [minor] child’s consent and their [medical providers’ recommendation], make a judgment that such medical care is necessary.’”
(3) Statutory Discrimination Analysis: Section 1557 and the Rehabilitation Act
Section 1557 of the Affordable Care Act of 2010 prohibits discrimination in race, color, national origin, sex, age, or disability in certain health programs and activities. Whether (1) Section 1557’s prohibition on sex discrimination extends to sexual orientation or gender identity, and (2) gender dysphoria is a disability under Section 504 of the Rehabilitation Act continues to be a subject fraught with debate. The 2022 Guidance answered the first issue in the affirmative and suggested that the second may apply.
Following the issuance of the 2022 Guidance, the U.S. District Court for Northern District of Texas vacated it on the grounds that Section 1557 of the Affordable Care Act does not prohibit discrimination on account of sexual orientation and gender identity and that the interpretation of sex discrimination that the Supreme Court adopted in the 2020 case of Bostock v. Clayton County does not apply to the prohibition of sex discrimination in Section 1557.[8] As the 2025 Recission Notice indicates, federal courts in states including Florida, Mississippi, and Texas followed the reasoning in deciding whether Section 1557’s prohibition on sex discrimination includes discrimination on the basis of gender identity.
The 2025 Recission Notice also asserted that “gender dysphoria likely does not meet the definition of a disability under Section 504 of the Rehabilitation Act” as the statute excludes “gender identity disorders not resulting from physical impairments.”
(4) Impact of State Constitutional Arguments
In the Ohio case above, the court also concluded that HB 68 violated the state Health Care Freedom Amendment—providing that “[n]o federal, state, or local law shall prohibit the purchase or sale of health care or health insurance” and also prohibits penalties for the same. “It is axiomatic that ‘we are not bound to walk in lockstep with the federal courts when it comes to our interpretation of the Ohio Constitution,’” the court wrote. “Thus, coextensive provisions under the Ohio and United States Constitutions do not foreclose the possibility that ‘[i]n some circumstances, rights afforded to people under the Ohio Constitution are greater than those afforded under the United States Constitution.’” Thus, states may adopt their own constitutional protections—even in light of this decision.
(5) Tension with State Laws
A number of states have laws that explicitly prohibit discrimination based on gender identity. It appears that the Supreme Court’s decision in Skrmetti will not impact the validity of those laws, but this may be an area of further litigation as states continue to take individualized approaches to regulating the provision of medical care.
What Happens Now?
The Skrmetti decision has implications well beyond the case due to the current administration’s initiatives against gender-affirming care for minors—including by executive orders—and subsequent policy statements and agency actions. These will be the subject of subregulatory guidance, rulemaking, and enforcement actions going forward. Currently, 27 states restrict youth access to gender-affirming care.[9] Meanwhile, 17 states and the District of Columbia have protections to ensure access to gender-affirming care.[10]
Those who practice in this area will have been watching this case closely but should be prepared to comply with the specific circumstances in their state. In Tennessee, for example, violations of SB1 could subject a health care provider to $25,000 for each prohibited treatment, professional discipline, and civil liability in private litigation.
As our colleagues mentioned in a 2024 podcast, it is important for providers to work collaboratively, as the complex web of state laws can make compliance difficult. Six states—Alabama, Florida, Idaho, North Dakota, Oklahoma, and South Carolina—already make it a felony to provide certain medical care to transgender youth, though some have argued that those penalties are not tied to evidence-based medicine.
Parents, children, and practitioners alike may face the prospect of having to move out of their home states to be able to access and/or provide such care. Additionally, according to the ACLU, the Skrmetti decision could have an even farther-reaching impact by allowing states to further limit access to abortion, in vitro fertilization, birth control, and other medical treatment.
* * * *
Epstein Becker Green Staff Attorney Ann W. Parks contributed to the preparation of this Insight.
ENDNOTES
[1] L.W. by and through Williams v. Skrmetti, 83 F.4th 460 (6th Cir. 2023).
[2] 140 S. Ct. 1731 (2020).
[3] Kadel v. Folwell, 100 F.4th 122 (4th Cir. 2024); Hecox v. Little, 104 F.4th 1061 (9th Cir. 2024).
[4] Brandt v. Rutledge, 47 F.4th 661 (8th Cir. 2022).
[5] Eknes-Tucker v. Governor of Ala.., 80 F.4th 1205 (11th Cir. 2023).
[6] Labrador v. Poe by and through Poe, 144 S. Ct. 921 (2024).
[7] Moe v. Yost, 2025 Ohio-914 (10 Dist. 2025).
[8] Texas v. EEOC et al., No. 2:21-cv-00194- Z, ECF No. 74 (N.D. Tex. 2022); Bostock v. Clayton County, 140 S. Ct. 1731 (2020).
[9] The 27 states are Alabama, Arkansas, Arizona, Florida, Georgia, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Mississippi, Missouri, Montana, Nebraska, New Hampshire, North Carolina, North Dakota, Ohio, Oklahoma, South Carolina, South Dakota, Tennessee, Texas, Utah, West Virginia, and Wyoming.
[10] The 17 states are Arizona (by executive order), California, Colorado, Connecticut, Illinois, Maine, Maryland, Massachusetts, Minnesota, Nevada, New Jersey, New Mexico, New York, Oregon, Rhode Island, Vermont, and Washington.

Supreme Court Upholds Tennessee Law Prohibiting Gender-Affirming Care for Children

On June 18, 2025, the Supreme Court of the United States ruled that a Tennessee law banning gender-affirming care for minors does not classify on the basis of sex in ways that would require heightened scrutiny under the Equal Protection Clause of the Fourteenth Amendment of the U.S. Constitution. In United States v. Skrmetti, a 6-3 opinion written by Chief Justice John Roberts, the Court ruled that Tennessee Senate Bill 1 does not require a higher level of constitutional scrutiny because its prohibitions rely on age and medical diagnosis, but not sex. Instead, the Court found that the Tennessee law met the lower requirements of “rational basis” review, finding that age and medical treatment limitations were permissible uses of state authority.

Quick Hits

The Supreme Court held that “Tennessee’s law prohibiting certain medical treatments for transgender minors is not subject to heightened scrutiny under the Equal Protection Clause of the Fourteenth Amendment and satisfies rational basis review.”
The Court reasoned that the state law classifies on the basis of age and medical use—both of which are subject to rational basis review—and not on the basis of transgender status.
The Court found that the Tennessee law does not classify on the basis of transgender status, “although only transgender individuals seek treatment for gender dysphoria, gender identity disorder, and gender incongruence.”

The Tennessee Law
The Tennessee statute, Senate Bill 1, prohibits all medical treatments intended to allow “a minor to identify with, or live as, a purported identity inconsistent with the minor’s sex” or to treat “purported discomfort or distress from a discordance between the minor’s sex and asserted identity.” Such medical treatments may include surgery, puberty blockers, and hormone therapy. Those treatments are permitted for other medical purposes besides treating gender dysphoria, gender identity disorder, or gender incongruence.
About half the states have similar bans on puberty blockers, hormone therapy and surgeries when used to treat gender dysphoria or similar conditions in minors.
The Supreme Court’s Ruling
“While SB1’s prohibitions reference sex, the Court has never suggested that mere reference to sex is sufficient to trigger heightened scrutiny. And such an approach would be especially inappropriate in the medical context, where some treatments and procedures are uniquely bound up in sex,” Chief Justice Roberts wrote. “Where a law’s classifications are neither covertly nor overtly based on sex, the law does not trigger heightened review unless it was motivated by an invidious discriminatory purpose.”
The Court distinguished this ruling from Bostock v. Clayton County, Georgia, its landmark 2020 ruling finding that Title VII of the Civil Rights Act of 1964 prohibits an employer from firing workers for being gay or transgender. Bostock held that firing an employee for either of those two reasons is discrimination because of sex, because the individual’s sex is a “but-for” cause of differing outcomes. In Skrmetti, the Court found that sex is not a “but-for” cause, arguing that neither a transgender boy nor a transgender girl would have access to the prohibited treatment for gender dysphoria or certain conditions under the law.
In a dissenting opinion, Justice Elena Kagan wrote, “The majority refuses to call a spade a spade. Instead, it obfuscates a sex classification that is plain on the face of this statute, all to avoid the mere possibility that a different court could strike down SB1, or categorical healthcare bans like it. The Court’s willingness to do so here does irrevocable damage to the Equal Protection Clause and invites legislatures to engage in discrimination by hiding blatant sex classifications in plain sight. It also authorizes, without second thought, untold harm to transgender children and the parents and families who love them.”

Recent Developments at the Consumer Product Safety Commission: Potential Changes and Implications

The U.S. Consumer Product Safety Commission (CPSC) is undergoing multiple shifts that render its future uncertain. Below is a high-level chronology of events that have occurred over the last few months:

April 10, 2025 – A leaked Office of Management and Budget (OMB) budget “Passback” memorandum—the OMB’s official feedback mechanism for budget submissions from federal agencies—signals major changes to the Department of Health and Human Services (HHS)’s proposed discretionary budget for Fiscal Year 2026. Namely, the draft Passback shows the Trump administration is considering cutting nearly one-third of the federal health department’s budget, which would be achieved primarily by eliminating select programs and consolidating various health and safety-related agencies (including the CPSC) under a new umbrella entity: the Administration for a Healthy America (AHA), overseen by Health Secretary Robert F. Kennedy, Jr. 
May 8, 2025 – Department of Government Efficiency (DOGE) staff arrive at the CPSC to begin cost-cutting measures, including layoffs. 
May 9, 2025 – President Donald Trump fires three of the five CPSC commissioners—Alexander Hoehn-Saric, Mary Boyle, and Richard Trumka, Jr.—all of whom were Democratic appointees. 
May 21, 2025 – Hoehn-Saric, Boyle, and Trumka file a complaint for declaratory and injunctive relief in the United States District Court for the District of Maryland, against Trump and others, seeking to be reinstated as CPSC commissioners. 
May 30, 2025 – CPSC budget request for FY 2026 confirms the Trump administration’s plan to move the CPSC into HHS. 
June 13, 2025 – The United States District Court for the District of Maryland grants summary judgment in the fired commissioners’ favor, holding that the commissioners’ firing was “contrary to law, and without legal effect.” The court’s order further enjoined the Trump administration from “taking any action to effectuate [the] unlawful terminations,” effectively reinstating them as active CPSC commissioners. 
June 16, 2025 – The Trump administration files an appeal to the District Court’s ruling and files a motion to stay the court’s order (i.e., reinstating the commissioners) pending resolution of the appeal.

CPSC Operational Outlook: Implications of Leadership and Structural Changes
The proposed reorganization of the CPSC under HHS would require an act of Congress this year. As to the current make-up of the CPSC’s commissioners, it is possible that the district court’s decision may be overturned on appeal.
The Consumer Product Safety Act (CPSA)—the enabling statute for the CPSC—provides for five commissioners, serving staggered seven-year terms, to oversee the consumer product safety agency. The CPSA also requires a quorum of commissioners to conduct official CPSC business. Generally, three commissioners constitute a quorum, but the CPSA also permits a two-member quorum to conduct official CPSC business for six months. See 15 U.S. Code § 2053(d). Practically, this means that if the Democratic commissioners’ firings are upheld on appeal, current Acting Chairman Feldman and Commissioner Dziak—both Republican CPSC members—may vote on and conduct agency business for six months. However, Commissioner Dziak’s term is set to expire on Oct. 27, 2025. Should the firings be upheld, and no other commissioners are nominated and confirmed by the Senate before Oct. 27, 2025, the CPSC may not take any action that requires a commission vote after this date.
What might this mean? Essentially, this means that several CPSC operations would be placed on a pause until either (1) additional commissioners are appointed and confirmed by the Senate; or (2) Congress enacts a law that formally reorganizes the CPSC under HHS. The operations that may be impacted by this pause include:

implementing rulemaking proceedings; 
suing manufacturers or demanding involuntary recalls; 
accepting negotiated monetary civil penalties from companies that have violated a safety requirement; 
issuing subpoenas; 
sanctioning changes to previously approved budgetary items; 
signing agreements with foreign governments; and 
negotiating voluntary recalls.

That said, there would still be a few things that remain fixed without a quorum. Importantly, all consumer product safety regulations, including standards and bans, remain in effect. Similarly, all Sections 15 and 37 reporting obligations remain in place. Furthermore, all previous Commission Directives and Delegations to agency staff currently remain in place. In other words, the agency staff would continue to carry out its Directives and Delegations until and unless they are revoked. For instance, the Office of Compliance and Field Operations would continue to oversee and implement the CPSC’s recall programs.
There are many events that may occur between now and the end of the year that might impact the CPSC’s trajectory. 

Vermont Enacts New Telehealth Legislation Impacting Health Insurers

Vermont’s governor recently signed S 30 into law. The legislation, which goes into effect on September 1, 2025, requires that health insurance plans provide coverage for healthcare and dental services delivered through telemedicine to the same extent as if the services were provided through in-person consultations. Health insurance plans must also provide the same reimbursement rate for services billed using equivalent procedure codes and modifiers, subject to the terms of the health insurance plan and provider contract, regardless of whether the service was provided in person or through telemedicine.
For more updates on state legislative and regulatory developments related to telehealth, check out the latest Trending in Telehealth published by the Health & Life Sciences Group.

McDermott+ Check-Up – June 18, 2025

THIS WEEK’S DOSE

Senate Finance Committee Releases Reconciliation Text. The language is subject to change as negotiations continue and the Byrd rule process plays out.
CMS Releases MA Risk Adjustment Audit Methodology for Payment Year 2019. The risk adjustment process aims to recover overpayments made to Medicare Advantage (MA) plans.
Federal Court Rules Against NIH in Grant Termination Cases. The decision comes as lawmakers and stakeholders express concerns over pauses or terminations in fiscal year 2025 National Institutes of Health (NIH) grant funding.
SCOTUS Upholds Tennessee Law Prohibiting Gender-Affirming Care for Minors. The Supreme Court of the United States (SCOTUS) ruling comes as the Trump Administration and Congress are seeking to limit certain federal funding of gender-affirming care.

CONGRESS

Senate Finance Committee Releases Reconciliation Text. On June 16, 2025, the Senate Finance Committee released its portion of the budget reconciliation bill. The section-by-section summary is available here. The text includes the majority of healthcare provisions being considered as part of the reconciliation process, because the Finance Committee has jurisdiction over Medicaid, Medicare, and the Affordable Care Act (ACA). The text includes some of the same provisions as the House-passed bill, while removing or making significant changes to other key provisions. The Senate text goes further than the House-passed bill on Medicaid provider taxes and state directed payments (SDPs). Some Senate Republicans have expressed concern about these provisions, including Sens. Hawley (R-MO) and Murkowski (R-AK), who have both raised concerns about Medicaid cuts this year.
Major changes compared to the House-passed bill include:

Medicaid Provider Taxes. Provider taxes would be frozen at current rates, but starting in 2027, Medicaid expansion states would see their hold harmless threshold incrementally decrease from 6% to 3.5% by 2031. The text includes exceptions for provider taxes on nursing homes and intermediate care facilities in expansion states.
SDPs. The House-passed bill grandfathered in existing Medicaid SDPs, but the Senate bill would reduce existing SDP payment limits in all states by 10% annually until they reach their specified payment limit. The payment limit for all SDPs in non-expansion states would be 110% of the Medicare rate, and for expansion states it would be 100% of the Medicare payment rate.
Medicare. The only Medicare provision in the Finance Committee text is the provision limiting Medicare coverage for certain non-citizens. The Finance Committee removed other House-passed Medicare provisions, including the provision to reform Medicare physician payment.
Other Missing Provisions. The Senate bill does not include the delay of disproportionate share hospital payment reductions, any of the health savings account provisions, or the codification of the proposed ACA program integrity rule (although rumors persist that it may reappear).

It remains to be seen if this package, which has significant differences from the House-passed version, would get 51 votes in the Senate as written, given concerns about the Medicaid provisions and non-health-related tax policies. However, the package is subject to change as negotiations continue. The “Byrd bath” process is also happening, and provisions may be struck or modified to comply with the Byrd rule.
Majority Leader Thune (R-SD) has reiterated his plan to bring the reconciliation package to the Senate floor next Wednesday or Thursday. That could be delayed as senators react to the package and negotiations continue. And, after Senate passage, the bill will need to pass the House again before it can go to the president for his signature. President Trump and Senate leaders continue to push to have the Senate complete consideration of the bill before the July 4 recess. However, this is a self-imposed deadline and if it slips past that date, Congress will continue their work in July. In fact, Vice President Vance acknowledged at a Senate meeting this week that the August recess is the real deadline.
ADMINISTRATION

CMS Releases MA Risk Adjustment Audit Methodology for Payment Year 2019. The Centers for Medicare & Medicaid Services (CMS) released the methodology for payment year (PY) 2019 risk adjustment data validation (RADV) audits. CMS selected 45 MA contracts for those audits. The methodology provides additional information about the criteria used to select enrollees for audit, instructions for submission of medical records, and details on how CMS will calculate extrapolated overpayment amounts. This follows a May 2025 announcement that CMS will accelerate RADV audits for PYs 2018 to 2024 to recoup overpayments made to MA plans. In related news, the US Department of Health and Human Services (HHS) Office of Inspector General updated its work plan that notes forthcoming reports, including one on MA health risk assessments by dual-eligible special needs plans.
COURTS

Federal Court Rules Against NIH in Grant Termination Cases. A federal judge in Massachusetts who was appointed by former President Reagan ruled in two cases that hundreds of grants terminated by NIH were illegal. The judge noted that the process of terminating the grants was arbitrary and capricious and ordered some of the grants to be restored. The cases were filed by the American Public Health Association and 16 states and mostly focused on terminations of grants related to gender identity and diversity, equity, and inclusion.
SCOTUS Upholds Tennessee Law Prohibiting Gender-Affirming Care for Minors. At the center of the case is a 2023 Tennessee law that prohibits healthcare providers from providing certain gender-affirming care services to minors. Transgender minors, their parents, and a doctor challenged the law under the Equal Protection Clause of the Fourteenth Amendment. In the case, US v. Skrmetti, SCOTUS ruled 6 – 3 that the law does not violate the Equal Protection Clause but satisfies rational basis review, allowing the Tenneessee law to take effect.
QUICK HITS

CMS Approves Medicaid Expansion of Tribal Healthcare in Six States. The approvals in Minnesota, New Mexico, Oregon, South Dakota, Washington, and Wyoming allow Indian Health Service and Tribal clinics to provide Medicaid clinic services outside of the “four walls” of a physical clinic site, including in schools and homes. This policy was mandated in the calendar year 2025 Medicare Hospital Outpatient Prospective Payment System final rule.
FDA Announces National Priority Voucher Program. The US Food and Drug Administration (FDA) program aims to expedite drug application reviews for companies developing drugs that are in line with specific priorities, including increasing domestic drug manufacturing and addressing unmet public health needs.
House Energy and Commerce Democrats Question Kennedy on MAHA Report. In a letter, leading Energy and Commerce Democrats posed questions to HHS Secretary Kennedy on the validity of information in the recently released Make America Healthy Again (MAHA) report. Read the press release here.
House Energy and Commerce Republicans Express Concerns about Data Privacy in California Marketplace. In a letter to the executive director of California’s Health Insurance Marketplace, Covered California, the committee’s Republican leaders seek information about data management practices of the exchange. Read the press release here.
Gary Andres Confirmed as HHS Assistant Secretary for Legislation. The Senate confirmed Andres by a 57 – 40 vote, with Sens. Hassan (D-NH), Shaheen (D-NH), Warnock (D-GA), Welch (D-VT), and Whitehouse (D-RI) joining Republicans in voting yes. Andres formerly worked at the House Budget Committee.

NEXT WEEK’S DIAGNOSIS

Both chambers will be in session next week. Lawmakers will continue to hash out the details of the reconciliation bill before an anticipated vote on the Senate floor, which could occur as early as next week. The House Energy and Commerce Committee will hold a hearing with HHS Secretary Kennedy, and the House Ways and Means Committee will discuss digital health data. The Senate Health, Education, Labor, and Pensions Committee will hold the nomination hearing for Susan Monarez, nominated for Centers for Disease Control and Prevention director.

DOJ Civil Division Publishes Memo Outlining Trump Administration Civil Enforcement Priority Related to Health Care

In May 2025 the Department of Justice (DOJ) Criminal Division published its enforcement priorities, and the Civil Division has now followed suit with a memorandum of its own (the “Civil Division Memo”). It outlines five policy objectives that President Trump and Attorney General Bondi have directed the Civil Division to prioritize in their investigative and enforcement work: 
(1) combatting discriminatory practices and policies; 
(2) ending antisemitism;
(3) protecting women and children; 
(4) ending sanctuary jurisdictions; and 
(5) prioritizing denaturalization. 
Each section identifies the Executive Order(s) and DOJ Memoranda that set forth the Trump Administration’s policy objective(s) in each priority area and describes the types of conduct that will be subject to enforcement, as well as some of the tools that DOJ might use in those efforts. This article focuses on the Administration’s stated objective of “protecting women and children,” which relates to several Executive Orders regarding gender identity and gender-affirming care and a related directive from Attorney General Bondi to the Civil Division describing DOJ’s intent to investigate certain manufacturers and distributors of puberty blockers, sex hormones, and other drugs.
The Civil Division intends to use the Federal Food, Drug & Cosmetic Act (FD&C Act), among other authorities, to undertake civil enforcement action against:

manufacturers and distributors “engaged in misbranding by making false claims about on- or off-label use of puberty blockers, sex hormones, or any other drug used to facilitate a child’s so-called ‘gender transition’”; and
“dealers,” such as online pharmacies, “suspected of illegally selling [ ] drugs” used in connection with gender-affirming care.

Because many of the hormones and other drugs used in gender-affirming care can be used to treat other clinical conditions, this enforcement directive could have wide-ranging impacts beyond the enforcement priorities explicitly identified by DOJ. For example, testosterone is a hormone commonly used in gender-affirming care, but it is also prescribed to treat patients with other, unrelated conditions, such as men with low testosterone. Manufacturers that produce this and other hormones will now be forced to consider the risk of civil investigation or enforcement when deciding which hormones (or other drugs) to manufacture and to which entities it will sell those products. Under the government’s current interpretation of the FD&C Act’s misbranding provisions, a wide array of factual circumstances can be used as evidence of a manufacturers or distributor’s intent to have a drug be used in an off-label manner by health care providers, even when direct off-label promotional activity is not at issue.
As directed by Attorney General Bondi, the Civil Division also will investigate false claims submitted to federal health care programs for any “non-covered services related to radical gender experimentation.” According to the Civil Division Memo, the Civil Division intends to use the False Claims Act (FCA) and other authorities to “aggressively pursue” health care providers that bill the federal government for “impermissible services,” by, for example, attempting “to evade state bans on gender dysphoria treatments by knowingly submitting claims to Medicaid with false diagnosis codes.” The Civil Division Memo does not explain why it believes that health care providers are actually submitting such claims. 
Doctors, hospitals, pharmaceutical companies, pharmacies, and other entities that care for patients seeking gender-affirming care will be under heightened scrutiny from DOJ and other enforcement agencies seeking to ensure that federal health care program funds are not used in contravention of the Civil Division Memo and the various Executive Orders and memoranda on which it is based. It remains to be seen whether whistleblowers will see the Civil Division Memo as describing a new area of opportunity for qui tam lawsuits under the FCA, which is important because relators drive the vast majority of FCA-related enforcement activity. Given that the number of patients seeking such services is relatively small, and the number covered by federal health care programs (e.g., Medicaid or TRICARE) is even smaller, relators and relators’ counsel may not view cases based on the theories described in the Civil Division Memo as being as lucrative as other enforcement areas. State laws protecting the clinical judgment of doctors and other health care professionals also may pose an obstacle to this enforcement goal. 
While the Civil Division Memo is notable for the specific areas of investigative and civil enforcement it identifies, it is likewise notable for what it does not describe. Many of the priority areas on which DOJ has focused its FCA enforcement efforts over the last many years (e.g., cybersecurity fraud, COVID-19-related fraud, other types of health care fraud) are not mentioned at all. Only time will tell whether the Civil Division Memo reflects an entire reorientation of DOJ civil enforcement or simply a prioritization of new enforcement areas on top of traditional areas of focus.

HIPAA Risk Analyses for Digital Health: Navigating AI, M&A and Vendor Diligence

HIPAA Security Risk Analyses (SRAs) should be the foundation of every digital health company’s cybersecurity compliance. Far more than a checkbox exercise, a comprehensive SRA helps identify and mitigate risks and vulnerabilities to electronic protected health information (ePHI), reduce the likelihood of costly breaches, and demonstrate good faith in the face of regulatory scrutiny. In today’s rapidly evolving digital health landscape where AI-powered tools, mergers and acquisitions, and an expanding vendor ecosystem amplify cybersecurity complexity, the SRA is your first line of defense. Recent Office for Civil Rights (OCR) enforcement actions make clear that inadequate SRAs carry serious financial and reputational consequences.
Why SRAs Matter for Digital Health Companies
Under the HIPAA Security Rule, HIPAA-regulated entities must “conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability” of ePHI. This administrative safeguard informs every subsequent security control — administrative, physical, and technical — and serves as evidence of compliance during an audit or investigation. Conducting a thorough SRA will result in HIPAA-regulated entities:

Mapping PHI Flows: ePHI will be tracked across platforms, like a telehealth or patient portal, AI analytics engine, cloud storage, and third-party integrations.
Quantifying Threats: Issues such as ransomware, insider error, and misconfigurations will be ranked by likelihood and impact.
Prioritizing Remediation: Resources can be allocated where they matter most, whether it is encryption, access controls, vulnerability patching, or otherwise.

OCR’s Enforcement Spotlight
Skipping or skimping on your SRA is, in OCR’s eyes, tantamount to willful blindness. Since launching its “Risk Analysis Initiative” in late 2024, OCR has made SRAs a focal point of enforcement, so far settling nine cases for SRA inadequacies:
Failure to conduct a HIPAA Security Rule risk analysis leaves health care entities vulnerable to cyberattacks, such as ransomware. Knowing where your ePHI is held and the security measures in place to protect that information is essential for compliance with HIPAA. OCR created the Risk Analysis Initiative to increase the number of completed investigations and highlight the need for more attention and better compliance with this Security Rule requirement. (OCR Director, October 31, 2024)
OCR’s Risk Analysis Initiative has yielded significant settlements, ranging between US$10k-350k:

Northeast Radiology (NERAD): A breach on the Picture Archiving and Communication System (PACS) server for storing, retrieving, managing, and accessing radiology images prompted the investigation resulting in a US$350,000 settlement and a two-year period of monitoring by OCR. OCR’s investigation found that “NERAD had failed to conduct an accurate and thorough risk analysis to determine the potential risks and vulnerabilities to the ePHI in NERAD’s information systems.”
Health Fitness Corporation: OCR commenced an investigation after receiving four breach reports over a three-month period for incidents where Health Fitness Corporation functioned as a business associate to a covered entity. The issue was misconfigured web-facing software that exposed ePHI for several years. OCR noted that Health Fitness Corporation failed to conduct a thorough risk analysis until multiple years after the vulnerability was discovered. A US$227,816 settlement, and a two-year period of monitoring by OCR, resulted here.

These actions underscore that outdated or incomplete SRAs can translate into substantial penalties, as well as unwelcome OCR monitoring of a company’s privacy and security practices for a several year period.
AI Integration Raises the Stakes
AI is transforming digital health by streamlining diagnostics, automating patient outreach, and personalizing care. AI systems also introduce unique risks, including attacks that can manipulate inputs or leak training data containing PHI. Consider that your AI platform may ingest data from electronic health records, wearables, and clinical registries, multiplying breach vectors.
A digital health company using AI systems must include those platforms and integrations into the SRA. Companies should map where models are trained, how data is stored or transmitted, and whether third-party AI APIs meet the company’s security standards. 
M&A Due Diligence: Avoid Inheriting Liabilities
Mergers and acquisitions in digital health are surging. However, acquiring a target that has failed to take seriously the requirement to conduct a regular SRA, and mitigate identified risks and vulnerabilities, can saddle you with legacy vulnerabilities and trigger regulatory scrutiny. During due diligence:

Review the Target’s SRA: Ensure the target has regularly conducted an SRA and that it covered all ePHI platforms, systems, integrations, and vendor relationships.
Assess Remediation History: Verify that identified risks and vulnerabilities were addressed promptly.
Uncover Hidden AI Projects: Pilot AI tools may process PHI without proper safeguards if the target failed to include them in the SRA.

After closing, fold the acquired infrastructure into your enterprise-wide SRA cycle to help seal any gaps across your organization.
Vendor Diligence: Extending Your Risk Lens
Your digital health platform relies on a broad vendor ecosystem — but vendors can be your weakest link. Business associate agreements are necessary, but they are not enough. In your SRA:

Inventory Vendors by PHI Access: From revenue-cycle management to AI decision-support, classify vendors by the sensitivity, and amount, of PHI they process.
Evaluate Security Postures: Review each vendor’s own SRA, penetration-testing results, and certifications (e.g., HITRUST, ISO 27001, etc.).
Monitor Continuously: Update your threat model whenever a vendor’s service scope expands, such as adding new AI analytics modules.

Practical Steps to Fortify Your SRA

Review and Follow OCR Guidance: OCR has guidance on conducting an SRA, including Basics of Risk Analysis and Risk Management and Guidance on Risk Analysis. 
Adopt a Proven Framework: Use NIST SP 800-66 Rev. 2, NIST SP 800-30 or ISO 27005 to structure your assessment.
Build in AI Scenarios: Conduct red-team exercises against your models and validate data-handling workflows.
Integrate M&A and Vendor Insights: Convene cross-functional teams (legal, IT, security, compliance, etc.) during transactions and vendor reviews.
Document Remediation: Keep clear records of SRAs conducted and updated, risk mitigation plans, and implementation dates.
Automate Monitoring: Deploy Security Information and Event Management (SIEM) tools, vulnerability scanners, and AI-driven anomaly detection.

Conclusion
For digital health companies, a robust HIPAA Security Risk Analysis is more than a regulatory requirement — it is strategic risk management. By proactively mapping ePHI flows, surfacing AI-driven vulnerabilities, scrutinizing M&A targets, and rigorously vetting vendors, you will be better positioned to stay ahead of threats and minimize exposure to OCR enforcement. Invest in your SRA now because in the digital health arena, prevention is far less costly than remediation.

This Week in 340B: June 10 – 16, 2025

Find this week’s updates on 340B litigation to help you stay in the know on how 340B cases are developing across the country. Each week we comb through the dockets of more than 50 340B cases to provide you with a quick summary of relevant updates from the prior week in this industry-shaping body of litigation. 
Issues at Stake: Contract Pharmacy; Rebate Model; HRSA Audit Process; Anti-Trust

A drug manufacturer filed a complaint challenging a Colorado state law governing contract pharmacy arrangements.
In two cases against the government related to rebate models, the plaintiffs filed a notice of appeal and in one of those cases intervenors filed a notice of cross appeal.
In two cases against the government related to rebate models, the court granted the plaintiffs’ motion to consolidate.
In a case by a covered entity challenging the government’s decision to allow a manufacturer’s audit, the covered entity filed a memorandum in opposition to the government’s motion to dismiss.
In a case challenging a South Dakota state bill, defendants filed a reply brief in support of their motion to dismiss.
In an antitrust class action case, the plaintiff filed a memorandum in opposition to the defendant’s motion to dismiss the plaintiff’s amended complaint.

Additional Author: Nadine Tejadilla 

Texas Supreme Court Holds Unique Employment Structure Limits Liability for Physicians

In Renaissance Medical Foundation v. Lugo (No. 23-0607), the Texas Supreme Court held that the legislature modified traditional, common-law vicarious liability for certain health care entities that employ physicians. The Court pronounced that non-profit health organizations (NPHOs) certified as such by the Texas Medical Board may employ physicians, but they “may not interfere with, control, or otherwise direct a physician’s professional judgment” in violation of Section 162.0021 of the Texas Occupations Code (Code) and other long-standing civil and criminal prohibitions on interfering with physicians’ independent, professional judgment.
The Court explained that making an NPHO vicariously liable1 “for employee conduct it is statutorily prohibited from controlling would be inconsistent with” the principle that control of the employee’s work justifies vicarious liability. The majority opinion explained that this “unique” employment structure in Section 162 of the Code “altered the landscape” and allows NPHOs “to choose to employ physicians without engaging in the unlicensed practice of medicine.”
The concurring opinion by three justices more firmly explained that “[v]icarious liability claims against these [NPHOs] that allege a physician’s medical judgment caused the patient’s injury thus have no merit absent allegations of the [NPHOs’] unlawful interference.” Indeed, “Section 162.0021 forecloses such liability to the extent it rests on a physician’s exercise of medical judgment as the cause of the injury.”
This decision overruled the court of appeals’ conclusions that Section 162’s text does not modify common-law vicarious liability and the preclusion on NPHOs controlling a physician’s independent medical judgment is largely inapplicable as a defense to this type of vicarious liability claim. The court of appeals reached these conclusions despite acknowledging that there is no “suggestion or evidence” that the NPHO exercised actual control of the surgeon’s medical care to the patient, which is the alleged injury-causing conduct.
The Court’s majority opinion left open the theoretical possibility that an NPHO might have sufficient lawful control over a physician to justify vicarious liability. The Court remanded the case to the trial court and invited the NPHO to file a new motion for summary judgment to flesh out application of the Court’s newly articulated limitation on vicarious liability to the facts of this case.
Health care industry stakeholders may wish to monitor development of the law relating to this unique structure that the legislature created with the objective of expanding health care, particularly in rural Texas. An amicus brief from the Texas Hospital Association showed progress in meeting this goal by noting that more than 10,000 physicians in Texas had already been employed by the more than 1,000 NPHOs certified by the Texas Medical Board.

1 Employers generally are vicariously liable for conduct of their employees within the scope of employment. Historically, this rule does not apply to physicians credentialed to perform procedures in hospitals in Texas because physicians performing procedures in hospitals are independent contractors. This is part of Texas’s prohibition on the corporate practice of medicine. Section 162 applies similar treatment to physicians engaged by NPHOs pursuant to the statute.

Montana, Indiana, Colorado, Oregon, and Utah Amend Restrictive Covenant Laws for Healthcare Providers

In the wake of the nationwide injunction last year barring the Federal Trade Commission’s (FTC) attempted Noncompete Ban, states have continued to legislate the scope of enforceable restrictive covenants, especially noncompetes.
In particular, many states are legislating specific rules for restrictive covenants for certain providers in the healthcare industry. In addition to the other states we previously reported noted, the latest wave of such states to pass legislation regarding noncompetes for health care providers includes Montana, Indiana, Colorado, Oregon, and Utah.
Montana
Since the beginning of April 2025, Montana has passed two new laws, each limiting the scope of noncompetes and non-solicits for healthcare providers in the state. Previously, Montana had already banned noncompetes and non-solicits as to a variety of healthcare providers, including psychiatrists or addiction medicine physicians, psychologists, social workers, professional counselors, addiction counselors, marriage and family therapists, and behavioral health peer support specialists.
The first new law went into effect in mid-April 2025 and expanded the existing noncompete and non-solicit limits to cover naturopathic physicians, registered professional nurses, advanced practice registered nurses, and physician assistants, but it does not apply in the context of the sale and purchase of a medical practice.
Governor Greg Gianforte signed the second new law on May 19, 2025. It expands the existing noncompete and non-solicit ban to all licensed physicians, not just psychiatrists or addiction medicine physicians, but sets forth certain exceptions. The new law exempts not only contracts for the sale and purchase of a medical practice, but also provisions requiring physicians to repay loans, relocation costs, signing bonuses, educational expenses, and tuition reimbursement expenses. The second new law will go into effect on January 1, 2026.
Indiana
On May 6, 2025, Indiana Governor Mike Braun, signed a new law, effective July 1, 2025, that removes several barriers to mobility for physicians. As of the effective date, hospitals may not use any noncompete, non-solicits exceeding one year, or any non-service agreements with physicians. The new law also restricts hospitals’ use of TRAPs, or training repayment agreements.
The new Indiana law has several notable exceptions. It does not apply to: (a) contracts for the sale of a business entity where the physician owns more than 50% of the business at the time of the sale; (b) nondisclosure agreements (“NDAs”); or non-solicits that last a year or less and do not restrict patient interactions, referrals, clinical collaborations, or physicians’ professional relationships. 
Colorado
Colorado Governor Jared Polis signed a bill into law that further restricts noncompetes and non-solicits for certain medical providers in Colorado. The law, Concerning Limitations on Restrictive Employment Agreements, will go into effect on August 6, 2025. It prohibits noncompetes and non-solicits for physicians, physician assistants, advanced practice nurses, certified midwives, and dentists. The law explicitly permits such medical providers to supply patients with certain information before leaving a medical or dental practice, including the provider’s continuing practice of medicine/dentistry, their new professional contact information, and the fact of the patients’ right to choose a healthcare provider.
The new law specifically notes exemptions for NDAs and confidentiality provisions regarding trade secrets, and further qualifies the exemption for the sale of a business. For individuals owning a minority ownership share received as equity compensation or related to services rendered, the amendment includes a unique provision for calculating the maximum duration of an enforceable non-compete. The length of a noncompete in that context cannot exceed the total consideration received by the individual divided by the average annualized cash compensation received by the individual from the business during the preceding two years or the length of affiliation, whichever is shorter.
Oregon
Oregon Governor Tina Kotek signed a new law, effective upon her signature on June 9, 2025, that imposes additional restrictions on noncompetes, NDAs and other types of agreements of “medical licensees”, defined as individuals licensed: (i) to practice medicine; (ii) as a nurse practitioner; (iii) as a physician associate; or (iv) to practice naturopathic medicine. 
In certain circumstances, the new law imposes an ownership threshold on medical licensee noncompetes, mandates that the medical entity enforcing the noncompete provide the medical licensee with documentation of the professional medical entity’s protectable interest, and limits the noncompete to the three years after the date on which the medical licensee was hired.
Utah
Utah Governor Spencer Cox signed a new law on March 26, 2025 that went into effect on May 7, 2025 which largely regulates health care services “platforms” (defined as “an electronic program, system, or application through which a health care worker may accept a shift to perform a health care service or role, as an independent contractor, at a health care facility.”). The new law prohibits health care services platforms from requiring health care workers to enter noncompetes, and prohibits them from banning healthcare workers from finding or accepting shifts using another platform or accepting a shift of employment with a healthcare provider or facility.
Stay tuned to this blog in the coming months for more updates on healthcare noncompete legislation. Epstein Becker & Green, P.C. maintains a 50-State Health Care Supplement to its 50-State Noncompete Survey, available as a combined document here.  The 50-State Health Care Supplement details health care-specific exclusions and restrictions, including applicable statutes, for the states that have enacted them.

DOL Secretary: Modernize OSHA and MSHA to Do More with Less

On June 5, 2025, Secretary of Labor Lori Chavez-DeRemer testified before the House Committee on Education and the Workforce regarding the Trump administration’s proposed fiscal year 2026 budget. The proposed budget includes significant funding reductions for the U.S. Department of Labor (DOL), specifically targeting the Occupational Safety and Health Administration (OSHA) and the Mine Safety and Health Administration (MSHA).
The proposal seeks to cut OSHA’s funding by approximately $50 million and reduce its full-time workforce by 223 positions, shifting the agency’s focus toward increased compliance assistance rather than direct enforcement. The enforcement budget for OSHA would be reduced by about $23.7 million compared to the previous year. Broader DOL cuts are also proposed, with an emphasis on consolidating workforce programs and reducing regulatory burdens.
Quick Hits

Secretary Chavez-DeRemer testified before the House Committee on Education and the Workforce on June 5, 2025, about the Trump administration’s proposed 2026 budget cuts for the DOL, including significant reductions for OSHA and MSHA.
The proposed budget aims to cut OSHA’s funding by $50 million and reduce its workforce by 223 positions, shifting focus to compliance assistance over direct enforcement.
Despite budget cuts, Secretary Chavez-DeRemer emphasized that the DOL would maintain its enforcement capacity through modernization, technology, and streamlined processes.

Secretary Chavez-DeRemer asserted that, despite these budget and staffing cuts, the DOL could maintain its workplace safety and health enforcement capacity. She emphasized the need to modernize and streamline agency operations, arguing that more funding is not always the solution to enforcement challenges. Secretary Chavez-DeRemer stated that the DOL would continue to meet its statutory obligations and that the department would always investigate complaints and enforce the law as required.
Her approach centers on leveraging technology, data analytics, and improved internal procedures to make OSHA more agile and effective. Secretary Chavez-DeRemer has stated that the DOL, including OSHA, must “modernize and streamline” its processes. She contends that this approach will enable the agency to do more with less, focusing on updating systems, leveraging technology, and improving internal procedures. The goal is to make OSHA more agile and effective, even as resources are trimmed.
Streamlining, in Secretary Chavez-DeRemer’s view, means reducing bureaucratic hurdles and eliminating inefficiencies that slow down enforcement and compliance activities. She has pointed to the need for the agency to focus on its core statutory responsibilities and to prioritize activities that have the greatest impact on worker safety. By cutting unnecessary red tape and consolidating overlapping functions, OSHA can direct its limited resources to the most critical areas.
Examples of modernization and streamlining offered by Secretary Chavez-DeRemer included:

Targeted inspections: Using data analytics to identify and focus on the most hazardous workplaces, rather than spreading resources thinly across all employers.
Digital tools: Implementing new technologies for case management, reporting, and communication to speed up investigations and reduce administrative burdens.
Workforce flexibility: Cross-training inspectors and creating multidisciplinary teams to maximize the expertise and adaptability of the remaining staff.
Regulatory reform: Reviewing and revising existing regulations to eliminate outdated or redundant requirements, making compliance simpler for both OSHA and employers.

Unanswered in her testimony was whether employers can expect OSHA to engage in greater use of technology during inspections, such as the so-called smart glasses that are utilized during some inspections. While it can be argued that these smart glasses can create efficiencies consistent with the secretary’s stated goals, many employers object to the use of these devices, as it is difficult, if not impossible, to limit the inclusion of confidential or proprietary information in the inspection and its corresponding inspection file. This can create challenges for employers facing Freedom of Information Act (FOIA) requests for OSHA’s files.
A key element of the proposed strategy is a shift from enforcement-heavy tactics to a greater emphasis on compliance assistance. Secretary Chavez-DeRemer believes that helping employers understand and meet their obligations through education, outreach, and technical support can be as effective as traditional enforcement in promoting workplace safety. This approach is intended to encourage voluntary compliance, reduce the need for resource-intensive inspections, and foster a more collaborative relationship between OSHA and employers. There is no reason to believe that fatality and catastrophe inspections will not continue at or above the historic rates for those inspections.
The reduction in funding and staffing has raised concerns among lawmakers, particularly regarding OSHA’s already limited resources. It was noted that, with current staffing, OSHA can only inspect every workplace in the United States once every 185 years, though, like most statistics, reasonable minds might argue that that interval is too short by several decades, depending on the statistics used. Critics, especially Democrats on the committee, argued that the cuts would further hinder OSHA’s ability to enforce safety standards and respond to violations, including child labor cases. Secretary Chavez-DeRemer responded that the department would focus on efficiency and compliance assistance, but would not compromise on statutory enforcement responsibilities.
For MSHA, the testimony addressed the potential closure of offices, with Secretary Chavez-DeRemer clarifying that decisions to terminate leases were made prior to her confirmation. She indicated efforts were underway to keep essential MSHA offices open, especially in regions with significant mining activity, to ensure statutory obligations for miner safety are met. Lawmakers expressed concern about the impact of office closures on miner safety and MSHA’s ability to conduct necessary inspections and enforcement.
Secretary Chavez-DeRemer’s testimony and approach emphasize a commitment to maintaining OSHA and MSHA enforcement capabilities through modernization, efficiency, and a shift toward compliance assistance, even as the agencies face significant budget and staffing cuts. While she contends that these strategies will allow the agencies to fulfill their statutory responsibilities, lawmakers and critics remain skeptical, warning that the reductions could undermine the agencies’ ability to protect workers and enforce safety standards effectively. Employers can reasonably expect that the number of inspections they face, other than fatality and catastrophe inspections, could drop if this budget is adopted, but if MSHA and OSHA do develop more modern and streamlined processes, those numbers might not drop dramatically.