Last quarter, our attorneys had the privilege of attending three prominent health care conferences, each of which offered a wealth of knowledge and insights into the current and future landscape of the health care industry. Our conference tour included:
Two major themes appeared universally at all three conferences: the legal challenges associated with of the rise of artificial intelligence (AI) and the heightened government enforcement activities in the health care space.
AI: The Future of Health Care
AI emerged as a central topic of interest and concern across all the conferences. The discussions underscored AI's transformative potential in various aspects of health care, from data procurement and tracking technologies to innovative patient care solutions. However, the use of AI is not without potentially significant risks to those operating in the health care industry.
-
Patchwork State Laws Complicate AI Compliance: One of the primary areas of concern is the evolving regulation of AI in health care. As AI technologies become more integrated into health care systems and the provision of patient care, health care organizations and AI vendors are facing greater compliance challenges. State regulation of AI is on the rise, requiring AI vendors and users to comply with a patchwork of state law requirements that are constantly changing and not uniformly consistent across jurisdictions. Until there is a cohesive federal framework in place, health care organizations and AI vendors must continually track new state legislation and consider how compliance standards may vary across state lines.
-
Responsible AI Use Is a Top Priority: Legal considerations related to data ownership, consent, and the ethical use of patient information are top of mind going into 2025. AI's ability to handle vast amounts of data efficiently is revolutionizing data procurement and tracking. Advanced algorithms can analyze patient data to identify trends, predict outcomes, and personalize treatment plans. However, providers must still ensure that AI is merely being used as a tool, and is not replacing independent medical judgment, in addition to complying with state medical board requirements for AI tools and the practice of medicine. This often requires a provider to review AI recommendations before they are implemented and/or make their way to the patient or into their chart.
Additionally, there is growing concern about what AI means for patients' protected health information (PHI) and whether it will remain secure amidst technological advancements. To address these security challenges, organizations must implement comprehensive safeguards and controls. This includes securing data pipelines, maintaining robust digital certificates to ensure data authenticity, and adhering to frameworks like the EU AI Act and NIST (National Institute of Standards and Technology) guidelines, which provide structured approaches to AI governance based on risk stratification.
-
Innovation in Patient Care vs. Risk Mitigation: Health care organizations must continue to balance the risks and rewards of AI use in patient care. AI is driving innovation by enabling more accurate diagnoses, personalized treatment plans, and improved patient monitoring. From AI-powered diagnostic tools to robotic surgery, the potential applications are vast and varied. The challenge lies primarily in integrating these technologies into existing health care frameworks while ensuring they enhance, rather than replace, human expertise.
Overall, safe and effective AI governance requires a multidisciplinary approach involving clinicians, legal, IT, security, and business stakeholders. Training and awareness programs are crucial to ensure that all team members understand the regulatory landscape and know how to handle AI-related issues. By fostering a culture of risk awareness and implementing thorough data protection measures, health care organizations can harness the benefits of AI while mitigating associated risks.
Enforcement: A Focus on Compliance and Quality of Care
Government enforcement agencies are intensifying their scrutiny of various aspects of the health care industry. Key areas of focus include:
-
Medicare Advantage: Medicare Advantage Organizations (MAOs) should prepare for continued scrutiny from the Office of Inspector General (OIG) and Department of Justice (DOJ) in 2025. This focus is consistent with DOJ enforcement efforts demonstrated throughout 2023 and 2024 in the Medicare Advantage space — particularly with respect to capitated payment fraud and abuse. Capitated payments are fixed monthly payments that MAOs receive (typically from Centers for Medicare & Medicaid Services (CMS)) for each enrollee's health benefits, which are often adjusted for each enrollee based on a variety of health factors.
Enforcement agencies are aiming to root out harmful MAO strategies that may limit enrollees' access to care — such as denying authorization or payment for services — in order retain a larger share of the fixed payment. The government will also continue to scrutinize how MAOs are reporting enrollee health conditions to ensure MAOs are not incorrectly submitting diagnosis codes in order to increase enrollees' risk adjusted payments. In addition, on December 11, the OIG released a Special Fraud Alert warning about the fraud and abuse risks in marketing arrangements related to MA plan enrollment.
-
Pharmaceutical Pricing: Enforcement agencies also continue to scrutinize drug pricing practices to promote pricing fairness and transparency. This includes investigating potential price gouging and pricing strategies that could exploit vulnerable populations. Enforcement agencies are also assessing patient assistance programs that subsidize patients' out-of-pocket costs and how such programs may contribute to increased costs for Medicare.
-
Nursing Home/LTC Compliance: Long-term care facilities should also be prepared for continued government enforcement focus on quality-of-care initiatives. With facilities already preparing to implement compliance measures related to CMS's new staffing mandates, the OIG has now released its Industry Segment-Specific Compliance Program Guidance (ICPG) for nursing homes. The nursing home-specific ICPG underscores the government's continued focus on improving quality of care in long-term care facilities. This guidance is designed to assist nursing homes in developing and implementing effective compliance programs aimed at enhancing care quality and preventing fraud and abuse, and likewise serves as a guidepost of sorts for what government enforcement agencies will expect to see when conducting compliance-related investigations. Among other things, the ICPG stresses the necessity of comprehensive compliance programs that address quality of care, billing practices, and other vital areas.
Conclusion
The conferences provided a comprehensive overview of the current trends and challenges in the health care industry. As the industry continues to evolve, staying informed and adaptable will be key to navigating these legal developments and delivering of high-quality, compliant, and innovative patient care.
