On February 5, 2026, the Massachusetts Health Policy Commission (HPC) published proposed amendments to its Material Change regulations at 958 CMR 7.00 (the Proposed Amendments). Among other things, the Proposed Amendments broaden the HPC’s market review authority by subjecting more transactions to the HPC’s Material Change Notice (MCN) process and provide the HPC greater latitude to conduct Cost and Market Impact Reviews (CMIRs) of proposed transactions. Below, we summarize the background and timing for public hearing and adoption, and major provisions of the Proposed Amendments.

Background & Timing

In January 2025, Massachusetts enacted Chapter 343 of the Acts of 2024, “An Act Enhancing the Market Review Process” (the Act), which expanded the HPC’s health care market oversight role, including by authorizing the agency to review a wider range of transactions. The Act (which we discussed here) aimed to strengthen regulatory oversight of health care market transactions, conferring more authority not just on the HPC, but also on the Center for Health Information and Analysis (CHIA) and the Attorney General’s Office. The Act focuses on transactions involving private equity, pharmacy benefit managers, real estate investment trusts, and management service organizations, in order to expand the types of transactions subject to the MCN requirement.

The Proposed Amendments seek to codify a number of changes included in the HPC’s Bulletin HPC-2025-01 guidance that went into effect on April 8, 2025. The HPC’s Bulletin provided guidance to providers and provider organizations concerning implementation of the Act. The Bulletin included several new categories of transactions subject to the MCN requirement, new definitions affecting MCNs, as well as changes to the review process for MCNs. The Proposed Amendments are consistent with the Bulletin, with some additional clarifications, as described below. When adopted, the Proposed Amendments will supersede Bulletin HPC-2025-01.

The HPC will conduct a virtual public hearing on the Proposed Amendments at 1:00 PM on March 12, 2026. Interested parties are encouraged to submit either oral or written testimony and comments, and parties may request to provide live testimony during the hearing. The HPC will accept testimony and comments until 5:00 PM on March 20, 2026, and is expected to vote on the final adoption of the Proposed Amendments at its board meeting on April 16, 2026.

Proposed Amendments

The major provisions of the Proposed Amendments are as follows:

  1. New definitions: The Proposed Amendments add new definitions, including the following definitions allowing for regular adjustment of monetary filing thresholds by the HPC and establishing the type of investors now subject to the Act and any exceptions thereto:
    • MCN Filing Threshold and Revenue Increase Threshold: Current regulations apply MCN reporting requirements to providers/provider organizations with more than $25 million in Net Patient Service Revenue (NPSR) as well as to certain transactions that would result in an increase of more than $10 million in NPSR. The Proposed Amendments formally define these monetary thresholds, setting $25 million in NPSR as the “MCN Filing Threshold” (applicable to MCN reporting associated with clinical affiliations) and $10 million in NPSR the “Revenue Increase Threshold” (applicable to MCN reporting associated with mergers, acquisitions, certain other affiliations, and significant capacity increases). These monetary thresholds are subject to annual adjustment by the HPC.
    • Private Equity Company and Significant Equity Investor:
      • The Proposed Amendments newly define the term “Private Equity Company” in broad terms to refer to any entity that collects capital investments, however organized, and which purchases directly or through another owned or controlled entity, a direct or indirect ownership share of a provider, provider organization, or management services organization (MSO).
      • The Proposed Amendments separately define “Significant Equity Investor” as a Private Equity Company that holds—or would hold, following a proposed transaction—any financial interest in a provider, provider organization, or MSO; or any investor that holds—or would hold, following a proposed transaction—equity amounting to more than 10 percent of a provider, provider organization, or MSO.
      • Both defined terms include narrow exceptions for venture capital firms exclusively engaged in funding start-ups and early stage businesses; and Significant Equity Investors exclude individual licensed health care providers who practice medicine, dentistry or another health care profession as a full or partial owner of the provider or provider organization.
  2. Expanded scope of MCN-triggering transactions: The Proposed Amendments would clarify the scope of review for transactions currently subject to the MCN process. These transactions include:
    • Mergers or affiliations involving both a provider or provider organization and an insurance carrier, and acquisitions by an insurance carrier of a provider or provider organization (and vice versa).
    • Mergers with or acquisitions of hospitals or hospital systems, or of a provider or provider organization by a hospital or hospital system.
    • Mergers, acquisitions, or affiliations (including corporate affiliations, contracting affiliations, and employment of health care professionals) where: (a) the arrangement is between providers, or involves one of the following: a provider organization, an MSO that establishes contracts with insurance carriers or third-party administrators, or an entity that represents health care providers (including out-of-state providers) in contracting with payers for health care services; and (b) such arrangement would result in an increase in one party’s NPSR equal to or greater than the Revenue Increase Threshold (defined above), or in one party gaining a dominant market share (as such term is defined in these regulations) in a given service area or region.
    • Clinical affiliations between two or more providers or provider organizations that each have a NPSR greater than the MCN Filing Threshold. The Proposed Amendments specify arrangements that explicitly constitute clinical affiliations covered under this requirement, as follows: co-branding, co-located services, complete or substantial staffing of an acute hospital service line, funding EHR interconnectivity, regular and ongoing provision of telemedicine services, preferred provider relationships, and discount arrangements. The Proposed Amendments maintain the pre-existing exclusion for affiliations solely related to clinical trials or graduate medical education programs.
    • Any form of partnership, joint venture, accountable care organization, parent corporation, MSO, or other organizational structure created to administer contracts with insurance carriers, third party administrators, or other contractors.

The Proposed Amendments would also add new categories of transactions subject to MCN review:

  • Any significant increase to a provider or provider organization’s capacity, including:
    • Any increase to capacity that would trigger the Determination of Need (DoN) process due to a Substantial Capital Expenditure (as defined in the DoN regulations at 105 CMR 100.000) or any other basis meeting the monetary criteria for a Substantial Capital Expenditure, andAny increase to capacity that would result in an increase to the provider’s NPSR equal to or greater than the Revenue Increase Threshold (set at $10 million currently) based on expected revenue from the planned capacity (e.g., any increases to operational capacity that do not meet the DoN monetary thresholds for Substantial Capital Expenditures but will result in NPSR increasing at least $10 million).
  • Any transaction involving a Significant Equity Investor, including a Private Equity Company (as each are defined above), that results in a partial or complete change of ownership or control of a provider, provider organization, or MSO.
  • A significant acquisition, sale, or transfer of provider/provider organization assets, including real estate lease-backs involving the sale of real property used to deliver healthcare services.
  • Any conversion of a provider or provider organization from a non-profit entity to a for-profit entity.
  1. Additional CMIR authority: The Proposed Amendments would additionally allow the HPC to conduct a CMIR if a proposed material change is “likely to have a significant impact” on the competitive market or on the Commonwealth’s ability to meet its financial goals pursuant to the Health Care Cost Growth Benchmark, a metric for cost containment established and updated annually by the HPC. The Proposed Amendments would also give the HPC discretion to conduct a CMIR on any provider organization that exceeded the Health Care Cost Growth Benchmark in the previous year, as reported by CHIA.
  2. Expanded review and enforcement authority relevant to the MCN and CMIR processes: Under the Proposed Amendments, the HPC would have expanded authority to request information from parties to a transaction and certain other market participants. While the authority to request documents and other materials is not new, the Proposed Amendments add Significant Equity Investors to those from whom information may be requested, including information about the entity’s capital structure, general financial condition, ownership and management, and audited financial statements. HPC may also request information from payers related to a particular MCN.
  3. Post-transaction review of material changes: The Proposed Amendments would allow the HPC to conduct post-transaction reviews of material changes for up to five years, at its discretion. Under its post-transaction review authority, the HPC would be able to require parties to a material change to submit any data and information it deems necessary to assess the post-transaction impacts, and to make referrals to the Attorney General or other state or federal agencies as appropriate.

Key Takeaways

For health care organizations, the Proposed Amendments reinforce the significantly expanded authority of the HPC to oversee healthcare market transactions and arrangements, and will require close vetting to ensure future transactions and arrangements are appropriately reported. The Proposed Amendments also shed light on how the HPC might exercise its authority to review transactions, particularly those transactions involving private equity investors and MSOs, and those meeting certain financial thresholds. Stakeholders are encouraged to provide public comments on the Proposed Amendments as soon as practicable, and before March 20, 2026, in order to be heard prior to the HPC’s vote on the Proposed Amendments. We will continue to monitor the HPC’s rulemaking and guidance, as well as its implementation of the Proposed Amendments (once approved) and any resulting changes to the MCN process.

The Consolidated Appropriations Act of 2026, HR 7148 (the Act), just signed into law on February 3, 2026, ended a brief government shutdown and includes multiple provisions with a critical impact on health care organizations. We have previously covered the Act’s renewal and extension through 2027 of COVID-era Medicare telehealth flexibilities and its revisions to pending rate cuts and reporting deadlines for certain clinical laboratories.

Health care organizations should be aware of another section of the Act that newly imposes mandatory attestation and National Provider Identifier (NPI) requirements on off-campus outpatient departments of Medicare-enrolled hospitals (i.e., HOPD(s)) by January 1, 2028. This new requirement is likely to pose a significant compliance burden and may foreshadow additional scrutiny on off-campus hospital sites of outpatient services.

HOPDs: Attestation and NPI Requirements

Subject to specific regulatory conditions, departments of a Medicare-enrolled hospital provider that are “off campus,” i.e., generally more than 250 yards from the provider’s main campus or a remote location, are allowed to bill as provider-based departments of the hospital. For many years, whether a particular off-campus location met all regulatory requirements for provider-based status was the subject of an honor system for Medicare enrollment purposes, with organizations having the option to submit an attestation of provider-based status to the Centers for Medicare and Medicaid Services (CMS) (through the assigned CMS Medicare Administrative Contractor). These submissions were voluntary and offered the advantage of potentially reducing liability for overpayments if a location was determined not to meet the applicable requirements, but not all hospitals elected to submit them for their HOPDs.

Now, § 6225 of the Act removes the previous optionality by imposing two additional requirements for off-campus outpatient departments of a hospital to continue receiving payment from Medicare for services furnished as provider-based on or after January 1, 2028:

  1. Attestation. Under the Act, each off-campus HOPD location must now submit an attestation of compliance with the provider-based regulatory requirements. The provider (i.e., main hospital) of an off-campus department must submit an initial attestation for existing departments before January 1, 2028. Providers must also submit subsequent attestations according to a timeframe and process to be determined by the Secretary of the Department of Health and Human Services (DHHS) through future regulations. Initial attestations will also be subject to the DHHS’ future process, but the statute permits providers to use the current attestation process for the initial attestation until the new process has been established. The uncertain regulatory process and timing for new attestation requirements in advance of the January 1, 2028, deadline creates additional uncertainty for hospitals nationwide.
  2. NPI. Starting January 1, 2028, each off-campus provider-based department must obtain and bill under its own NPI number rather than continue to bill under its provider’s NPI number.

Assessing and Strengthening Departmental and Provider Regulatory Compliance

Providers should assess whether their current off-campus department locations independently meet all applicable CMS regulatory requirements. Of note, certain Medicare Administrative Contractors offer checklists that can be used to compare against current provider-based status requirements, but organizations would also be well-advised to anticipate additional guidance from CMS.

Preparing for Enhanced Government Scrutiny

The Act directs DHHS to engage in rulemaking to determine the methods to review and determine compliance with the NPI and attestation requirements. Although site visits and remote audits are cited as potential methods for verifying compliance, the Act gives DHHS discretion to use other means “as determined appropriate.” This directive, in combination with the upcoming NPI requirement, may indicate a broader trend toward increased scrutiny of providers and more dynamic enforcement in the future. Providers should proactively prepare for potential investigations and ensure their attestations continue to be comprehensive and defensible, minimizing the risk of enforcement actions as the standards continue to evolve.

On February 17, 2026, the Health Resources and Services Administration (HRSA) issued a Request for Information (RFI) regarding the use of rebates within the 340B Program. After an unsuccessful first attempt at deploying a rebate model late last year (as we previously wrote about here and here), HRSA is now seeking “input from interested parties regarding the potential use of rebates” by drug manufacturers, “including the standards and procedures” that HRSA should use in implementing rebates for purchases of certain drugs by 340B hospitals and other providers.

Background and Precipitating Litigation

Under HRSA’s 340B Program, drug manufacturers must sell their products to certain safety-net health care providers at a discount, also known as the 340B ceiling price. Until last year, HRSA’s decades-long practice had been to require that discounts be offered to providers upfront (i.e., applied to the purchase price for the product). But in August 2025, HRSA proposed to change course starting in 2026, launching a 340B Rebate Model Pilot Program (the “Rebate Program”), under which qualifying drug manufacturers could charge 340B covered entities a higher price upfront and offer the difference between that price and the 340B ceiling price as a rebate.

The initial rollout of the Rebate Program prompted litigation. In December 2025, several trade groups and safety-net providers sued the federal government, alleging that the Rebate Program’s launch bypassed certain requirements under the federal Administrative Procedure Act (APA), including by failing to reasonably explain the basis and design of the Rebate Program. As we wrote about here and here, the Rebate Program was put on pause pursuant to a preliminary injunction just three days before it was set to begin, and the District Court ultimately granted the parties’ joint motion to vacate and remand the Rebate Program back to HRSA for reconsideration.

HRSA’s Request for Information

The RFI, published promptly following conclusion of the suit described above, shows HRSA’s continued interest in implementing a rebate program that is “in the public’s interest” for 340B drug purchases. Importantly, the RFI invites comments by stakeholders on a wide range of issues, including:

  • “[A]dministrative, operational, financial, and medication access concerns” that rebates may cause;
  • Whether and to what extent 340B covered entities have “reasonable . . . reliance interests” in maintaining an upfront discount structure;
  • Cash-flow implications of rebate payment timing for 340B covered entities; and
  • Any “proposed alternatives and scope-limiting measures” that may “promote the integrity of the 340B Program” and avoid issues with duplicate discounts, particularly in light of the Medicare Drug Price Negotiation Program’s launch on January 1, 2026.

To inform these priorities, HRSA asks for detailed and specific information from stakeholders. Such information includes current and projected costs of upfront versus rebate discounts, how stakeholders interact with contract pharmacies and third-party vendors, and what data collection practices stakeholders use. HRSA also asks commenters to weigh in on balancing concerns from stakeholders “across the continuum of the drug supply chain,” how to gather and generate data for future analysis, and how to promote transparency within the rebate model.

Key Takeaways

In its RFI, HRSA appears set on addressing the Rebate Program deficiencies under the APA as identified in the litigation mentioned above – affirming its intention to “undertak[e] a methodical and deliberate approach” in crafting a new rebate model, including “analyzing the comments received prior to pursuing the implementation” of a new rebate model.

HRSA will be accepting comments on the RFI until March 19, 2026. Covered entities under the 340B Program and other stakeholders are encouraged to comment reflecting their organizations’ experiences, challenges, and cost estimates in response to the specific questions above.

We will continue to monitor the comments and the future of rebates under the 340B Program.

This post was co-authored by Paul Palma, legal intern at Robinson+Cole. Paul is not admitted to practice law.

On February 3, 2026, President Trump signed HR 7148, the Consolidated Appropriations Act, 2026 (“the Act”) ending the 4-day partial government shutdown. The Act, part of a broader fiscal year (FY) 2026 spending package, includes a further extension of Medicare telehealth flexibilities that recently expired on January 31, 2026. Originally introduced as temporary pandemic-era measures, these telehealth policies have been repeatedly sustained through short term legislative extensions. Here’s what the latest development means for the future of telehealth care.

Medicare Telehealth Flexibilities Extended by the Act

  • Geographic and Originating Site flexibilities: Medicare beneficiaries may continue to receive telehealth services in any location through December 31, 2027.
  • Expanded Practitioner Eligibility: Occupational therapists, physical therapists, speech-language pathologists, and audiologists may continue providing Medicare-covered services via telehealth through December 31, 2027.
  • Telehealth for FQHCs and RHCs: Federally qualified health centers (FQHCs) and rural health clinics (RHCs) may continue providing telehealth services through December 31, 2027, including the provision of mental health visits via telehealth to Medicare beneficiaries without needing to meet annual in-person service requirements.
  • Audio-Only Telehealth: Telehealth services can continue to be provided via audio-only communications systems through December 31,2027.
  • In-Person Requirement for Mental Health Visits: Medicare patients receiving services for the diagnosis, evaluation, or treatment of a mental health disorder via telehealth may continue to do so without having received a Medicare-covered in person item or service through January 1, 2028.
  • Telehealth for the Recertification of Hospice Care: Hospice physicians and nurse practitioners may continue having face-to-face encounters to recertify a patient’s eligibility to remain on hospice via telehealth through December 31,2027.

While this bill once again provides temporary relief for telehealth services, Congress is currently considering legislation that would make the current telehealth flexibilities permanent. Notably, H.R. 4206 and S. 1261, the house and senate versions of the CONNECT for Health Act of 2025, were introduced in early 2025. Although progress on those bills has been limited since their introduction, they continue to enjoy strong bipartisan back with H.R. 4206 obtaining 212 cosponsors and S. 1261 obtaining 71 co-sponsors. We will continue to monitor the progress of these and other telehealth related bills and provide updates as they arise.

After uncertainty over the last few months, the last few weeks saw potential changes to the Protecting Access to Medicare Act of 2014 (PAMA) under section 6226 of the Consolidated Appropriations Act of 2026. On January 20, 2026, the House Appropriations Committee released the Consolidated Appropriations Act 2026, which included several healthcare extenders, among them revisions to the upcoming PAMA rate cuts and reporting deadlines. The Senate passed the bill on January 30, 2026, and went back to the House on February 3, 2026, at which point it has been set for President Trump’s signature.  

First, there are no additional Clinical Laboratory Fee Schedule (CLFS) rate cuts scheduled for 2026.  The act then extends the phase-in of the rate reductions for an additional year, delaying this until 2027, 2028, and 2029. The act also updates the data collection period to use 2025 rather than 2019 data, and shifts the reporting period to May 1, 2026, through July 31, 2026. 

While there is still possibility around the Reforming and Enhancing Sustainable Updates to Laboratory Testing Services Act (RESULTS) which was introduced in September 2025, it has not yet passed. As such, laboratories must prepare for PAMA with the changes implemented by the passage of the Continuing Resolution.

PAMA requires independent, hospital outreach, and physician office laboratories to report private payor rate information and volumes every three years (or annually for Advance Diagnostic Laboratory Tests). CMS used this data to calculate rates under the Clinical Laboratory Fee Schedule (CLFS) to align Medicare payment with commercial market rates by developing a weighted median of the reported private payor rates. Due to underreporting (less than one percent of all laboratories reported data) and underrepresentation of key segments such as hospital outreach and physician office labs, the initial reporting cycle resulted in steeper payment cuts between 2018 and 2020 for laboratories than anticipated. Current rates are based on 2016 data that was reported in 2017. Congress has postponed reporting six times, and with the passage of the CR, the next reporting cycle will be May 1, 2026, through July 31, 2026, resetting the time period for applicable data and relieving labs from the burden (or near impossibility) of reporting 2019 data.

What you need to know about PAMA

Who must report?

“Applicable laboratories” must report private payor rates to CMS. Applicable laboratory means a laboratory under 42 C.F.R. § 493.2 (the Clinical Laboratory Improvement Amendments definition of a laboratory) that:

  • Bills Medicare Part B under its own NPI or for hospital outreach laboratories, bills Medicare Part B on the Form CMS-1450 under type of bill (TOB) 14x;
  • Meets the “majority of Medicare revenue” threshold in a data collection period. Meaning that the laboratory receives more than 50% of its Medicare revenue (Parts A, B, & D including any applicable co-pays/deductibles) under the CLFS and/or Medicare Physician Fee Schedule; and
  • Receives at least $12,500 in CLFS revenue during the data collection period.

Entities that do not meet the definition of “applicable laboratory” are not permitted to report.

Who is a private payor?

A private payor includes any of the following:

  • A health insurance issuer as defined in § 2791(b)(2) of the Public Health Service (PHS) Act;
  • A group health plan as defined in § 2791(a)(1) of the PHS Act;
  • A Medicare Advantage Plan under Part C as defined in § 1859(b)(1) of the Social Security Act (SSA); or
  • A Medicaid Managed Care Organization as defined in § 1903(m) of the SSA.

What is reported?

An applicable laboratory must collect and report “applicable information” received during the data collection period for each laboratory test code subject to the data collection requirements.

Applicable information includes: 1) the specific Healthcare Common Procedure Coding System (HCPCS) code for the test; 2) each private payor rate for which final payment has been made during the data collection period; and 3) the associated volume tests performed for each private payor rate.

“Zero dollars,” payments that cannot be identified at the HCPCS level (i.e., bundled payments), payments that were under appeal during the data collection period, and tests billed with miscellaneous/NOC code are not to be reported.

How to report?

CMS has released a list of applicable HCPCS codes that are subject to PAMA’s data reporting and collection requirements. Additionally, CMS has released a spreadsheet template that an applicable laboratory may use to collect and report the applicable information for each test subject to reporting. The spreadsheet includes information on the HCPCS code, payment rate, volume at the payment rate, and NPI. This spreadsheet may be uploaded to the CMS Enterprise Portal.

What happens if an applicable laboratory fails to report?

If the Secretary determines that an applicable laboratory has failed to report or has made a misrepresentation or omission of reporting information, the Secretary may apply a civil monetary penalty of up to $10,000 per day for each failure to report or each misrepresentation or omission.

Beyond civil money penalties, failure to accurately report can negatively impact the weighted median of private payor rates leading to disproportionate CLFS rate cuts.

Important Dates

Data Reporting Period: May 1 – July 31, 2026

With the reporting period fast approaching, laboratories should determine whether they are an applicable laboratory and begin preparing the required 2025 private payor data carefully. As the reporting period approaches, CMS plans to issue additional fact sheets to assist labs in the data submission. Laboratories may want to consider consulting with knowledgeable legal counsel to ensure compliance and strategy alignment.

February 16, 2026, is the deadline for each HIPAA covered entity to update its Notice of Privacy Practices (NPP) to incorporate new regulatory requirements enacted in 2024. Specifically, HIPAA-covered entities (including health care providers and health plans) are required to review and revise their NPPs as necessary to ensure compliance with a 2024 federal rulemaking related to records of treatment and referral for substance use disorder services under 42 C.F.R. Part 2 (Part 2 Records). 

We previously discussed the 2024 Part 2 Records regulatory changes here, and the HIPAA regulatory rule addressing NPP updates and reproductive health care here (note that the reproductive health care regulations were subsequently vacated, as discussed here, but the NPP changes were upheld).

Accordingly, by February 16, 2026, HIPAA-covered entities are obligated to update NPPs to address the protections afforded to Part 2 Records that may be created, received, or disclosed by HIPAA covered entities (including those who may have Part 2 programs as components of their organization). The required changes include, without limitation:

  • For uses or disclosures that are prohibited or materially limited by Part 2, the NPP description of such use or disclosure must reflect the more stringent legal requirement;
  • NPPs must include a statement to put individuals on notice of the potential that, once information is disclosed pursuant to the NPP, it may be subject to redisclosure by the recipient and no longer subject to HIPAA protection;
  • NPPs must explain that Part 2 Records may now be used or disclosed pursuant to a single consent for treatment, payment, and health care operations purposes consistent with HIPAA (but subject to limited exceptions);
  • NPPs must add a statement indicating that Part 2 Records (and testimony regarding such Records) cannot be used or disclosed in civil, criminal administrative or legislative proceedings without individual written consent, or pursuant to a court order after notice and an opportunity to be heard is given to the individual or the holder of the Records, and any such court order must be accompanied by a subpoena or other legal requirement compelling disclosure before the Records can be used or disclosed; and
  • NPPs must explain that, for covered entities that create or maintain Part 2 Records and intended to use such Records for fundraising purposes, each individual patient must be given the opportunity to opt out of fundraising communications in advance.

Now is the time for all HIPAA covered entities to review and confirm that their NPPs comply with federal law and, if not, to reach out to advisors to make the necessary changes. We are available to assist covered entities with all matters related to HIPAA, including NPP drafting and compliance.

This post was co-authored by Paul Palma, legal intern at Robinson+Cole. Paul is not admitted to practice law.

Introduction

On January 28, 2026, the U.S. Department of Health and Human Services Office of Inspector General (OIG) released a new report analyzing Medicare Part B (Part B) spending on laboratory tests in 2024. The Protecting Access to Medicare Act of 2014 (PAMA) requires OIG to publish an annual report detailing the top 25 clinical lab tests by expenditure. Each year, OIG evaluates Part B claims data for tests covered under the clinical laboratory fee schedule (CLFS). Below is a breakdown of the key trends highlighted in the 2024 report. Most notably, 2024 showed a significant rise in genetic and infectious Polymerase Chain Reaction (PCR) disease testing. 

Overall Part B Spending and Enrollment

Part B spending on clinical laboratory tests reached a peak of $7.9 billion in 2021 during the COVID-19 public health emergency, then declined to $7.8 billion by 2023. In a notable shift, spending rose again in 2024, increasing 5% to $8.4 billion, despite there being no changes to the CLFS since 2020.

Strikingly, while overall spending increased, the number of Part B enrollees receiving lab tests fell by 15%, dropping from 27.7 million in 2018 to 23.4 million in 2024. According to OIG, this decline may reflect a broader migration of beneficiaries from Medicare Part B to Medicare Advantage (Part C) enrollment.

“Genetic” Testing Continues to Rise

The OIG report broadly defines “genetic” testing to include: (a) analysis of genetic material to monitor for genetic variations, mutations or other markers associated with disease or hereditary risk; and (b) analysis of genetic material from pathogens for bacteria or viruses. With the industry seeing an increase of PCR testing for infectious disease and detailed genetic antibiotic resistance testing, Medicare spending significantly increased in 2024.

Historically, spending on non-genetic tests such as complete blood counts, metabolic panels, lipid panels, and thyroid tests have far exceeded spending on genetic tests relating to conditions such as cancer, fungal infection, and epilepsy. In 2018, genetic testing accounted for 18% of Part B spending on laboratory tests while 82% went to non-genetic tests.  By 2024, that gap had significantly narrowed with 43% of Part B spending on laboratory tests attributed to genetic testing compared to 57% for non-genetic testing. Over just one year (from 2023 to 2024), Part B spending on genetic testing increased by 20% from $3 billion to $3.6 billion.

Utilization trends reflect this same shift. In 2018, 2.4 million Part B enrollees received at least one genetic test, out of the seven million total genetic tests performed that year. By 2024, the number of enrollees receiving at least one genetic test increased by 85% to 4.5 million while the total number of genetic tests performed that year increased by 160% to 18 million. In 2024, the average Part B enrollee received four genetic tests at a cost of $794 per enrollee, and 16 non-genetic tests at a cost of $207 per enrollee.

In 2024, genetic testing related to infectious disease totaled $1.4 billion, up from $1.2 billion in 2023, and hereditary/disease genetic testing increased from $1.8 billion in 2023 to $2.2 billion in 2024. In 2024, a total of 346 laboratories received over $1M in reimbursement for “genetic” testing. Among them, 55 received over $10M in reimbursement for genetic testing.

Top 25 Lab Tests

So, now ranking at the top of the chart of all tests paid under Part B spending is CPT 87798 for infectious disease. Also ranking in the top 15 is CPT 87481. 

The top 25 lab tests accounted for $4.1 billion, nearly 50% of all Part B laboratory spending in 2024. Among these, ten were genetic/PCR infectious disease tests, totaling $1.5 billion in Part B spending, while the remaining 15 were non-genetic tests totaling $2.6 billion in Part B spending. Notably, six of the ten genetic tests in 2024 showed at least a 30% increase in Part B spending compared to 2023. The OIG report focused on the fact that the average amount that Medicare Part B paid per enrollee for “genetic” tests approached $800, a 26% increase since 2023. Some of the largest growth was seen for tests billed under procedure CPT 87798, which reached $443 million in Part B spending, representing a 51% increase between 2023 and 2024.

Takeaways

The 2024 OIG report provides context for the increase in audits around the primarily used codes for infectious disease testing of 87798 and 87481. It also highlights the fact that genetic and PCR infectious disease testing is reshaping the Medicare Part B laboratory spending landscape. These types of testing, once a small share of the Part B landscape, now accounts for nearly half of all spending and continues to grow at a significant rate year after year. The impact of genetic and PCR infectious disease testing on Part B spending is highlighted by the increase in costs despite the decreased utilization.  

Laboratories should recognize that genetic and PCR infectious disease testing has become a central driver of Part B costs which is resulting in a shift of audits and likely enforcement priorities by OIG to ensure that labs performing this type of testing are remaining compliant with all Medicare billing policies.

Plaintiffs’ firms are adapting the California Invasion of Privacy Act (CIPA), a 1960s-era wiretapping statute, to modern web technologies such as pixels, chatbots, and session replay tools. For laboratories, the practical problem is not only the legal uncertainty, but also that small website implementation details, including when tags fire, what free-text inputs are captured, and what vendors are allowed to do with the collected data, can drive massive exposure, including class actions and arbitrations.

CIPA prohibits the intentional eavesdropping on, or recording of, confidential communications without the consent of all parties. Although the law was drafted for telephone calls and physical recording devices, plaintiffs’ attorneys are using it to challenge modern digital engagement tooling on laboratory websites. In practice, complaints often try to characterize routine patient web interactions as “confidential communications,” then allege that third-party tools captured, or received, those communications without proper consent. The exposure can scale quickly because CIPA provides for statutory damages of up to $5,000 per violation and each alleged interception can be pleaded as a separate violation.

Major diagnostic laboratories have been targeted by class actions alleging that third-party tracking pixels “intercept” patient communications without consent. Plaintiffs are increasingly alleging that routine web tracking tools, including cookies and IP tracking beacons, function as illegal “pen registers” or “trap and trace” devices. The practical effect is that plaintiffs focus on routing data such as IP addresses and device IDs, not just substantive content.

However, courts are divided. Some courts have rejected the theory that routine analytics function as criminal pen registers, while others have allowed the plaintiffs to overcome a motion to dismiss. Even with some favorable decisions, there is still a split amongst jurisdictions that creates uncertainty.

Additionally, there is a big increase in claims focusing on on-site search bar functionality. The allegation is that a user’s test inquiry, for example “HIV test” or “cancer screening,” is a confidential communication and that trackers share it with third parties. Further, there is another trend in these CIPA allegations that, as laboratories adopt AI chats for service and navigation, plaintiffs are filing claims alleging that AI systems “listen” to or repurpose patient inputs without consent.

Although CIPA is a California statute, plaintiffs are filing against laboratories with limited California connections beyond having websites accessible to California residents. To combat these claims—and avoid them entirely—laboratories should consider adding robust consent banners with true pre-consent blocking of tracking technologies (especially for California-based IP addresses). Additionally, laboratories can update website privacy policy disclosures to clearly describe what is being tracked, why it is collected, and which third parties receive it. In these cases, plaintiffs often quote privacy language against defendants. Misalignment between disclosures and tag behavior creates unnecessary risk.

For now, we’ll continue to track plaintiffs’ investment in pen register and trap-and-trace theories, focus on search terms in URLs, and expanded scrutiny of AI chat deployments. We’ll also continue to watch whether legislative activity reemerges after the failure of California’s SB 690 in 2025, but it is unlikely that any relief will take effect until at least 2027.

In the meantime, laboratories can reduce CIPA exposure by treating web data flows as a compliance issue, not just a marketing or IT function. A practical 2026 playbook is to inventory every tag and vendor on patient-facing pages, minimize or disable collection of free-text inputs and search terms, confirm that chat tools are configured to avoid sharing or retaining sensitive content, and implement consent that actually controls when third-party technologies load. Aligning real-world site behavior with privacy disclosures, and documenting those controls through periodic technical testing, will put laboratories in the best position to prevent claims and, if you receive a complaint, to quickly demonstrate that no “confidential communications” were intercepted without consent as these theories continue to evolve.

The Eliminating Kickbacks in Recovery Act (EKRA), enacted in 2018 as part of the SUPPORT Act, established a criminal statute prohibiting payments for patient referrals related to recovery homes, clinical treatment facilities, and laboratories. EKRA mostly mirrors the Anti-Kickback Statute (AKS) but extends its reach to commercial health insurance as well as federal programs like Medicare and Medicaid. Despite limited regulations and slow enforcement, some guidance emerged in 2025, though significant questions remain unresolved.

National Fraud Takedown and EKRA

EKRA drew some attention but generally remained a secondary focus. That changed in 2025, when an increase in allegations and indictments for EKRA violations occurred. During the 2025 National Fraud Takedown, several cases involved alleged breaches of both EKRA and the AKS. Kimberly Mable Sims, owner of a laboratory company, Francine Sims Super, office manager at a substance abuse treatment facility in North Carolina, and Keke Komeko Johnson, the Compliance Officer, were all indicted. In addition to accusations about gift cards, it was claimed that the substance abuse clinic routinely sent orders to Sims’s lab, which then performed urine drug tests on its patients and billed Medicaid. Allegedly, employees at the treatment center received kickbacks from the lab, while profits from referred specimens were equally split among the office manager, lab owner, and a biller. Earlier in 2025, Sims admitted guilt for EKRA violations. On August 25, 2025, Johnson and Super also pleaded guilty to paying kickbacks, resulting in a six-year sentence for Super.

Ninth Circuit Clarifies EKRA

In July 2025, in United States v. Schena, No. 23-2989 (9th Cir. July 11, 2025), the Court of Appeals for the Ninth Circuit upheld Mark Schena’s conviction for violating EKRA. Schena, who owned a laboratory, had paid marketing intermediaries to encourage referrals for questionable allergy tests. During the original trial, there was disagreement between Schena and the Department of Justice (DOJ) over how EKRA should be interpreted, particularly regarding whether the district court had correctly applied EKRA in S&G Labs Hawaii, LLC v. Graves, No. 1:2019cv00310 (D. Haw. 2021), aff’d, No. 24-823 (9th Cir. Jul 11, 2025) (unpublished).

The Ninth Circuit panel considered two main issues: (1) whether marketing intermediaries were covered by 18 USC § 220(a)(2)(A); and (2) if payments to these intermediaries constituted “inducement” under EKRA. The court concluded that marketing intermediaries who interact with ordering providers can fall under EKRA, further clarifying that payments do not have to go directly to the provider to violate EKRA. Finally, the court addressed the confusion created by the district court’s  interpretation of EKRA was incorrect in S&G Labs Hawaii and realigned the Ninth Circuit’s reading of EKRA with other circuits’ approaches to the AKS.

Regarding what “to induce” a referral means, the Ninth Circuit found that simply paying percentage-based compensation is not automatically a violation of EKRA. There must be intent to improperly influence providers’ referrals through false or fraudulent means. However, the court did not define exactly which situations would show wrongful attempts to sway medical professionals’ decisions.

The case isn’t finished yet. Mark Schena has asked the United States Supreme Court to determine whether paying healthcare marketers a commission counts as “remuneration…to induce a referral” under EKRA. The Supreme Court has not yet decided whether it will hear the case.

Other Notable EKRA cases

A relator brought a False Claims Act case against a laboratory consortium of four interrelated companies (one investment firm and three executive), but the government declined to intervene.  The relator has proceeded with the case, and the amended complaint alleges violations of the False Claims Act based, in part, on violations of EKRA and the AKS. It is alleged that the laboratory consortium paid sales representatives based on the volume and profitability of laboratory testing specimens based on a percentage of its reimbursement. 

The laboratory consortium argued:

[U]nder Fifth Circuit precedent, Thompson’s allegations that defendants paid sales representatives volume- and profitability-based commissions is insufficient to plead a violation of the AKS and the EKRA, and Thompson must allege instead that the sales representatives improperly influenced the clinicians who sent samples to Apollo Labs and Arbor, such as by paying them a kickback or substituting their own judgment for that of the clinician.

U.S. ex. rel Thompson v. Apollo Path LLC, No. 3:20-cv-02917, Dkt. 77, at 8 (N.D. Tex. Mar. 5, 2025). The court agreed, relying on U.S. v. Marchetti¸ 96 F.4th 818(5th Cir. 2024), and stated:

In sum, a defendant’s payments to a third party to procure referrals from clinicians are made with the intent “to induce referrals” within the meaning of the AKS and the EKRA when there is evidence that the defendant intended for the third party to improperly influence the clinicians. Examples of improper influence include exploiting personal access and making the final decision about patient care.

Id. at 14. In April 2025, the Court dismissed both the federal and state law claims. Id., Dkt. 94 (Apr. 30, 2025).

Throughout 2025, there have been several indictments involving EKRA that have not necessarily involved laboratories but have been focused on substance abuse facilities, brokers, and marketing for sober homes and substance abuse facilities. A number of these actions are focused on California. See, e.g., United States v. Patton, No. 2:25-cr-00489 (C.D. Cal. June 17, 2025) (owner of a marketing company was indicted for allegedly referring patients with commercial health insurance to substance abuse treatment facilities); United States v. Mahoney, No. 8:21-cr-00183 (C.D. Cal. Mar. 21, 2025) (owner of addiction treatment facility sentenced to 41 months for violating EKRA) (appeal filed Mar. 2025); United States v. Simons, No. 3:25-cr-02444 (S.D. Cal. June 18, 2025) (CEO of multiple substance use disorder treatment facilities and sober homes was indicted for allegedly paying entities for marketing services).  Each of these focus on payment that varies based on referral quotas, a lesson that can be instructive for clinical laboratories navigating EKRA too. 

Conclusion

These recent developments in EKRA enforcement and judicial interpretation highlight the statute’s evolving scope and its increasing impact on laboratories, substance abuse facilities, and associated marketing practices.

  • New Jersey expanded its patient brokering act to revise the law to specifically address substance user disorder treatment facilities and clinical laboratories. (Approved P.L. 2025, c.121).
  • The Ninth Circuit clarified that EKRA can apply to payments made to sales representatives and that intent plays a critical role in determining whether such payments constitute improper inducement. However, Schena applied for certiorari at the Supreme Court.
  • Texas dismissed a False Claims Act focusing on the lack of allegations regarding improper influence.

Ultimately, the trajectory of recent cases signals that both regulators and courts are committed to upholding the integrity of clinical decision-making and preventing undue influence through financial incentives.

This post was co-authored by Paul Palma, legal intern at Robinson+Cole. Paul is not admitted to practice law.

The final quarter of 2025 saw continued enforcement actions against clinical labs and other related healthcare entities. The Office of Inspector General (OIG) and Department of Justice (DOJ) heavily focused on False Claims Act (FCA) violations, Anti-Kickback Statute (AKS) violations, conspiracies, and COVID-19 related fraud. Below are highlights of these enforcement actions.

Across Q4 2025, federal enforcement actions against clinical laboratories and related entities reflected consistent patterns of fraudulent genetic testing schemes, kickback arrangements, telemarketing‑driven referrals, and billing misconduct. Many cases involved medically unnecessary cancer genetic (CGx) and respiratory pathogen panel (RPP) testing, often ordered without patient contact, physician-patient relationships or proper clinical oversight. Enforcement also targeted laboratories that concealed ownership, shifted billing to evade scrutiny, or paid marketers, recruiters, and physicians to induce referrals. The DOJ and OIG continued to pursue individuals and entities that exploited Medicare beneficiaries—particularly older adults—through telemarketing campaigns, data harvesting, and fraudulent COVID‑19 test claims. Collectively, these actions underscore the government’s intensified focus on schemes that capitalize on vulnerable patient populations and exploit gaps in laboratory oversight. Enforcement agencies are also scrutinizing financial arrangements that mask kickbacks—whether framed as consulting fees, MSAs, or commission‑based compensation—as well as billing practices designed to maximize reimbursement through unbundling or duplicative claims

Case Highlights

  • On October 23, 2025, a New York doctor was sentenced to seven years in prison for participating in a scheme where he ordered CGx and other laboratory tests despite never treating, speaking to, or examining the patients in exchange for kickbacks. Specifically, he ordered CGx testing on Medicare beneficiaries who attended COVID-19 testing events at assisted living facilities, adult day care centers and retirement communities.
  • On October 23, 2025, a lab owner that operated several laboratories out of Louisiana and Texas was sentenced to ten years in prison for orchestrating a scheme in which he conspired with telemarketers and call centers who implemented aggressive campaigns to induce beneficiaries to receive CGx and cardiovascular genetic testing. The orders were then signed by purported telehealth physicians who did not consult with, treat, or follow up with the beneficiaries receiving the testing. The owner also shifted billing between laboratories to evade scrutiny from Medicare and concealed ownership and control of the laboratories.
  • On October 29, 2025, a clinical laboratory self-disclosed conduct and agreed to pay $85,000 for allegedly employing an excluded individual in violation of the Civil Monetary Penalties Law.
  • On November 13, 2025, the owners of a telemarketing company were sentenced for their roles in a CGx testing fraud scheme where they targeted and steered Medicare beneficiaries to labs where they would receive medically unnecessary testing. Additionally, during a pending criminal case for genetic testing fraud, one of the owners opened a clinical laboratory and disguised his ownership of the laboratory.
  • On November 17, 2025, an urgent care clinic agreed to pay $2.8 million to settle claims that they allegedly “unbundled” respiratory and urinary tract infection panel tests and billed for each individual component separately resulting in overbilling to federal health care programs.
  • On November 20, 2025, the owner of two clinical laboratories pleaded guilty to one count of wire fraud for a scheme in which he paid his co-conspirators kickbacks to obtain the Medicare numbers and identifiers of patients without their consent. The lab owner then used the information to submit Medicare claims for COVID-19 test kits which were sent to patients who had not requested them. The owner also persisted after patients called stating that they had not requested the test kits.
  • On November 20, 2025, a diagnostic laboratory agreed to pay $1.635 million to resolve allegations that the lab submitted claims for RPPs which were obtained through kickbacks or were medically unnecessary in violation of the FCA and AKS. More specifically, the government alleged that the lab entered into a Marketing Services Agreement (MSA) in which they paid a purported infection prevention company between $4,000 and $4,500 per facility per month for marketing and management services when, in reality, the MSA was a way to cover-up payments for laboratory referrals. Further, the laboratory allegedly combined RPPs with COVID-19 tests when facilities were only seeking COVID-19 tests.
  • On November 24, 2025, it was announced that a diagnostic laboratory agreed to pay over $9.6 million to resolve allegations that it violated the FCA and AKS by submitting claims for RPPs that were medically unnecessary or obtained through kickbacks and by paying commissions to sales and marketing representatives based on volume or value of lab referrals which were later billed to Medicare.
  • On December 2, 2025, a Georgia man was sentenced to 46 months in prison and ordered to pay $7.2 million in restitution for engaging in a scheme where he instructed recruiters to convince Medicare beneficiaries to accept medically unnecessary genetic testing. As part of the scheme, he created sham invoices documenting fabricated numbers of hours worked instead of the per-referral payments he received. As a result of the scheme, the man received $4.3 million in kickbacks and bribes.
  • On December 2, 2025, a man was sentenced to two years in prison for his role in a conspiracy to bill Medicare for COVID-19 tests and RPPs which were never ordered or performed.
  • On December 4, 2025, a clinical laboratory agreed to pay $758,000, plus additional amounts if certain financial contingencies occur, to resolve allegations that they violated the FCA and AKS by paying doctors and marketers illegal kickbacks which were disguised as consulting and medical director fees to induce laboratory testing referrals. In addition, the lab was also alleged to have paid independent contractors marketers’ commissions based on volume and value of referrals. This settlement also resolved an underlying lawsuit raised under the qui tam provision of the false claims act.
  • On December 5, 2025, two Illinois men were indicted in a superseding indictment for their alleged role in a scheme to defraud federal and private health insurers by submitting fraudulent claims for COVID-19 laboratory testing services which were never provided and for participating in a conspiracy to launder the fraudulent proceeds by transferring the funds between laboratories and other businesses under their control.

Takeaways

Clinical labs should take these enforcement actions as warnings. First, conduct internal audits of referral relationships to ensure compliance with the AKS, as kickbacks remain a top enforcement priority and continue to monitor the arrangements in practice. Second, strengthen billing oversight and implement internal controls to avoid FCA exposure, which continues to drive multimillion-dollar settlements. Third, screen employees and contractors against exclusion lists to avoid potential violations of the CMP law. Finally, stay alert to evolving enforcement trends, including scrutiny of genetic testing, telemarketing arrangements, and lingering COVID-related fraud. Proactive compliance is essential for mitigating risk.

The Q4 enforcement trends send a clear message that laboratory enforcement remains a top priority at the federal level. Now is the time for laboratories to review their compliance programs, oversight and monitoring practices and close any potential gaps.