This post was co-authored by Paul Palma, legal intern at Robinson+Cole. Paul is not admitted to practice law.

On February 3, 2026, President Trump signed HR 7148, the Consolidated Appropriations Act, 2026 (“the Act”) ending the 4-day partial government shutdown. The Act, part of a broader fiscal year (FY) 2026 spending package, includes a further extension of Medicare telehealth flexibilities that recently expired on January 31, 2026. Originally introduced as temporary pandemic-era measures, these telehealth policies have been repeatedly sustained through short term legislative extensions. Here’s what the latest development means for the future of telehealth care.

Medicare Telehealth Flexibilities Extended by the Act

  • Geographic and Originating Site flexibilities: Medicare beneficiaries may continue to receive telehealth services in any location through December 31, 2027.
  • Expanded Practitioner Eligibility: Occupational therapists, physical therapists, speech-language pathologists, and audiologists may continue providing Medicare-covered services via telehealth through December 31, 2027.
  • Telehealth for FQHCs and RHCs: Federally qualified health centers (FQHCs) and rural health clinics (RHCs) may continue providing telehealth services through December 31, 2027, including the provision of mental health visits via telehealth to Medicare beneficiaries without needing to meet annual in-person service requirements.
  • Audio-Only Telehealth: Telehealth services can continue to be provided via audio-only communications systems through December 31,2027.
  • In-Person Requirement for Mental Health Visits: Medicare patients receiving services for the diagnosis, evaluation, or treatment of a mental health disorder via telehealth may continue to do so without having received a Medicare-covered in person item or service through January 1, 2028.
  • Telehealth for the Recertification of Hospice Care: Hospice physicians and nurse practitioners may continue having face-to-face encounters to recertify a patient’s eligibility to remain on hospice via telehealth through December 31,2027.

While this bill once again provides temporary relief for telehealth services, Congress is currently considering legislation that would make the current telehealth flexibilities permanent. Notably, H.R. 4206 and S. 1261, the house and senate versions of the CONNECT for Health Act of 2025, were introduced in early 2025. Although progress on those bills has been limited since their introduction, they continue to enjoy strong bipartisan back with H.R. 4206 obtaining 212 cosponsors and S. 1261 obtaining 71 co-sponsors. We will continue to monitor the progress of these and other telehealth related bills and provide updates as they arise.

After uncertainty over the last few months, the last few weeks saw potential changes to the Protecting Access to Medicare Act of 2014 (PAMA) under section 6226 of the Consolidated Appropriations Act of 2026. On January 20, 2026, the House Appropriations Committee released the Consolidated Appropriations Act 2026, which included several healthcare extenders, among them revisions to the upcoming PAMA rate cuts and reporting deadlines. The Senate passed the bill on January 30, 2026, and went back to the House on February 3, 2026, at which point it has been set for President Trump’s signature.  

First, there are no additional Clinical Laboratory Fee Schedule (CLFS) rate cuts scheduled for 2026.  The act then extends the phase-in of the rate reductions for an additional year, delaying this until 2027, 2028, and 2029. The act also updates the data collection period to use 2025 rather than 2019 data, and shifts the reporting period to May 1, 2026, through July 31, 2026. 

While there is still possibility around the Reforming and Enhancing Sustainable Updates to Laboratory Testing Services Act (RESULTS) which was introduced in September 2025, it has not yet passed. As such, laboratories must prepare for PAMA with the changes implemented by the passage of the Continuing Resolution.

PAMA requires independent, hospital outreach, and physician office laboratories to report private payor rate information and volumes every three years (or annually for Advance Diagnostic Laboratory Tests). CMS used this data to calculate rates under the Clinical Laboratory Fee Schedule (CLFS) to align Medicare payment with commercial market rates by developing a weighted median of the reported private payor rates. Due to underreporting (less than one percent of all laboratories reported data) and underrepresentation of key segments such as hospital outreach and physician office labs, the initial reporting cycle resulted in steeper payment cuts between 2018 and 2020 for laboratories than anticipated. Current rates are based on 2016 data that was reported in 2017. Congress has postponed reporting six times, and with the passage of the CR, the next reporting cycle will be May 1, 2026, through July 31, 2026, resetting the time period for applicable data and relieving labs from the burden (or near impossibility) of reporting 2019 data.

What you need to know about PAMA

Who must report?

“Applicable laboratories” must report private payor rates to CMS. Applicable laboratory means a laboratory under 42 C.F.R. § 493.2 (the Clinical Laboratory Improvement Amendments definition of a laboratory) that:

  • Bills Medicare Part B under its own NPI or for hospital outreach laboratories, bills Medicare Part B on the Form CMS-1450 under type of bill (TOB) 14x;
  • Meets the “majority of Medicare revenue” threshold in a data collection period. Meaning that the laboratory receives more than 50% of its Medicare revenue (Parts A, B, & D including any applicable co-pays/deductibles) under the CLFS and/or Medicare Physician Fee Schedule; and
  • Receives at least $12,500 in CLFS revenue during the data collection period.

Entities that do not meet the definition of “applicable laboratory” are not permitted to report.

Who is a private payor?

A private payor includes any of the following:

  • A health insurance issuer as defined in § 2791(b)(2) of the Public Health Service (PHS) Act;
  • A group health plan as defined in § 2791(a)(1) of the PHS Act;
  • A Medicare Advantage Plan under Part C as defined in § 1859(b)(1) of the Social Security Act (SSA); or
  • A Medicaid Managed Care Organization as defined in § 1903(m) of the SSA.

What is reported?

An applicable laboratory must collect and report “applicable information” received during the data collection period for each laboratory test code subject to the data collection requirements.

Applicable information includes: 1) the specific Healthcare Common Procedure Coding System (HCPCS) code for the test; 2) each private payor rate for which final payment has been made during the data collection period; and 3) the associated volume tests performed for each private payor rate.

“Zero dollars,” payments that cannot be identified at the HCPCS level (i.e., bundled payments), payments that were under appeal during the data collection period, and tests billed with miscellaneous/NOC code are not to be reported.

How to report?

CMS has released a list of applicable HCPCS codes that are subject to PAMA’s data reporting and collection requirements. Additionally, CMS has released a spreadsheet template that an applicable laboratory may use to collect and report the applicable information for each test subject to reporting. The spreadsheet includes information on the HCPCS code, payment rate, volume at the payment rate, and NPI. This spreadsheet may be uploaded to the CMS Enterprise Portal.

What happens if an applicable laboratory fails to report?

If the Secretary determines that an applicable laboratory has failed to report or has made a misrepresentation or omission of reporting information, the Secretary may apply a civil monetary penalty of up to $10,000 per day for each failure to report or each misrepresentation or omission.

Beyond civil money penalties, failure to accurately report can negatively impact the weighted median of private payor rates leading to disproportionate CLFS rate cuts.

Important Dates

Data Reporting Period: May 1 – July 31, 2026

With the reporting period fast approaching, laboratories should determine whether they are an applicable laboratory and begin preparing the required 2025 private payor data carefully. As the reporting period approaches, CMS plans to issue additional fact sheets to assist labs in the data submission. Laboratories may want to consider consulting with knowledgeable legal counsel to ensure compliance and strategy alignment.

February 16, 2026, is the deadline for each HIPAA covered entity to update its Notice of Privacy Practices (NPP) to incorporate new regulatory requirements enacted in 2024. Specifically, HIPAA-covered entities (including health care providers and health plans) are required to review and revise their NPPs as necessary to ensure compliance with a 2024 federal rulemaking related to records of treatment and referral for substance use disorder services under 42 C.F.R. Part 2 (Part 2 Records). 

We previously discussed the 2024 Part 2 Records regulatory changes here, and the HIPAA regulatory rule addressing NPP updates and reproductive health care here (note that the reproductive health care regulations were subsequently vacated, as discussed here, but the NPP changes were upheld).

Accordingly, by February 16, 2026, HIPAA-covered entities are obligated to update NPPs to address the protections afforded to Part 2 Records that may be created, received, or disclosed by HIPAA covered entities (including those who may have Part 2 programs as components of their organization). The required changes include, without limitation:

  • For uses or disclosures that are prohibited or materially limited by Part 2, the NPP description of such use or disclosure must reflect the more stringent legal requirement;
  • NPPs must include a statement to put individuals on notice of the potential that, once information is disclosed pursuant to the NPP, it may be subject to redisclosure by the recipient and no longer subject to HIPAA protection;
  • NPPs must explain that Part 2 Records may now be used or disclosed pursuant to a single consent for treatment, payment, and health care operations purposes consistent with HIPAA (but subject to limited exceptions);
  • NPPs must add a statement indicating that Part 2 Records (and testimony regarding such Records) cannot be used or disclosed in civil, criminal administrative or legislative proceedings without individual written consent, or pursuant to a court order after notice and an opportunity to be heard is given to the individual or the holder of the Records, and any such court order must be accompanied by a subpoena or other legal requirement compelling disclosure before the Records can be used or disclosed; and
  • NPPs must explain that, for covered entities that create or maintain Part 2 Records and intended to use such Records for fundraising purposes, each individual patient must be given the opportunity to opt out of fundraising communications in advance.

Now is the time for all HIPAA covered entities to review and confirm that their NPPs comply with federal law and, if not, to reach out to advisors to make the necessary changes. We are available to assist covered entities with all matters related to HIPAA, including NPP drafting and compliance.

This post was co-authored by Paul Palma, legal intern at Robinson+Cole. Paul is not admitted to practice law.

Introduction

On January 28, 2026, the U.S. Department of Health and Human Services Office of Inspector General (OIG) released a new report analyzing Medicare Part B (Part B) spending on laboratory tests in 2024. The Protecting Access to Medicare Act of 2014 (PAMA) requires OIG to publish an annual report detailing the top 25 clinical lab tests by expenditure. Each year, OIG evaluates Part B claims data for tests covered under the clinical laboratory fee schedule (CLFS). Below is a breakdown of the key trends highlighted in the 2024 report. Most notably, 2024 showed a significant rise in genetic and infectious Polymerase Chain Reaction (PCR) disease testing. 

Overall Part B Spending and Enrollment

Part B spending on clinical laboratory tests reached a peak of $7.9 billion in 2021 during the COVID-19 public health emergency, then declined to $7.8 billion by 2023. In a notable shift, spending rose again in 2024, increasing 5% to $8.4 billion, despite there being no changes to the CLFS since 2020.

Strikingly, while overall spending increased, the number of Part B enrollees receiving lab tests fell by 15%, dropping from 27.7 million in 2018 to 23.4 million in 2024. According to OIG, this decline may reflect a broader migration of beneficiaries from Medicare Part B to Medicare Advantage (Part C) enrollment.

“Genetic” Testing Continues to Rise

The OIG report broadly defines “genetic” testing to include: (a) analysis of genetic material to monitor for genetic variations, mutations or other markers associated with disease or hereditary risk; and (b) analysis of genetic material from pathogens for bacteria or viruses. With the industry seeing an increase of PCR testing for infectious disease and detailed genetic antibiotic resistance testing, Medicare spending significantly increased in 2024.

Historically, spending on non-genetic tests such as complete blood counts, metabolic panels, lipid panels, and thyroid tests have far exceeded spending on genetic tests relating to conditions such as cancer, fungal infection, and epilepsy. In 2018, genetic testing accounted for 18% of Part B spending on laboratory tests while 82% went to non-genetic tests.  By 2024, that gap had significantly narrowed with 43% of Part B spending on laboratory tests attributed to genetic testing compared to 57% for non-genetic testing. Over just one year (from 2023 to 2024), Part B spending on genetic testing increased by 20% from $3 billion to $3.6 billion.

Utilization trends reflect this same shift. In 2018, 2.4 million Part B enrollees received at least one genetic test, out of the seven million total genetic tests performed that year. By 2024, the number of enrollees receiving at least one genetic test increased by 85% to 4.5 million while the total number of genetic tests performed that year increased by 160% to 18 million. In 2024, the average Part B enrollee received four genetic tests at a cost of $794 per enrollee, and 16 non-genetic tests at a cost of $207 per enrollee.

In 2024, genetic testing related to infectious disease totaled $1.4 billion, up from $1.2 billion in 2023, and hereditary/disease genetic testing increased from $1.8 billion in 2023 to $2.2 billion in 2024. In 2024, a total of 346 laboratories received over $1M in reimbursement for “genetic” testing. Among them, 55 received over $10M in reimbursement for genetic testing.

Top 25 Lab Tests

So, now ranking at the top of the chart of all tests paid under Part B spending is CPT 87798 for infectious disease. Also ranking in the top 15 is CPT 87481. 

The top 25 lab tests accounted for $4.1 billion, nearly 50% of all Part B laboratory spending in 2024. Among these, ten were genetic/PCR infectious disease tests, totaling $1.5 billion in Part B spending, while the remaining 15 were non-genetic tests totaling $2.6 billion in Part B spending. Notably, six of the ten genetic tests in 2024 showed at least a 30% increase in Part B spending compared to 2023. The OIG report focused on the fact that the average amount that Medicare Part B paid per enrollee for “genetic” tests approached $800, a 26% increase since 2023. Some of the largest growth was seen for tests billed under procedure CPT 87798, which reached $443 million in Part B spending, representing a 51% increase between 2023 and 2024.

Takeaways

The 2024 OIG report provides context for the increase in audits around the primarily used codes for infectious disease testing of 87798 and 87481. It also highlights the fact that genetic and PCR infectious disease testing is reshaping the Medicare Part B laboratory spending landscape. These types of testing, once a small share of the Part B landscape, now accounts for nearly half of all spending and continues to grow at a significant rate year after year. The impact of genetic and PCR infectious disease testing on Part B spending is highlighted by the increase in costs despite the decreased utilization.  

Laboratories should recognize that genetic and PCR infectious disease testing has become a central driver of Part B costs which is resulting in a shift of audits and likely enforcement priorities by OIG to ensure that labs performing this type of testing are remaining compliant with all Medicare billing policies.

Plaintiffs’ firms are adapting the California Invasion of Privacy Act (CIPA), a 1960s-era wiretapping statute, to modern web technologies such as pixels, chatbots, and session replay tools. For laboratories, the practical problem is not only the legal uncertainty, but also that small website implementation details, including when tags fire, what free-text inputs are captured, and what vendors are allowed to do with the collected data, can drive massive exposure, including class actions and arbitrations.

CIPA prohibits the intentional eavesdropping on, or recording of, confidential communications without the consent of all parties. Although the law was drafted for telephone calls and physical recording devices, plaintiffs’ attorneys are using it to challenge modern digital engagement tooling on laboratory websites. In practice, complaints often try to characterize routine patient web interactions as “confidential communications,” then allege that third-party tools captured, or received, those communications without proper consent. The exposure can scale quickly because CIPA provides for statutory damages of up to $5,000 per violation and each alleged interception can be pleaded as a separate violation.

Major diagnostic laboratories have been targeted by class actions alleging that third-party tracking pixels “intercept” patient communications without consent. Plaintiffs are increasingly alleging that routine web tracking tools, including cookies and IP tracking beacons, function as illegal “pen registers” or “trap and trace” devices. The practical effect is that plaintiffs focus on routing data such as IP addresses and device IDs, not just substantive content.

However, courts are divided. Some courts have rejected the theory that routine analytics function as criminal pen registers, while others have allowed the plaintiffs to overcome a motion to dismiss. Even with some favorable decisions, there is still a split amongst jurisdictions that creates uncertainty.

Additionally, there is a big increase in claims focusing on on-site search bar functionality. The allegation is that a user’s test inquiry, for example “HIV test” or “cancer screening,” is a confidential communication and that trackers share it with third parties. Further, there is another trend in these CIPA allegations that, as laboratories adopt AI chats for service and navigation, plaintiffs are filing claims alleging that AI systems “listen” to or repurpose patient inputs without consent.

Although CIPA is a California statute, plaintiffs are filing against laboratories with limited California connections beyond having websites accessible to California residents. To combat these claims—and avoid them entirely—laboratories should consider adding robust consent banners with true pre-consent blocking of tracking technologies (especially for California-based IP addresses). Additionally, laboratories can update website privacy policy disclosures to clearly describe what is being tracked, why it is collected, and which third parties receive it. In these cases, plaintiffs often quote privacy language against defendants. Misalignment between disclosures and tag behavior creates unnecessary risk.

For now, we’ll continue to track plaintiffs’ investment in pen register and trap-and-trace theories, focus on search terms in URLs, and expanded scrutiny of AI chat deployments. We’ll also continue to watch whether legislative activity reemerges after the failure of California’s SB 690 in 2025, but it is unlikely that any relief will take effect until at least 2027.

In the meantime, laboratories can reduce CIPA exposure by treating web data flows as a compliance issue, not just a marketing or IT function. A practical 2026 playbook is to inventory every tag and vendor on patient-facing pages, minimize or disable collection of free-text inputs and search terms, confirm that chat tools are configured to avoid sharing or retaining sensitive content, and implement consent that actually controls when third-party technologies load. Aligning real-world site behavior with privacy disclosures, and documenting those controls through periodic technical testing, will put laboratories in the best position to prevent claims and, if you receive a complaint, to quickly demonstrate that no “confidential communications” were intercepted without consent as these theories continue to evolve.

The Eliminating Kickbacks in Recovery Act (EKRA), enacted in 2018 as part of the SUPPORT Act, established a criminal statute prohibiting payments for patient referrals related to recovery homes, clinical treatment facilities, and laboratories. EKRA mostly mirrors the Anti-Kickback Statute (AKS) but extends its reach to commercial health insurance as well as federal programs like Medicare and Medicaid. Despite limited regulations and slow enforcement, some guidance emerged in 2025, though significant questions remain unresolved.

National Fraud Takedown and EKRA

EKRA drew some attention but generally remained a secondary focus. That changed in 2025, when an increase in allegations and indictments for EKRA violations occurred. During the 2025 National Fraud Takedown, several cases involved alleged breaches of both EKRA and the AKS. Kimberly Mable Sims, owner of a laboratory company, Francine Sims Super, office manager at a substance abuse treatment facility in North Carolina, and Keke Komeko Johnson, the Compliance Officer, were all indicted. In addition to accusations about gift cards, it was claimed that the substance abuse clinic routinely sent orders to Sims’s lab, which then performed urine drug tests on its patients and billed Medicaid. Allegedly, employees at the treatment center received kickbacks from the lab, while profits from referred specimens were equally split among the office manager, lab owner, and a biller. Earlier in 2025, Sims admitted guilt for EKRA violations. On August 25, 2025, Johnson and Super also pleaded guilty to paying kickbacks, resulting in a six-year sentence for Super.

Ninth Circuit Clarifies EKRA

In July 2025, in United States v. Schena, No. 23-2989 (9th Cir. July 11, 2025), the Court of Appeals for the Ninth Circuit upheld Mark Schena’s conviction for violating EKRA. Schena, who owned a laboratory, had paid marketing intermediaries to encourage referrals for questionable allergy tests. During the original trial, there was disagreement between Schena and the Department of Justice (DOJ) over how EKRA should be interpreted, particularly regarding whether the district court had correctly applied EKRA in S&G Labs Hawaii, LLC v. Graves, No. 1:2019cv00310 (D. Haw. 2021), aff’d, No. 24-823 (9th Cir. Jul 11, 2025) (unpublished).

The Ninth Circuit panel considered two main issues: (1) whether marketing intermediaries were covered by 18 USC § 220(a)(2)(A); and (2) if payments to these intermediaries constituted “inducement” under EKRA. The court concluded that marketing intermediaries who interact with ordering providers can fall under EKRA, further clarifying that payments do not have to go directly to the provider to violate EKRA. Finally, the court addressed the confusion created by the district court’s  interpretation of EKRA was incorrect in S&G Labs Hawaii and realigned the Ninth Circuit’s reading of EKRA with other circuits’ approaches to the AKS.

Regarding what “to induce” a referral means, the Ninth Circuit found that simply paying percentage-based compensation is not automatically a violation of EKRA. There must be intent to improperly influence providers’ referrals through false or fraudulent means. However, the court did not define exactly which situations would show wrongful attempts to sway medical professionals’ decisions.

The case isn’t finished yet. Mark Schena has asked the United States Supreme Court to determine whether paying healthcare marketers a commission counts as “remuneration…to induce a referral” under EKRA. The Supreme Court has not yet decided whether it will hear the case.

Other Notable EKRA cases

A relator brought a False Claims Act case against a laboratory consortium of four interrelated companies (one investment firm and three executive), but the government declined to intervene.  The relator has proceeded with the case, and the amended complaint alleges violations of the False Claims Act based, in part, on violations of EKRA and the AKS. It is alleged that the laboratory consortium paid sales representatives based on the volume and profitability of laboratory testing specimens based on a percentage of its reimbursement. 

The laboratory consortium argued:

[U]nder Fifth Circuit precedent, Thompson’s allegations that defendants paid sales representatives volume- and profitability-based commissions is insufficient to plead a violation of the AKS and the EKRA, and Thompson must allege instead that the sales representatives improperly influenced the clinicians who sent samples to Apollo Labs and Arbor, such as by paying them a kickback or substituting their own judgment for that of the clinician.

U.S. ex. rel Thompson v. Apollo Path LLC, No. 3:20-cv-02917, Dkt. 77, at 8 (N.D. Tex. Mar. 5, 2025). The court agreed, relying on U.S. v. Marchetti¸ 96 F.4th 818(5th Cir. 2024), and stated:

In sum, a defendant’s payments to a third party to procure referrals from clinicians are made with the intent “to induce referrals” within the meaning of the AKS and the EKRA when there is evidence that the defendant intended for the third party to improperly influence the clinicians. Examples of improper influence include exploiting personal access and making the final decision about patient care.

Id. at 14. In April 2025, the Court dismissed both the federal and state law claims. Id., Dkt. 94 (Apr. 30, 2025).

Throughout 2025, there have been several indictments involving EKRA that have not necessarily involved laboratories but have been focused on substance abuse facilities, brokers, and marketing for sober homes and substance abuse facilities. A number of these actions are focused on California. See, e.g., United States v. Patton, No. 2:25-cr-00489 (C.D. Cal. June 17, 2025) (owner of a marketing company was indicted for allegedly referring patients with commercial health insurance to substance abuse treatment facilities); United States v. Mahoney, No. 8:21-cr-00183 (C.D. Cal. Mar. 21, 2025) (owner of addiction treatment facility sentenced to 41 months for violating EKRA) (appeal filed Mar. 2025); United States v. Simons, No. 3:25-cr-02444 (S.D. Cal. June 18, 2025) (CEO of multiple substance use disorder treatment facilities and sober homes was indicted for allegedly paying entities for marketing services).  Each of these focus on payment that varies based on referral quotas, a lesson that can be instructive for clinical laboratories navigating EKRA too. 

Conclusion

These recent developments in EKRA enforcement and judicial interpretation highlight the statute’s evolving scope and its increasing impact on laboratories, substance abuse facilities, and associated marketing practices.

  • New Jersey expanded its patient brokering act to revise the law to specifically address substance user disorder treatment facilities and clinical laboratories. (Approved P.L. 2025, c.121).
  • The Ninth Circuit clarified that EKRA can apply to payments made to sales representatives and that intent plays a critical role in determining whether such payments constitute improper inducement. However, Schena applied for certiorari at the Supreme Court.
  • Texas dismissed a False Claims Act focusing on the lack of allegations regarding improper influence.

Ultimately, the trajectory of recent cases signals that both regulators and courts are committed to upholding the integrity of clinical decision-making and preventing undue influence through financial incentives.

This post was co-authored by Paul Palma, legal intern at Robinson+Cole. Paul is not admitted to practice law.

The final quarter of 2025 saw continued enforcement actions against clinical labs and other related healthcare entities. The Office of Inspector General (OIG) and Department of Justice (DOJ) heavily focused on False Claims Act (FCA) violations, Anti-Kickback Statute (AKS) violations, conspiracies, and COVID-19 related fraud. Below are highlights of these enforcement actions.

Across Q4 2025, federal enforcement actions against clinical laboratories and related entities reflected consistent patterns of fraudulent genetic testing schemes, kickback arrangements, telemarketing‑driven referrals, and billing misconduct. Many cases involved medically unnecessary cancer genetic (CGx) and respiratory pathogen panel (RPP) testing, often ordered without patient contact, physician-patient relationships or proper clinical oversight. Enforcement also targeted laboratories that concealed ownership, shifted billing to evade scrutiny, or paid marketers, recruiters, and physicians to induce referrals. The DOJ and OIG continued to pursue individuals and entities that exploited Medicare beneficiaries—particularly older adults—through telemarketing campaigns, data harvesting, and fraudulent COVID‑19 test claims. Collectively, these actions underscore the government’s intensified focus on schemes that capitalize on vulnerable patient populations and exploit gaps in laboratory oversight. Enforcement agencies are also scrutinizing financial arrangements that mask kickbacks—whether framed as consulting fees, MSAs, or commission‑based compensation—as well as billing practices designed to maximize reimbursement through unbundling or duplicative claims

Case Highlights

  • On October 23, 2025, a New York doctor was sentenced to seven years in prison for participating in a scheme where he ordered CGx and other laboratory tests despite never treating, speaking to, or examining the patients in exchange for kickbacks. Specifically, he ordered CGx testing on Medicare beneficiaries who attended COVID-19 testing events at assisted living facilities, adult day care centers and retirement communities.
  • On October 23, 2025, a lab owner that operated several laboratories out of Louisiana and Texas was sentenced to ten years in prison for orchestrating a scheme in which he conspired with telemarketers and call centers who implemented aggressive campaigns to induce beneficiaries to receive CGx and cardiovascular genetic testing. The orders were then signed by purported telehealth physicians who did not consult with, treat, or follow up with the beneficiaries receiving the testing. The owner also shifted billing between laboratories to evade scrutiny from Medicare and concealed ownership and control of the laboratories.
  • On October 29, 2025, a clinical laboratory self-disclosed conduct and agreed to pay $85,000 for allegedly employing an excluded individual in violation of the Civil Monetary Penalties Law.
  • On November 13, 2025, the owners of a telemarketing company were sentenced for their roles in a CGx testing fraud scheme where they targeted and steered Medicare beneficiaries to labs where they would receive medically unnecessary testing. Additionally, during a pending criminal case for genetic testing fraud, one of the owners opened a clinical laboratory and disguised his ownership of the laboratory.
  • On November 17, 2025, an urgent care clinic agreed to pay $2.8 million to settle claims that they allegedly “unbundled” respiratory and urinary tract infection panel tests and billed for each individual component separately resulting in overbilling to federal health care programs.
  • On November 20, 2025, the owner of two clinical laboratories pleaded guilty to one count of wire fraud for a scheme in which he paid his co-conspirators kickbacks to obtain the Medicare numbers and identifiers of patients without their consent. The lab owner then used the information to submit Medicare claims for COVID-19 test kits which were sent to patients who had not requested them. The owner also persisted after patients called stating that they had not requested the test kits.
  • On November 20, 2025, a diagnostic laboratory agreed to pay $1.635 million to resolve allegations that the lab submitted claims for RPPs which were obtained through kickbacks or were medically unnecessary in violation of the FCA and AKS. More specifically, the government alleged that the lab entered into a Marketing Services Agreement (MSA) in which they paid a purported infection prevention company between $4,000 and $4,500 per facility per month for marketing and management services when, in reality, the MSA was a way to cover-up payments for laboratory referrals. Further, the laboratory allegedly combined RPPs with COVID-19 tests when facilities were only seeking COVID-19 tests.
  • On November 24, 2025, it was announced that a diagnostic laboratory agreed to pay over $9.6 million to resolve allegations that it violated the FCA and AKS by submitting claims for RPPs that were medically unnecessary or obtained through kickbacks and by paying commissions to sales and marketing representatives based on volume or value of lab referrals which were later billed to Medicare.
  • On December 2, 2025, a Georgia man was sentenced to 46 months in prison and ordered to pay $7.2 million in restitution for engaging in a scheme where he instructed recruiters to convince Medicare beneficiaries to accept medically unnecessary genetic testing. As part of the scheme, he created sham invoices documenting fabricated numbers of hours worked instead of the per-referral payments he received. As a result of the scheme, the man received $4.3 million in kickbacks and bribes.
  • On December 2, 2025, a man was sentenced to two years in prison for his role in a conspiracy to bill Medicare for COVID-19 tests and RPPs which were never ordered or performed.
  • On December 4, 2025, a clinical laboratory agreed to pay $758,000, plus additional amounts if certain financial contingencies occur, to resolve allegations that they violated the FCA and AKS by paying doctors and marketers illegal kickbacks which were disguised as consulting and medical director fees to induce laboratory testing referrals. In addition, the lab was also alleged to have paid independent contractors marketers’ commissions based on volume and value of referrals. This settlement also resolved an underlying lawsuit raised under the qui tam provision of the false claims act.
  • On December 5, 2025, two Illinois men were indicted in a superseding indictment for their alleged role in a scheme to defraud federal and private health insurers by submitting fraudulent claims for COVID-19 laboratory testing services which were never provided and for participating in a conspiracy to launder the fraudulent proceeds by transferring the funds between laboratories and other businesses under their control.

Takeaways

Clinical labs should take these enforcement actions as warnings. First, conduct internal audits of referral relationships to ensure compliance with the AKS, as kickbacks remain a top enforcement priority and continue to monitor the arrangements in practice. Second, strengthen billing oversight and implement internal controls to avoid FCA exposure, which continues to drive multimillion-dollar settlements. Third, screen employees and contractors against exclusion lists to avoid potential violations of the CMP law. Finally, stay alert to evolving enforcement trends, including scrutiny of genetic testing, telemarketing arrangements, and lingering COVID-related fraud. Proactive compliance is essential for mitigating risk.

The Q4 enforcement trends send a clear message that laboratory enforcement remains a top priority at the federal level. Now is the time for laboratories to review their compliance programs, oversight and monitoring practices and close any potential gaps.

Healthcare providers are currently facing yet another termination of Medicare telehealth flexibilities at the end of the day on January 30, 2026, unless Congress acts on proposals to further extend the COVID-era flexibilities for telehealth. If no legislative action is taken before January 30, 2026, the providers and Medicare patients who have depended on expanded telehealth options will encounter substantial limitations in access beginning January 31, 2026.  

As a reminder, in October-November 2025, in connection with the government shutdown, federal COVID-era telehealth flexibilities for Medicare beneficiaries expired, which led to significant billing challenges and restrictions in access for patients (which we previously discussed here). Those flexibilities were retroactively extended as part of the government funding bill passed in November 2025, through January 30, 2026. Health care providers, and their patients, are now in the same position of looking to Congress to act to further extend those flexibilities to protect continued access to telehealth services.

It remains to be seen whether Congress will be able to pass another extension and, if so, how long the extension may be. There has been at least one proposal passed in the House of Representatives that would extend the telehealth flexibilities through December 31, 2027, but it remains to be seen if that will be taken up by the Senate.

A summary of the existing telehealth waivers and their newly proposed expiration dates is included below.

Key Telehealth Provisions Proposed to be Extended

  • Geographic and Originating Site Flexibility:
    • Without another extension, beginning January 31, 2026, Medicare beneficiaries may only receive telehealth services in approved health care facilities in rural locations (outside of metropolitan statistical areas);
    • Note that the Social Security Act contains exceptions that would permit telehealth services at home (or other locations) for patients in specific circumstances approved by law or regulation, including patients being treated for: (1) symptoms of acute stroke; (2) substance use disorder; or (3) patients with mental health disorder; and (4) patients on home dialysis;
  • Expanded Practitioner Eligibility:
    • If the “cliff” is averted: Medicare patients would be allowed to receive care from approved Medicare-enrolled providers, which under the prior COVID-era waiver includes occupational therapists, physical therapists, speech-language pathologists, and audiologists;
    • If the “cliff” is not averted:  Medicare beneficiaries will lose access to telehealth services provided by PTs, Ots, SLPs, and audiologists, all of whom play a key role in rehabilitation;
  • Telehealth for FQHCs and RHCs:
    • If the “cliff” is averted: Federally qualified health centers (FQHCs) and rural health clinics (RHCs) would be allowed to continue providing telehealth services to patients in other locations;
  • Audio-Only Telehealth:
    • If the “cliff” is averted: Telehealth services could continue to be provided via audio-only communications systems;
    • If the “cliff” is not averted: Substantial limitation on coverage for audio-only services and providers must be technically capable of using audio-video technology;
  • In-Person Requirement for Mental Health Visits:
    • If the “cliff” is averted: Medicare patients may continue to receive mental health services from FQHCs and RHCs via telehealth;
    • If the “cliff” is averted: Medicare patients receiving services for the diagnosis, evaluation, or treatment of a mental health disorder may continue to do so without receiving in-person care;
      • If the “cliff” is not averted:  providers are required to furnish a Medicare-covered item to the beneficiary in-person at least six months prior to furnishing telehealth services. Additionally, the provider must furnish a Medicare-covered item in person at least once a year following each subsequent telehealth service. Note that the annual in-person follow-up requirement may be waived if the provider and beneficiary agree that the risks of receiving an in-person service outweigh the benefits; and
  • Telehealth for the Recertification of Hospice Care:
    • If the “cliff” is averted: Hospice physicians or nurse practitioners may continue having face-to-face encounters to recertify a patient’s eligibility to remain on hospice via telehealth.

With the expiration date for the existing telehealth waivers looming, health care organizations should prepare to comply with additional telehealth restrictions beginning on January 31, 2026, similar to the situation faced in October 2025. We will continue to closely monitor this issue and will provide additional updates as soon as they become available.

On January 14, 2026, Massachusetts Governor Maura Healey announced that the Division of Insurance (DOI) will be promulgating updates to its regulations with the intent of streamlining prior authorization practices for health insurance claims. According to the Governor, the DOI regulations “will reduce unnecessary delays and cut administrative burdens to make it easier, cheaper and faster for people to get the medications and care they need,” including by elimination of prior authorization requirements for routine and essential services.

The forthcoming regulations are likely to be issued by the DOI in the coming weeks and are expected to include:

  • Elimination of prior authorization requirements for routine and essential services, including for patients with diabetes related to any services, devices or drugs related to the chronic disease;
  • A 24-hour response timeframe for urgent prior authorization requests;
  • Continuity of care requirements for patients switching health plans, including honoring previously existing authorizations when a patient switches insurers;
  • Initiatives to increase transparency and reduce provider burden when determining if a prior authorization is necessary.

The announcement also included the establishment of a Health Care Affordability Working Group, composed of industry stakeholders, which will focus on identifying drivers of health care costs and issuing proposals to make health care more affordable in the commonwealth. These DOI regulations are just one of the anticipated legislative and regulatory initiatives in Massachusetts to address health care costs as the “health care industry spent $1.3 billion on administrative costs related to prior authorizations in 2023,” according to the Governor, citing a Council for Affordable Quality Healthcare report.

The forthcoming DOI regulations will be important to health care providers that participate in commercial or state administered health plans in Massachusetts and may lead to changes in existing prior authorization processes, including requiring updates to existing provider participation agreements. We will issue an update when the DOI regulations are released.  

This post was co-authored with Ivy Miller, legal intern at Robinson+Cole. Ivy is admitted to practice in Massachusetts.

The recent litigation concerning the government’s 340B Rebate Model Pilot Program (the Rebate Program), as further described below, took an unexpected turn as the federal government recently signaled that it intended to revise its approach to the Rebate Program. This change in strategy was previewed by the government in a letter filed with the Court on January 12, 2026—the deadline for briefing regarding the preliminary injunction—stating that the government was considering “returning the approvals challenged [in the lawsuit] to [the Health Resources and Services Administration] for reconsideration,” and that the parties “plan to dismiss the appeal in short order.” The government formally moved to dismiss its appeal on January 16, 2026, and the First Circuit dismissed the appeal on January 20, 2026.

By way of background, just three days before the Rebate Program was set to go into effect, a U.S. District Court issued a preliminary injunction blocking its implementation, which we previously wrote about here. The government swiftly appealed the preliminary injunction to the First Circuit, requesting an administrative stay of the District Court’s decision while the First Circuit deliberated on the preliminary injunction. The First Circuit declined to issue an administrative stay, finding that the federal government had “not carried its burden to justify a stay”—noting specifically that the government did not make a strong showing that it is likely to success on the merits and did not demonstrate that it would suffer irreparable injury should the Court decline to grant the stay. The Court agreed with the District Court’s findings that “the administrative record . . . is devoid of evidence that the federal government considered the hospitals’ significant reliance interests — a critical factor in the analysis of an arbitrary-and-capricious claim.” Absent the stay, the First Circuit requested further briefing on the appeal of the preliminary injunction.

As of this writing, the case will continue to move forward at the District Court level, as the parties have not yet submitted any filings to indicate otherwise, and the District Court’s preliminary injunction prohibiting implementation of the Rebate Program will remain in effect until that litigation is resolved. As discussed in our original post, under the 340B statute, the government can decide to use rebates, but may not bypass APA requirements when modifying the 340B program to implement those rebates. In issuing the preliminary injunction, the District Court indicated that, among other things, the government failed to provide a reasonable explanation for the costs and benefits of the program and the deviation from decades of industry reliance on upfront discounts. Therefore, if the government elects not to pursue reconsideration of the injunction in the First Circuit, the Rebate Pilot Program, as currently contemplated by the government, may not proceed until litigation at the District Court level concludes.

As noted by the District Court, the government would need to satisfy APA requirements to implement a rebate program under the 340B statute, including developing a full administrative record addressing the costs and benefits to the parties. However, it is unclear to what extent the government would incorporate commenters’ suggestions for managing 340B Covered Entities’ implementation costs, which include, for example, delaying the program’s start date to better equip Covered Entities to handle the increased administrative burden, implementing a dispute resolution mechanism that better protects 340B Covered Entities in the event that manufacturers fail to provide timely rebates, and limiting the scope of a future pilot program (as designed, the Rebate Program would apply to all 340B Covered Entities).

We will continue to monitor this litigation and developments concerning the Rebate Program.