Healthcare Preview for the Week of October 20, 2025 [Podcast]
We are 20 days into the government shutdown, making this the longest full shutdown in US history (the 35-day shutdown in 2018 – 2019 was partial). Pressure to end the shutdown grows as more federal employees and programs remain uncompensated; however, there is no resolution in sight.
November 1, 2025, could be a flashpoint that increases pressure to open the government. The date marks the beginning of open enrollment for health insurance purchased through the Affordable Care Act Marketplace . Millions of people who get coverage from the Marketplace will face monthly premiums that are likely hundreds of dollars more than they were last year. Democrats continue to advocate for an extension of the Marketplace’s advanced premium tax credits (APTCs) that expire December 31, 2025, as part of any deal to reopen the government, while Republicans maintain that they will not negotiate on APTCs until the government reopens. Both sides are balancing the policy considerations with political messaging and who gets to take credit or blame. States have also received notice from the US Department of Agriculture (USDA) that Supplemental Nutrition Assistance Program funding will become insufficient after October 31, 2025. USDA encouraged states to develop contingency plans to fulfill those needs. That will also add pressure for federal action.
The House is in recess again this week and has not voted since passing a “clean” continuing resolution (CR) on September 19, 2025, to extend government funding until November 21, 2025.
The Senate is in town and in session. Health-related committee action includes reviewing shoppable services in the Committee on Aging and reviewing the 340B Program in the Committee on Health, Education, Labor, and Pensions.
Senators will also vote on the House-passed CR for the 11th time, and the vote is expected to fail. Later this week, Majority Leader John Thune (R-SD) plans to introduce a bill to pay military and essential federal employees during the shutdown. If the bill passes the Senate, the House might be forced to come back from recess to vote. Returning from recess presents the opportunity for more debate, and it would also mean that Representative-elect Adelita Grijalva (D-AZ) would be sworn in.
President Trump, who has historically been a significant motivating force in the Republican party, has been largely uninvolved in the shutdown negotiations. He is hosting a White House luncheon for congressional Republicans tomorrow to thank them for sticking together during the shutdown. We must wait and see what determining factors will finally get us out of this shutdown.
Today’s Podcast
In this week’s Healthcare Preview podcast, Debbie Curtis and Rodney Whitlock join Erin Fuller to discuss the ongoing government shutdown and the upcoming Senate HELP Committee hearing on the 340B program.
Key issues in Medicare Advantage
The past several years have been active in the policy space for Medicare Advantage (MA) stakeholders, including 2025, which has seen two final rules released (to date), following publication in December 2024 of a proposed rule addressing policy and technical changes to MA and Part D. The Centers for Medicare & Medicaid Services (CMS) released a final rule in April that addressed some proposals from that rule, and the agency recently issued a second final rule addressing additional proposals. A new proposed rule is under review at the Office of Management and Budget. As we await further CMS rulemaking and potential policy action in the MA space, this +Insight examines the status of six key MA issues – prior authorization, risk adjustment, Star Ratings, supplemental benefits, provider directories, and marketing – and considers likely next steps for policymakers.
Prior authorization
Key takeaway: Following several years of increased regulation and bipartisan scrutiny around prior authorization, the likelihood of further CMS action in the near term is unclear. Congressional action on prior authorization remains a possibility.
Prior authorization refers to processes that require providers to give advance notice to and receive approval from health plans before a service may be performed and reimbursed by the plan. While prior authorization (and other utilization management tools) is used by payers in various market segments, the issue has recently received significant attention in the context of MA.
Prior authorization is a key tool that helps plans reduce unnecessary spending, allowing them to deliver benefits at a lower cost than traditional Medicare and provide supplemental benefits, including premium and cost-sharing reductions that make Medicare coverage more affordable for many Americans. For providers, however, prior authorization creates additional administrative burdens, requiring time and resources to submit prior authorization requests according to different payers’ rules and, in some cases, limiting coverage for services that a treating provider believes are appropriate. As with many aspects of the healthcare delivery system, battles over prior authorization have received considerable attention in recent years.
CMS has taken steps to impose clearer rules around prior authorization in MA. In 2023, CMS finalized a rule clarifying when MA plans may use prior authorization, specifying that prior authorization may only be used to confirm the presence of diagnoses or ensure an item or service is medically necessary. CMS also specified that a prior authorization approval must remain valid for as long as medically necessary, including through the first 90 days after an individual switches to a new MA plan while undergoing active treatment. Finally, CMS specified that MA plans must abide by national coverage determinations, local coverage determinations, and general coverage rules in traditional Medicare.
Subsequently, a December 2024 rule proposed several additional clarifications and limitations on plan use of prior authorization, including removing plans’ ability to add new or unrelated criteria when using internal coverage rules to supplement existing traditional Medicare coverage criteria. CMS proposed to require that plans post additional information about the use of prior authorization on their websites. CMS also proposed additional rules about when plans may reopen decisions around inpatient care. CMS finalized the limitations on post-service payment reviews but has otherwise not taken action on the proposed prior authorization provisions.
Prior authorization in MA has also been the subject of proposed legislation for many years. Most recently, the Improving Seniors’ Timely Access to Care Act was introduced in May 2025 and would codify provisions from the 2024 CMS Interoperability and Prior Authorization Final Rule to facilitate an electronic prior authorization process in MA. The legislation would require faster approval timelines for prior authorization than currently required under regulation.
In June 2025, AHIP and the Blue Cross Blue Shield Association, on behalf of their member plans, jointly announced a set of voluntary commitments to address concerns raised by patients, providers, and policymakers. Industry leaders subsequently joined CMS, HHS, and congressional leaders to announce a “voluntary pledge” to standardize prior authorization submission interfaces, reduce the number of medical services subject to prior authorization, recognize existing prior authorization approvals when individuals transition across insurers, increase the share of prior authorization requests that are answered in real time, improve communication with providers and patients, and ensure that only medical professionals make decisions to deny a prior authorization request.
While the announcement applies to various health subsectors beyond MA, this voluntary commitment by the industry may reduce the likelihood of additional agency action on prior authorization in the short term. It is still possible CMS may address prior authorization in the upcoming proposed rule, but any changes are likely to be focused on clarifying existing rules and definitions rather than proposing new restrictions.
Risk adjustment
Key takeaway: Risk adjustment will continue to be a focus for policymakers, but the path forward is uncertain.
Medicare pays MA plans, in part, based on the health status of the individuals enrolled in the plan. Risk adjustment ensures that plans have an incentive to enroll both healthy and sick individuals and that they receive payments sufficient to provide needed benefits and services. While the concept of risk adjustment is straightforward, its implementation is not. Three elements of risk adjustment policy are important for the industry to keep an eye on:
Risk model
In 2023, CMS introduced an updated version of the risk model that determines the payment adjustments made for specific demographic and health conditions of MA enrollees. Known as version 28 (v28), the updated risk model phased in over three years beginning in 2024. One hundred percent of risk adjustment payments will be determined by v28 in 2026. Many MA plans were opposed to the introduction of v28, and a number have pointed to the updated model as one reason for worsening financials in the MA market in recent years.
Following full implementation of v28, a key question is what lies ahead for the MA risk adjustment model. In the 2026 Advance Notice released earlier this year, CMS said that work was underway to develop a new risk model based on encounter data, reflecting utilization and health status of MA enrollees rather than that of traditional Medicare beneficiaries, which is the current norm. CMS suggested the agency could be ready to shift to an “encounter data calibrated” model as soon as 2027. That shift would likely bring significant changes to risk adjustment payments across plans and potentially for the industry in general. However, the impact would depend on how CMS chooses to implement such a model. To date, CMS has not released any specific information about how an encounter data model would be operationalized. Stakeholders have long encouraged CMS to share information about a potential transition of this magnitude well in advance and allow sufficient time for feedback and discussion. The fact that CMS has not shared additional information about ongoing work around the risk model may be a sign that an encounter data model is off the table for 2027.
RADV audits
In 2023, CMS released a long-awaited rule finalizing a methodology for conduct of risk adjustment data validation (RADV) audits that examine the accuracy of the diagnosis codes that plans submit to CMS for determining risk adjustment payments. In the intervening two years CMS moved slowly to begin finalizing audits that had been underway prior to the final rule and preparing for initiation of new audits. Then in May 2025, CMS surprised many by announcing a sudden and dramatic increase in new RADV audit activity, stating that all eligible contracts going forth would be audited every year and audits – including many that had not yet been initiated – would be finalized in a matter of months. To accomplish this, CMS anticipated hiring hundreds of medical coders to determine diagnosis code accuracy and using technology to support the process.
Another big development came recently when a judge invalidated the 2023 rule in a court case challenging the rule. The government may appeal the ruling, leaving the ultimate status of the rule – and the methods, timing, and impact of RADV audits on risk adjustment payments in MA – uncertain.
Coding intensity
To account for purported differences in the completeness of diagnosis coding between traditional Medicare and MA, CMS reduces MA risk scores by a certain percentage. Congress has specified that the reduction must be at least 5.9%. CMS has authority to increase the reduction but has not done so to date. Bipartisan legislation introduced earlier in 2025 would direct CMS to change its approach to coding intensity adjustments in MA payments. The outlook for the legislation is uncertain.
Star Ratings
Key takeaway: Methodological changes to Star Ratings in recent years have contributed to declines in ratings across the industry, with the potential for additional changes ahead that will require plans to adapt in order to maintain and improve ratings.
All MA and Part D plans receive an annual Star Rating – between 1 and 5 stars – that captures plan performance across a set of measures reflecting patient satisfaction, quality of care, and customer service. Star Ratings offer beneficiaries important information about plan quality as they make enrollment decisions. In addition, plans that achieve an overall rating of 4 or more stars are eligible for bonus payments of 5%, and Star Ratings determine the generosity of rebates that plans use to fund supplemental benefit offerings.
Bonuses and higher rebates serve as strong incentives to improve quality, but they have also increased scrutiny of plan performance and the Star Ratings system more generally. Between 2011 and 2022, the average Star Rating rose from 3.18 to 4.37, and the share of MA enrollees in plans rated 4 stars or higher grew from 24% to 90%.
Along with overall increases, ratings for many individual measures have risen and are now topped out, with very high thresholds for 4 or 5 stars. For the 2026 ratings, plans must achieve perfect scores to be rated 5 stars on four measures. For two of those measures, plans must achieve at least 90% success to receive even 3 stars.
The list of measures included in the Star Ratings is ever-changing. As measure developers, such as the National Committee for Quality Assurance (NCQA) and the Pharmacy Quality Alliance (PQA), create new measures or alter the specifications of existing measures, CMS makes annual changes to the list of Star Ratings measures. CMS has also made numerous technical changes to the way ratings are calculated in recent years, including modifying the weighting of individual measures to give greater weight to clinical outcome measures and adopting a new statistical technique that removes outliers before establishing rating thresholds.
The changes made in recent years have reduced the number of plans earning 4 stars or higher and, therefore, those earning bonus payments. For 2025, the share of enrollees in bonus-eligible plans declined to 62%, down from the high of 90% in 2022; bonus payments in 2025 are expected to total $12.7 billion. MA plans have expressed concerns about CMS’ administration of the Star Ratings program and called for changes – through both litigation and advocacy – to address the issues.
More changes to Star Ratings measures and methods are likely. A new index measure, initially called the Health Equity Index but renamed to the Excellent Health Outcomes for All (EHO4all) in the 2026 Rate Announcement, is scheduled to go into effect for the 2027 Star Ratings, which will debut in October 2026. The new index is intended to capture how well plans improve performance for populations with social risk factors, including disabled enrollees and low-income enrollees who qualify for Medicaid benefits or the Part D low-income subsidy. The EHO4all index would replace an existing reward factor that boosts the Star Rating for plans that consistently perform at a high level. The EHO4all index has received considerable attention from plans not only because it is new and performance is unknown but also because it upends existing rewards for high-achieving plans. However, in recent months, CMS has moved to de-emphasize health equity activities, and the agency could move to delay, modify, or cancel the planned adoption of the EHO4all index in upcoming rulemaking.
Another change we could see is an additional technical adjustment to the ways ratings are calculated. In a 2022 rule, CMS proposed removing guardrails that prevent measure thresholds from changing too dramatically from one year to the next. Although CMS has not finalized this provision to date, the agency indicated in late 2024 that it is considering doing so in upcoming rulemaking. While technical in nature, if finalized, this change could have significant implications for measure thresholds and plan ratings. A recent analysis found that 22 measure thresholds were affected by existing guardrails for 2026 ratings and 24 were affected for 2025 ratings. Removing these guardrails could lead to share changes in measure thresholds and unexpected shifts in ratings as plans adjust.
More generally, CMS has signaled interest in streamlining the Star Ratings measure set and focusing on Universal Foundation measures, which the agency describes as “a core set of measures that are aligned across CMS programs.” While the Universal Foundation concept is still evolving (as are the included measures), CMS may become more active in this area in future rulemaking.
Supplemental benefits
Key takeaway: Supplemental benefits face increased scrutiny, and plans are under pressure to demonstrate the value these benefits deliver to enrollees.
When an MA plan bids below the benchmark amount in its service area, the plan receives a portion of the difference between the bid and the benchmark to fund additional benefits for its members, beyond those benefits and services required under the traditional Medicare program. Over time, MA plan bids have decreased, increasing the availability of supplemental benefits. Supplemental benefits can include things like dental or vision benefits, hearing aids, reduced-cost fitness memberships, travel coverage, transportation to medical appointments, home-delivered meals following a hospital admission, and many others [1]. In recent years, plans are also allowed to offer supplemental benefits that fall outside traditionally health-related services to beneficiaries with certain chronic illnesses, known as special supplemental benefits for the chronically ill. Benefits – such as payment for home modifications or assistance with housing, food, and nutrition – are allowed when the plan shows evidence that they can contribute to improved health.
Good information on supplemental benefit offerings is readily available, but information on beneficiary use of these benefits is limited. While MA plans are required to submit records for all enrollee encounters in which a plan-covered service is provided, including supplemental benefit services, data limitations mean that few supplemental benefit encounter records have been submitted. CMS has taken steps in recent years to increase information about supplemental benefit utilization. In 2024, the agency announced new steps to make supplemental benefit encounter submissions more feasible and put plans on notice that they must submit supplemental benefit records for 2024 (and future) encounters. In a 2022 final rule, CMS expanded medical loss ratio reporting to require plans to break out spending for specific categories of supplemental benefits and expanded Part C reporting requirements to include utilization and spending across a wide set of supplemental benefit categories.
All these steps are promising, but they are slow to produce data that CMS and policymakers can use to assess the value that supplemental benefits and the Medicare spending that funds them are delivering to enrollees. In its most recent report to Congress, the Medicare Payment Advisory Commission expressed concerns about the ongoing lack of reliable data on supplemental benefit utilization and spending. Plans are likely to face continued pressure to demonstrate the value that enrollees receive from these benefits. In an effort to ensure enrollees know about and use the supplemental benefits available to them, CMS imposed new requirements on plans to notify enrollees of benefits that remain unused mid-year. The requirement was expected to go into effect in 2026, but CMS recently announced a delay in enforcement “until further notice.” This move may signal the agency’s intention to revise or remove the requirement in upcoming rulemaking.
Supplemental benefits are also vulnerable following several years of rate pressure. Payers, including those in the MA space, have reported increases in service use in the years following the COVID-19 pandemic, which have driven up costs. At the same time, CMS implemented various changes in the way MA plan payments are determined, including technical changes to the benchmark calculations and introduction of a new risk adjustment model, both of which reduced funding to plans. As a result, plans have fewer dollars available to put toward supplemental benefits, leading some plans to pull back on their supplemental benefit offerings for 2025 and 2026. Initial indications for 2026 suggest reductions in the generosity of supplemental benefits, though CMS has said availability of key supplemental benefits such as dental, vision, and hearing will remain “stable.”
Provider directories
Key takeaway: CMS has moved decisively to improve access to provider directory information for beneficiaries and enrollees, but ongoing concerns about the accuracy of information make further policy action likely.
The majority of MA participants (56% in 2024) enroll in health maintenance organizations (HMOs), which limit coverage to providers within the health plan’s network. Enrollees rely on the plan’s provider directory for participating providers, their location, and their contact information. Beneficiary advocates and CMS have long expressed concerns about the accuracy of these provider directories, which is a multifaceted issue as MA plans rely on receipt of accurate and timely information updates from providers in order to keep these materials up to date.
Concerns about the accuracy of provider directories is not limited to MA; the issue extends across health insurance markets. In 2022, CMS published a Request for Information seeking feedback on the concept of a National Directory of Healthcare Providers & Services. Insurers pointed to the shared responsibility between payers and providers to make sure directory information is complete and up to date, while providers urged CMS to build on existing efforts to collect provider information. CMS now requires qualified health plans offering coverage through the federally facilitated exchange to submit information on participating providers in a format that allows the information to be readable and accurate.
Over the past year, CMS has taken several steps to improve beneficiary access to information on which providers participate in an MA plan’s network. In the December 2024 rule, CMS proposed to require that plans submit provider directory data to the agency and do so in a way that allows for inclusion of the data on the Medicare Plan Finder website, which beneficiaries use to compare Medicare plan options. CMS then announced in late August 2025 that provider directory information would be added to Medicare Plan Finder in time for the 2026 open enrollment period, which began in October. In a memo to plans, CMS said it was partnering with a technology company to supply in-network provider and facility data for inclusion on Medicare Plan Finder. In the absence of final rulemaking, plans were encouraged, but not required, to submit information to the contractor. According to the memo, in cases where the plan does not submit the information, Medicare Plan Finder would include a link to the company’s website. However, that option will soon go away because, in the second final rule published in September, CMS finalized the requirement that plans submit provider directory data beginning January 1, 2026.
The move to add provider directory information to Medicare Plan Finder is likely not the last word on provider directories. Plans and providers will almost certainly continue their push for CMS to lead development of a national provider directory that would reduce administrative burden and the patient friction that results from inaccurate information.
Marketing
Key takeaway: After moves to tighten oversight of marketing activity in MA over several years, this issue seems to be less of a priority for further policy action in the immediate future.
The way MA plans are marketed, including the role of agents, brokers, and third-party organizations in influencing individual enrollment choices, has received considerable attention in recent years. In 2022 the National Association of Insurance Commissioners sent a letter to Congress outlining concerns about MA plan marketing and urging Congress to examine the issue. Democratic members of the Senate Finance Committee issued a report in March 2025 describing examples of problematic marketing materials and the role that third-party marketing organizations play in MA enrollment.
In response, CMS has issued new rules that impose tighter oversight of marketing ads and limit the activities of agents and brokers in marketing to Medicare beneficiaries. While some of those rules have taken effect, others remain unimplemented. Following finalization of new restrictions on how broker compensation may be structured and limitations on certain payment amounts, court rulings prevented CMS from moving forward with the new rules. In June 2025, CMS officially reversed the rules in light of the ongoing litigation. In the 2026 proposed rule released in December 2024, CMS proposed to expand the definition of marketing materials subject to CMS review, allowing the agency tighter control over communications between plans and potential enrollees. CMS did not address this provision in either the two final rules released in 2025.
[1] Supplemental benefits also include reductions in cost sharing for services covered by traditional Medicare, reductions in premiums for Part B or Part D coverage integrated with the MA plan, and enhancements to standard Part D coverage. These types of supplemental benefits are an important source of value to enrollees, and information on their use is available through prescription drug event and encounter data records. This section is focused on additional services that are not covered under the traditional Medicare program.
Triage- RWI in Healthcare M&A- Part 2 [Podcast]
In part two of this two-part series, Matt Miller and Andrew Lloyd analyze representations and warranties insurance (RWI) in the healthcare M&A landscape.
They discuss the process of finding and securing an insurance underwriter, practical tips for structuring and negotiating RWI policies, how to navigate a claim after the policy is in place, and future trends in the RWI market.
This Week in 340B: October 7 –13, 2025
Find this week’s updates on 340B litigation to help you stay in the know on how 340B cases are developing across the country. Each week we comb through the dockets of more than 50 340B cases to provide you with a quick summary of relevant updates from the prior week in this industry-shaping body of litigation. Get more details on these 340B cases and all other material 340B cases pending in federal and state courts with the 340B Litigation Tracker.
Issues at Stake: Contract Pharmacy; Other
In one case brought by a drug manufacturer challenging a North Dakota state law governing contract pharmacy arrangements, the defendants filed their answer.
In one case brought by a drug manufacturer challenging a Missouri state law governing contract pharmacy arrangements, the plaintiff-appellant filed their reply brief.
In one case brought by a drug manufacturer challenging an Oklahoma state law governing contract pharmacy arrangements, the plaintiff filed a motion for preliminary injunction.
In one case brought by a trade association of drug manufacturers challenging a Rhode Island state law governing contract pharmacy arrangements, the plaintiff filed a motion for preliminary injunction.
In one case brought by a drug manufacturer challenging a Maine state law governing contract pharmacy arrangements, the court granted the parties’ motion to stay pending resolution of the plaintiff’s appeal.
In one case brought by a drug manufacturer challenging a Colorado state law governing contract pharmacy arrangements, a group of amici filed a supplemental amicus curiae brief in support of defendant’s motion to dismiss.
In two cases brought by a drug manufacturer and a trade association of drug manufacturers challenging a Hawaii state law governing contract pharmacy arrangements, the defendant in each case filed a reply memorandum in support of its motion to dismiss.
In one case brought by a drug manufacturer challenging a Tennessee state law governing contract pharmacy arrangements, the defendant filed a motion to dismiss.
In one case by a drug manufacturer challenging an Arkansas state law governing contract pharmacy arrangements, the drug manufacturer filed a sealed response to the government’s motion for summary judgment.
In one case brought by a drug manufacturer challenging a Utah state law governing contract pharmacy arrangements, the plaintiff file a response to the government’s notice of supplemental authority.
In one case by a covered entity against an insurance company alleging breach of contract, the insurance company filed a motion to withdraw its motion to dismiss.
AB 1501 Becomes Law: How It Will Reshape California PA Practice
California’s physician assistant (“PA”) practice landscape is set to undergo significant transformation following the enactment of California Assembly Bill 1501 (AB 1501), which was signed into law by Governor Newsom on October 1, 2025, and will take effect on January 1, 2026. Among its key provisions, AB 1501 extends the authority of the California Department of Consumer Affairs’ Physician Assistant Board (the “Board”) through January 1, 2030, increases the physician-to-PA supervision ratio from 1:4 to 1:8 in all settings, and directs the Board to study scope-of-practice structures—with input from stakeholders—to evaluate potential models from other states that could benefit California. These modernization efforts are designed to enhance healthcare access and better align PA practice with current workforce demands. This article summarizes the key reforms implemented by AB 1501 and offers guidance on how PAs and their practices can prepare for these new requirements.
Current Legal Framework
Although PAs play a vital role in care delivery, their authority is subject to certain limitations. California law sets out specific rules on the scope of PA practice, supervision requirements, and the circumstances under which PAs may diagnose, treat, or prescribe. PAs must only provide services they are competent to perform, based on their education, training, and experience. Further, PAs must practice under a practice agreement with a supervising physician (MD or DO), which expressly sets out the PA’s medical services, supervision protocols (direct or indirect), and any prescribing or treatment limitations.[1]
Current laws impose a 1:4 physician-to-PA supervision ratio in most settings, with an increased ratio of 1:8 allowed for PAs who perform in-home health evaluations. [2] The supervising physician is required to maintain a current, unrestricted license and must be readily available for consultation—whether by phone or electronic communication—when the PA is treating patients.[3] Collectively, these rules are intended to protect patient safety while enabling PAs to operate within a regulated structure.
Key Reforms Under AB 1501
AB 1501’s legislative amendments are codified under the California Business and Professions Code. The bill introduces several important changes to California’s PA practice such as:
Expanded Supervision Ratios: AB 1501 increases the number of PAs that a physician (MD or DO) may supervise at any time from 4 to 8 across all practice settings. This amendment also removes the previous exception for PAs exclusively performing in-home health evaluations, creating a uniform supervision ratio of 1:8 statewide.
Comprehensive Review of Practice Agreements: The Board is required to conduct a thorough review of practice agreement structures, in consultation with relevant stakeholders. This review will examine the utilization and impact of practice agreements in other states and assess potential benefits or drawbacks for patient care, workforce efficiency, and regulatory oversight in California. Certain key stakeholders, such as the California Academy of Physician Associates (“CAPA”), participated in several meetings with the Board to discuss the current state of PA practice in California and its impact on healthcare access relative to other states. CAPA highlighted the significance of the reform, noting that, “while many other states have waived the ratio entirely, doubling here in California represents real progress that will immediately benefit patients.”[4]
Extension of PA Board Operations: The bill extends the operation of the Board—which oversees PA licensing and regulation—through January 1, 2030.
Updated Licensing Fees: AB 1501 establishes certain new and increased application and license fees for PAs, while also setting maximum fee limits for certain types of licenses and application fees.
Electronic License Renewals: PA license renewal applications will now be required to be submitted via an electronic form, or other form, as provided by the Board.
Next Steps
With the recent enactment of AB 1501, PAs and their practices may consider the following:
Review current supervision structures and practice agreements to identify all PAs and assess existing supervisory ratios to ensure compliance with the new 1:8 physician-to-PA limit, regardless of care setting.
Revisit practice agreements to ensure roles, PA duties, and supervision protocols remain clear and are updated in line with the evolving Board guidance.
With the implementation of a greater PA ratio, PAs and supervising physicians should maintain thorough documentation and clear communication, particularly during the transition period, to ensure correct monitoring and maintain appropriate standards of patient care.
Supervising physicians and PAs should proactively review their insurance coverage in light of the new supervision ratios and other changes introduced by AB 1501 to ensure continued protection and compliance.
Practices and PAs should stay actively informed about potential updates to PA practice regulations and additional Board guidance regarding practice agreements.
Conclusion
In sum, AB 1501 marks a significant shift in the practice landscape for California PAs, introducing greater supervisory flexibility and modernizing regulatory frameworks. Now that AB 1501 has been signed into law, practices and PAs should remain actively informed about its provisions and monitor any further implementation guidance issued by the Board. We will continue to monitor legislative and regulatory developments closely and provide updates as new information becomes available.
FOOTNOTES
[1] Cal. Bus. & Prof. Code §§ 3501(k); 3502.3.
[2] Id. at § 3516.
[3] Id. at 3502.
[4] Cal. AB 1501, Assembly Floor Analysis, dated September 10, 2025, pg. 4.
The GLP-1 Effect: Innovative Care Delivery Models and Compliant Disease Management
GLP-1 therapies represent both a transformative opportunity and a complex regulatory challenge. They are reshaping the way obesity and chronic disease are treated, opening doors for innovative care delivery models that promise improved patient outcomes. At the same time, the regulatory environment is highly fragmented, requiring careful attention to federal FDA rules as well as state-specific variations in prescribing and reimbursement.
Ultimately, success in this space requires organizations to align clinical innovation with legal and regulatory compliance. Companies that stay ahead of evolving FDA guidance, adapt to changing state laws, and build sustainable compliance frameworks will be best positioned to thrive. The panel emphasized that investment in compliance infrastructure is not simply a legal safeguard, but also a strategic enabler for scaling GLP-1 programs.
Key discussion points included:
GLP-1 Background and Clinical Applications
FDA-approved GLP-1 drugs are approved for several clinical indications including obesity, type 2 diabetes, and reducing cardiovascular risk. Emerging research suggests certain GLP-1 drugs can also be beneficial for off-label uses, such as substance use disorder, alcohol use disorder, polycystic ovary syndrome (PCOS) care, and autoimmune disease care. However, practitioners should be aware of how varying laws may impact off-label prescribing.
FDA’s ‘Green List’ for GLP-1 APIs
The FDA has introduced a ‘Green List’ import alert to ensure that only GLP-1 Active Pharmaceutical Ingredients (APIs) from FDA-vetted international manufacturers are allowed into the US market. This measure is intended to maintain the safety and quality of GLP-1 drugs’ API originating overseas. APIs from sources not on the ‘Green List’ are subject to detention without physical examination, preventing potentially unsafe or low-quality products from reaching patients.
State-specific regulations
Providers must be aware of and comply with state-specific regulations that impact the prescribing and reimbursement of GLP-1s for weight loss. For example, in Alabama, an in-person assessment is required before issuing a refill for non-controlled substances used for weight reduction. In Louisiana, only FDA-approved GLP-1s for weight loss can be prescribed, and providers must ensure that these drugs are used for their approved indications. Understanding these laws is essential for avoiding legal issues and ensuring proper payment for services.
Innovative care delivery models
Innovative care delivery models for GLP-1 drugs offer opportunities to improve accessibility, affordability, and patient outcomes, but require careful regulatory compliance. These models include synchronous and asynchronous patient evaluations, telehealth and telemedicine for remote prescribing, and partnerships with Pharmacy Benefit Managers (PBMs) and pharmacies. When exploring innovative care delivery models, it is important to understand the patchwork of laws and requirements around issues such as patient consent, maintaining thorough record keeping, coordinating care, and ensuring follow-up care.
FDA enforcement on Direct-to-Consumer (DTC) advertisements
The FDA is actively monitoring and cracking down on misleading DTC) advertisements, especially those that claim compounded drugs are equivalent to FDA-approved drugs or are clinically proven without proper evidence. Stakeholders should be cautious of such claims and ensure messaging is aligned with the FDA’s guidance. This enforcement helps ensure that patients receive accurate information about their options.
Compliance Best Practices
To navigate this evolving landscape, companies should adopt a risk-based compliance framework that covers prescribing practices, marketing, dispensing, and patient engagement. This means implementing clear protocols around state-specific prescribing rules, compounding restrictions, and telehealth standards. A strong emphasis should also be placed on protecting patient privacy and data security, particularly when digital health platforms are involved.
Compliance cannot be treated as a one-time exercise but must be built into the operational culture of an organization. Regular provider and staff training ensures that those on the front lines understand the latest requirements and are equipped to apply them in practice. In addition, leadership should prioritize compliance audits and proactive monitoring to identify and address issues before they escalate, particularly as the enforcement landscape continues to develop.
Watch the Webinar Here
Cyber Insurer Sues Policyholder’s Cyber Pros
Ace American Insurance Company (“Ace”) recently filed a subrogation lawsuit against two technology and cybersecurity providers, following a cybersecurity incident suffered by an insured policyholder that had engaged the providers. This case highlights the growing risk of subrogation lawsuits following a cybersecurity incident.
When a cybersecurity incident occurs and the insurer pays out the claim, they often face the frustrating reality that pursuing the actual criminals – the threat actors – for indemnification is virtually impossible. Thus, insurers are now turning to subrogation claims against the very cybersecurity vendors entrusted by policyholders to protect their systems. Indeed, insurers are increasingly examining whether outsourced cybersecurity providers may have breached their contractual obligations or failed to deliver adequate protection, leading to the loss. This shift means policyholders may find their cybersecurity vendors facing legal action from their own insurer, creating a new layer of risk in vendor relationships.
Last month, Ace filed a subrogation action against its insured’s cybersecurity and technology vendors, alleging missteps by the technology companies. See Ace American Insurance Company v. Congruity 360, Trustwave Holdings, Case No. 2:25-cv-15657 (D.N.J. Sep. 15, 2025). Ace seeks to recover the $500,000 in damages it paid to its insured, CoWorx, under the cybersecurity policy issued by Ace. Ace alleges that its insured’s cybersecurity incident occurred as a result of Congruity 360 and Trustwave’s negligence. Ace also asserts breach of contract against both defendants.
The complaint details several alleged bases for Ace’s subrogation action against the technology companies contracted by its insured. Against Congruity 360, Ace claims that the contract between CoWorx and Congruity 360 required Congruity 360 to set up multifactor authentication and secure network servers for CoWorx. Ace further alleges that Congruity 360 failed to do so, leading to installation of ransomware. The claims against Trustwave are similar. Ace alleges that Trustwave failed to properly notify the appropriate parties of the cybersecurity incident, preventing CoWorx from being able to take relevant proactive action and significantly increasing CoWorx’s damages from the incident.
Subrogation actions by cyber insurers are becoming more prevalent and cyber insurers frequently request vendor contracts from their insureds following a cyber incident so that the insurer can evaluate potential subrogation rights. Insurers are likewise scrutinizing a policyholder’s security controls during policy underwriting, looking for evidence that policyholders are managing vendor risk proactively and contractually, to help set premiums and respective policy language. This underscores that, in today’s cyber insurance landscape, the quality of vendor contracts can directly impact coverage, claims, and exposure to third-party litigation.
“For” the Sake of Clarity: Ambiguity in Cyber Policy Favors Coverage
A New Mexico Court of Appeals decision illustrates that when a policy term is undefined and ambiguous, the term must be interpreted liberally and in favor of coverage. In Kane v. Syndicate 2623-623 Lloyd’s of London, 2025 WL 1733046 (N.M. Ct. App. June 16, 2025), the court affirmed summary judgment for a policyholder and held that a cyber liability policy afforded coverage for the policyholder’s loss that resulted from a post-breach fraudulent funds transfer because the preposition “for” was broad enough to afford coverage for a third party claim resulting from a security breach.
Background
After New Mexico Health Connections’ (NMHC) email system was hacked, a bad actor emailed fraudulent invoices on the form that one of NMHC’s vendors used for its invoices. The fraudulent invoices altered the receiving bank account information and requested over $4 million before sending them to NMHC’s accounting department. NMHC wired payment to the fraudulent bank account listed on the invoices, believing that it was paying its vendor. Eventually, the vendor contacted NMHC seeking payment for the actual invoices, which caused NMHC to discover the security breach.
NMHC failed to pay the vendor who was awaiting payment for the vendor’s original invoices. The vendor then demanded payment from NMHC. NMHC then tendered the vendor’s demand to its insurer and requested defense and indemnification. The insurer denied third party coverage for the claim taking the position that the vendor’s claim for the unpaid invoice amounts did not trigger third-party liability coverage under the policy for a security breach, and even if it did, the policy’s loss of money exclusions barred coverage for the third-party claim. In response, NMHC filed a lawsuit in district court against the insurer for breach of the policy’s third-party liability provision.
While the parties did not dispute that the policy’s fraudulent instruction coverage applied, their dispute rested on whether the vendor’s third-party claim for the unpaid invoices was a claim “for” a security breach.
The district court granted summary judgment in NMHC’s favor and concluded that the policy’s third-party liability provision covered the vendor’s claim against “for” a security breach because the claim “arose from” a security breach and “flowed from a security breach.” The district court also held that the exclusions cited by the insurer were inapplicable.
Court of Appeals Decision
The insurer appealed to the New Mexico Court of Appeals asserting, as it did in the district court, that the policy’s third-party liability coverage does not apply because the vendor’s claim was not a claim “for” a security breach and that the policy’s exclusions relating to loss of money barred coverage.
The Court of Appeals examined the policy’s third-party coverage data and network liability coverage which provided coverage for, among other things, any claim first made against an insured during the policy period “for . . . a security breach.” There was no dispute about the term “security breach” or whether the fraudulent and unauthorized invasion of NMHC’s email constituted a security breach. However, the parties tussled over what the term “for” meant. The insurer claimed that the preposition “for” in the policy phrase solely meant “equivalent to” and concluded that coverage is provided only for a loss directly connected to the security breach, and not for the related fraudulent funds transfer. NMHC, on the other hand, construed “for” as meaning “because of,” “arising out of,” or “as a result of.”
The Court of Appeals first looked to the dictionary while analyzing the policy’s meaning of the word “for.” The court acknowledged that both parties’ preferred meanings of “for” were included in the common usage of the word, which demonstrated ambiguity. The Court of Appeals also discussed that lack of consensus among courts in interpreting the meaning of a policy term, such as “for,” is indicative of ambiguity. The court ultimately accepted the reasoning of the policyholder and the district court and determined that “for” could reasonably be understood to either mean “directly connected” to or “causally connected” to a security breach.
The Court of Appeals also looked to the policy’s data recovery costs coverage provision, which covered costs incurred “as a direct result of a security breach.” The court reasoned that because the liability coverage provided coverage “for a security breach” without restricting coverage to events where a breach or loss must be “direct,” that it could encompass both “direct and indirect” losses.
The Court of Appeals also rejected the insurer arguments that various policy exclusions relating to loss of money applied to preclude coverage for the third-party claim, finding that the exclusions did not clearly and unambiguously apply to the situation at hand.
For policyholders, the Kane decision reinforces that even a single-word preposition can be ambiguous when it results in at least two reasonable interpretations. Indeed, policyholders need only demonstrate that a policy word or phrase is open to two reasonable interpretations, while insurers must prove that their interpretation is the only reasonable one.
McDermott+ Check-Up: October 10, 2025
THIS WEEK’S DOSE
Government shutdown continues through a second week. No progress was made this week to fund the government, with the Senate failing to pass a continuing resolution.
Senate confirms HHS nominees. The nominations for US Department of Health and Human Services (HHS) personnel were confirmed along party lines.
Senate Aging Committee discusses pharmaceutical supply chains. The committee evaluated ways to strengthen domestic pharmaceutical manufacturing.
Senate Judiciary Committee holds hearing on patent reform. The committee discussed the Patent Eligibility Restoration Act, which would have ramifications for the pharmaceutical industry.
Senate HELP Committee examines AI. The Committee on Health, Education, Labor, and Pensions (HELP) reviewed the potential implications of integrating artificial intelligence (AI) into various sectors.
CDC approves vaccine schedule changes. The Centers for Disease Control and Prevention (CDC) approved changes to the COVID-19 and measles, mumps, rubella, and varicella vaccine schedules.
CONGRESS
Government shutdown continues through a second week. The Senate remained in session, while Speaker Johnson (R-LA) kept the House out of session for another week, maintaining that his chamber had already passed a continuing resolution (CR) to fund the government and that the ball is in the Senate’s court.
As in week one, the Senate continued to vote on the same two stopgap spending bills, both of which continued to fail to advance:
The Republican-led CR would fund the government through November 21, 2025, at current levels and would extend healthcare policies that expired on September 30, 2025. The latest vote was 52 – 42 and followed the same pattern as last week: Sen. Paul (R-KY) joined Democrats in opposition, and Sens. Cortez Masto (D-NV), Fetterman (D-PA), and King (I-ME) joined Republicans in voting for the CR.
The Democratic-led CR would fund the government through October 31, 2025. It would reverse the Medicaid cuts in the One Big Beautiful Bill Act and would permanently extend the Affordable Care Act Marketplace enhanced advanced premium tax credits (APTCs). The latest Senate vote on this CR failed 50 – 45 along party lines once again.
The expiration of the APTCs remains the biggest point of contention between the parties, with Democratic leadership holding firm that they will not vote for a CR unless the enhanced APTCs are extended. While some Republicans have expressed support for extending the enhanced APTCs, and informal negotiations continue among rank-and-file Republican and Democratic senators, Republican leadership has reiterated that they don’t intend to negotiate until the government reopens.
As the shutdown drags on, federal workers and military service members grow closer to the possibility of missing their first paychecks. A draft memo from the Office of Management and Budget this week also argued that federal employees are not guaranteed back pay. These dynamics factor in to the partisan rhetoric that continues to dominate Capitol Hill.
Senate confirms HHS nominees. Using its new rule to permit a large swath of nominees to be approved en bloc, the Senate voted 51 – 47 along party lines to confirm more than 100 nominees for posts in the Trump administration, including:
Michael Stuart to be HHS general counsel.
Gustav Chiarello III to be an HHS assistant secretary.
Alex Adams to be HHS assistant secretary for family support.
Brian Christine to be an HHS assistant secretary.
Senate Aging Committee discusses pharmaceutical supply chains. Witnesses at the hearing highlighted the fragility of the US drug supply chain and the lack of domestic active pharmaceutical ingredient sources. They proposed public-private partnerships, US Food and Drug Administration reform, and investment incentives to rebuild pharmaceutical independence. While senators on both sides of the aisle voiced concerns about US dependence on China and India for essential medicines, Republican members focused on national security risks and reshoring pharmaceutical manufacturing through federal purchasing power, tariffs, and country-of-origin labeling. Democratic members focused on strengthening regulatory oversight, improving transparency, and supporting strategic investment in domestic production.
Senate Judiciary Committee holds hearing on patent reform. During the hearing, witnesses agreed that changes should be made to the patent system, especially in light of the growth of AI, but disagreed on whether the Patent Eligibility Restoration Act (PERA) was the best option. The committee members present emphasized that PERA would resolve uncertainty caused by differing legal judgments on patent eligibility. The reforms outlined in PERA would apply to the patent system at large and would impact the pharmaceutical industry.
Senate HELP Committee examines AI. During the hearing, committee members focused on how AI can be adopted in healthcare settings, cybersecurity issues in healthcare data, and ethical issues regarding AI use in healthcare decision-making. Senators from both sides of the aisle expressed concerns about the potential harmful effects AI can have on children and expressed a desire to understand the best way to regulate AI without impeding advancements.
ADMINISTRATION
CDC approves vaccine schedule changes. The CDC adopted the following changes to the COVID-19 and measles, mumps, rubella, and varicella (MMRV) vaccine schedules recommended by the Advisory Committee on Immunization Practices (ACIP) on September 19, 2025:
Removing the blanket COVID-19 vaccination recommendation that adults 65 and older get vaccinated for COVID-19, and instead recommending shared clinical decision-making.
Changing the MMRV schedule for toddlers to be immunized for chickenpox in a standalone vaccination rather than in the MMRV combination vaccine.
Immunization schedules inform insurance coverage and whether patients need a prescription to receive the vaccines. In a social media post, Acting CDC Director Jim O’Neill called on vaccine manufacturers to also replace the combined measles, mumps, and rubella vaccine with individual monovalent vaccines.
While the updated COVID-19 vaccination schedule removes the blanket recommendation for adults, it lessens restrictions on access to the vaccination during pregnancy. The new guidance applies to all adults with no carveout for pregnant women, effectively undoing an earlier decision by HHS Secretary Kennedy to remove the COVID-19 vaccine from the immunization schedule for healthy pregnant women altogether. Now, CDC advises pregnant women, like other adults, to participate in shared clinical decision-making on whether to receive the COVID-19 vaccination.
Following the CDC’s adoption of these changes, ACIP announced a plan to review the safety and efficacy of the childhood vaccine schedule, including the timing and order of vaccines and the safety of aluminum in vaccines.
QUICK HITS
CDC announces plans to review hepatitis B screenings for pregnant women. CDC will identify and review the barriers that contribute to pregnant women missing hepatitis B screenings, and will recommend a pathway to ensure higher rates of testing. This announcement follows recent ACIP discussions regarding a proposal to delay the first dose of the Hepatitis B vaccine for infants of mothers who test negative. The proposal was ultimately tabled.
HHS Office of Inspector General releases two reports. The first report recommends that the Centers for Medicare & Medicaid Services (CMS) consider revising its methodology for determining the nondrug component of Medicare weekly bundled payment rates for opioid-use disorder treatments. The second report offers recommendations to improve accuracy of behavioral health provider network directories in Medicaid and Medicare Advantage managed care plans, and suggests that CMS consider a nationwide directory.
Democratic House committee leaders release letter on expiration of Medicare telehealth, Acute Hospital at Care at Home waivers. Energy and Commerce Committee Ranking Member Pallone (D-NJ) and Ways and Means Committee Ranking Member Neal (D-MA) sent a letter to HHS Secretary Kennedy and CMS Administrator Oz expressing concerns about the expiration of Medicare telehealth flexibilities and the Acute Hospital Care at Home waiver, and the subsequent uncertainty and care disruptions presented to Medicare beneficiaries. The letter requests that CMS issue guidance to providers and beneficiaries and exercise maximum regulatory and enforcement flexibility.
Senate HELP Committee chair releases letter on AMA and CPT. Chair Cassidy (R-LA) sent a letter to the American Medical Association (AMA) expressing strong concerns that AMA’s monopoly over the Current Procedural Terminology (CPT) coding system results in higher healthcare costs. The letter requests responses to a series of CPT-related questions by October 20, 2025.
MedPAC meeting cancelled. The Medicare Payment Advisory Commission (MedPAC) monthly meeting, scheduled for October 9 – 10, 2025, was cancelled because of the ongoing government shutdown.
NEXT WEEK’S DIAGNOSIS
The Senate announced the evening of October 9, 2025, that it would go out of session through the holiday weekend and is scheduled to return to session on October 14, 2025. As of publication, the House had not formally announced its schedule, but is expected to remain out of session subject to a 48-hour call to return to Washington. Given this, the shutdown will extend into at least next week.
California Strengthens Privacy Protections for Health and Location Data
On September 26, 2025, California Governor Gavin Newsom signed into law Assembly Bill 45 (AB-45), which amends existing law to strengthen privacy protections for the personal information of individuals receiving or providing health care services, including reproductive health care. AB-45 restricts the processing of personal information collected within the precise geolocation of family planning centers and in-person health care facilities. The law also regulates geofencing practices and sets new standards for the protection of research records related to individuals receiving health care services. Notably, AB-45 provides for a limited private right of action for individuals aggrieved by certain violations of the law. The law will take effect on January 1, 2026.
Key requirements of AB-45 include:
New Definitions/Expanded Scope of Application:
AB-45 extends the scope of existing law to apply to any “person” (i.e., natural person, association, proprietorship, corporation, trust, foundation, partnership or any other organization or group) engaging in the restricted or prohibited activities set forth in the law (the law previously applied only to “businesses,” as the term is defined under the CCPA).
AB-45 uses the CCPA’s definitions of “sale,” “personal information,” and “precise geolocation” (but broadens these definitions to apply to all “persons,” not only “consumers” or “businesses,” as these terms are defined in the CCPA).
“Collection” is broadly defined to mean “buying, renting, gathering, obtaining, receiving, or accessing any personal information pertaining to a natural person by any means. This includes receiving information from the natural person, either actively or passively, or by observing the natural person’s behavior.”
“Family planning center” means “a facility categorized as a family planning center by the North American Industry Classification System . . . including, but not limited to, a clinic or center that provides reproductive health care services.”
“Geofence” means “any technology that enables spatial or location detection to establish a virtual boundary around, and detect an individual’s presence within, a ‘precise geolocation’ as defined in [the CCPA].”
“Share”: The definition of “share” is broader than the CCPA’s definition, and means “sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a natural person’s personal information by another person to a third party, whether or not for monetary or other valuable consideration.”
Strict Limits on Processing of Personal Information Collected Near Family Planning Centers. AB-45 prohibits the collection, use, disclosure, sale, sharing or retention of personal information of any individual at or within a precise geolocation of a family planning center, unless it is necessary to provide the goods or services explicitly requested by the individual (or as otherwise provided by law or in a collective bargaining agreement).
Private Right of Action: Individuals and entities aggrieved by a violation of these provisions can sue for damages up to three times the actual damages and any other expenses, costs or reasonable attorneys’ fees.
Exemptions: Providers of health care, health care service plans and contractors (as defined in Cal. Civ. Code Sect. 56.05) and HIPAA covered entities and business associates are exempted from coverage. (With respect to contractors and business associates, the exemption applies only if such entities are contractually obligated to comply with all applicable state and federal privacy laws.)
Prohibition on Geofencing Health Care Facilities. AB-45 prohibits the use of geofencing technology around in-person health care facilities for the purpose of tracking, identifying, collecting personal information from, or sending targeted ads or notifications to, persons seeking, receiving or providing health care services. The law further makes it unlawful to sell personal information to, or share personal information with, third parties for the above-listed prohibited purposes. The law also prohibits the use of personal information obtained in violation of these prohibitions.
Exemptions: The law does not prohibit an in-person health care facility from geofencing the facility’s own location to provide necessary health care services, nor does it prohibit a reproductive health care provider from using geofencing technology to provide security to protect patients, staff or property. The law also exempts lawful warrants and subpoenas, certain matters regarding labor union activities, and certain research conducted pursuant to federal law.
Protection of Research Records. The law prohibits the release of personally identifiable research records of individuals seeking or obtaining health care services in response to subpoenas or requests made pursuant to other states’ laws that interfere with a person’s rights under the California Reproductive Privacy Act or a foreign penal civil action.
Penalty for Noncompliance. In addition to the law’s limited private right of action, the California Attorney General is empowered to enforce the law. Violations may result in injunctive relief and a civil penalty of $25,000 per violation. Penalties fund the California Reproductive Justice and Freedom Fund, which supports reproductive and sexual health education initiatives.
OCR Settles with Cadia Healthcare for Alleged HIPAA Violations for $182,000
On September 30, 2025, the Office for Civil Rights of the Department of Health and Human Services (OCR) announced a settlement with Cadia Healthcare Facilities, a provider of rehabilitation, skilled nursing and long-term care services located in Delaware “for potential violations…of HIPAA Privacy and Breach Notification Rules.”
According to the OCR’s press release, the settlement follows an investigation of Cadia after it received a complaint that the company had “impermissibly disclosed a patient’s name, photograph and information pertaining to the patient’s conditions, treatment, and recovery in the form of a ‘success story’ posted to Cadia Healthcare Facilities’ website.” After investigation, the OCR found that Cadia had posted the patient’s protected health information to its website without obtaining written authorization from the patient. The OCR further found that Cadia had posted 158 “success stories” without obtaining valid written authorization from the patients featured in the articles.
Cadia agreed in the settlement to pay the OCR $182,000 and implement a corrective action plan that will be monitored by the OCR for two years.
OCC Announces Guidance Reducing Compliance Scope for Community Banks
On October 6, the Office of the Comptroller of the Currency (OCC) announced new guidance eliminating policy-based examination requirements for community banks that are not mandated by statute or regulation. Effective January 1, 2026, the revisions aim to reduce supervisory burden while maintaining risk-based oversight under section 8 of the Federal Deposit Insurance Act.
The OCC explained that the revised framework will allow examiners to tailor examination scope and frequency to each bank’s size, complexity, and risk profile, replacing fixed procedural requirements with a more flexible supervisory process.
The guidance introduces several key changes for community bank supervision:
Eliminates non-statutory examination mandates. Examiners will no longer be required to complete OCC policy-based activities such as flood-insurance transaction testing or fair-lending risk assessments on a recurring schedule.
Refocuses supervision on material financial risks. The OCC directed examiners to concentrate on capital, liquidity, earnings, and credit exposures that pose the greatest risk to a bank’s safety and soundness.
Relies on quarterly monitoring and bank-provided reports. Examiners will use off-site analysis and bank-generated reports to monitor financial trends and identify emerging risks between on-site exams.
Reassesses data-collection programs. The OCC is reviewing tools such as the Money Laundering Risk System and Interest Rate Risk Survey to determine whether data requests can be reduced or simplified.
Putting It Into Practice: The OCC’s new approach represents a significant shift toward more tailored, risk-based supervision for community banks. Community banks are likely to experience fewer mandatory reviews and less examiner-driven data collection as the agency continues to align oversight with material financial risk.
Listen to this post