HHS Announces Increased Efforts to Curb Information Blocking Practices

In a September 3 Press Release, the U.S. Department of Health and Human Services (HHS) announced that it is increasing efforts to curb information blocking. This was quickly followed by a September 4 Enforcement Alert issued jointly by the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health IT (ASTP/ONC) and the HHS Office of Inspector General (OIG). Both developments come against the backdrop of CMS’s newly announced voluntary interoperability framework initiative, launched earlier this year, which seeks to accelerate open, standards-based health data exchange for a patient-centered digital health ecosystem. These developments signal HHS’s focus on empowering patients and healthcare providers with what HHS is calling “friction-free information.”

AHCA Proposes New Rule Requiring Providers to Implement Data Breach Continuity Plans

By Elizabeth F. Hodge, Thomas A. Range and John Hood on September 4, 2025 Posted in Government Affairs, Licensure & Regulatory, Health Care Providers, Healthcare Law, HIPAA, Privacy, and Data Security

The Florida Agency for Health Care Administration (AHCA or the Agency) recently issued a new proposed rule that would require all “providers” licensed by AHCA to have a “continuity plan” for data and information technology disruptions. The proposed rule would also mandate the reporting of certain information to AHCA upon the occurrence of an “information technology incident.”

FBI Warning: Criminals Posing as Health Insurers and Fraud Investigators Are Targeting Providers and Patients

By Jeremy Burnette and Elizabeth F. Hodge on July 1, 2025 Posted in Health Care Providers, Health Insurers & Managed Care Organizations

The FBI issued a warning on June 27, 2025, that criminals impersonating healthcare insurers and fraud investigators are sending text messages and emails to healthcare providers and patients to trick them into providing protected health information (PHI), medical records, personal financial information, or providing reimbursement for alleged overpayments under false pretenses. The FBI warns that these messages are disguised as authentic communications from known authorities. This fraudulent criminal practice is otherwise known as “phishing.”

Federal Court Vacates 2024 HIPAA Privacy Rule Modifications That Supported Reproductive Healthcare Privacy: What Regulated Entities Need to Know

By Elizabeth F. Hodge, Jordan Cohen and Ameer Al-Khudari on June 30, 2025 Posted in HIPAA, Privacy, and Data Security

On June 18, 2025, the U.S. District Court for the Northern District of Texas issued an order in Purl v. United States Department of Health and Human Services, No. 2:24-CV-228-Z (N.D. Tex. 2025) (the June 18 Order) that vacated recent modifications to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule intended to strengthen reproductive healthcare privacy. In light of this decision, Covered Entities and their Business Associates (Regulated Entities) should consider unwinding any measures they have taken to comply with those HIPAA Privacy Rule modifications. We dive into the details below.

New Florida Law Requires Licensed Health Care Facilities, Providers, and Practitioners to Promptly Refund Patient Overpayments

By Marcy Hahn-Saperstein and John Hood on June 10, 2025 Posted in Health Care Providers

Don’t sit on those patient credits. Effective January 1, 2026, a new Florida law (CS/CS/SB 1808) requires licensed health care facilities, providers, and practitioners (each, a “Licensed Provider”) to refund any overpayment made by a patient no later than 30 days after the Licensed Provider determines that the patient made an overpayment.

Florida Chooses to Exclude Health Care Practitioners from New Noncompete Law

By Robert E. Slavkin and John Hood on May 29, 2025 Posted in Healthcare Law

The Florida Legislature recently passed a bill, called the CHOICE Act, that augments Florida’s laws governing restrictive covenants to make it significantly easier for employers to enforce two new types of noncompete agreements: (1) “covered garden leave agreements” and (2) “covered noncompete agreements.” However, these new types of agreements and the employer-friendly mechanisms available to enforce them will not apply to licensed health care practitioners.

Idaho’s Defense of Life Act and EMTALA: For Now, A Federal Court Permits an Idaho Health System To Stabilize Pregnant Patients Even If the Care Endangers a Fetus

By Noam Fischman and Ameer Al-Khudari on March 31, 2025 Posted in Healthcare Law, Healthcare Litigation, Hospitals & Health Systems, Physicians

An Idaho federal court has resolved the tension between that state’s restrictive abortion law and the federal Emergency Medical Treatment & Labor Act (EMTALA) in favor of a hospital system’s obligation to stabilize pregnant patients even if that care includes terminating a pregnancy, at least temporarily.

Hospital Leaders: Are You Fully Prepared For the Rising Wave of H-1B Onsite Inspections in Healthcare Systems Nationwide? Let’s Ensure Your Facilities Are H-1B Compliant!

By Denise Gavica Perez on March 28, 2025 Posted in Hospitals & Health Systems, Labor Relations & Employment Law

In recent months, hospitals and healthcare systems across the country have seen an increase in random and unannounced worksite inspections by immigration officers, particularly targeting H-1B nonimmigrant worker visa holders. These inspections aim to verify employers’ compliance with H-1B program requirements, including proper recordkeeping, worksite accuracy, and adherence to position and salary terms. As these inspections become more frequent and rigorous, it’s essential for hospital systems to assess their H-1B compliance practices and prepare for potential federal reviews.

Harmonizing Federal and Florida Laws on Prescribing Controlled Substances Through Telehealth

By Martin R. Dix, Jeremy Burnette and John Hood on March 24, 2025 Posted in Digital Health

Practitioners who want to prescribe controlled substances via telehealth to patients in Florida must meet the requirements of both federal and state law. The federal Drug Enforcement Administration (DEA) and the Florida legislature have recently amended the applicable federal regulations and state laws, respectively, to allow the prescribing of controlled substances via telehealth[*] without conducting an in-person evaluation under certain circumstances. There are key differences between federal and state law, so practitioners prescribing controlled substances via telehealth to patients in Florida should be aware of the particular requirements of each.

No (Public) Comment: HHS Rescinds Policy on Public Participation in Rulemaking

By Jeremy Burnette and John Hood on March 12, 2025 Posted in Uncategorized

The Department of Health and Human Services (HHS) recently rescinded its policy dating back to 1971 to now allow its agencies and offices to quickly alter certain rules and regulations without public notice and comment. The Nixon-era policy had waived the statutory exemption from procedural rulemaking requirements for rules and regulations relating to public property, loans, grants, benefits, or contracts. HHS’ new Policy on Adhering to the Text of the Administrative Procedure Act (APA) will enable such regulatory changes as well as matters relating to agency management or personnel to proceed without public participation via notice and comment rulemaking.