Healthcare Regulatory

Doctor writing survey, insurance and claim form for medical paperwork, document and script for patient records, test result and research in a hospital. Physician hands signing and planning healthcare

This post is part of our The Top 2025 Privacy and Security Issues Still Shaping Healthcare series, in which our team of attorneys provides essential strategies and insights for healthcare privacy and security.

Reproductive health privacy rule vacated.

On June 18, 2025, the U.S. District Court for the Northern District of Texas vacated the HIPAA Privacy Rule to Support Reproductive Health Care Privacy Final Rule (Privacy Rule). As a result, the additional privacy protections that had been granted to reproductive healthcare information through President Biden’s Executive Order 14076, (“Protecting Access to Reproductive Health Care Services”), are no longer enforceable or required.

HIPAA Regulations

This post is part of our The Top 2025 Privacy and Security Issues Still Shaping Healthcare series, in which our team of attorneys provides essential strategies and insights for healthcare privacy and security.

Why Now? The Rising Cyber Threats Driving HIPAA Reform 

In December 2024, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) proposed the first significant update to the HIPAA Security Rule since 2013, prompted by a surge in cyberattacks against healthcare organizations that have compromised patient information and disrupted care. 

The Colorado General Assembly is back in session and has introduced legislation (SB26-041) that, if enacted, would create new notification requirements and antitrust review processes for healthcare transactions. While Colorado already requires state-level notification of transactions that trigger federal notifications under the Hart-Scott-Rodino Act and notification of certain hospital transactions under the Hospital Transfer Act (“HTA”) of 2023, the proposed bill would create new notification requirements for a broader set of healthcare transactions, and would authorize the Colorado attorney general (“COAG”) to block or delay closing of transactions. The proposed bill also expands the scope of hospital transactions that must be reported under the HTA.

HC Privacy & Security Top 10 Graphic

The 2025 Top Ten list reflects a regulatory environment in significant transition. Last year’s healthcare privacy and security landscape presented extraordinary challenges for compliance professionals, marked by sweeping regulatory changes on the federal and state level, intensified enforcement activity, and a growing and evolving environment that demanded constant vigilance. The volatile landscape demanded adaptability, careful attention to the regulatory details, and comprehensive compliance programs. The Top Ten list offers a capsulized version of the year’s highlights—and what it all means for healthcare privacy and security professionals moving forward.

Hal Katz_1200x630
Left to right: Talia Rotman (Biomedical Engineering Intern), Julie Yip (Cofounder & Lead Engineer), Anu Parvatiyar (CEO & Cofounder), Saige Sunier (Product Development Engineer), and Hal Katz

What shows up once the story must survive the terms

At the outset of life sciences transactions, there is usually a strong sense of alignment. Founders and investors tend to agree on the importance of discipline, focus, capital efficiency, and long-term value. That was evident throughout JPM Healthcare Week and in conversations around RESI 2026, where many of the same themes surfaced across different rooms and discussions.

Judge's gavel on table in office

A federal judge has issued a preliminary injunction halting the Department of Health and Human Services’ (HHS) 340B Rebate Model Pilot Program, which was scheduled to take effect on January 1, 2026. The December 29, 2025 ruling temporarily prevents implementation of the rebate program that would have fundamentally changed how safety-net hospitals and clinics purchase discounted drugs under the 340B Drug Pricing Program.

Doctor working on laptop computer

In my November 2025 blog post, I discussed the uncertainty surrounding the DEA’s then-pending telemedicine rule and its implications for ketamine clinics. At that time, the future of pandemic-era telehealth prescribing flexibilities was unclear, and clinics across the country were bracing for the possibility of a significant regulatory shift at the end of 2025.

Judge's gavel on table in office

The Wyoming Supreme Court began the year 2026 with a landmark decision in State v. Johnson, 2026 WY 1, delivering a ruling with implications that extend far beyond its immediate outcome. While headlines will focus on the Court’s decision to strike down Wyoming’s comprehensive abortion restrictions—the Life is a Human Right Act (“Life Act”)[1] and the Medication Ban[2]—as unconstitutional, the true significance lies elsewhere. The Court held that Wyoming’s constitutional amendment guaranteeing adults the right to make their own healthcare decisions is a fundamental right protected by the highest level of judicial scrutiny.

This holding may ultimately have more far-reaching consequences, setting the stage for future challenges to a wide range of healthcare regulations across Wyoming.

California Governor Gavin Newsom has signed a pair of highly anticipated bills that will affect healthcare transactions involving private equity groups and hedge funds, effective January 1, 2026. The new legislation will expand the authority of the California Office of Health Care Affordability (“OHCA”) to review transactions previously excluded from reporting for their impact on healthcare costs and markets and will reinforce prohibitions on lay interference with the delivery of physician and dental services under the California’s corporate practice of medicine laws.

On August 8, 2025, Governor Tony Evers signed Senate Bill 14, now 2025 Wisconsin Act 22, which establishes new informed consent requirements for pelvic examinations. This Act requires hospitals to obtain written informed consent from a patient prior to performing a pelvic examination solely for educational purposes while the patient is under general anesthesia or otherwise unconscious. This legislation also mandates that hospitals implement written policies and procedures for obtaining informed consent prior to performing pelvic exams on unconscious patients.