EPA Extends Comment Period on Draft TSCA Risk Evaluation for DCHP

The U.S. Environmental Protection Agency (EPA) announced on March 7, 2025, that it is extending the comment period on the draft risk evaluation for dicyclohexyl phthalate (DCHP) under the Toxic Substances Control Act (TSCA). EPA released the risk evaluation for DCHP on January 7, 2025, with a comment period that closed March 10, 2025. EPA states that it will soon publish a Federal Register notice extending the public comment period for an additional 60 days. Upon publication of the Federal Register notice, EPA will accept public comments until May 9, 2025. 
According to EPA’s January 6, 2025, press release announcing the availability of the draft risk evaluation, DCHP is used primarily as a plasticizer or stabilizing agent in polyvinyl chloride (PVC) products and in adhesives, sealants, paints, coatings, rubbers, and other applications. EPA preliminarily determined that DCHP presents an unreasonable risk of injury to human health for workers. EPA states that nine conditions of use (COU) significantly contribute to the unreasonable risk to workers. The draft risk evaluation preliminarily shows that DCHP does not pose unreasonable risk to the environment, the general population, or consumers. EPA notes that there are other uses of DCHP that are generally excluded from TSCA’s definition of chemical substance, such as food contact materials, and EPA did not evaluate risk associated with these uses.
Workers may be exposed to DCHP when making products or otherwise using DCHP in the workplace. According to EPA, when it is manufactured or used to make products, DCHP can be released into the water where most of it will end up in the sediment at the bottom of lakes and rivers. EPA states that if released into the air, DCHP will attach to dust particles and be deposited on land or into water. Indoors, DCHP has the potential over time to come out of products and adhere to dust particles that could be inhaled or digested.

Georgia Legislature Considering Substantial Overhaul to Medical Marijuana, Hemp Laws

I’ve had Georgia on my mind these days. I needed to get that out immediately because otherwise I would have been hearing that song in my head the entire time I was writing.
As is the case in many capitals around the country during legislative sessions, there’s cannabis reform afoot in Georgia. Before we dig into it, perhaps a brief vocabulary lesson is in order. “Cannabis” is essentially a scientific term that refers to the cannabis plant. “Marijuana” and “hemp” are legal terms distinguishing between strains of the cannabis plant. At the federal level, for example, “hemp” has been defined as a strain of the cannabis plant containing less than 0.3% delta-9 THC on a dry weight basis.
One more background fact. Marijuana is, for the moment, a Schedule I substance under the federal Controlled Substances Act. That means the manufacture, possession, and sale of marijuana is illegal in every state. There is an effort underway to reschedule marijuana to Schedule III, which would have interesting potential implications to marijuana operations. Still, as of the time if this writing, marijuana remains Schedule I. 
Despite that, a plurality of states has adopted laws allowing for the medical (and in many instances) recreational use of marijuana. Instead of cracking down on activity that seems to clearly conflict with federal law, the federal law has for more than a decade gone to great lengths to demonstrate that it would not interfere with state marijuana regimes.
With that in mind, we turn to Georgia. Georgia adopted a “low THC oil program” in 2015. The rollout of that program was, to be charitable, not without bumps. But there may be a new regime on the horizon.
Three bills changing the way Georgia regulates hemp and medical cannabis have cleared the Senate ahead of Thursday’s Crossover Day deadline. The votes on the bills are some of the only ones this session that didn’t fall cleanly along party lines, with Senate Republicans divided over expanding medical access to cannabis and members of both parties split over new regulations on recreational hemp products.
Medical Cannabis
Senate Bill 220, also known as the “Putting Georgia’s Patients First Act,” passed in a contentious 39-17 vote after more than an hour of debate in the Senate. Like its counterpart in the other chamber, House Bill 227, the bill replaces the term “low-THC oil” with “medical cannabis,” in Georgia code, removes requirements that certain medical diagnoses like cancer or Parkinson’s disease be “severe or end stage,” and adds lupus to the list of qualifying health conditions. 
Unlike the House version, SB 220 removes an existing prohibition against vaping cannabis oil and raises the percentage of THC that medical cannabis products may contain from 5% to 50%.
The bill was amended on the floor to include a provision allowing caregivers to pick up medical cannabis from pharmacies. Three other amendments aimed at reducing the amount of THC allowed in medical cannabis, removing the provision that allows for vaping, and removing PTSD and intractable pain from the list of approved diagnoses failed during a series of floor votes.
Hemp bills
Two bills aimed at strengthening hemp regulations in Georgia passed the Senate in decisive votes on Crossover Day, seeking to limit recreational use of marijuana as the chamber simultaneously eased restrictions for medical use.
Marietta Republican Sen. Kay Kirkpatrick’s SB 33 subjects chemical compounds like delta-8 THC, delta-10 THC, hexahydrocannabinol (HHC) and other cannabinoids to testing and labeling regulations that were added last year under Senate Bill 494. It passed in a 50-6 vote.
In her speech from the well, Kirkpatrick said her bill is aimed at cutting down on unregulated hemp products from China and other countries.
“This bill is not a ban,” Kirkpatrick said. “It’s a consumer protection bill that is not intended to impact processors that are already testing and labeling their products appropriately. It’s intended to make sure that consumers buying these products are clear on what they’re buying.”
Senate Bill 254, sponsored by Athens Republican Bill Cowsert, seeks to impose new limits on THC-infused products after the Georgia Department of Agriculture raised the maximum amount of THC that can be included in a single beverage from 5 mg to 10 mg.
Cowsert urged lawmakers to codify the original 5 mg serving size restrictions on THC-infused beverages, calling the higher-dose beverages a “loaded gun” and arguing that one 10 mg serving of THC was equivalent to four glasses of wine.
“Most states are limiting greatly the amount of THC that can be included in a beverage, or in a tincture, or any kind of lotions, or in gummies,” he said. “And the reason is to protect consumers — protect the public — from the psychoactive components of THC.”
Like SB 33, the bill includes new restrictions on cannabinoid variants like delta-8 THC and delta-10 THC. It was ultimately amended on the floor by a narrow 29-27 vote to ban all THC-infused beverages, and passed the Senate in a 42-14 vote.

One thing to consider is whether these proposals are all part of a big move by some interest group(s) to benefit one form of cannabis over another. Marijuana companies would obviously prefer a world where they didn’t have to compete with hemp companies. After all, hemp companies are not currently subject to the extraordinarily onerous regulations and taxes that stifle the growth of marijuana companies. On the other hand, cannabis politics make for strange bedfellows, where for example a marijuana operator may be lobbying in conjunction with anti-cannabis operators to lobby against hemp products. The enemy of my enemy…
It’s too early to tell how this will all play out. There are influential and well-heeled players in the hemp, marijuana, and alcohol industries on various sides of these issues. As always, we’ll monitor the situation so you don’t have to. Thanks for stopping by, and if you can do something to change Georgia’s absolutely nonsensical prohibition against attorneys advising state-legal cannabis companies, your author sure would appreciate it.

Even With FCC 1:1 Gone, the CMS 1:1 Rule is Still Standing

Obviously, a lot going on in the lead gen space over the last six weeks. The biggest change of all is the FCC’s one-to-one rule being vacated. The pivot the industry had to make immediately after that ruling affected so many businesses.
But, one thing that did not change was CMS’s requirement for one-to-one consent to share personal beneficiary data between TPMOs. This is true even though CMS’s guidance throughout the summary of the rule was all based on the FCC’s one-to-one rule.
As a reminder:

CMS requires individualized consent: Beneficiary consent for data sharing must be obtained on a specific, one-to-one basis, with clear and easily understood disclosures.
The key to obtain consent is transparency CMS mandates that beneficiaries understand 

Where their personal data is being shared.
The specific purpose of the contact they are consenting to, and
The identity of the entity that will be contacting them.

CMS Consent is Broader than the FCC’s proposed 1:1 consent: The CMS consent rule has a wider scope than the proposed 1:1 consent in the TCPA because it also applies to manual dialed calls.
Opt-In Consent is Mandatory: CMS requires an opt-in consent model, meaning the default should be that data is not shared, and the beneficiary must affirmatively choose to allow sharing.
Separate Legal Entities Require Explicit Consent: TPMOs cannot share beneficiary data with a TPMO that is a different legal entity without the beneficiary’s prior express written consent. This applies even to affiliated agents within the same marketing organization.

While the industry took a collective sigh of relief when the TCPA’s 1:1 rule was vacated, those TPMOs under CMS’s purview must remain diligent. And, new CMS rules should be announced within the next few weeks, so stay tuned.

For Whom the Bell Tolls? The Impact of Wisconsin Bell v. United States ex rel. Todd Heath and United States v. Regeneron Pharmaceuticals Inc. on False Claims Act Litigation

The Supreme Court’s decision in Wisconsin Bell v. United States ex rel. Todd Heath clarifies what constitutes a “claim” under the federal False Claims Act (FCA). At issue in Wisconsin Bell was whether reimbursement requests submitted to the FCC’s “E-Rate Program” are considered “claims” under the FCA. The U.S. Supreme Court agreed that they were, finding that the plaintiff’s liability theory could move forward.
While the issues presented in Wisconsin Bell occurred in the context of the FCC, the implications of the Court’s decision appear to extend far beyond—reaching industries frequently targeted for FCA enforcement, such as health care, aerospace, defense, energy and others involving government contracts (like cybersecurity). As in years past, SCOTUS’s docket and Wisconsin Bell reflects the continued significance of FCA litigation and its importance to the government’s recovery of funds. Therefore, all companies that receive federal funds, particularly in highly regulated industries such as health care, should be interested in understanding this ruling and its impact.
Wisconsin Bell had argued that it could not be exposed to FCA liability because the E-rate program, congressionally mandated to help certain schools and libraries afford internet and telecommunications, is administered by a private nonprofit organization and funded by government-mandated payments from private telecommunications carriers into the Universal Service Fund (USF). But the Court ruled narrowly that, because the U.S. Treasury itself had provided $100 million to the USF, through its collection of delinquent debts to the USF and related penalties and interest, as well as other settlements and criminal restitution payments, the federal government did “provide” a portion of the funds at issue, so the whistleblower’s allegations are thus covered under the FCA.
One thing of interest is seen in the concurrence from Justice Kavanaugh (with Thomas concurring) who renewed their questions about the constitutionality of the FCA’s qui tam provisions (and thereby invited future challenges), writing in Wisconsin Bell that “the [False Claims] Act’s qui tam provisions raise substantial constitutional questions under Article II. … [I]n an appropriate case, the Court should consider the competing arguments on the Article II issue.” Ultimately though, it was a unanimous decision, where the Supreme Court found that that E-Rate reimbursement requests were “claims” under the FCA.
Another interesting aspect is that the Court’s decision was notably narrow, relying on the U.S. Treasury’s supply of a $100 million ancillary sliver of overall USF funding, which totals nearly $10 billion annually. Justice Thomas’s concurrence (with Justice Kavanaugh concurring, and Justice Alito concurring in part) highlights the limits of this approach, observing that, “the Government paid scant attention to the fact that courts historically have not applied the FCA to cover fraud on nongovernment entities unless the Government itself will face a financial loss.” And, the Court’s opinion itself forewarns that issues of, “whether (and, if so, how) the amount of money the Government deposited should limit the damages Heath can recover” are likely to emerge if Heath ultimately prevails.
The narrow holding was necessary because, as the Court explained, larger questions as to the constitutionality of the USF under the nondelegation doctrine are looming in a separate case, Consumers’ Research v FCC, Docket Nos. 24-354, 24-422 (set for oral argument on March 26, 2025). Notably, Justice Thomas’s concurrence sends a warning shot for the Government in that case, questioning the implications of its other two arguments – either that the entire USF constitutes government funds, or that the private, non-profit USF administrator is an agent of the United States – for those constitutional questions, and for compliance with a separate statute, the Government Corporation Control Act. Those answers are likely to affect Heath’s potential for eventual recovery. (The fact that Justice Kavanaugh – seen as a potential swing vote in Consumers’ Research – joined this concurrence may also be an ominous portent for the future of the USF as currently constituted. See our recent Client Alert for more details about the issues presented in the Consumers’ Research case.)
In another recent and important FCA decision, United States v. Regeneron Pharmaceuticals Inc., the First Circuit joined some other courts of appeal in holding that the “but-for” causation standard applies when purported Anti-Kickback Statute (AKS) violations result in FCA violations. This is a commonly used theory because it allows plaintiffs to allege that when a relationship becomes tainted by kickbacks then all reimbursement claims to a federal payor that follow are tainted and fraudulent, triggering FCA liability.
In Regeneron Pharmaceuticals Inc., the First Circuit had to evaluate competing arguments from the government and defendant about whether the 2010 amendments to the AKS effectively changed the proof requirements under this theory. As the court explained,
Regeneron argued that, under the 2010 amendment, the government “b[ore] the burden of proving that an AKS violation … actually caused [a] physician to provide different medical treatment (and thus caused the false claims).” United States v. Regeneron Pharms., Inc., No. 20-11217, 2023 WL 6296393, at *10 (D. Mass. Sept. 27, 2023). In other words, Regeneron asserted that the phrase “resulting from” in the 2010 amendment imposed a “ ‘but-for’ causation standard.” Id. The government disagreed, and it urged the district court to adopt the Third Circuit’s view that “all that is required to prove a causal link [under the 2010 amendment] is that ‘a particular patient is exposed to an illegal recommendation or referral and a provider submits a claim for reimbursement pertaining to that patient.’ ” Id. (quoting United States ex rel. Greenfield v. Medco Health Sols., Inc.,880 F.3d 89, 100 (3d Cir. 2018)).

After evaluating various textual arguments asserted by the government, the First Circuit found that was no good reason “to deviate from the default presumption that the phrase ‘resulting from’ as used in the 2010 amendment imposes a but-for causation standard” and that “to demonstrate falsity under the 2010 amendment, the government must show that an illicit kickback was the but-for cause of a submitted claim.”
Since there is a clear circuit court split on this issue, it is ripe for certiorari by the Supreme Court.
Since False Claims Act plaintiffs are motivated by the potential of obtaining significant bounties by suing companies and individuals that do business with government agencies and affiliates, these and other recent decisions underscore the continued importance for companies that receive federal funds to have robust compliance plans and take appropriate steps to avoid becoming embroiled in these bet-the-company cases.

Reminder: FDA Does, In Fact, Review DOF

When was the last time you thought about “data on file” (“DOF”)? Probably not recently, but last week, the U.S. Food and Drug Administration (FDA) Office of Prescription Drug Promotion (OPDP) posted an untitled letter (the “Letter”)[1] that was issued on February 3, 2025 to Edenbridge DBA Dexcel (“Dexcel”) over allegedly misleading promotional materials for the multiple myeloma drug Hemady® (dexamethasone) involving—you guessed it—a DOF reference. This marks OPDP’s first untitled letter of the year and the first under the new administration. The letter is relatively uninventive in terms of enforcement angles—leading with a garden-variety failure to present “any” safety information—but it does serve as a reminder that FDA can and will ask for DOF references, especially those that substantiate Consistent with FDA-Required Labeling (“CFL”) promotional materials. And of course, despite all the news about regulatory cuts affecting FDA, OPDP still appears alive and well.
Promotional Content
FDA took issue with the promotional communication presented in an exhibit booth panel (“panel”)[2] for Hemady®, a drug indicated in combination with other anti-myeloma products for the treatment of adults with multiple myeloma. Specifically, FDA found the exhibit panel made false or misleading claims about the risks and efficacy of Hemady®. FDA does not make mention of the intended audience, but given the level of detail in the presentation of information, as well as the piece being part of an exhibit booth, we reasonably conclude the audience was intended to be healthcare professionals (“HCPs”).
Lack of Risk Information
First, FDA found that the panel made no mention at all of any risk information. The panel made beneficial claims such as “Hemady® reduces up to 80% of the number of tablets required for a therapeutic dose of dexamethasone for the treatment of adults with MM” and “Hemady® is a unique strength dexamethasone tablet bioequivalent to five 4 mg tablets of dexamethasone.” However, the panel did not present any information about side effects or other risks of the product, which, in FDA’s eyes, created a misleading impression about the product’s safety.
Misleading Claims of Efficacy
Second, FDA found that the panel information was misleading with regard to Hemady’s efficacy. FDA challenged a “Real-World Comparison” of adherence to Hemady® versus generic dexamethasone among patients with multiple myeloma. Crucially, FDA noted that while DOF was cited as support for the comparison, the associated “Adherence Study” did not support the conclusions regarding comparative adherence to Hemady® and generic dexamethasone. FDA specifically referenced issues with study design and methodology. Issues included: patients receiving Hemady® were not verified as having been diagnosed with multiple myeloma in the same way that patients receiving generic dexamethasone were; baseline characteristics were not controlled for across the patient populations; and the generic dexamethasone group had a significantly higher number of patients than the Hemady® group (3,775 versus 43). In light of these significant study limitations, FDA found the claim of Hemady’s efficacy over dexamethasone to be misleading.
Takeaways
This Letter was relatively short and less scathing than we have seen from FDA in previous untitled letters, but it raises interesting and significant points nonetheless. First, and perhaps most significant to FDA in deciding whether to issue the letter is the matter of risk presentation, or in this case, the complete lack thereof. While it is true that the exhibit panel did not contain any mention of safety information or risks associated with using Hemady®, it is possible that there were other materials at the exhibit booth that achieved this purpose. We wonder whether the offending piece was submitted on the Form 2253 alone, if it was submitted together with other pieces, or in either case, if the piece referenced other pieces. Alas, FDA makes no mention of other materials outside of the panel, nor does it make clear whether the exhibit booth was reviewed as a whole or if each piece making up the exhibit booth was evaluated for proper risk and efficacy presentation. Readers can draw their own conclusions. In any case, the Letter counsels that each piece of marketing material presented at conferences, symposia, and similar events should be evaluated on its own, as well as in concert with the pieces surrounding it.
CFL forms the basis for the second major issue raised by the Letter, and there are two takeaways resultant. First, FDA can and will scrutinize DOF references. We are no stranger to this and often suggest that clients prepare these references like scientific papers, including design methodologies, results, and conclusions, and having relevant scientific and/or technical experts either within the company or externally vet and sign-off. The level of detail and sophistication of the Adherence Study is unknown because FDA does not opine on it. So, we are left to conclude that regardless of its content, FDA at best wanted more contextual information (and maybe some disclaimers, which FDA loves) about the Adherence Study actually placed on the panel itself, or at worst disagreed entirely with the scientific merit of the Adherence Study and would have found it inappropriate to use, even if “explained/disclaimed-to-death.”
The second takeaway teed-up above is whether FDA would have still objected even in the face of additional contextual information and/or disclaimers. We view the FDA as saying that the study design and methodology do not match the manner in which the conclusions about benefit information are presented, and hence, the result misleads the audience. Without having reviewed the DOF, we will never know whether this is warranted, but it stands to reason that if we assume the exhibit panel contained no falsities in the conclusions presented (FDA never said there were), the DOF may have contained enough context for the HCP to understand that the study did contain various biases, and that the impact of the various factors on adherence should be interpreted with caution.
Readers of the blog will appreciate the extent to which we have discussed CFL in the past and will recall that we believe “context is key.” From a First Amendment protection perspective, the goal in CFL communications (provided you have met all the FDA guidance requirements) should be to provide enough context for the reader to fully understand and interpret the information and to be judicious about making conclusions. [3] The result on this piece may have been different if the CFL box was checked, but FDA already had its “no safety balance” hook, so it is unclear whether this would have made a difference from an enforcement perspective.
As noted at the open, the Letter marks the first major OPDP action under the new administration, suggesting that FDA staffing cuts, de-regulatory efforts, and all that has swirled around this new administration has not stopped OPDP from policing drug promotion. The Letter underscores the persistence of the FDA Bad Ad Program, which was how FDA received a complaint about the exhibit panel.
FOOTNOTES
[1] Untitled Letter available here: Hemady® Untitled Letter
[2] Promotional Content available here: Hemady® Promotional Material
[3] Contrary to popular opinion, we do not believe in the “when in doubt, disclaimer” approach. FDA may like disclaimers, but our marketing colleagues do not. So, finding a way to say what we want without hedging the message should be the goal.
 
Julian Klein contributed to this article.

SuperValu Wins False Claims Act Case with a “No Harm, No Foul” Jury Verdict

On March 5, 2025, SuperValu, Inc. (SuperValu), a grocery store chain that operates in-store pharmacies, was cleared of liability by a Central District of Illinois federal jury—finally quashing whistleblower claims that the company improperly over-billed the government and violated the False Claims Act (FCA). This jury verdict came after a long 14-year battle, which included a Supreme Court reversal of lower court decisions on the FCA’s scienter standard.
In 2006, SuperValu’s pharmacies began discounting generic drugs through a price-matching system (if a customer provided evidence of a cheaper price for certain drugs available at another pharmacy, SuperValu would match that price) and other loyalty programs. Many of SuperValu’s customers took advantage of these programs. However, when the company reported its “usual and customary” price to federal and state governments for reimbursement, SuperValu reported the much higher retail price of the drugs. After these programs ended, whistleblowers brought suit against SuperValu under the FCA’s qui tam provision. In the qui tam actions, plaintiffs alleged that SuperValu offered discounted pricing through these programs to so many customers that the discounted price was effectively their “usual and customary” price. As SuperValu did not offer the discounted pricing to Medicare and Medicaid, which were required by law to be charged the “usual and customary price,” the whistleblowers alleged SuperValu overcharged the government for years when seeking reimbursements for prescription drugs.
In 2020, the District Court granted SuperValu’s motion for summary judgment, holding that SuperValu had submitted false claims as defined under the FCA, but concluding that SuperValu did not possess the required scienter necessary to establish FCA liability. The government appealed to the Seventh Circuit, which affirmed the lower court’s decision. The Seventh Circuit applied a two-part test to determine if SuperValu knowingly or recklessly submitted false claims:

Was the defendant’s interpretation of law objectively reasonable (including not being ruled out by prior precedent); and
If the defendant’s interpretation was not objectively reasonable, did the defendant have a subjective belief the claims they were submitting were false?

If the defendant’s interpretation was not objectively reasonable, and the defendant had a subjective belief it was submitting false claims, the defendant knowingly or recklessly submitted false claims. The Seventh Circuit held that SuperValu’s interpretation of the law was objectively reasonable and, therefore, SuperValu did not possess the required scienter under the FCA.
In 2023, the Supreme Court reversed the Seventh Circuit, holding that, whether a defendant possessed scienter sufficient to satisfy the FCA requirements depended solely on that defendant’s subjective knowledge—doing away with the Seventh Circuit’s “objectiveness” test. Focusing on the plain language of the FCA, the Supreme Court held that, to prove a false claim, two elements must be satisfied: (1) the claim that was submitted was, in fact, false and (2) the defendant subjectively believed the claim was false.
Nearly fourteen years after its initial filing, the case returned to the District Court on remand from the Supreme Court for a jury trial. While the jury ultimately found that SuperValu did knowingly submit false claims under the Supreme Court’s scienter standard, the question of whether the jury would impose liability came down to whether the federal or state governments suffered damages due to SuperValu’s false claims. In a pre-trial motion, SuperValu argued that any evidence the plaintiffs offered of the alleged overpayments was evidence only of a gain to SuperValu—not a loss to the government. Because the government determines reimbursement rates under Medicare Part D plans, SuperValu argued that plaintiffs would have to prove that the alleged false claims changed the amount government actually paid and, thus, caused damages. It appears the jury accepted this argument. The jury unanimously decided the plaintiffs had not proved that either the federal or state governments suffered damages and, as a result, SuperValu was found “not liable.” After a long and tortured history, the whistleblowers’ claims were finally put to rest. The case ultimately ended with a “no harm, no foul” verdict, and SuperValu avoided liability under the FCA. The case suggests a potent line of defense for companies defending against FCA allegations.

Changes on the Horizon for Long-Term Care Facilities

The Centers for Medicare and Medicaid Services (CMS) have opened fire on long-term care (LTC)  facilities through historic changes to rules pertaining to numerical staffing standards. In every corner of the long-term care facility universe we hear the fervent echoing of nursing community protagonists and exponents spreading the dreaded news long feared by so many: “new staffing standards are coming, new staffing standards are coming” … registered nurses on the premises 24 hours a day by May l, 2026, in non-rural facilities, and minimum numerical staffing requirements by May 20, 2027. Background On February 28, 2022, President Biden announced a widespread set of modifications to the current federal requirements for Medicare and Medicaid long-term care facilities. According to the White House, this move was ostensibly aimed at improving the safety and quality of care within the nation’s nursing homes. One key initiative within the Biden-Harris Administration’s strategy was to establish a minimum nursing home staffing requirement for LTC facilities participating in Medicare and Medicaid. The applicable regulations relevant for this discussion are set forth in Code of Federal Regulation section 483.35 (the Code). 
On April 22, 2024, the CMS Department of Health and Human Services finalized the Minimum Staffing Standards for Long-Term Care Facilities and Medicaid Institutional Payment Transparency Reporting rule. The final rule was published in the Federal Register on May 10, 2024, and became effective June 21, 2024.
The federal Appendix PP of the State Operations Manual (SOM) was released on February 24, 2024. The primary revisions address changes to the medical director, admission and discharge policies, and medication practices interpretive guidelines. According to CMS, these changes will provide additional support to surveyors in the field. However, as is often the trouble with guidelines, regulators yield the SOM as if it were law – except it lacks any legal authority. 
Below, this article will briefly describe the federal statutory and regulatory framework that governs provider participation in the Medicare and Medicaid programs, including any significant revisions to the federal Appendix PP of the SOM. Next, the article will provide an outline of the new staffing requirements that will be implemented and enforced by CMS in three stages beginning May 11, 2026. Finally, it will provide several alternatives providers can pursue in response to these new regulations.
Long-Term Care Laws and the Regulatory Scheme Sections 1819 and 1919 of the Social Security Act (the Act) set out regulatory requirements for Medicare and Medicaid long-term care facilities, respectively. Specific statutory sections such as 1819(d)(4)(B) and 1919(d)(4)(B) of the Act permit the Secretary of the Department of Health and Human Services (HHS) (the Secretary) to establish any additional requirements relating to the health, safety, and well-being of residents in skilled nursing facilities (SNF) and nursing facilities (NF), as the Secretary finds necessary. This provision and other statutory sections provide CMS with the authority to issue regulations revising the existing requirements and to mandate a staffing minimum for nursing care.
In addition to changing the regulations related to staffing, CMS will use the following modified revisions to the Appendix PP SOM. The most significant revisions to the SOM will affect guidance pertaining to admission, discharge, and chemical restraints. In the context of discharge, surveyors will begin looking more closely at the following categories:

Discharge for failure to meet resident needs where there is no evidence of a facility having attempted to meet resident needs prior to discharge
Discharge for failure to pay without evidence that the facility offered to assist with applying for medical assistance or of resident refusal to comply with seeking payment from Medicare/ Medicaid
Discharge on the basis of a resident posing a danger to the health/safety of others without evidence supporting that such danger exists
Refusal to allow a resident to return after hospitalization or other absence without a valid reason for refusing such return
Failure to appropriately account for resident needs and safety post-discharge.

Among key points related to chemical restraints, the SOM highlights that facilities are to ensure:

Residents only receive psychotropic medications when other nonpharmacological interventions are clinically contraindicated.
Residents only remain on psychotropic medications when gradual dose reduction and behavioral interventions have been attempted and/or deemed clinically contraindicated.
Medications are only used to treat residents’ medical symptoms and not for discipline or staff convenience, which would be deemed a chemical restraint.
Residents, their families, and/or representatives are informed of the benefits, risks, and alternatives for psychotropic medications in advance of any initiation or increased administration of such medications, including with respect to any “black box” warnings (a label on a prescription drug that alerts patients to serious or life-threatening risk). 

HHS and CMS have the ability not only to provide additional details to fill in legislative holes or provide elucidation to participating providers, via the Code of Federal Regulation section 483.1-483.95 and SOM, but also to yield significant enforcement authority. Long-term care providers found to be out of compliance with sections of the Code or interpretations found in the SOM can face serious repercussions including termination of Medicare provider agreements, denial of payments for care provided to residents who have insurance through Medicare and Medicaid, and civil money penalties. While CMS purports the aforementioned enforcement mechanisms were designed to deter noncompliance and induce those providers who are out of compliance to quickly return to the regulatory mandates, often these remedies are used to punish providers labeled by surveyors as substandard providers.
Similarly, and consistent with the virtues of federalism, states provide additional requirements for long-term care owners and providers including laws and regulations for obtaining and renewing a license to provide skilled nursing services to residents of the respective state. Coincidently, virtually every state in the union has at some point considered implementing minimum numerical staffing requirements. While some have decided against a minimum staffing requirement, in 2021, 36 states had laws requiring minimum nurse staffing standards for SNFs. These standards vary widely, from Washington, D.C. requiring 4.1 total nursing hours per resident per day (HPRD) to Arizona requiring less than one total nursing HPRD. Only six states require registered nurse (RN) to be on duty 24 hours per day.
New Staffing Regulations 42 CFR § 483.3542 CFR § 483.35 titled “Nursing Services” has long allowed nursing home administration some discretion in determining how many licensed nurses and certified nursing aides were required during a 24-hour period. Pursuant to the prior regulatory language under 42 CFR § 483.35, LTC, facilities required the services of a RN for at least 8 consecutive hours a day, 7 days a week (§ 483.35(b)(1)). Additionally, LTC facilities were required to provide the services of “‘sufficient numbers’ of licensed nurses and other nursing personnel … 24 hours a day to provide nursing care to all residents in accordance with the resident care plans and assessments.” § 483.35(a)(1).
Under the regulations effective June 21, 2024, providers must comply with the following requirements or face the aforementioned regulatory enforcement penalties: 

Have a registered nurse at the facility for 24 hours
Have a minimum of 3.48 total nurse staffing hours per resident per day
Allocate 0.55 staffing hours per resident per day for direct care provided by registered nurses
Have 2.45 nurse aide hours per resident day. § 483.35(b)(i)(ii).

Researchers in the February 2025 issue of Health Affairs Scholar investigating the possible effects and readiness of skilled nursing providers using staffing data obtained from CMS’s Payroll Based Journal in 2023 and the first quarter of 2024 came to varying conclusions. Researchers found that 58% of all U.S. facilities meet the total nursing rule, 50% meet the registered nurse rule, and 28% meet the nurse aide standard.1 However, at least two separate studies found that more than 80% of nursing homes fail to meet the updated requirements in the final staffing mandate.2
Although CMS endorses these changes as surefire interventions that will promote increased positive health outcomes at nursing facilities, the new regulations place significant faith in registered nurses who rarely provide the hands-on care that is the most important element of nursing home care. Consequently, many providers will be forced to reduce the number of licensed registered nurses to satisfy the new staffing minimums. Licensed practical nurses (LPNs) are often unit mangers or floor supervisors at long-term care facilities. LPNs balance direct-care responsibilities that require them to interact with residents routinely with supervisory obligations that allow for the free flow of information to doctors, registered nurses, and certified nursing assistants. On one hand, CMS claims research supports better health outcomes when registered nurses are more involved in direct care of resident. On the other hand, these studies did not focus on health care outcomes when LPNs are not involved at all in nursing homes.  
Alternatives to Compliance With the Biden Administration in the rear view and the second Trump Administration beginning, optimistic pundits believe the minimum staffing standards will be modified or totally rescinded. Nevertheless, providers, owners, administrators, and management companies must determine how to best navigate the period from now until enforcement day on May 11, 2026.
Litigation is always an option for those willing to take on CMS and HHS directly. Some providers and lobbyists have taken the path less traveled and decided to adopt an aggressive approach to the new regulations. Approximately 20 states and organizations have sued CMS over this new rule, claiming that it would lead to many nursing homes going out of business and jeopardize the long-term care of nursing home residents. There is no formal ruling on these legal objections, so it remains to be seen if legal options will bear any fruit.
Although a direct assault on the minimum staffing requirements would probably be the most emotionally satisfying in the short term, some providers are leery of a direct challenge to CMS and HHS. Many have done so in the past and invested considerable time and expense only to be on the losing end of such an endeavor. Additionally, HHS does not soon forget conduct that could be construed as an affront to its authority. Accordingly, many long-term care providers are hopeful that on the heels of the U.S. Supreme Court overturning Chevron U.S.A., Inc. v. Natural Resources Defense Council, Inc.3 jurisprudence, HHS and CMS may decide to compromise so legal action will not be necessary instead of allowing the judiciary and executive branches to intervene and continue to limit administrative agency power.
Another alternative for those desperate to circumvent the new regulations is the exemption option. CMS will grant an exemption if a facility can satisfy the factors enumerated in § 483.35(H). The exemption from the minimum standards of 0.55 HPRD for RNs, 2.45 HPRD for NAs, and 3.48 HPRD for total nurse staffing, and the eight-hour per day 24/7 RN onsite requirement are available under limited circumstances pursuant to 42 CFR § 483.35(H).
For a provider to qualify, a facility must meet the following criteria after demonstrating lack of sufficient licensed nursing staff in its geographic area: 

The workforce is unavailable as measured by having a nursing workforce per labor category that is a minimum of 20 percent below the national average for the applicable nurse staffing type
The facility must demonstrate good faith efforts to hire and retain staff
The facility must provide documentation of its monetary commitment to staffing
The facility posts a notice of its exemption status in a prominent and publicly viewable location in each resident facility
The facility provides individual notice of its exemption status and the degree to residents and to the local ombudsman.4

Conclusion While it remains to be seen how these events will affect long-term care for years to come, there is well-founded fear that some providers will not be able to afford the staff required to comply. Granted, it seems only logical that increased registered nursing presence will allow for increased higher-level nursing participation; it is not reasonable to believe that it will in any way alter the most serious types of problems facing homes today. For example, sexual abuse, or abuse of any kind, often results from acceptance of a resident who never should have been admitted to a long-term care facility as currently constructed.
From the perspective of this writer who has spent time as a regulator and served as legal counsel for nursing homes, until the United States invests in broader nursing home reform aimed at creating facilities specifically designed to treat elderly residents with specialized needs, it will be challenging to solve the long-term care conundrum. With the baby boomers entering the final frontier, judicious, practical thought must be given to how society wants to treat the elderly population – hiring an additional nurse or two may not solve the problem. 
_____________________________________________________________________________
1 Nursing Home Trade Associations Challenge Administration’s New Staffing Requirements,” Health Affairs Forefront, July 15, 2024, DOI: 10.1377/forefront.20240712.10341. https://academic.oup.com/healthaffairsscholar/article/3/2/qxaf009/7959118
2 Id.
3 Chevron USA Inc. v. Natural Resources Defense Council, Inc., 467 US 837 – Supreme Court 1984 – Google Scholar. 
4 42 CFR § 483.35(H).

Federal Appeals Court Rules Against Doctor Seeking to Use Mushrooms to Aide Terminal Patients: How We Learned to Question the Rationale of the Controlled Substances Act

It’s funny how things work out – sometimes you find yourself living in a sort of butterfly effect where the tail seems to wag the dog. In 2023, when we first started writing about the traction psychedelics were gaining as medicine, our goal was not to end up spending years covering the winding legal battle of a Washington physician to legally obtain psilocybin for terminally ill cancer patients to manage their pain. 
But here we are. To be clear, while we’re certainly interested in the fate of Dr. Sunil Aggarwal’s efforts, we’ve been following the case closely because it’s one of a few legal cases to shed light onto what courts and federal agencies may do when faced with a medicinal demand for psychedelics outside of the research context.
In his efforts to be able to administer psilocybin to his patients, Aggarwal employed a two-fold approach: (1) he attacked the status of psilocybin as a Schedule I drug, and (2) he tried to get around statutory requirements governing a physician’s right to distribute Schedule I drugs outside of the research context. Neither has been successful (yet).
DEA Says No to Rescheduling, but the Court Keeps the Door Cracked
As a reminder, here’s what happened when Aggarwal petitioned the DEA to reschedule psilocybin:
Since at least 2021, Dr. Sunil Aggarwal has been working to legally obtain psilocybin for terminally ill cancer patients undergoing end-of-life care. Because psilocybin is a Schedule I drug under the Controlled Substance Act (CSA), obtaining the drug to treat his patients was “practically and legally difficult” according to his lawyers. Aggarwal turned to the DEA, petitioning the agency to transfer psilocybin from Schedule I to Schedule II. The DEA denied the petition in a four-sentence letter. Aggarwal then looked to the Ninth Circuit.
The Ninth Circuit Court of Appeals in  Aggarwal v. U.S. DEA directed the U.S. Drug Enforcement Agency (DEA) to reconsider its decision not to transfer psilocybin from Schedule I to Schedule II. 
The Ninth Circuit sided with Aggarwal. The court held that the “DEA failed to provide sufficient analysis to allow its path to be reasonably discerned” and “failed to clearly indicate that it ha[d] considered the potential problem identified in the petition.” More specifically, the Ninth Circuit noted that the DEA failed to define “currently accepted medical use with severe restrictions,” which was the applicable standard for rescheduling on which Aggarwal relied. The court directed the DEA to clarify or reevaluate its position.

And, while the footsteps may not have been as swift as some would hope, we still stand by the predictions we made in 2023:
The Ninth Circuit’s refusal to accept the DEA’s out-of-hand dismissal of a petition to reschedule psilocybin is yet another step in what appears to be faster and faster footsteps towards the future. What that future holds is yet to be determined – though we will monitor closely – but whatever the future is it promises to be quite a ride.

Will the Right to Try Act Save Practitioners Who Don’t Conduct Research but Want to Administer Schedule I Drugs?
Perhaps realizing that convincing the DEA to reschedule psilocybin may be a tall task, Aggarwal tried his hand before the DEA and then the Ninth Circuit with another approach — trying to get around the Controlled Substance Act (CSA) by way of the Right to Try Act (RTT Act). Aggarwal challenged the DEA’s decision not to exempt him from registration under the CSA, but the FDA’s RTT Act didn’t turn out to be the rescuer he had hoped for.
Because it’s a Schedule I substance, the CSA dictates that psilocybin may only be produced, dispensed, or possessed in the context of a research protocol registered with the DEA and approved by the Secretary of Health and Human Services. In other words, psilocybin may only be dispensed by medical practitioners in the context of “bona fide research,” which requires the approval of the FDA (see21 U.S.C. § 823(g)(2)(A)). The DEA handles registration and “may, by regulation, waive the requirement for registration of certain…distributors, or dispensers if DEA finds it consistent with the public health and safety” (21 U.S.C. § 8222(d)).
The Food, Drug, and Cosmetic Act (FDCA) is even broader and “imposes restrictions on the…distribution of all drugs including but not limited to controlled substances” (21 U.S.C. § 331). Generally, before a new drug can be introduced to the market, it must go through the clinical trial process, but there are other ways. A patient, for instance, may attempt to access a new drug through the FDA’s expanded access program.
Where a prescription drug is a controlled substance, “the FDCA and CSA operate in tandem” and the person distributing the drug must comply with both statutes.
The FDA has also adopted the RTT Act, which is intended to expand access for eligible investigational drugs outside the clinical trail process. “The RTT Act exempts the drugs provided to eligible patients from specified statutory and regulatory requirements concerning drug labeling, marketing, clinical, testing and approval.” “To access an eligible investigational drug under the RTT Act,” an eligible patient’s physician applies directly to the drug’s sponsor, and the FDA is not involved in approving access.
Seeking psilocybin for his terminally ill patients, Aggarwal’s attorneys submitted a letter to the DEA asking the DEA “for authorization to access psilocybin for therapeutic use under state and federal RTT Acts and immunity from prosecution under the CSA.” His lawyers also asked that if it deemed registration was required under the CSA, that the registration requirement be waived.  
The DEA said no dice and clung tight to the CSA. In so doing, the DEA made a few things clear:

“Practitioners who seek to dispense or possess [S]chedule I controlled substances must be properly registered as an approved researcher in accordance with the CSA and its implementing regulations.”
The RTT Act does “not provide any exemptions from the CSA or its implementing regulations.”
The RTT Act does “not give the DEA authority to waive CSA requirements.”

Doubling down, the DEA also declined Aggarwal’s request to initiate rulemaking to exempt him from the CSA’s registration requirement. The DEA provided the following as its reasoning:

The DEA could not fully assess Aggarwal’s proposal because it was lacking in detail.
Aggarwal’s desire to administer psilocybin to patients was not consistent with public health and safety. In making this particular finding, the DEA relied heavily on Congress’ determinations in designating psilocybin as a Schedule I drug that it has a high potential for abuse, no currently accepted medicinal use in treatment in the United States, and a lack of accepted safety for use under medical supervision.
Aggarwal’s cited historical scenarios involving Schedule I controlled substances — including marijuana — were not persuasive.

The Ninth Circuit found in favor of the DEA, ruling that the DEA’s reasoning in blocking Aggarwal’s access to the DEA was not arbitrary and capricious.  While the Ninth Circuit didn’t declare the following reasoning the rule of land even within the Ninth Circuit, it did make clear that the DEA’s reliance on this reasoning is not arbitrary and capricious:

“The CSA and FDCA together govern access to controlled substances for medicinal purpose.”
“Although the RTT Act itself does not require FDA approval for eligible patients to access eligible investigational drugs, it does not exempt such drugs from the FDA’s Attorney-General-delegated oversight pursuant to the CSA.” “So DEA’s continued enforcement of the CSA’s registration requirement does not affect, modify, repeal, or supersede the FDCA as amended by the RTT Act.”
The Ninth Circuit did not reject the DEA’s reliance on Congress’ determination, as codified in the CSA, that psilocybin has a high potential for abuse, no currently accepted medicinal use in treatment in the United States, and a lack of accepted safety for use under medical supervision.

So, What Does an Opinion Brushing Back One Physician on the West Coast Mean to the Psychedelics Industry More Broadly?
Proponents and physicians who are looking for easier access to psilocybin outside of the research context will see this as a significant step back. The DEA dealt a significant setback to the ability to rely on the RTT Act or to seek a waiver of registration. The Ninth Circuit didn’t really pull back the reigns. The DEA’s position that, even if a physician is able to obtain approval under the RTT, he or she still must obtain registration or a waiver under the CSA has now been approved (or at least not disapproved). And that position was pretty clear: The DEA is still in charge.
So, what does the opinion not mean? This opinion does not foreclose the efforts of physicians interested in conducting research blessed by the CSA and FDA. As we’ve previously reported, interest in researching psychedelics remains high and it appears capital does, too. Indeed, there are strong pushes for research in the federal, state, and private sectors with corresponding funding. There is no indication — and we have no expectation — that it will slow down any time soon, and the Ninth Circuit’s decision does nothing to change our thoughts on that point. Indeed, it appears to be, at least according to the DEA as approved by the Ninth Circuit, the clearest path forward.

What Does the Phrase “Resulting From” Mean? Circuit Courts Split on Standard for Determining When an AKS Violation Is a False Claim

Dating back to the 19th century, the U.S. Supreme Court has held that when construing a statute, the courts are to “give effect, if possible, to every clause and word of a statute, avoiding, if it may be, any construction which implies that the legislature was ignorant of the meaning of the language it employed.”[1]
However, there’s currently a split among the federal courts regarding how to interpret a phrase in a 15-year-old amendment to the Anti-Kickback Statute (AKS).[2] In 2010, Congress amended the AKS to provide that where the statute is violated, in addition to criminal penalties, any “claim that includes items or services resulting from [that] violation of [the AKS] constitutes a false or fraudulent claim for purposes of the [False Claims Act (FCA)].”[3] The circuit courts disagree over what it means for a claim to “result from” a violation of the AKS. 
On February 18, 2025, the U.S. Court of Appeals for the First Circuit, in United States v. Regeneron Pharmaceuticals, held that to show a claim “results from” a violation of the AKS, the government must prove that a claim would not have been submitted “but for” the illegal kickback. [4] While this ruling aligns with recent decisions by the Sixth[5] and Eighth[6] Circuits, it conflicts with a Third Circuit decision[7] holding that the government must merely prove a “causal connection” between an illegal kickback and a claim being submitted for reimbursement. This Insight explores the courts’ approaches to evaluating what the words “resulting from” mean in the context of the AKS.
History of the Relationship Between the AKS and the FCA
The AKS makes it a crime to knowingly and willingly offer, pay, solicit, or receive any remuneration to induce referrals or services reimbursable by a federal health care program (e.g., Medicare, Medicaid). Each offense under the AKS is punishable by a fine of up to $100,000 and imprisonment for up to 10 years. Violators of the AKS can also be excluded from federal health care programs and face civil monetary penalties: (i) up to $50,000 and (ii) three times the amount of the remuneration in question.[8] Significantly, the 2010 amendment to the AKS clarified that a person or entity must act willfully to violate the statute, even though “a person need not have actual knowledge of [the AKS] or specific intent to commit a violation of [the AKS].” [9]
The FCA is the primary vehicle through which the government (on its own behalf and by virtue of the FCA private right of action provision) pursues fraud, waste, and abuse in the health care industry. Generally, the statute imposes liability on anyone who knowingly presents, or causes to be presented or conspires to present, a false or fraudulent claim for payment or approval.[10]
To establish a violation of the FCA, the government must prove by a “preponderance of the evidence”—a lesser standard than the criminal “beyond a reasonable doubt” standard—that a defendant “knowingly” violated the statute. The FCA defines the terms “knowing” and “knowingly” to mean that a person “(i) has actual knowledge of the information; (ii) acts in deliberate ignorance of the truth or falsity of the information; or (ii) acts in reckless disregard of the truth or falsity of the information.” The statute further clarifies that proof of specific intent to defraud is not required.[11]
Before 2010, federal law did not specifically address whether a violation of the AKS could result in a claim being considered false for purposes of the FCA. For almost two decades, the government and qui tam relators attempted to “bootstrap” anti-kickback claims to the FCA to obtain civil penalties based on alleged AKS violations. This bootstrapping theory was premised on the argument that when a provider submits a claim to a federal health care program, the claim includes an implicit certification that the provider was in compliance with applicable laws, including the AKS.
For instance, in Roy v. Anthony,[12] a whistleblower sued under the FCA alleging that physicians in a medical practice referred patients to diagnostic centers in violation of the AKS. The defendants settled the case for more than $1.5 million following a district court decision holding that the plaintiff could prove that the charged claims were false because they were submitted in violation of the AKS. Similarly, the district court in Pogue v. American Healthcorp held that a violation of the AKS could constitute a false claim under the FCA if the whistleblower or the government could show that the defendants engaged in fraudulent conduct with the purpose of inducing payment from the government.[13]
In 2010, as part of the Patient Protection and Affordable Care Act,[14] Congress attempted to resolve the highly litigated issue of whether a violation of the AKS can serve as a basis for liability under the FCA by amending the AKS to state that a “claim that includes items or services resulting from a violation of [the AKS] constitutes a false or fraudulent claim for purposes of the [FCA].”[15] 
Split Among the Courts Interpreting the Causation Standard
Despite the 2010 amendment, the debate has not ended regarding the relationship between the AKS and the FCA, with the courts splitting on what it means for a claim to “result from” a violation of the AKS. The Third Circuit has held that the government must merely prove a “causal connection” between an illegal kickback and a claim being submitted for reimbursement, while the First, Sixth, and Eighth Circuits have adopted the stricter “but-for” standard of causation.
Third Circuit: The “Causal Connection” Standard
In 2017, in United States ex rel. Greenfield v. Medco Health Solutions Inc., the Third Circuit first examined this issue in a case where the qui tam relator argued that the defendant’s alleged kickback scheme amounted to a violation of the FCA because at least some referrals or recommendations were for Medicare beneficiaries and because the defendant falsely certified compliance with the AKS.[16]
Relying on the U.S. Supreme Court’s ruling in Burrage v. United States, the defendant argued that “resulting from” requires “proof the harm would not have occurred in the absence of—that is, but for—the defendant’s conduct.”[17] The government/qui tam relator responded that requiring but-for causation would lead to the “incongruous” result that a defendant could be convicted of criminal conduct under the AKS but be insulated from civil liability under the FCA.
In interpreting the 2010 amendment, the Third Circuit examined the legislative history surrounding its passage. Specifically, the court referenced language from the congressional record in which one senator explained that Congress wanted to “strengthen” actions under the FCA and “ensure that all claims resulting from illegal kickbacks are considered false claims for the purpose of civil action[s] under the False Claims Act.”[18] The court agreed with the government’s position, concluding that imposing a “but-for” standard “would hamper FCA cases under the provision even though Congress enacted it to strengthen[] whistleblower actions based on medical care kickbacks.”
While the Third Circuit sided with the government by rejecting a but-for causation standard, the court, nevertheless, held in favor of the defendant. The complaint alleged that (1) the defendant paid illegal kickbacks to Party A, (2) Party A forwarded that money to Party B, (3) Party B included the defendant as an approved provider for Party B’s members, (4) the defendant filed claims on behalf of 24 federally insured patients, and (5) the defendant violated the FCA because the defendant incorrectly certified that it did not pay any illegal kickbacks. The Third Circuit disagreed, relying on an Eleventh Circuit case holding that a plaintiff cannot “merely … describe a private scheme in detail but then … allege … that claims requesting illegal payments must have been submitted, were likely submitted[,] or should have been submitted to the Government.”[19] Instead, the government/relator must provide evidence of the actual submission of a false claim. In Medco, the Third Circuit held that even if it were to assume the defendant paid illegal kickbacks, “that is not enough to establish that the underlying care to any of the 24 patients was connected to a breach of the AKS; we must have some record evidence that shows a link between the alleged kickback and the medical received by at least one” of the patients.
First, Sixth, and Eighth Circuits: The “But-For” Causation Standard
While the Third Circuit refused to find the Supreme Court’s Burrage decision controlling, the First, Sixth, and Eighth Circuits relied on Burrage to support the but-for causation standard.
In 2022, in United States ex rel. Cairns v. DS Medical LLC,[20] the Eighth Circuit relied on Burrage, as well as on several dictionary definitions of the words/phrases “resulting” and “results from,” and concluded that these words require a “but-for” causal connection. The Eighth Circuit addressed the Third Circuit’s holding in Medco and declined to follow that case, rejecting the Third Circuit’s approach of relying on legislative history and “the drafters’ intentions.” The Eighth Circuit held that if Congress had not intended to impose this “but-for” causation standard, then it could have adopted a different standard such as “tainted by” or “provided in violation of.”
The following year, the Sixth Circuit, relying on Burrage and United States ex rel. Cairns v. DS Medical LLC, held that the government/whistleblowers needed to satisfy the but-for causation standard and ruled in favor of the defendants where there was no evidence that the alleged kickback arrangement changed any of the parties’ behaviors. In other words, regardless of the improper payments, the same referrals would have occurred, and the same claims would have been submitted to the federal government. [21]
The First Circuit recently joined the Eighth and Sixth Circuits in adopting the but-for causation standard. The First Circuit noted that while the Supreme Court has held that “as a result from” imposes a requirement of causality—meaning that the harm would not have occurred but for the conduct—“that reading serves as a default assumption, not an immutable rule.” Nevertheless, the First Circuit determined that nothing in the 2010 amendment contradicts the notion that “resulting from” requires proof of but-for causation.
While it agreed that the criminal provisions of the AKS do not include a causation requirement, the First Circuit observed that different evidentiary burdens can exist for claims being brought for purposes of criminal versus civil liability. The First Circuit concluded that although the AKS may criminalize kickbacks that do not ultimately cause a referral, a different evidentiary standard can and should be applied when the FCA is triggered. As a result, the First Circuit affirmed the lower court’s decision that “to demonstrate falsity under the 2010 amendment, the government must show that an illicit kickback was the but-for cause of a submitted claim.”
In light of this decision, a majority of the Circuits that have addressed this issue have adopted the “but-for” causation standard based on the 2010 amendment, leaving the Third Circuit as the only circuit court to adopt the more lenient “causal connection” standard. Notably, while three Circuits have now aligned on interpreting the “resulting from” language in the 2010 amendment to require but-for causation, this standard applies to those FCA cases based upon AKS violations that do not involve a false certification theory. These but-for cause decisions do not address causation in AKS-based FCA cases where the alleged falsity is a false certification of compliance with the AKS. This false certification theory remains viable, which the First Circuit specifically addressed in Regeneron.
Conclusion
Entities in the health care and life sciences industries facing allegations of AKS and FCA violations should be aware of the current state of the law and be prepared to vigorously challenge efforts by the government, or qui tam relators, to seek to deviate from the but-for causation standard.
Although the U.S. Supreme Court denied a petition to review this specific issue in 2023, it may once again be called upon to weigh in, as there inevitably will continue to be a division in how the courts interpret this “resulting from” language.
ENDNOTES
[1] Montclair v. Ramsdell, 107 U.S. 147 (1883).
[2] See 42 USC § 1320a-7b(b). 
[3] See 42 USC § 1320a-7b(g) (emphasis added). The federal False Claims Act (FCA) can be found at 31 U.S.C. § 3729 et seq.
[4] United States v. Regeneron Pharmaceuticals, 2025 WL 520466 (1st Cir. Feb. 18, 2025).
[5] United States ex rel. Martin v. Hathaway, 63 F.4th 1043, 1052–55 (6th Cir. 2023).
[6] United States ex rel. Cairns v. D.S. Med. LLC, 42 F.4th 828, 834–35 (8th Cir. 2022).
[7] United States ex rel. Greenfield v. Medco Health Solutions Inc., 880 F.3d 89, 100 (3d Cir. 2018).
[8] See 42 U.S.C. § 1320a-7b(b).
[9] See 42 U.S.C. § 1320a-7b(h).
[10] See 31 U.S.C. § 3729(a)(1).
[11] See 31 U.S.C. § 3729(b)(1).
[12] See United States ex rel. Roy v. Anthony, No. C-1-93-0559 (S.D. Ohio 1994).
[13] See United States ex rel. Pogue v. American Healthcorp., Inc., 1995 WL 626514 (M.D. Tenn. Sept. 14, 1995); United States ex rel. Pogue v. American Healthcorp., Inc., 914 F. Supp. 1507 (1996).
[14] Patient Protection and Affordable Care Act (PL 111-148).
[15] Id. at § 6402(f)(1) codified at 42 U.S.C. § 1320a-7b(g).
[16] United States ex rel. Greenfield v. Medco Health Solutions Inc., 880 F.3d 89, 100 (3d Cir. 2018). It should be noted that, in this case, the government originally declined to intervene.
[17] Id. quoting Burrage v. United States, 134 S. Ct. 881, 887-888 (2014). 
[18] Id. citing 155 Cong. Rec S10852, S10853 (daily ed October 28, 2009).
[19] Id. citing United States ex rel. Clausen v. Lab Corp. of Am., 290 F3d 1301, 1311 (11th Cir. 2002).
[20] United States ex rel. Cairns v. D.S. Med. LLC, 42 F.4th 828, 834–35 (8th Cir. 2022).
[21] United States ex rel. Martin v. Hathaway, 63 F.4th 1043, 1052–55 (6th Cir. 2023).

New York Health Data Requirements Potentially Ahead: Understanding the Newly Passed Health Information Privacy Act

New York lawmakers recently passed a wide-ranging health information privacy bill that would require entities to obtain consent to collect, use, or sell an individual’s health information except for designated purposes. Notably, the bill broadly defines both regulated entities and regulated health information, and it would potentially impact companies nationwide that may not otherwise consider themselves to be collecting individuals’ private health information.

Quick Hits

New York lawmakers passed a health information privacy bill that, among other obligations, would require entities to obtain authorization to collect, use, or sell an individual’s health information unless it is “strictly necessary” for certain purposes.
The bill broadly defines regulated health information to include data that goes beyond traditional protected health information (PHI) and broadly defines regulated entities to include New York entities and certain non-New York entities.
While there is no private right of action, the bill would empower the state attorney general to seek significant penalties for violations.
The governor must still sign the bill and it would take effect one year after becoming law.

On January 22, 2025, the New York State Legislature passed Senate Bill (S) 929, known as the New York Health Information Privacy Act (New York HIPA). The bill has not yet been sent to Governor Kathy Hochul’s desk for signature. If signed, New York HIPA would take effect one year after becoming law.
In general, New York HIPA would place strict requirements on the collection or “processing” of individual health information or “any information that is reasonably linkable” to an individual’s mental or physical health. It would require authorization to process regulated health information unless it is “strictly necessary” for a specific designated purpose. The bill would further give individuals a right to access and request deletion of their health information and require regulated entities to develop and maintain safeguards to protect health data.
New York HIPA is the latest of a series of state privacy laws being considered and passed in recent years, such as Washington State’s recently enacted My Health My Data Act (MHMDA), which imposes a host of requirements for businesses in Washington concerning the collection of “consumer health data.” That law is at the center of a recently filed and potentially precedent-setting class action alleging that advertising software attached to third-party mobile phone apps unlawfully harvested PHI in the form of location data from millions of users. Unlike Washington’s MHMDA, New York HIPA would not provide a private right of action for individuals to file suit, but New York HIPA would empower the attorney general to enforce the law and allow for the imposition of stiff monetary penalties for violations.
Here is a breakdown of some key New York HIPA bill provisions.
Processing Regulated Health Information
New York HIPA, if enacted, would make it generally unlawful for a regulated entity to sell an individual’s regulated health information to a third party or process such information without a valid authorization unless it is “strictly necessary” for specific purposes. The bill details the requirements for obtaining valid authorization and the permissible purposes for processing without authorization. New York HIPA broadly defines “processing” to include the collection, use, access, sharing, sale, monetization, analysis, and retention, among other actions, of an individual’s regulated health information.
Notably, New York HIPA defines “regulated health information” broadly as “any information reasonably linkable” to an individual or device that “is collected or processed in connection with an individual’s physical or mental health,” including “location or payment information that relates to an individual’s physical or mental health” or “any inference drawn or derived about an individual’s physical or mental health.” This expansive definition could include a wide range of data points or information about individuals that might not typically be considered PHI, such as location data and payment information related to trips to the doctor or the gym.
New York HIPA also includes a broad definition of regulated entities. A “regulated entity” would include both entities located in New York that control the processing of regulated health information, and non-New York entities that control the processing of regulated health information of New York residents or individuals who are “physically present in New York.”
Designated Purposes
New York HIPA also sets forth the designated purposes for collecting or processing an individual’s health information without specific authorization. The collection or processing would need to be “strictly necessary” for:

providing a product or service that the individual has requested;
conducting internal business operations, excluding marketing, advertising, research and development, or providing products or services to third parties;
protecting against fraud or illegal activity;
detecting and responding to security threats;
protecting the individual’s “vital interests”; or
investigating or defending a legal claim.

Requests for Authorization
Under the bill, an authorization request must be separate from any other transaction, and individuals must be allowed to withhold authorization separately for each kind of processing. A “valid authorization” must also include several specific disclosures, including “the nature of the processing activity” and “the specific purposes for such processing.”
Individual Rights
New York HIPA would further require regulated entities to provide an “easy-to-use mechanism” for individuals to request access to and delete their regulated health information. Regulated entities would be required to provide access to or delete health data within thirty days of a request. If using a service provider, regulated entities would be required to communicate the request to a service provider within thirty days “[u]nless it proves impossible or involves disproportionate effort.”
Exemptions
The bill exempts certain information from its provisions, including:

“information processed by local, state, and federal governments, and municipal corporations”;
PHI governed by federal regulations under the Health Insurance Portability and Accountability Act (HIPAA);
covered entities governed by HIPAA; and
certain information collected as part of clinical trials.

Notably, the bill does not exempt entities subject to the Gramm-Leach-Bliley Act. Further, the bill does not exempt “business associates” under HIPAA with respect to “regulated health information” that goes beyond traditional PHI.
Security Safeguards
Under New York HIPA, regulated entities would be required to develop and maintain reasonable safeguards to protect the security, confidentiality, and integrity of regulated health information. They would also be required to securely dispose of such information according to a publicly available retention schedule.
The bill does not address the obligations of a regulated entity in the event of a data breach. New York’s data breach notification law (General Business Law § 899-aa), however, was recently amended to expand the definition of “private information” to include medical information and health insurance information, and to impose a thirty-day deadline for businesses to notify New York residents impacted by a data breach.
Service Providers
The bill would require any processing of health information by service providers on behalf of regulated entities to be governed by a written agreement. That agreement would need to include specific obligations for the service provider, such as ensuring confidentiality, protecting the data, and complying with individual rights requests.
Contracts and Waivers
Any contractual provision or waiver inconsistent with New York HIPA would be declared void and unenforceable, meaning individuals would not be able to waive their rights under the law.
Enforcement
New York HIPA would empower the state attorney general to investigate alleged breaches of the privacy requirements and bring enforcement actions. Such actions could result in civil penalties of up to $15,000 per violation or up to 20 percent of the revenue obtained from New York consumers within the past fiscal year, whichever is greater. The bill would also give the attorney general the ability to enjoin violations, seek restitution, and obtain the disgorgement of profits “obtained directly or indirectly” by any violations. Unlike Washington State’s MHMDA, the bill does not include a private right of action for individuals to sue for violations.
Next Steps
New York HIPA underscores the state’s focus, and a broader focus of states across the country, on protecting the privacy of health information. Like Washington’s MHMDA, New York HIPA would broadly define regulated health information as any information reasonably tied to an individual or device and related to an individual’s physical or mental health, including location and payment information. The bill therefore seeks to protect a broader scope of health data than what has been historically viewed as PHI under HIPAA.
New York HIPA has potential far-reaching implications for businesses nationwide that collect or process data of New York residents or individuals located in New York. If the bill is signed into law, such businesses may wish to review and consider changes to their data processing practices, data handling policies, employee training programs, contractual agreements with service providers, and customer agreements. Additionally, they may want to review their websites with respect to collecting user information and providing consumers with opt-outs.
Notably, however, New York HIPA must still be delivered to and signed by Governor Hochul, who may seek to negotiate changes to the bill before signature or effectuate changes later through chapter amendments. The governor has shown a propensity to use such chapter amendments, which refer to changes by the governor that are approved by the legislature through subsequent legislation after the law has been signed. In addition, if enacted, the bill provides that the attorney general can promulgate rules and regulations to enforce the law.

Healthcare Preview for the Week of: March 10, 2025 [Podcast]

(Slim Chance of) Shutdown Week

This Friday is the deadline to pass a budget or enter a government shutdown. The House released a continuing resolution (CR) over the weekend and is scheduled to be in session only until Wednesday. The House Rules Committee plans to meet today to consider the CR, which is expected on the House floor Tuesday.
While the proposed CR does not include several of the large funding cuts that have been discussed, it is not a clean CR. It would:

Fund federal agencies through the end of the fiscal year (September 30);
Limit spending in several, mainly domestic, areas; and
Provide increases for defense spending.

The proposed CR includes the same health extenders that were passed in the December 2024 CR. However, it does not address the scheduled Medicare physician payment cut or other healthcare policies that have been under discussion.
House Democratic leaders strongly oppose the CR, so Republicans likely will need near-complete support (217 votes) from their caucus. President Trump indicated strong support for the CR on social media and asked that no Republicans dissent.
If the CR passes the House, the struggle will move to the Senate, where 60 votes are needed to avert a filibuster. Senator Rand Paul (R-KY) is expected to oppose the CR, which would mean that Republicans need a minimum of eight Democrats to support it.
As with most key votes moving through the 119th Congress, we’ll have to watch to see what happens. While no one is advocating for a government shutdown, if the CR is unable to pass the House or Senate, that will be at least the short-term outcome.
The House will hold a few health-related hearings before Democrats head to their annual retreat at the end of the week. The Senate will hold nomination hearings to consider President Trump’s picks for key health agencies:

Mehmet Oz, MD, as the administrator of the Centers for Medicare and Medicaid Services;
David Weldon as the head of the Centers for Disease Control and Prevention;
Jayanta Bhattacharya as the director of the National Institutes of Health; and
Martin Makary as the commissioner of the US Food and Drug Administration.

These are the only hearings scheduled for these nominees, and they likely will be voted out of their respective committees and confirmed.
Today’s Podcast

In this week’s Healthcare Preview, Debbie Curtis and Rodney Whitlock join Maddie News to discuss the status of government funding and next steps to avoid a shutdown later this week, as House Republicans work to garner votes for their recently released continuing resolution.

Fashionably Late: Implementation of the New York Retail Worker Safety Act Delayed to June 2025 (US)

On February 14, 2025, the New York Retail Worker Safety Act, initially set to take effect March 4, 2025, was amended (S.B.740), and the new effective date moved to June 2, 2025.
Background
On September 4, 2024, New York Governor Kathy Hochul signed the New York Retail Worker Safety Act (the Act) (S.B. 8358-C/A. 8947-C) into law. The Act, which adds Section 27-e to the New York Labor Law, requires employers with ten or more retail employees to develop and implement workplace violence prevention programs. The law also mandates employers provide training on the workplace violence programs and to install silent response buttons (SRBs) in retail stores, defined as stores that sell “consumer commodities at retail and not primarily engaged in the sale of food for consumption on its premises.”
New York joins a broader trend of state legislatures enacting laws to address growing concerns of workplace violence, driven by the rise in mass shootings, and, in the retail sector, large-scale, coordinated shoplifting and increasing confrontations and violence against retail workers. For example, on July 1, 2024, California’s Workplace Violence Prevent Act, which we previously covered here, went into effect and applies broadly to most private-sector California employers with additional requirements for healthcare facilities and other industries with a high risk of workplace violence. Notably, other states have workplace prevention laws, though many are specifically focused on the healthcare sector, such as hospitals.
Key Requirements of the New York Retail Worker Safety Act (Incorporating the 2025 Amendments)
Workplace Violence Prevention Programs
In New York, retail employers must develop and implement programs to prevent workplace violence by either:

adopting the model workplace violence prevention program, which the New York Department of Labor (NY DOL) has been instructed to develop, and which is anticipated to be released in advance of the employer implementation deadline; or
establishing a workplace violence prevention program that meets or exceeds the NY DOL’s minimum standards.

Retail Worker Safety Training & Policy
Retail employers must provide their workplace violence prevention policy to retail employees in writing at the time of hire. Training can be conducted using either the model training program to be developed by the NY DOL, or by a customized program that meets or exceeds the NY DOL’s minimum standards. The training must be interactive and include:

examples of measures retail employees can use to protect themselves when faced with workplace violence from customers or other coworkers;
de-escalation tactics;
active shooter drills;
emergency procedures; and
instruction on the use of security alarms or buttons and other related emergency devices.

Training requirements are specified and vary in accordance with employer size. Specifically, as amended, the Act requires:

smaller retail employers – those with between 10 and 49 employees – to provide training at the time of hire and then every two (2) years thereafter; and
larger retail employers with 50 or more employees to provide the training at the time of hire and annually thereafter.

The model policy is expected to identify certain risk factors for workplace violence, including:

working late night or early morning hours,
exchanging money with the public,
working alone or in small numbers, and
permitting uncontrolled access to the workplace.

The NY DOL will issue its model policies and training materials in English and the 12 most common non-English languages spoken in New York, as based on U.S. Census Bureau data. 
Silent Response Buttons
Among the amendments to Act, the requirement for panic buttons alerting law enforcement has been replaced with silent response buttons (SRBs). But only large retail employers with 500 or more employees statewide must provide employees with SRBs to request immediate assistance from security officers, managers, or supervisors during emergencies. The SRBs may be:

installed in an easily accessible workplace location, or
a wearable or mobile phone-based button.

Employers should note that the compliance deadline for SRBs remains January 1, 2027.