As the healthcare compliance landscape continues to evolve at a rapid pace, the second quarter of this year has already brought significant regulatory updates, policy shifts, and emerging trends shaping the industry. We highlight below key legal and compliance trends to monitor, offering insights and guidance to help healthcare organizations navigate these complex changes with confidence.
Medicaid data sharing raises immigration privacy concerns
In mid-June, reports confirmed the Trump administration directed the Centers for Medicare & Medicaid Services (CMS) to transfer Medicaid enrollment information—including individual immigration status—for millions of enrollees in locations, including California, Illinois, Washington, and Washington, DC, to the Department of Homeland Security for use in immigration enforcement activities.
What to watch: On July 1, California and 19 other states sued the Trump administration, alleging that the data transfer violates HIPAA and other federal privacy laws. Providers may face increased scrutiny over how immigration-sensitive data is collected, stored, and shared, even internally. HIPAA protections may not be sufficient to fully shield this information from use and disclosure in all instances, and entities holding immigration data should take care when analyzing information requests.
Medicare Advantage audits expand for 2025
On May 21, CMS announced a plan to begin auditing all eligible Medicare Advantage (MA) contracts annually and clear a backlog of audits from payment years 2018 through 2024 by early 2026. CMS will also increase the number of records audited per health plan, scaling from 35 to 200 charts, depending on plan size.
What to watch: MA organizations should prepare for a notable escalation in audit activity and potential recoupments. These developments may lead to enhanced financial scrutiny for MA revenue streams and increased False Claims Act exposure tied to diagnosis, coding, and risk adjustment billing practices. Plans will need to prioritize internal compliance efforts, especially related to documentation accuracy, record retention protocols, and timely responses to CMS data requests. Providers in value-based payment arrangements with MA organizations may also be impacted and should follow this audit activity to update their compliance efforts and anticipate recoupments that may likely flow downstream.
CMS Innovation Center drives value-based care shift
In May 2025, CMS outlined its updated strategic direction for the Innovation Center. The plan emphasizes three primary pillars—evidence-based prevention, beneficiary empowerment, and expanded choice and competition—aimed at accelerating the shift to value-based care.
What to watch: CMS’s strategic shift may bring opportunities for early participation and greater financial accountability. Organizations should begin preparing now to align care delivery, contracting strategies, and infrastructure with forthcoming Innovation Center initiatives.
Hospital Price Transparency rules: July 21 comments deadline
In May 2025, CMS released updated guidance and issued a request for information (RFI) focused on improving the accuracy and completeness of hospital pricing data under the Hospital Price Transparency rule. The guidance emphasizes that hospitals must publish payer-specific negotiated charges and outlines expectations for how those values should be calculated and presented in machine-readable files. Public feedback on how to define “accuracy” and “completeness,” barriers to compliance, and ways to improve oversight are due by July 21, 2025.
What to watch: Hospitals should reassess whether their pricing files align with CMS expectations, particularly around methodology and documentation. As the agency weighs new definitions and oversight tools, providers may see stricter audits.
Nevada AI law targets behavioral health services
Nevada recently joined Utah in regulating the use of AI, including chatbots, in delivering mental health services. Nevada’s new law prohibits offering AI systems designed to provide services that would be considered professional mental or behavioral healthcare and making claims that an AI system can provide such care. It also limits how mental and behavioral healthcare professionals can use AI systems.
What to watch: Other states are taking similar approaches. New Jersey recently introduced a bill that would treat AI marketed as a mental health provider as a consumer fraud violation. Mental health companies should review how AI tools are described and deployed across jurisdictions to ensure compliance with emerging state requirements.
Medical schools face federal scrutiny over DEI policies
Federal scrutiny of how diversity and inclusion policies are used in medical education continues. An April executive order called on federal agencies to investigate accrediting bodies for compliance with federal nondiscrimination laws, focusing specifically on the medical school accrediting body, the Liaison Committee on Medical Education (LCME). Shortly after, the Department of Health and Human Services (HHS) issued guidance to medical schools reminding them of compliance obligations and warning that using race- or national-origin-based criteria could trigger investigations or jeopardize federal funding.
What to watch: Medical schools and teaching hospitals should review admissions and hiring practices for compliance with federal nondiscrimination laws. Medical and graduate medical education programs should also monitor how accrediting bodies respond. (See LCME announcement and ACGME announcement.)
Changes to EMTALA guidance impact emergency reproductive care
In early June 2025, CMS rescinded its July 2022 Emergency Medical Treatment and Labor Act (EMTALA) guidance clarifying that emergency abortions qualified as stabilizing treatments, even in states with abortion restrictions. Days later, a Texas federal court struck down portions of the HIPAA Privacy Rule intended to safeguard reproductive health information, ruling that HHS exceeded its statutory authority. The decision creates additional uncertainty for providers navigating privacy obligations related to abortion care and is expected to be appealed.
What to watch: Hospitals should expect increased uncertainty when navigating emergency pregnancy care, particularly in states with abortion restrictions. While EMTALA requirements still apply, the lack of specific federal guidance may complicate clinical decision-making.
Need help navigating these evolving healthcare regulations?
Nixon Peabody’s Healthcare team offers strategic legal guidance to help providers, plans, and innovators stay compliant and ahead of change. Reach out to your Nixon Peabody attorney to learn more.