Delaware Court Tells Wiring Manufacturer It’s Too Early and Too Late
The decision of when to sue insurance companies, especially excess insurers, can be difficult, especially in disputes involving multiple claims, long timelines, and conflicting coverage positions between insurers. A recent federal court in Delaware, General Cable Corp. v. Scottsdale Indemnity Co., No, 1:24-CV-00797-TMH, 2025 WL 2576384, (D. Del. Sept. 5, 2025) underscores the timing risks in pursuing recovery in and out of litigation. In a word of warning to Delaware policyholders, the court dismissed a lawsuit against a manufacturer’s directors and officers excess liability insurers because its claims were either not ripe for adjudication or untimely filed.
Background
Between 2011 and 2016, a wiring manufacturer was insured under three layers of D&O insurance, with Scottsdale providing second-layer excess coverage. Starting in 2012, the manufacturer incurred defense costs while defending against government investigations into its accounting practices and lawsuits alleging violations of the Foreign Corrupt Practices Act (FCPA).
The manufacturer sought coverage for these defenses costs for the lawsuits which were resolved in April 2019. The primary insurer and first excess insurer agreed to pay for part of the loss, albeit based on different coverage rationales. One insurer took the position that the accounting investigations and FCPA lawsuits were a single related claim under its 2011 policy, while the other insurer took the position that the accounting investigations were one claim under the 2011 policy and the FCPA lawsuits were another claim under the 2012 policy. Despite recovering from two insurers, the manufacturer still had more than $32 million in outstanding defenses costs, which is continued to pursue from the insurers.
The manufacturer notified Scottsdale of the claims. While Scottsdale acknowledged the notice, it did not provide a coverage position and neither denied nor agreed to cover the claims. The manufacturer then began discussing mediation with the first two layers of coverage to resolve the coverage disputes. The manufacturer requested that Scottsdale participate in that mediation with the other insurers, but again Scottsdale failed to respond by providing a coverage position.
Delaware Federal Court Finds Coverage Claim Both Not Ripe and Too Late
The manufacturer filed suit against Scottsdale in 2024 for declaratory judgment and anticipatory breach of contract. The insurer moved to dismiss, arguing that the declaratory judgment claim and the anticipatory breach of contract claim were barred by Delaware’s three-year statute of limitations. Applying Delaware law, the court agreed and dismissed the lawsuit.
The court’s ruling on the policyholder’s anticipatory breach of contract claim turned on when the excess policy attached and required the insurer to cover the claims. A contract is not breached, the court explained, until the time for performance is expired.
In that regard, the excess policy provided that “[i]t is expressly agreed that liability shall attach to the Company only after the full amount of the Underlying Limits is paid in accordance with the terms of the Underlying Policies by any or all of the following . . .” The court found that this provision meant the excess insurer was entitled to wait out “good-faith coverage disputes” between the manufacturer and its other insurers without breaching its performance obligations.
Accordingly, the manufacturer’s anticipatory breach of contract claim was not yet ripe for adjudication until the underlying policies were paid, and consequently, the statute of limitations had not yet begun to run. The court dismissed the claim without prejudice.
As for the declaratory judgment claim, the court noted that, under Delaware law, insurance claims become ripe when an insured establishes that there is a “reasonable likelihood” that coverage under the disputed policies will be triggered. Delaware also has a three-year statute of limitations, which the court explained applies to any breach of contract action based on a promise, which includes declaratory judgment claims. The court emphasized that the manufacturer incurred significant defense costs of more than $32 million, which would implicate Scottsdale’s excess policy regardless of the other insurers’ coverage positions. Because Scottsdale insured the manufacturer for losses over $25 million, and because the manufacturer had incurred defense costs far above the policy’s attachment point.
The claim became ripe, the court concluded, the day that the underlying accounting investigations and FCPA lawsuits against the manufacturer were resolved in 2019. It was from that date that Delaware’s three-year statute of limitations for the declaratory judgment claim began to run. Unfortunately for the manufacturer, it waited over five years to bring the declaratory judgment action against the recalcitrant excess insurer. Accordingly, that cause of action was time barred and dismissed with prejudice.
Takeaways
The General Cable decision highlights an interesting dichotomy where some insurance coverage claims can be timed-barred while others are not yet ripe. This can create a challenging set of factors for policyholders to balance when considering whether and when to bring a coverage lawsuit.
The Importance of Attachment Provisions
A proactive evaluation of the so-called “attachment” provisions in excess policies can help prevent the “too early” outcome in General Cable. Attachment provisions guide when excess coverage comes into play and impact whether a coverage claim might be ripe.
Evaluating the attachment provisions in an excess policy throughout the claim timeline—especially in disputes involving multiple claims over many years involving different insurance towers—can help guide important decisions of when to pursue excess insurers that have not lived up to the terms of their policies.
The Clock Is Ticking
In what may seem like a draconian outcome to some, the court in General Cable strictly enforced Delaware’s three-year statute of limitations period for breach of contract based on a promise, including declaratory judgment claims. Every state has its own limitations period, with some states applying materially different standards to assess when those periods begin to run.
A subpart of the discussion is the threshold question of what state’s laws even apply, since policyholders need to know the applicable limitations period before deciding when suit needs to be filed. Many times choice of law is clear, including if a policy has a choice-of-law provision, but in other claims there can be material differences in law addressing limitations periods that lead to separate disputes over governing law.
The manufacturer’s predicament in General Cable is all too common. The company seemed to be doing everything right—timely submitting claims, defending and resolving underlying disputes, coordinating recoveries under different policies, and attempting to resolve coverage disputes outside of formal litigation—yet over many years was ignored and rebuffed by the excess insurer, which failed to substantively respond or take action to move the claims towards resolution.
But when the policyholder was forced into litigation, the insurer benefited from those significant delays in prevailing on a limitations defense. Tools like tolling agreements and similar formal agreements to preserve rights under policies while underlying claims or complicated insurance claims run their course can help avoid accidental forfeiture of coverage due to the passage of time.
Conclusion
When to bring a coverage lawsuit is always a tough decision. Coordinating with coverage counsel, brokers, and risk professionals early and often to manage different claim timelines and limitations periods can help mitigate those risks.
Neat Result for Policyholders—SDNY Sides with Distillery in Collapse Dispute
Earlier this month, the Southern District of New York issued an opinion in The Vale Fox Distillery LLC v. Central Mutual Insurance Company, No. 24-cv-4169 (S.D.N.Y.), which concerned a catastrophic collapse of storage racks holding whiskey barrels at Vale Fox’s distillery, destroying over $2.5 million worth of aging single malt whiskey. The court determined there was coverage for Vale Fox’s loss but left the issue of valuation to be determined another day.
Background
Vale Fox, a small-batch distillery in Poughkeepsie, New York, stored whiskey barrels on metal racks. In December 2023, the racks collapsed, breaking 52 barrels and spilling years’ worth of aging single malt. An engineering investigation concluded that defective welds in the racks’ construction, compounded by the weight of the barrels, caused the collapse.
Vale Fox sought coverage under its industrial processing policy with Central Mutual. The policy covered “direct physical loss of or damage to Covered Property … caused by or resulting from any Covered Cause of Loss,” and specifically included “Stock,” defined as “merchandise held in storage or for sale, raw materials and in-process or finished goods.” The policy also contained “Additional Coverage—Collapse,” which extended coverage when “personal property abruptly falls down or caves in and such collapse is not the result of abrupt collapse of a building,” so long as the collapse was caused in part by “[u]se of defective material or methods in construction … [and] the weight of … personal property.”
Central Mutual denied the claim, arguing that “collapse” applied only to buildings, that “construction” meant building construction (not rack construction), and that exclusions for wear and tear, corrosion, and latent defects barred recovery.
The Decision
The court’s decision offers a detailed roadmap for how collapse coverage operates in commercial property policies. Central Mutual argued that the “Additional Coverage—Collapse” was intended only for building failures. The court disagreed, pointing to the text of the policy itself, which expressly extended collapse coverage to personal property “when such collapse is not the result of abrupt collapse of a building.” To adopt Central Mutual’s reading, the court explained, would render this section “superfluous and meaningless,” violating fundamental principles of contract interpretation.
Central Mutual also insisted that the phrase “defective material or methods in construction” referred exclusively to construction of the insured building. The court rejected this narrow view, holding instead that the defective construction at issue was that of the racks themselves. “[T]he only reasonable interpretation,” it wrote, “is that the defective construction must be of the thing that collapsed.” This interpretation aligns with other courts’ recognition that collapse coverage is not confined to structural building defects but can also encompass personal property losses when the policy language so provides.
Equally significant was the court’s treatment of exclusions. Central Mutual pointed to policy exclusions for wear and tear, corrosion, and hidden or latent defects, citing its expert’s finding that corrosion and aging may have contributed to the collapse. The court held those exclusions inapplicable, reasoning that they could not be read to undo the specific grant of coverage for collapse caused by defective construction combined with the weight of personal property. As the court explained, additional coverage provisions are meant to expand protection, not be nullified by general exclusions. This reasoning is consistent with decisions across jurisdictions holding that where collapse coverage expressly includes perils like defective construction or hidden decay, broad exclusions cannot be stretched to bar recovery.
The court, however, declined to rule in Vale Fox’s favor on valuation. The policy included a “Manufacturer’s Selling Price” clause for “finished ‘stock,’” but the parties disputed whether the destroyed whiskey—still aging in barrels—qualified as “finished ‘stock.’” The court found the term ambiguous and not resolvable on the pleadings, leaving the issue for later proceedings.
Takeaways
First, this decision reinforces that courts will not allow insurers to interpret policy provisions in a way that renders negotiated coverage illusory. Here, the court rejected Central Mutual’s narrow reading that would have effectively stripped collapse coverage for personal property of any practical meaning.
Second, the case highlights an important rule of policy construction: specific coverage grants prevail over general exclusions. Insurers often rely on broad wear-and-tear or defect exclusions to deny claims, but when the policy specifically promises coverage for collapse tied to defective materials or methods, courts are reluctant to let exclusions undo that bargain.
Finally, the decision underscores the importance of policyholders carefully negotiating and understanding valuation provisions. Whether whiskey still aging in barrels qualifies as “finished stock” worth selling-price valuation or merely “stock” subject to replacement-cost valuation could mean millions of dollars in claim recovery. Because the court found the term ambiguous, Vale Fox will have the opportunity to present extrinsic evidence on the parties’ intent—a reminder that ambiguous terms will be construed in favor of the insured, but only after a factual record is developed.
In short, Vale Fox offers policyholders an encouraging ruling on collapse coverage but also a cautionary lesson on valuation disputes—an area where precise drafting and advocacy can make all the difference.
Purely Emotional Harm Not Covered Without Actual Physical Injury
The recent Illinois federal court decision McDonald’s Corporation, et al., v. Homeland Insurance Company Of New York illustrates the perils that policyholders may face if they fail to understand the contours of key defined terms in their insurance policies. 2025 WL 2614665, at *1 (N.D. Ill. Sept. 10, 2025). In McDonald’s, the court agreed that an insurer who sold a general liability policy did not have a duty to defend its insured against claims alleging fear and emotional distress because that harm did not meet the definition of bodily injury in the insurance policy.
McDonald’s involves a dispute between an insured-employer and its insurer over coverage for an underlying lawsuit against the insured by one of its employees. The employee alleged, among other things, that she was “regularly exposed to violent and criminal behavior by customers” at work, “witnessed customers throw coffee at co-workers,” “suffered physical and psychological harm from the violence,” and feared that she too would “face violence in the future.” Id. at 4. The insured-employer sought defense coverage for the lawsuit on the premise that the bodily injuries of others caused the employee emotional distress. Following the four-corners rule, the court examined the specific allegations of the underlying complaint with the coverage of the insurance policy and determined that the employee’s bodily injury allegations did not meet the bodily injury definition of the policy. Specifically, the court held that the underlying allegations did not establish (as it must) that the employee had suffered an “actual physical injury,” as the insurance policy required. Id.
In relevant part, the policy covered bodily injury that took place during the policy period and defined bodily injury as “bodily injury, sickness or disease sustained by a person, including death resulting from any of these at any time.” Id. at 1. The court noted that the gist of the employee’s claim was that witnessing bodily injury inflicted on others resulted in psychological harm to the employee. The court, however, found that “there is ample precedent under Illinois law rejecting the contention that ‘actual physical injury’ can be construed so broadly as to encompass what are essentially emotional injuries.” Id. at 4. And, while an incident was alleged during which the employee was pepper sprayed, it was undisputed that the incident took place outside of the policy period.
Relying on that precedent, the court concluded that the employee’s complaint was “devoid of facts establishing that [the employee] sought damages for a covered bodily injury that occurred during the policy period.” Id. The court determined that, under Illinois law, second-hand injuries such as fear and emotional distress caused by viewing another person’s bodily injuries were not covered under the policy at issue. Thus, the court held that the insurer did not have a duty to defend the insured against the employee’s lawsuit. Id. at 5.
McDonald’s is an important reminder for policyholders that the breadth of the duty to defend does have its limitations. Policyholders must carefully review and understand the wording of their insurance policies, and specifically how the definition of key terms may affect the scope of coverage. The decision also highlights the need to evaluate policies not only at the initial procurement but also midterm or during renewal to identify potential gaps in coverage or ways to expand existing policy language to avoid such gaps. For example, relevant to McDonald’s, policyholders may inquire about whether there are ways to broaden the bodily injury definition in their general liability policies to include harms such as emotional distress or mental anguish as part of the bodily injury definition. Ultimately, having a complete and informed understanding of the scope of coverage under their policies and what is available in the insurance marketplace is essential to ensuring policyholders are adequately protecting their interests. Policyholders may avoid costly errors and be prepared to navigate the nuanced nature of insurance policies by contacting coverage counsel who can help them better understand their insurance policies.
New Texas Law on Storage of Health Care Data
Texas is imposing new rules for the storage of electronic health records (“EHR”). Recently enacted Senate Bill 1188 (“SB 1188”) requires that, as of January 1, 2026, any EHR under the control of a covered entity must be physically maintained in the United States (or a U.S. territory). This requirement applies to all EHR regardless of whether it was created prior to January 1, 2026, and whether it is stored by a covered entity or by a third-party on behalf of the covered entity.
Previous draft language of the proposed legislation required that the EHR of Texas residents be inaccessible to any person located outside of the United States. The final enacted version does not contain this detail; instead, it requires that a covered entity ensure that the EHR of Texas residents is “…accessible only to individuals who require the information to perform duties within the scope of the individual’s employment related to treatment, payment, or health care operations.” The covered entity is required to implement reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of EHRs. Given the onshore storage requirements in SB 1188, such safeguards, at a minimum, would likely need to include system level restrictions on the downloading/copying of remotely accessed EHRs to prevent inadvertent data persistence outside the United States.
As used here, the term “covered entity” is broader than is commonly understood under the Health Insurance Portability and Accountability Act (“HIPAA”). SB 1188 largely adopts the “covered entity” definition found in the Texas Medical Records Privacy Act, which is broadly defined to cover almost any entity/person that engages in the assembling, collecting, analyzing, using, evaluating, storing, or transmitting of protected health information (“PHI”). This includes health care payors, governmental units, information or computer management entities, schools, health researchers, health care facilities, clinics, health care providers/practitioners, business associates (as defined under HIPAA), or any person who maintains an internet site that: (1) comes into possession of PHI; (2) obtains or stores PHI, or (3) is any employee, agent, or contractor of the previously mentioned covered entities. Notably, a few selected entities are not considered covered entities under SB 1188 (e.g., certain nursing, assisted living, continuing care, intermediate care, and day activity and health services facilities, as well as home and community support services agencies, and providers under the Texas home living or home and community-based services waiver program).
The penalties for violations of the new law can be significant. The Texas Health and Human Services Commission, or another appropriate regulatory agency, is authorized to investigate and penalize non-compliance, which penalties could include revocation or suspension of a license/registration/certification. Additionally, the Texas Attorney General may pursue injunctive relief against violators and/or civil penalties for between $5,000 and $250,000 depending on the specific facts/circumstances of the violations.
While many managed care contracts already impose limitations on the offshoring of patient data, Texas did not previously have a specific law addressing offshoring of EHR, much less one that applied to a broader audience than those contracting with health care payors. Given the extensive reach of the data storage provisions in SB 1188, and the potential for severe penalties for non-compliance, covered entities in Texas should carefully evaluate their current EHR data storage/access policies and procedures and their contracts with third parties to ensure compliance with SB 1188 when the new data storage provisions take effect on January 1, 2026.
FDA in Flux — September 2025 Newsletter
Federal “Crackdown” on DTC Drug Advertisements: Ripple or Sea Change?
What is happening: A flurry of actions concerning prescription drug advertising quickly followed official release of the White House’s Make Our Children Healthy Again strategy report on September 9, 2025. First, President Trump issued a memo instructing Health and Human Services (HHS) Secretary Robert F. Kennedy Jr. and FDA Commissioner Marty Makary to ensure direct-to-consumer (DTC) prescription drug ads are accurate and transparent, including by increasing risk disclosure requirements. Second, FDA announced that it had sent cautionary letters to thousands of pharmaceutical companies, as well as about 100 “cease-and-desist letters” relating to alleged deceptive ads for specific products. HHS also issued a detailed “fact sheet” on the administration’s initiative.
The recipients and content of FDA’s cease-and-desist letters, a mix of untitled and warning letters, are now emerging, with one untitled letter posted on the Center for Biologics website; a large number of untitled letters posted on the Center for Drugs website; and an even larger number of warning letters added to the agency’s central database for warnings. Prominent pharmaceutical manufacturers and telemedicine companies were among the recipients in FDA’s wave of enforcement letters issued on September 9.
Why it matters: The MAHA Commission strategy report calls for “FDA, HHS, the Federal Trade Commission (FTC), and Department of Justice [to] increase oversight and enforcement under current authorities for violations of [DTC] prescription drug advertising laws. Egregious violations demonstrating harm from current practices will be prioritized, including by social media influencers and DTC telehealth companies,” signaling that US health agencies would expand enforcement priorities beyond traditional prescription drug advertisers. Similarly, the HHS fact sheet states that “FDA will close digital loopholes by expanding oversight to encompass all social media promotional activities.” But the cease-and-desist letters issued to date do not explain how the agency is interpreting the Federal Food, Drug, and Cosmetic Act (FD&C Act) to enable enforcement against every entity or person that promotes a prescription drug — not all of whom are directly connected to a manufacturer or distributor — and so far the scope of FTC’s and DOJ’s involvement in these efforts has not been shared publicly.
A wholesale realignment of how the federal government oversees and objects to misleading prescription drug ads has the potential to cause disruption in well-established business models, including not only drug company promotional plans but also those of television broadcasters and advertising agencies that have developed specialized practices for this highly regulated industry. The ramped-up enforcement effort also seems to undercut President Trump’s recent demands that drug companies lower their prices by, in part, setting up “direct-to-consumer and/or direct-to-business distribution models,” which by necessity require some level of DTC promotional messaging to work.
Who may be affected: Enhanced oversight and enforcement of DTC advertising affects all drug and biological product manufacturers and marketers — and apparently all telemedicine companies that offer prescription drugs and all individuals speaking about prescription drugs online with financial incentives — with numerous FDA violation notices already sent out. For drug manufacturers and distributors who generally expend significant resources developing and internally reviewing prescription drug ads, it is unclear whether or how all of them actually may have violated applicable laws, given that the current FDA has not yet changed any drug advertising rules. HHS/FDA’s assertions that there is widespread (or even ubiquitous) deception from highly regulated manufacturers are not consistent with industry best practices that prioritize advertising compliance. But from some of the released cease-and-desist letters it appears that FDA is applying a heightened standard for what constitutes distracting imagery in TV ads and concluding such distractions serve to make the overall message to consumers misleading.
Companies who are alleged to be misbranding their drugs through noncompliant advertising should carefully review the agency’s rationale, factual background, and legal analysis, as the basis for such letters may be weak or may not comport with applicable laws. It also seems unlikely that experienced prescription drug advertising reviewers prepared these 100 or so “cease-and-desist letters” given staff layoffs and other attrition during the first half of 2025. If FDA is using artificial intelligence tools to prepare such letters, there may be significant weaknesses in the agency’s reasoning that letter recipients can push back on.
Other FDA-regulated entities that advertise their products DTC — such as dietary supplement distributors and, increasingly, medical device manufacturers — should take heed of the agency’s statements in the prescription drug space and ensure their content cannot be deemed misleading or deceptive to consumers.
“Adequate Provision” Regulation for DTC Broadcast Ads Likely to Be Revoked
What is happening: As mentioned above, the recent HHS/FDA announcements on prescription drug advertising include a plan by the agency to “initiat[e] rulemaking to close the ‘adequate provision’ loophole created in 1997,” which the government alleges has allowed drug companies “to hide safety information by placing it in another format or location.” The timeframe for initiating such a rulemaking is not specified, and the proposal does not appear on the administration’s Spring 2025 regulatory agenda that was released in early September. Removing this mechanism for complete risk information to be shared outside of the broadcast ad, in favor of requiring prescription drug advertisers to disclose all contraindications, warnings, precautions, and adverse event information (as set forth extensively in an approved drug’s prescribing information) in the ad itself will almost certainly make such ads prohibitively long. Such an outcome would effectively eliminate — or at least severely limit — television and radio prescription drug ads, while incentivizing advertisers to push more promotional content to websites, social media, and other digital commons.
Why it matters: Whether HHS and FDA have authority to implement such strict requirements under the FD&C Act is unclear, especially when the Act expressly requires such ads to contain “information in brief summary relating to side effects, contraindications, and effectiveness.” Following the Supreme Court’s Loper Bright decision limiting federal courts’ obligation to give agencies broad deference to interpret their enabling statutes, a significant rulemaking change like this one requires a compelling justification supported by the actual language of the statute; otherwise it is very likely to be deemed an arbitrary and capricious exercise of agency power. Information shared publicly by HHS and FDA so far does not rise to the level of “compelling” evidence. If FDA proceeds with efforts to change current and long-standing DTC advertising regulations, including but not limited to revoking the “adequate provision” exemption for broadcast ads, lawsuits challenging the agency are likely to follow swiftly.
Who may be affected: If FDA successfully changes the applicable regulations to repeal the “adequate provision” exemption and to require full risk information in broadcast DTC prescription drug ads, it will have a significant impact on physicians and their patients. Effectively banning reasonable-length broadcast prescription drug ads or mandating long, droning descriptions or lists of potential side effects will leave patients less informed about drugs that might help them manage diseases or conditions and leave them largely dependent on physicians for treatment information. Any increased disclosure requirements for DTC ads also will increase costs for drug companies and will reduce product revenue.
Regulatory Revolution: FDA Begins Releasing NDA/BLA CRLs for Unapproved Products
What is happening: FDA has for the first time proactively posted Complete Response Letters (CRLs) for as-yet-unapproved drug and biological products, with 89 new letters issued in 2024 and 2025 now available in the openFDA database. CRLs provide a written explanation for the agency’s decision not to approve a pending New Drug Application (NDA) or Biologic License Application (BLA), most often because of major clinical deficiencies, manufacturing facility deficiencies, product quality deficiencies, and/or data integrity issues. This move comes after decades of debate among stakeholders on the benefits, downsides, and legal authority for FDA to publicly release CRLs for unapproved products.
Why it matters: Historically, the agency had not taken this major transparency step due to concerns about confidential and proprietary information in the CRLs, which is owned by the application’s sponsors, as well as the resource burden that redacting such information could impose on FDA staff if such letters were to be released in “real time.” The sensitivities involved in releasing information about an unapproved NDA/BLA (including BLAs for biosimilar products) led prior FDA commissioners to decide that the administrative burden outweighed the hypothetical benefit from the public seeing FDA’s rationale for declining to approve a new product.
Current HHS and FDA leadership are much less deferential to the concerns of drug developers, however, and an increasing emphasis this year on “radical transparency” signaled that the agency’s historical perspective on the risk-benefit balance with respect to CRLs was inevitably going to change, regardless of whether current FDA regulations permit such disclosure. The action is also consistent with the transparency policies articulated in a Staff Manual Guide issued on August 15 in response to an executive order from President Trump, entitled “Gold Standard Science at FDA.”
Who may be affected: NDA and BLA sponsors are directly affected, and all companies submitting such marketing applications for FDA review should be aware that any future CRL will now become public, as FDA noted in its September 4 announcement that “the agency will promptly release newly issued CRLs.” Many of the companies whose CRLs were recently released have stated publicly that FDA gave no notice before taking this action or any opportunity to ensure that sponsors’ proprietary information was redacted from the CRLs. Accordingly, sponsors should take into account when submitting NDA/BLA applications that CRLs will be published and should be prepared, in the event a CRL is issued, to:
characterize FDA’s reasons for declining to approve the product candidate, or the alleged deficiencies in the marketing application, to investors or the public in an accurate and not misleading manner;
provide any additional context or clarification about other communications with the agency or actions that may mitigate the summary observations described in the CRL; and
consider whether to proactively release their own redacted CRLs, as well as any written responses to FDA, to counteract the public perception that they are “hiding” information.
Further, the agency’s “public good” reasons for releasing CRLs for unapproved drug and biological products seem equally applicable to “not approvable” letters for innovative medical devices and “not substantially equivalent” letters for devices that go through the 510(k) pathway, yet there has been no indication from Commissioner Makary that a parallel initiative may be developed for medical device marketing submissions. Device stakeholders should stay informed and alert about the possibility of similar FDA actions being taken with respect to their pending applications.
As FY25 Ends, the DOJ Consumer Protection Division Winds Down, Leaving an Uncertain Future for FDA-Related Litigation
What is happening: Part of President Trump and Attorney General Pam Bondi’s reorganizational plans for the Department of Justice (DOJ) includes the dissolution of the department’s Consumer Protection Branch (CPB). CPB was established in 1971 to serve as a centralized division for federal government investigations and prosecutions of the FDA laws, as well as other consumer protection-focused laws, such as those administered by the Federal Trade Commission, the Consumer Product Safety Commission, and the Drug Enforcement Administration. Notably, CPB played a key role in the federal government’s response to the opioid epidemic. Notwithstanding those critical functions, public reports earlier this year indicated that all CPB attorneys would be moved to other parts of DOJ’s Civil Division, the Criminal Division and the Federal Programs Branch, with such changes set to be completed by the end of this fiscal year (September 30, 2025).
Why it matters: Defendants in federal investigations involving potential violations of the FD&C Act, the Public Health Service Act, and other laws applicable to FDA-regulated drugs, devices, foods, cosmetics, tobacco products, blood products, radiation-emitting products, and other commodities have benefitted from the specialized legal knowledge housed within the CPB and its ability to coordinate across multiple states or US Attorneys’ offices. The decision to dissolve this function entirely could lead to outcomes such as decentralized (and slower) investigative and enforcement activities, inconsistent interpretations of what are often highly technical regulatory requirements, and variable enforcement priorities. We expect future defendants to experience more disjointed and potentially inconsistent investigations without CPB’s centralized management of cases involving FDA and other federal consumer protection agencies, not to mention its strong working relationships with compliance and legal staff within those agencies.
Who may be affected: All companies operating under any of the FDA or its sister agencies’ laws are affected by this significant and historic DOJ reorganization. Investors and other stakeholders in such entities should be aware that future federal investigations and enforcement actions may be more disruptive, lengthier, more expensive, and potentially more reputationally harmful than they have been in the past. The bottom line for affected companies should be that proactive compliance programs and self-correction of identified issues will be more important than ever following disbanding of the CPB.
FDA Introduces a “New” Collaborative Process for Ultra-Rare Disease Therapies
What is happening: FDA has created the Rare Disease Evidence Principles (RDEP), aiming to make premarket review of drugs and biologics for ultra-rare diseases faster and more predictable. If no adequate therapies exist for a disease, FDA commits to working closely with the sponsor to come to an agreement on the design of a single clinical trial, supplemented with confirmatory evidence, sufficient to meet statutory approval requirements. Eligible products must address a genetic defect that causes a disease affecting a very small population, or “generally fewer than 1,000 [US] patients,” and the disease must cause rapid deterioration and eventual disability or death. Sponsors seeking review under the RDEP must submit a request to the agency before any pivotal trial for the investigational therapy begins, adding a new administrative burden for sponsors. Very few additional details are available.
Why it matters: Although FDA is introducing the RDEP as a newly developed program, it appears simply to name a process that the agency and rare disease therapy developers already engage in. Many drug and biological sponsors have experienced productive, positive interactions with FDA’s review teams to come to agreement on submission strategies involving unique study designs plus confirmatory evidence when an investigational therapy targets an ultra-rare disease. Sponsors historically did not need to formally request access to such a process from the agency as is now being required for the RDEP – the sponsor just proposed alternative ways to meet the “substantial evidence of effectiveness” standard, and the review team worked with the sponsor through meetings and other communications to reach agreement, always subject to final NDA/BLA review. A couple of years ago, the agency issued guidance for industry on how to meet the statutory approval requirement using one clinical trial plus confirmatory evidence.
The announcement of the RDEP, and FDA’s stated commitment to be more flexible and transparent on treatments for ultra-rare diseases, also is puzzling considering the tranche of unapproved product CRLs recently released by the agency (see above). Several of the letters involve investigational therapies targeting rare diseases and provide evidence that the agency is taking a more inconsistent, demanding approach to safety and efficacy data for such therapies than in the past, even when it had reached prior agreements with the sponsor on the totality of the data package required for approval.
Who may be affected: Companies developing drugs and biologics to treat ultra-rare diseases, plus the patient populations for such diseases and their families and caretakers, are most directly affected by the RDEP process. If RDEP in fact produces greater consistency and transparency for sponsors, companies requesting review under the RDEP may experience greater premarket review efficiency and even get their therapies to patients with no other options faster. Such efficiencies would make investment in promising candidates for ultra-rare diseases more attractive. On the other hand, if RDEP makes collaboration with FDA review teams less organic and more burdensome than in the past, and if FDA leadership is inclined to question novel sources of safety and efficacy data for certain therapies (as appears to be the case from recent examples of leadership overriding agency scientists on approval decisions), it could stymie innovation and progress on product candidates to treat ultra-rare diseases. It is also unclear how the RDEP could affect the development of treatments for rare and ultra-rare diseases that do not meet the new program’s criteria, such as those that are not due to a single gene-mutation or whose underlying etiology remains unknown.
From Katrina to Erin: How Disasters Keep Rewriting the Legal Playbook
Twenty years ago this summer, Hurricane Katrina forced businesses, property owners, insurers, and courts to grapple with unprecedented questions about coverage, liability, recovery, and preparedness. For those who lived through the loss and rebuilding of homes and businesses, it redefined “community.”
Nearly two decades later, the lessons learned from Katrina have reshaped how insurers draft policies, how courts interpret them, and how businesses and lawmakers approach disaster planning and readiness. The legal framework that emerged continues to influence claims handling, litigation strategies, and risk management across the country.
The storm also taught organizations how to plan for the unthinkable, and what it means to protect the people who make businesses operate, no matter the obstacle. In addition to natural disasters and pandemics, myriad events could impact your workforce and business operations: transportation strikes, cellphone network outages, political gatherings, or an unexpected illness/ death are all scenarios that modern businesses can – and should – develop plans to address.
How disasters like Katrina reshaped the insurance and legal landscape
Insurance impact
Before Hurricane Katrina, the record insured loss event for the state of Louisiana was a hailstorm in New Orleans that cost half a billion dollars for insurers in paid losses. Katrina’s category three wind strength alone cost Louisiana insurers $23.3 billion in insured claims – 50 times the previous record. (This was one year after Florida, in 2004, had four major hurricanes make landfall in one season.) The world changed following Hurricane Katrina, and the changes in the insurance industry were among the most drastic.
Following the 2004 and 2005 storm seasons, the insurance industry began developing pervasive Catastrophe Models (Cat Models). Developed by mathematicians, actuaries, construction experts, engineers, meteorologists, and other experts, these models assess insurers’ and reinsurers’ books of business for risk. The goal is to predict the size, strength, path, and location of storms, as well as the litigation atmosphere in a given footprint, that would impact a company’s portfolio.
In the aftermath of hurricanes and other natural disasters, insurers often experience a shortage of qualified adjusters to address the large-scale damage in a given area. This often prompts regulators to issue extensions on claims adjustment deadlines. This model to bring contract adjusters on board for short periods has been expanded and refined since Katrina.
Legal impact
Unexpected events can shut down business operations and civil services for days, weeks, and even months. Law firms and legal teams in particular need to be prepared for prolonged court closures and deferment of matters to manage everything from client needs to personnel expectations and cash flow during such disturbances.
If a disaster is extreme enough, insureds can anticipate a loss of revenue. There are certain coverages, including business interruption coverage, that may be effective in staving off the impacts of those losses.
What law firms and their clients should be doing today to prepare for inevitable disruptions
Broker visits:
Savvy businesses can prepare for disasters by meeting annually with their insurance broker/ agent. Coverages change all the time in major ways that can leave a firm or business lacking if policies are “set and forget” on the shelf for years.
During these annual visits, business leaders can not only review and assess existing coverage, but can also discuss specific scenarios with the provider to understand what is covered and, critically, what is excluded? Extreme weather, widespread health concerns, and various other “unforeseen” scenarios may present minimal risk, but these risks have increased in the 20 intervening years since Katrina. How much risk is your business positioned to tolerate?
Advance/ ongoing planning:
In the event of a disaster of any kind, the underlying concerns for every business remain the same: first and foremost, are our people ok? Do we have reliable communication strategies in place so that we can confirm that they are safe and have their basic needs met? Once personnel are accounted for and in a position to resume work, businesses can focus on the short-term infrastructure required to operate to a minimally acceptable degree.
Before emergencies arise, businesses can establish programs and protocols to minimize confusion and interruptions. In addition to resilience planning (discussed below), businesses may wish to implement the following:
Monitoring events across your footprint: From weather events to political unrest to pandemics, there are myriad events that may restrict your employees’ ability to perform their duties. Standing up a cross-functional administrative team that meets regularly with relevant office leadership in advance of major anticipated events positions businesses to respond to interruptions with speed and clarity.
Cross-training employees across offices and departments: If a certain business function is primarily performed in a given office and that office goes out of commission, cross-trained professionals in other geographic areas of related teams to “fill the gap” in the interim are incredibly useful. (In law firms, this comes in handy in non-emergent situations as well, when urgent deadlines require “all hands on deck.”)
Diversifying your tech stack: Rather than centralizing your data on one static data center, having duplicated and distributed servers in various areas of your footprint can minimize the interruption to network connectivity in the event of a hack, data breach, or weather event.
Establishing systems to support your workforce, including:
Employee communication systems: Real-time, two-way communication mechanisms between a business and employees during a disaster (with the option to “respond one if you’re ok, respond 2 for someone to contact you”) are critical to establish in advance to assess needs, make a plan, and deploy resources during emergencies.
Employee assistance program (EAP): A framework available to grant all employees access to mental health and counseling resources can be put in place before a disaster occurs.
Employee emergency fund: Managed by a local community foundation or other third-party, these funds offer employees the opportunity to support their colleagues in times of distress and offer funding to those impacted by unforeseen hardships.
Why resilience planning is no longer optional in the modern legal market
Resilience Planning
Resilience planning in 2025 looks very different from what it did pre-Katrina, but twenty-first-century businesses must develop Business Continuity and Disaster Recovery plans to eliminate downtime and remain adaptive. From operations to staffing and personnel issues to communications and branding, broad plans that consider every element of a disturbance can be put into place with blanks to fill in based on specific circumstances. Geography, industry, personnel, equipment, and infrastructure, company culture – all these areas factor into mapping a particular plan.
From weather and health disasters to unexpected incapacitation of key personnel, business leaders must think through various potential disturbances and build draft parameters surrounding each one, so that policies don’t have to be conceived while the disaster is happening.
That said, a plan is only as good as its execution, and plans that sit static on a shelf for years are not terribly helpful. Dwelling on worst-case scenarios is no one’s idea of fun, but effective resilience planning requires working through the plan regularly through tabletop exercises and scenario planning. Planning in advance can alleviate pressure and enable companies to remain agile in what is undoubtedly a stressful time.
AI in Employer-Sponsored Group Health Plans: Legal, Ethical, and Fiduciary Considerations
The ubiquity of artificial intelligence (AI) extends to tools used by, and on behalf of, employer-sponsored group health plans. These AI tools raise no shortage of concerns. In this article, we analyze key issues that stand out as requiring immediate attention by plan sponsors and plan administrators alike.
In Depth
AI background
On November 30, 2022, OpenAI released ChatGPT for public use. Immediately a consensus emerged that something fundamental had changed: For the first time an AI with apparent human – or at least near-human – intelligence became widely available. The release of an AI into the proverbial wild was not welcomed in all quarters. An open letter published in March 2023 by the Future of Life Institute worried that “AI labs [are] locked in an out-of-control race to develop and deploy ever more powerful digital minds that no one – not even their creators – can understand, predict, or reliably control.” Three years later, that concern may seem overstated. AI systems are now ubiquitous; the world has changed in ways that are so fundamental as to be unfathomable; and the true impact of AI may take decades to fully grasp.
One of the many domains that AI will revolutionize is the workplace, which our colleagues, Marjorie Soto Garcia, Brian Casillas, and David P. Saunders, have previously addressed (see their presentation, “AI in the Workplace: How State Laws Impact Employers,” which considers the use of AI in human resources and workplace management processes). Marjorie and Brian had previously defined the various types of AI and their deployment in their article “Risk Management in the Modern Era of Workplace Generative AI,” which we recommend reading for helpful context. In this client alert, we examine an even narrower, though nevertheless critically important, subset of AI in the workplace: how AI affects employer-sponsored group health plans.
Employer-sponsored group health plans are a central feature of the US healthcare landscape, covering more than 150 million Americans. These plans exist at the intersection of healthcare delivery, insurance risk pooling, and employment law. AI has emerged as a transformative technology in health administration. AI-enabled tools promise improved efficiency, cost savings, better clinical outcomes, and streamlined administrative processes. Yet, their adoption in group health plans raises complex regulatory, fiduciary, and ethical questions, particularly under the Employee Retirement Income Security Act of 1974 (ERISA), which governs virtually all workplace employee benefit plans.
The use of AI tools by, and on behalf of, employer-sponsored group health plans raises no shortage of concerns. There are, however, three issues that require immediate attention by plan sponsors and plan administrators alike: claims adjudication, fiduciary oversight, and vendor contracts.
Claims adjudication: Autonomous decision-making
AI technology – defined as machine-based systems such as algorithms, machine learning models, and large language models – is increasingly used by insurers and third-party administrators (TPAs) to assess clinical claims on behalf of health plan participants.
AI systems are likely to be used to make basic eligibility determinations, which are based on plan terms and relevant information about the employee and their beneficiaries. More substantively, AI systems may also be used to make clinical determinations. These systems could, for example, evaluate whether a particular treatment or service is deemed medically necessary based on training data and preprogrammed rules. For this purpose, an AI system might scan diagnostic codes, patient histories, and treatment guidelines to determine whether a claim aligns with standard clinical practice. AI is already being used to ease internal administrative functions for carriers and claims administrators, and its use is expected to expand significantly.
There is a separate though equally important question of AI use in preauthorization. AI tools have the potential to improve this process by automating prior authorization requests, predicting approval likelihood, and flagging cases that require expedited human review. For example, AI could match a request for MRI imaging against clinical guidelines, patient history, and plan terms to recommend approval within seconds.
If an AI tool is used for both initial claims adjudication and preauthorization, this poses some fundamental concerns relating to training data. There are currently three federal rules governing machine-readable files, the purpose of which is to make claims data widely available:
The hospital price transparency rule, requiring hospitals to disclose items and services, including the hospital standard (gross) charge, discounted cash price, and the minimum and maximum charge that a hospital has negotiated with a third-party payer.
The Transparency in Coverage final rule, requiring health plans to disclose in-network negotiated rates and historical out-of-network billed charges and allowed amounts.
The transparency rules under the Consolidated Appropriations Act, 2021, imposing additional disclosure obligations on plans and issuers.
All three rules embed decades of provider and carrier practices that transparency was designed to expose. If these datasets are used to train AI tools, it could lead to a number of problems, including, for example, inherent biases and systemic flaws being baked in.
Fiduciary oversight
For fiduciaries of group health plans, any use of AI technology presents two fundamental problems. First, AI models are by their nature black boxes. And, second, there are limits to AI competence and accuracy that cannot be eliminated.
The black-box nature of AI technology poses a significant problem for fiduciaries of group health plans. The opacity of the models makes ERISA-required monitoring and oversight extremely challenging. Robust third-party standards are needed to establish measurement science and interoperable metrics for AI systems. Further, independent certification of vendor AI systems would help fiduciaries meet ERISA standards. Ideally, the US Department of Labor (DOL) would issue guidance as it has done in related contexts, such as with cybersecurity threats involving ERISA-covered pension and later welfare plans.
Questions about AI competence and accuracy are equally daunting to plan fiduciaries. The current crop of AI models relies heavily on a process of back propagation to continuously refine reliability. Even the most advanced AI models achieve, at best, an asymptotic approach to reliability. This raises a threshold legal question: whether and to what extent fiduciaries can prudently rely on AI technology. The practical answer is that they likely already do, sometimes unknowingly, which means that some validation of AI models is essential for a fiduciary to ensure they can meet ERISA’s requirements.
According to the DOL, ERISA fiduciaries must ensure that plan decisions are made “solely in the interest of participants and beneficiaries” with prudence and diligence. Delegating critical claim denials to opaque AI models risks violating this duty. At minimum, AI tools should be limited to serving in a decision-support role, with final authority resting in human hands.
Vendor contracts
The generic reference to an ERISA-covered group health plan using AI masks an important reality: AI will typically be used on the plan’s behalf by TPAs and insurers and less often directly by the plan itself. For most large, multistate self-funded plans, this means large, national carriers acting in an administrative services only (ASO) capacity.
ASO providers have significant leverage in negotiating contract terms. A plan delegating claims adjudication without inquiring whether and how that third party uses AI in claims adjudication risks violating fiduciary standards and facing scrutiny.
Fiduciaries should work to understand and evaluate the risk that delegating plan functions to third parties poses and take appropriate steps in response. At a minimum, this would necessitate a group health plan insisting on AI-related contract provisions. For example, the group health plan should insist that:
Any claim denials must be reviewed and ultimately decided by a human clinician.
The ASO must disclose how AI is tested and audited.
Performance guarantees and indemnification provisions should cover AI-related failures.
Given the infancy of AI in group health plan administration, ASOs are expected to resist comprehensive AI provisions, highlighting the need for federal guidance and clearer market standards.
Legal landscape
State law considerations
The most prominent example of a state attempting to establish rules governing the use of AI for group health plans is California’s Physicians Make Decisions Act. Effective January 1, 2025, it prohibits the use of AI by insurance companies in certain instances of claim and utilization review for health plans and prohibits health insurers from solely relying on AI to deny any claim based specifically on medical necessity. This act is based on California Senate Bill 1120, which requires, at a high level, that medical professionals rather than AI make any determination as to whether a treatment is medically necessary.
The act and similar laws being considered in other states, such as Arizona, Maryland, Nebraska, and Texas, highlight the need for group health plans to be aware of and ensure state law compliance, particularly as they review and negotiate ASO contracts.
Federal agency guidance
The DOL and the US Department of the Treasury have issued limited, indirect guidance on the use of AI. This guidance illustrates how the government might handle AI issues in the benefit plan context.
A withdrawn DOL bulletin (Field Assistance Bulletin 2024-1) discussed the risks associated with using AI under the Family and Medical Leave Act. In the bulletin, the DOL generally warned that “without responsible human oversight, the use of such technologies may pose potential compliance challenges.” It noted that even though similar violations may occur under human decision-making processes, there is a higher risk that violations made when using AI would apply across the entirety of the task at hand or workforce.
The Treasury department has studied AI in the financial services sector in a report, noting that while there are various benefits, the use of AI can raise concerns over bias, explainability, and data privacy, concerns that apply equally in health plan administration.
Both agencies emphasized the need for human oversight, echoing ERISA fiduciary obligations.
AI Disclosure Act
Although not law, the proposed AI Disclosure Act of 2023 would require disclaimers on AI-generated content. If a version of this bill is passed, it would further require companies to disclose certain information about the use of AI. Even absent a mandate, plan sponsors may wish to consider voluntary disclosures when AI tools are used in communications or claims processes.
Next steps and action items
While AI technology holds immense promise for employer-sponsored group health plans, its deployment carries significant fiduciary, ethical, and regulatory challenges. Plans must still meet their legal obligations under ERISA and other applicable laws and should ensure that AI does not autonomously make clinical or claims decisions, that preauthorization systems are transparent and fair, that data biases are identified and corrected, and that fiduciary oversight mechanisms are robust. Fiduciaries must balance innovation with prudence. They must ensure that AI is a tool to enhance – not replace – human judgment. Regardless, AI use likely increases fiduciary oversight obligations and necessitates ongoing monitoring.
In light of the proliferation of AI and its impact on employee benefit plans, practical measures that plan sponsors should consider may include:
Inventory AI use: Identify where AI is being used by the plan and by TPAs, insurers, and other vendors in claims adjudication, preauthorization, and participant communications.
Update fiduciary processes: Incorporate AI oversight into plan committee charters, meeting agendas, and monitoring practices.
Review contracts: In new and existing contracts, negotiate for disclosure, audit rights, performance guarantees, and human review of denials in situations where AI is involved.
Validate outputs: Request disclosure of vendor documentation on testing, error rates, and mitigation of bias and review documentation with plan consultants during regular fiduciary committee meetings.
Stay informed on state laws: Monitor state legislative activity (e.g., California) and update compliance procedures.
Plan fiduciaries: Provide education to committee members on AI risks, limitations, and monitoring obligations under ERISA.
Maintain document oversight: Keep records of inquiries, discussions, and decisions relating to AI to demonstrate prudence.
The use of AI in benefits is a complicated topic.
Jurisdictional Conflict Over “Related Claims”: Montana Federal Court Latest to Weigh in on When Claims Are Related
A recent decision in federal court in Montana provides another example of different standards applied to assessing “related claims” under directors and officers (D&O) liability insurance policies. In this instance, the district court found that two class action lawsuits were related because they involved the same “general course of conduct.” Because the two claims were related, they were treated as a single claim first made in an earlier policy period. As a result, the Montana policyholder lost out on $5 million in potential coverage under a second policy in place when the second claim was asserted.
A typical claims-made liability policy covers claims first made against the policyholder during the policy period. However, if two claims are “related,” they are considered a single claim that was first made at the time of the earlier claim, even if the second claim was made during a subsequent policy period. Most policies use very broad and amorphous “related” claim definitions and provisions, leaving courts to fill in gaps when asked to assess relatedness. Given the material differences in state common law, states have taken very different, and at times seemingly conflicting, approaches, so whether two seemingly similar claims are in fact related often depends on what state’s law governs.
Case Background
In Boyne USA, Inc. v. Federal Insurance Co., No. CV 24-70-H-TJC (D. Mont.), Boyne was a defendant in two class actions and sought coverage from its insurer. Boyne is a property developer and rental manager. The first class action filed in 2021 alleged that Boyne forced property owners at a Montana condominium it developed to exclusively use Boyne as a rental manager. The second class action, filed three years later, made similar allegations in connection with three condominiums in Michigan.
At the time of both lawsuits, Boyne was insured under a D&O policy. Both policies contained a clause that provided that all “related claims” would be deemed a single claim made during the policy period that the first claim was made.
The policies defined “related claims” using fairly typical language: “Related Claims means all Claims for Wrongful Acts based upon, arising from, or in consequence of the same or related facts, circumstances, situations, transactions or events or the same or related series of facts, circumstances, situations, transactions or events.”
Both the 2021 policy and the 2024 policy had $5 million limits of liability. This meant that, if the two lawsuits were related, they were subject to a single $5 million limit. But if they were not related, Boyne would be entitled to up to $10 million in coverage. The insurer moved for summary judgment that the claims were related and that it only had to provide a maximum of $5 million in coverage under a single policy.
The Court’s Decision
The federal district court agreed with the insurer. The court first noted that the Montana Supreme Court had never addressed the meaning of “related claims,” so it would need to make an Erie guess. The court then rejected Boyne’s argument that “related claims” was ambiguous, agreeing with the majority of courts that have considered that argument.
Citing a bankruptcy court in Delaware and federal courts in Illinois and California, the district court determined that two claims were related if they involved a “single course of conduct.” The court noted that two claims can be related “even if they allege different types of causes of action and arise from different acts.” The fact that the claims were brought by different plaintiffs in different states alleging different legal theories does not automatically mean the claims are not related.
The court found that the two claims were related because “Boyne’s mandatory rental management program is at the center of both lawsuits.”
In support of its finding, the court pointed out that many of the allegations in the two complaints were nearly identical.
There were some differences between the two complaints, but not enough to make them not related. Boyne argued that the two claims were unrelated because they involved “different time periods, different locations, different plaintiffs, different master deeds, different management agreements and different HOA agreements.” The court was unconvinced, explaining: “Taken as a whole, the underlying complaints allege the same general course of conduct — Boyne imposes a rental management program on owners of properties it has developed, and uses the program to enrich itself at the expense of owners through various mechanisms. Both cases also allege that Boyne’s exclusive rental management program violates securities laws and constitutes an unregistered security.”
Analysis
The Montana federal court’s related-claims analysis was fairly straightforward — the two complaints use the same language and the allege the same wrongful act at their core, so they are related. But a federal court predicting how the Montana Supreme Court would decide the issue is still a guess, and Montana’s high court ultimately may adopt a different test.
In all cases, whether two claims are related is a fact-intensive analysis that depends on the parties, time periods, wrongful acts, damages, and underlying facts giving rise to the dispute. Given all of these factors, related-claims outcomes are difficult to predict, especially when viewed through potentially different standards in a different state or venue. Policies may include choice of law or choice of venue clauses or arbitration clauses, which shift what law and forum apply — these could ultimately be determinative of whether claims are related.
Courts have adopted multiple interpretations of “related claims.” The Montana federal court in Boyne and the Eleventh Circuit used the “single course of conduct” test. Delaware courts apply the “meaningful linkage” test. The Tenth Circuit has asked whether two claims were “connected by an inevitable or predictable interrelation or sequence of events.” And a Virginia federal court recently applied a “common nexus of facts” test. While these phrases seem the same, the results can be wildly different. For instance, in the Eastern District of Virginia decision using the “common nexus” test, the court applied an unusually narrow definition of “related” to find that two claims were not in fact related. Ultimately, whether two claims are related may depend upon which court hears the coverage matter.
“Related claims” language is also unpredictable because it is not always pro-insurer or pro-policyholder. Whether it is advantageous to a policyholder for claims to be related or not depends on the context. A policyholder may argue that claims are related to avoid multiple retentions or deductibles or if only the second policy includes an exclusion that bars coverage. In contrast, an insurer may argue that claims are related if the first policy has already been exhausted or, like in Boyne, to avoid paying multiple limits. If the policyholder switched carriers, the later-in-time carrier will likely argue that claims are related to push coverage back onto the earlier-in-time carrier, and the earlier-in-time carrier will argue the opposite.
Three Steps to Protect Your Insurance Program During National Preparedness Month
September is National Preparedness Month in the United States. This designation urges organizations and individuals to prepare for disasters and emergencies. Given the increasing frequency and severity of natural disasters, insureds could use this month to conduct a three-step insurance assessment focused on coverage for natural disasters and emergencies. This assessment can provide a valuable supplement to the normal insurance policy review during policy procurement and renewals.
First, confirm that your organization’s insurance policies are secure. All policies should be maintained in an online platform that can be accessed from outside a disaster area, e.g., storage on a cloud platform. The organization’s own insurance policies should be stored in waterproof safes or cabinets. Other entities’ insurance policies that name your organization as an additional insured should also be secured both online and in a waterproof location. Because emergencies can happen at any time and at any location, maintain a comprehensive and updated policy inventory.
Second, review your organization’s disaster relief plan with a focus on insurance. Does it incorporate any disaster or emergency support tools provided by your insurers? Does it identify the contact information for those resources as well as for brokers and coverage counsel? Although your insurers may offer some support if disaster strikes, does your disaster plan include additional mitigation steps after the disaster? Does it incorporate the information necessary for claims submission? Does it provide a means to communicate insured losses to organization stakeholders responsible for insurance claims submission?
Third, reassess your insurance policies for disaster and emergency coverage. Will coverage be available if disaster strikes? Did you purchase adequate limits? Are any sublimits problematic? Do your commercial property policies include business interruption and contingent business interruption coverage? Do they include off-premises utility service interruption coverage? Confirm that your insured property inventories are up to date. Are all properties and organizations included as insureds? Are recent acquisitions identified and insured? Do your claims-made policies provide a grace period to submit claims if a natural disaster occurs? Ensure that you survey your entire insurance program and not just your commercial property policies.
* * *
Taking just these three steps during National Preparedness Month provides an important backstop for insureds. These steps are particularly important for insureds that renew different lines of coverage at different times, e.g., commercial liability one month and commercial property three months later. Examining all coverages with a focus on protection for natural disasters and emergencies will reduce the possibility of unexpected gaps or deficiencies in coverage and will allow time for thoughtful analysis without the typical rush that occurs during insurance renewals.
Listen to this post
Uh-EUO: How Examinations Under Oath May Impact Later Litigation
Examinations under oath (EUOs) are a common coverage condition in property and other first-party insurance policies that can make or break an insurance claim. In theory, EUOs are straightforward: they’re an investigative tool for insurers to gather information about a claim.[1] But in practice, insurers often use them to poke holes in the policyholder’s story, identify grounds to challenge coverage, and even set up fraud claims.
These issues recently came to head in a $400 million art insurance case when the artwork’s billionaire owner and several other individuals were examined under oath. The case originated from a 2018 fire at the billionaire’s Hamptons house, where many valuable artworks were stored and subsequently damaged in the fire. Though insurers paid claims related to many of the damaged works, they refused to cover five particular pieces, including two Warhols. So, the policyholder sued to obtain payment. As part of the claim process, the owner and others underwent EUOs, which the insurers later used as grounds to deny coverage for those works on the basis of alleged fraud (among other defenses).
This case, which is awaiting the judge’s decision after a mid-summer bench trial, raises interesting questions about EUO requirements in insurance policies, including what insurers can require from policyholders and whether statements made in EUOs are binding on the policyholder.
(1) What is a reasonable EUO request and what can the insurers require?
Nearly every insurance policy requires the policyholder to “cooperate” with the insurer’s investigation. They often impose a broad duty to cooperate “with the [insurer] in all matters pertaining to the investigation, settlement or handling of any claim.” They may also list specific kinds of expected cooperation: sitting for EUOs, allowing the insurer to examine books and records, etc.
Sometimes the details of the EUO requirement are written into the contract, like who the insurer can examine and when. Some policies contain extremely broad EUO provisions that allow the insurer to examine “all other persons interested in the property and members of the household and employees.” Others limit the insurer to “any insured” or the insured and family members. Under any of these clauses, the insurer could insist on EUOs of potentially dozens of people. Similarly, many policies provide that the insurer can require EUOs “as often as the [insurer] reasonably requires,” opening the door for the insurer to insist on multiple EUOs if it doesn’t get the answers it wants the first time. In the art insurance case, for example, the insurers took 10 EUOs, not only of the billionaire policyholder but of the staff who managed his art collection.
There are limits on the duty to cooperate, though. Most insurance policies provide that the insurer’s requests for the policyholder to cooperate must be “reasonable.” It may be unreasonable, for example, to require every cousin of an insured to sit for an EUO, or to insist that the policyholder endure several back-to-back EUOs.
Whether a request for an individual to sit for an EUO and the details of that request are “reasonable” will depend on the circumstances and may be subject to considerable dispute.
(2) Are statements made at EUOs binding? How do EUOs intersect with deposition and trial testimony?
What happens when the policyholder’s deposition or trial testimony does not match up with what the policyholder said at the EUO? Policyholders often sit for EUOs early in the life of an insurance claim. If the insurer refuses to pay the claim, the policyholder may sue and, as part of the lawsuit, be required to undergo examination in a deposition or at trial.
This issue arose in the art insurance case. In his EUO, the policyholder made statements about damage to the artworks (he testified they had lost their “oomph,” “lyster,” and “lyricisims”) and whether they were offered for sale. In his deposition (and later at trial), he testified about those same subjects. The insurers claimed that his deposition testimony differed from what he said at his EUO, thus allegedly demonstrating that the policyholder had lied at his EUO and allowing the insurers to void coverage.
Whether statements made at EUOs versus under oath in a litigation should be treated similarly is a thorny question. EUOs, by definition, are under oath, meaning that the examined party must make statements under penalty of perjury (legal punishment). Depositions and trial testimony are also under oath. Further, caselaw often holds that litigation testimony about the facts of the case is binding, meaning that policyholders cannot later dispute its accuracy.
But EUOs and litigation testimony serve different purposes and give rise to different incentives. As noted above, EUOs are cooperative and, in theory, voluntary: both sides are working together to resolve a claim. EUOs are supposed to encourage the policyholder to be as forthcoming and accurate as possible, even if the testimony may hurt the claim. They’re not subject to rules of civil procedure, and the policyholder is usually not represented by counsel. But litigation testimony is adversarial and required by court. It protects the legal rights of the examining party, who is entitled to confront the witnesses against it. And litigation testimony is taken at a time in the claim when the parties have different incentives: to be conservative and sparing (the witness), to be exacting and meticulous (the examining party), and to provide or elicit testimony supportive of their position (both).
Given these different purposes and incentives, it may be no surprise that testimony at an EUO can differ from testimony at a deposition or at trial. But an insurer may seize on any discrepancies to claim that the policyholder is lying and thus coverage is void. Whether the insurer is successful in doing so will depend on the circumstances and jurisdiction’s caselaw, as well as the ability of the policyholder’s lawyer to educate the court on these different purposes and incentives.
HHS Continues Focus on Access Rights by Announcing Crackdown on Information Blocking
In August, the Office for Civil Rights (OCR) published guidance relating to individuals’ rights to access their protected health information (PHI) under HIPAA. As we covered in our earlier blog post about the August guidance, the new FAQs came amidst OCR’s continued enforcement focus on its Right of Access initiative, under which the OCR has brought over fifty enforcement actions to date.
On September 3, 2025, the U.S. Department of Health and Human Services (HHS) announced Secretary Robert F. Kennedy, Jr.’s crackdown on health data blocking, noting that HHS “will take an active enforcement stance against health care entities that restrict patients’ engagement in their care by blocking the access, exchange, and use of electronic health information.” This announcement signals the agency’s continued focus on patient access rights and healthcare interoperability.
HHS’s September 3rd press release references the 21st Century Cures Act, which was signed into law in 2016 and prohibits information blocking by requiring that patient information stored in electronic health record systems can be “accessed, exchanged, and used without special effort through the use of application programming interfaces.” This is a broad definition of information blocking and could include a provider’s refusal to share patient health records, unreasonable delays in providing requested records, or charging excessive fees for patient access.
The Cures Act imposes requirements on health ecosystem entities beyond providers, too. Health IT developers, for example, may engage in information blocking by executing restrictive contractual terms related to data sharing or disabling interoperability functions on their platforms. Health information exchanges and health information networks are also covered under the Cures Act, and could be found to engage in information blocking by imposing unfair fees to join an exchange or blocking certain organizations without valid justification.
Under the Cures Act, the Office of Inspector General (OIG) and the Office of the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (ASTP/ONC) are authorized to take enforcement action against information blocking in healthcare. In a September 4, 2025, Enforcement Alert following the HHS press release, ASTP warned that individuals found to have engaged in information blocking could face several types of enforcement actions, including civil monetary penalties of up to $1 million per violation against certain health IT developers, entities offering certified health IT, health information exchanges, and health information networks. CMS may also impose disincentives on providers if OIG refers information blocking cases to HHS. Notably, OIG has stated that it will prioritize enforcement where information blocking causes patient harm or significantly impairs a provider’s ability to deliver care.
Proponents of information blocking enforcement assert that these measures will increase patient access to information, promote interoperability, and enhance care coordination. On the other hand, critics note that broad data sharing raises security and privacy concerns. Greater access could increase the risk of breaches or misuse of sensitive health information. While there are exceptions to what constitutes information blocking, aggressive enforcement could pressure organizations into unnecessary disclosure, which runs counter to principles of data minimization and need-to-know sharing. Still, with HHS putting the healthcare ecosystem on alert, now is the time for providers, IT developers, and exchanges to take a look at their data practices. Organizations should not wait for an HHS inquiry to conduct internal audits, assess interoperability capabilities, and ensure any exceptions are well-documented. Overall, data sharing practices should balance appropriate information access with safeguards that prevent patient harm and minimize risk of information being misused. If your organization touches health information in any way, preparation for this increased regulatory focus now could prevent OCR scrutiny later.
Regulation Adds Privacy Protections for Patient Records on Substance Use Disorders
Entities regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), including employer-sponsored health plans, have until February 16, 2026, to comply with additional privacy protections for patient records related to substance use disorder. A separate permission is required for disclosing information about a person’s substance use disorder.
Quick Hits
Federal regulations generally require an entity covered by HIPAA to obtain a person’s express, written permission before disclosing personally identifiable records related to a substance use disorder.
Health plans, healthcare providers, and treatment centers must revise their notices of privacy practices by February 16, 2026, to reflect this consent requirement.
To comply with the rule, HIPAA-regulated entities must:
ensure that each disclosure of substance use disorder records is accompanied by a copy of the patient’s consent or a clear explanation of its scope;
adopt HIPAA’s Breach Notification Rule for breaches of unsecured substance use disorder records; and
give patients the right to opt out of fundraising communications.
HIPAA-regulated entities also may wish to consider:
establishing a process for securing a single written consent for future substance use disorder treatment, payment, and healthcare operations disclosures, which the final rule permits;
training staff to understand the Part 2 requirements and the risks of noncompliance; and
assessing any agreements with medical providers and treatment centers to maintain appropriate confidentiality.
Background on the Regulation
On February 16, 2024, the U.S. Department of Health and Human Services (HHS) issued a final rule designed to update privacy protections for patient information related to substance use disorders. Substance-use information protections are often referred to as “Part 2” because of their location in the Code of Federal Regulations. The final rule modifies Part 2 to align with HIPAA requirements by modifying restrictions related to the use and disclosure of this information, including in civil, criminal, administrative, and legislative proceedings. The final rule took effect on April 16, 2024.
On April 22, 2024, HHS issued another final rule prohibiting HIPAA-regulated entities from disclosing reproductive healthcare information for certain purposes, and HHS incorporated certain modifications to HIPAA’s privacy rules to address the Part 2 rules. HIPAA-regulated entities have long been obligated to comply with Part 2 restrictions on use and disclosure of information protected by Part 2 that they received from Part 2 programs.
The final rule modified obligations related to the notices of privacy practices, the communication document for describing how HIPAA-regulated entities comply with HIPAA’s rules. Modifications focus on reliance of consent to use and disclose information, how these are applied, and the constraint on using or disclosing information subject to Part 2 in civil, criminal, administrative, and legislative proceedings without explicit consent or a court order.
On June 18, 2025, the U.S. District Court for the Northern District of Texas nullified the part of the rule related to reproductive healthcare information, but it left the Part 2 changes intact. Thus, health plans, healthcare providers, and treatment centers are still required to amend their notices of privacy practices by February 16, 2026, to comply with this regulation.
Patients have the right to file complaints with HHS and receive a list of disclosures made with their consent.
Substance use disorder, sometimes called addiction, occurs when the repeated, problematic use of alcohol or drugs causes clinically significant impairment in health or life functions, according to the National Institutes of Health. It can involve consuming alcohol, illegal drugs, prescription drugs, or some combination thereof. Treatments for substance use disorders may include psychotherapy, family counseling, twelve-step programs and mutual aid groups, and medications to reduce cravings and withdrawal symptoms.
Next Steps
HIPAA-regulated entities, including employer-sponsored group health plans, may want to prepare now to ensure compliance with the Part 2 regulation before the deadline.
Noncompliance with Part 2 may result in the HHS Office for Civil Rights imposing civil monetary penalties and issuing subpoenas requiring the attendance and testimony of witnesses and the production of evidence that relates to an investigation or compliance review.