CMS has extended its Provisional Period of Enhanced Oversight (PPEO) and its Expanded Prepayment Review (EPR) enforcement efforts to Georgia and Ohio. The enhanced enforcement efforts can lead to the revocation of a hospice’s Medicare billing privileges, termination of Medicare/Medicaid enrollment, and/or the prepayment review of 100% of a hospice’s claims.
The regulatory landscape for substance use disorder (SUD) treatment records is changing—and the impact will extend far beyond traditional addiction treatment programs. With treatment options for SUD limited, some providers are exploring ketamine as a potential therapy due to its effects on glutamatergic neurotransmission.[i] Additionally, psychedelic-assisted therapies involving certain Schedule I substances – such as psilocybin, ibogaine, and MDMA – are currently being studied by researchers as potential treatments for SUDs.[ii] While these investigational therapies are not yet available in clinical practice and the new federal privacy rules do not apply to research records, providers should be aware of the evolving treatment landscape as these therapies move closer to potential approval and clinical use.
On August 8, 2025, Governor Tony Evers signed Senate Bill 14, now 2025 Wisconsin Act 22, which establishes new informed consent requirements for pelvic examinations. This Act requires hospitals to obtain written informed consent from a patient prior to performing a pelvic examination solely for educational purposes while the patient is under general anesthesia or otherwise unconscious. This legislation also mandates that hospitals implement written policies and procedures for obtaining informed consent prior to performing pelvic exams on unconscious patients.
In June 2025, the Department of Justice (DOJ) announced its 2025 National Health Care Fraud Takedown, marking the largest coordinated healthcare fraud enforcement action in DOJ history. The sweep included charges against a range of actors including alleged transnational criminal organizations, providers of allegedly fraudulent wound care, alleged prescription opioid traffickers, alleged telemedicine, and genetic testing fraudsters, among others. DOJ also introduced the creation of a Health Care Fraud Data Fusion Center, designed to enhance the detection, investigation, and prosecution of healthcare fraud.
In June 2025, the U.S. Department of Health and Human Services Office of Inspector General (OIG) announced a new item in its Work Plan: “Medicare Payments for Clinical Diagnostic Laboratory Tests in 2024.” This annual review, mandated by the Protecting Access to Medicare Act of 2014 (PAMA), focuses on analyzing the top 25 laboratory tests by Medicare expenditures for the previous calendar year. For clinical laboratories and healthcare providers, this announcement signals the need to pay close attention to billing practices, compliance programs, and potential audit risks.
Since the 2022 overhaul of Colorado’s restrictive covenant statute, C.R.S. § 8-2-113, the Colorado legislature has made ongoing amendments to the law which continue the trend of limiting the effectiveness of restrictive covenants in the state. Most recently, the 2025 General Assembly took aim at the provisions of the statute regarding restrictive covenants’ applicability to select healthcare providers as well as buyers and sellers of a business.
Recently, Attorney General Pam Bondi purportedly issued an internal memorandum in response to Executive Order 14187 (“Protecting Children from Chemical and Surgical Mutilation”) concerning the treatment of transgender minors by medical practitioners, hospitals, clinics, and pharmaceutical companies. The memo set forth guidance for all Department of Justice (DOJ) employees to investigate individuals and entities who provide gender-affirming care to minor patients. To be clear, the memorandum—which has been posted in various locations on the internet and widely reported on by various media outlets but has not been verified as authentic by Husch Blackwell—is an internal policy statement directed to DOJ personnel and is not law. While it purports to issue “guidelines” pursuant to an executive order from the President, that executive order is itself under scrutiny (and has been partially enjoined).
On March 7, 2025, the U.S. Department of Health and Human Services (HHS) announced that its Office for Civil Rights (OCR) had initiated four investigations into unnamed medical schools and hospitals over allegations that the schools and hospitals “discriminate on the basis of race, color, national origin, or sex” by continuing to implement “DEI” programs.
This blog post explains what HHS OCR is investigating, what laws are at issue, and what those operating medical schools and hospitals with DEI programs should consider, given this and other federal attention to DEI.
On December 27, 2024, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), issued proposed changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule (the Proposed Rule) to strengthen the cybersecurity protections that HIPAA-regulated entities are required to maintain for electronic protected health information (ePHI).
Keypoint: With the increased frequency and severity of cyberattacks against healthcare systems, state and federal agencies strive to improve cybersecurity controls with varied success.
In November 2023, New York Governor Kathy Hochul announced proposed regulations that would be the first state regulations for hospitals in New York. The governor described the proposed regulation as a “nation-leading blueprint” that would complement the federal Health Insurance Portability and Accountability Act (HIPAA) Security Rule enforced by the U.S. Department of Health and Human Services (HHS).