Medicare

This post is part of our The Top 2025 Privacy and Security Issues Still Shaping Healthcare series, in which our team of attorneys provides essential strategies and insights for healthcare privacy and security.

HHS Ramps Up Enforcement Against Information Blocking

2025 marks a significant turning point in federal enforcement against “information blocking” in healthcare. In a series of announcements this September, the U.S. Department of Health and Human Services (“HHS”) signaled a major crackdown on healthcare entities—especially health IT developers, health information networks, and certain providers—that restrict patient access to their electronic health information (“EHI”).

Under the direction of Secretary Robert F. Kennedy, Jr., HHS has dedicated increased resources and issued clear warnings that enforcement of information blocking rules is now a top priority. This includes the threat of substantial civil monetary penalties (“CMPs”)—up to $1 million per violation—for certain actors, as well as program-specific disincentives for providers who participate in Medicare and other federal programs. 

A new law, the Consolidated Appropriations Act, went into effect on February 3, 2026, issuing new Medicare reimbursement guidelines for off-campus provider-based hospital outpatient departments (HOPDs). As of January 1, 2028, hospitals will be required to make certain operational changes to maintain OPPS reimbursement eligibility for their off-campus provider-based locations. These include such measures as

CMS has extended its Provisional Period of Enhanced Oversight (PPEO) and its Expanded Prepayment Review (EPR) enforcement efforts to Georgia and Ohio. The enhanced enforcement efforts can lead to the revocation of a hospice’s Medicare billing privileges, termination of Medicare/Medicaid enrollment, and/or the prepayment review of 100% of a hospice’s claims.

Laboratory Testing

In June 2025, the U.S. Department of Health and Human Services Office of Inspector General (OIG) announced a new item in its Work Plan: “Medicare Payments for Clinical Diagnostic Laboratory Tests in 2024.” This annual review, mandated by the Protecting Access to Medicare Act of 2014 (PAMA), focuses on analyzing the top 25 laboratory tests by Medicare expenditures for the previous calendar year. For clinical laboratories and healthcare providers, this announcement signals the need to pay close attention to billing practices, compliance programs, and potential audit risks.

On June 14, 2023, a federal jury found that a Georgia physician knowingly violated the False Claims Act following a two-week trial on allegations that he made false claims to the Medicare Program. Now, despite just $1.1 million in improper payments stemming from false claims, a federal court is likely to impose a judgment that exceeds $27 million after adding statutory per-claim penalties and trebling the amount determined by the jury to be false.

Medication

On October 14, 2022, President Joe Biden signed Executive Order 14036, directing the Department of Health and Human Services (“HHS”) to consider innovative actions to drive down certain single-source prescription drug costs as the Biden-Harris Administration works to implement the Inflation Reduction Act of 2022 (the “Act”).

Centers for Medicare & Medicaid Services (CMS) has further expanded the list of telehealth services that Medicare Fee-For-Service will pay for during the COVID-19 public health emergency (PHE) as of October 14, 2020. CMS is adding 11 new services to the Medicare telehealth services list and will begin paying eligible practitioners who furnish these services immediately and through the end of the PHE. The new telehealth services include neurostimulator analysis and programming services, and cardiac and pulmonary rehabilitation services.

Laboratory Testing

On August 4, 2020, the Office of Inspector General for the United States Department of Health and Human Services (OIG) released an FAQ regarding whether a clinical laboratory may provide free antibody testing to federal health care program beneficiaries (e.g. Medicare/Medicaid beneficiaries). In its FAQ, the OIG acknowledged that providing such testing would implicate two federal anti-fraud statutes–the federal Anti-Kickback Statute (AKS) and the federal Civil Monetary Penalties Law (CMPL). However, so long as the laboratory implemented certain safeguards, the arrangement would pose a sufficiently low risk that OIG would not pursue an enforcement action.

On Friday, March 13, 2020, CMS issued blanket waivers under 42 U.S.C. 1320b-5 that impact long term acute care hospitals (LTCHs) and inpatient rehabilitation facilities (IRFs) as a result of President Trump declaring a state of an emergency due to COVID-19. The blanket waivers temporarily allow facilities operating inpatient rehabilitation units to exclude patients admitted

Centers for Medicare and Medicaid Services (CMS) has issued broad waivers to assist in the national COVID-19 response. They impact all provider types and generally remove regulatory burdens that could restrict access to care. For example, the waivers remove bed limits on Critical Access Hospitals and will allow Long Term Hospitals to exclude from the 25 ALOS calculation patients who were admitted or discharged to “meet the demands of the emergency.” Restriction on the separation of patients in excluded units in IPPS hospitals are waived. The requirement for three days of hospitalization to receive skilled nursing coverage is also waived. There are a number of other waivers.