ARTICLE
9 May 2025

Healthcare Regulatory & Compliance Summit 2025 Recap

BB
Bass, Berry & Sims

Contributor

Bass, Berry & Sims logo
Bass, Berry & Sims is a national law firm with nearly 350 attorneys dedicated to delivering exceptional service to numerous publicly traded companies and Fortune 500 businesses in significant litigation and investigations, complex business transactions, and international regulatory matters. For more than 100 years, our people have served as true partners to clients, working seamlessly across substantive practice disciplines, industries and geographies to deliver highly-effective legal advice and innovative, business-focused solutions. For more information, visit www.bassberry.com.
Explore Firm Details
Bass, Berry & Sims hosted its inaugural Healthcare Regulatory & Compliance Summit in-person on April 24 with a virtual broadcast of the content the following week.
United States Food, Drugs, Healthcare, Life Sciences
Bass, Berry & Sims

Bass, Berry & Sims hosted its inaugural Healthcare Regulatory & Compliance Summit in-person on April 24 with a virtual broadcast of the content the following week. Our attorneys were joined by panelists from Lifepoint Health, InHealth Advisors, Mosaic Health, MultiCare Health System, Prime Therapeutics, FHP Strategies, and Ensemble Health Partners.

The Summit welcomed in-house counsel, compliance officers, and C-suite executives from across the healthcare industry to hear from these sector leaders about the latest trends and regulatory challenges facing the industry.

Health Policy Fireside Chat: What to Expect from the New Administration

Bill Mathias, Member at Bass, Berry & Sims, engaged in a fireside chat with Colin Roskey, Principal at FHP Strategies, former Deputy Assistant Secretary at the Department of Health and Human Services (HHS), and former Senate Finance Committee Counsel under Senator Charles Grassley (R-IA). Bill asked Colin a series of questions about what to expect from the new Trump administration.

Colin provided his insights on the current state of D.C., the Trump administration's healthcare policy priorities, Congress' priorities, recent appointments at HHS, and the impact of job cuts and anxiety among federal workers. Bill and Colin also discussed the future of Medicare the continued growth of Medicare Advantage, potential changes to the Medicaid program, and potential ways in which the Affordable Care Act (ACA) might change.

VBE Opportunities in TEAM and Beyond: Making the Most of the Value-Based Framework

Justin Brown, Member at Bass, Berry & Sims, and Jim Carr, Partner and Co-Founder of InHealth Advisors, discussed value-based care with a particular focus on the Centers for Medicare & Medicaid Services' (CMS) new Transforming Episode Accountability Model (TEAM), a mandatory model affecting over 700 acute care hospitals. Beginning on January 1, 2026, and running for five years, participating hospitals will be responsible for the quality and cost of care for five types of surgical procedures: coronary artery bypass grafts (CABG), lower extremity joint replacements (LEJR), surgical hip femur fracture treatment (SHFFT), spinal fusions, and major bowel procedures. Under TEAM these hospitals will assume responsibility for cost and quality of care for the procedures and for nearly all Medicare-payable items and services for the next 30 days of care.

Justin and Jim illustrated how providers can use the value-based enterprise framework, including value-based exceptions to the Stark Law and safe harbors to the Anti-Kickback Statute in a variety of arrangements in the context of TEAM and otherwise. Through examples of arrangements that make the most of the value-based enterprise framework, they discussed how and why – from operational, clinical and regulatory standpoints – providers are deploying these models and offered practical tips for structuring and operating value-based enterprises.

2025 Update on Healthcare Private Equity in the State Legislatures

Krista Cooper and Lara Flatau, Members at Bass, Berry & Sims, discussed the rapidly evolving landscape of state material transactions laws and proposed anti-private equity legislation, focusing on the practical impacts of these laws on transactions and emphasizing the high degree of statutory variation and regulatory application between various states' laws. Specifically, Krista and Lara provided critical insight into topics including:

  • Each state requires a different approach to navigating material transactions laws.  The states that currently require notice, review, and/or approval of material transactions define material transactions differently. For example, Washington's law may require filings for “smaller” transactions involving seven or more providers. Other states, such as Illinois, have monetary thresholds that trigger material transactions review requirements. Agency interpretation of these laws continues to evolve as the states work to further define the scope of a given law's applicability.
  • These laws may have substantial impacts on deals.  Compliance with material transactions requirements may necessitate deal timelines to be extended, particularly if a given state must approve the transaction prior to closing. There may also be additional costs for the transaction, including filing fees and increased legal fees associated therewith.
  • Buy- and sell-side transactions require tailored approaches. Buyers and sellers alike must pay particular attention to these laws, and each must ensure that they are taking a measured approach during the diligence process. A buyer must approach the deal with an eye toward the transaction's timeline, the target entity's historical compliance with state material transactions laws, and the buyer's internal timeline for exiting the investment, as compliance with material transactions laws during that exit may affect timing. Sellers must make similar considerations, in addition to analyzing the applicability of relevant materiality thresholds, such as the amount of revenue a buyer derives within a given state, through diligence on the buyer.

The landscape of state material transactions laws continues to evolve. As part of its ongoing attention to this topic, Bass, Berry & Sims has created an  interactive tool that provides readers with up-to-date, comprehensive summaries of relevant state laws. If you have questions regarding how state material transactions laws affect your deal work, please contact Krista or Lara.

Inside the HHS-OIG

Jennifer Michael, Stewart Kameen, and Dawn Perez-Slavinski, each of whom worked in various capacities within HHS prior to becoming Members at Bass, Berry & Sims, offered their unique perspectives on the inner workings of the HHS Office of the Inspector General (HHS-OIG). The session began with a discussion of HHS-OIG's expansive mission in comparison to other federal agencies' inspector general offices, which encompasses not just HHS operations, but virtually every healthcare stakeholder in the nation.

This presentation offered a deep dive into the operations of the Office of Counsel to HHS-OIG, including the various guidance and regulations issued by the Industry Guidance Branch, where Jennifer and Stewart previously served. The speakers outlined the process surrounding the issuance of special fraud alerts, special advisory bulletins, advisory opinions, and safe harbor regulations, and the impact of these agency materials on stakeholders' day-to-day operations. The speakers, reflecting on their experience issuing such guidance while at HHS, discussed the importance of transparency and appropriate advocacy when dealing with HHS-OIG. They highlighted how—and when—outside counsel can engage with the agency during the advisory opinion process, as well as during notice-and-comment rulemaking. The speakers emphasized the importance of understanding prior HHS-OIG guidance on matters that implicate the Anti-Kickback Statute and the beneficiary inducement civil monetary penalty law.

The speakers concluded the session with an insightful discussion of HHS-OIG's priorities, encouraging stakeholders to review the  HHS-OIG Work Plan as they make forward-looking strategy decisions. If you have questions relating to this topic, please contact Jennifer, Stewart, or Dawn.

Cybersecurity Incident Response: How to Manage the Inevitable

Bob Brewer, Nesrin Tift, and Kathryn Walker, Members at Bass, Berry & Sims, discussed the changed landscape and impact of cybersecurity incidents, giving practical advice on initial and ongoing responses to such threats. As Kathryn put it, data breaches and cybersecurity incidents are “the cost of doing business” today. As members of the intellectual property and technology practice group, healthcare group, and litigation group respectively, each offered unique insights and perspectives.

The trio provided critical insights into handling data breaches and cybersecurity incidents:

  • Data breaches and cybersecurity incidents often happen when your organization is most vulnerable.  As cyber attackers have become more sophisticated, they have begun to target organizations when they are especially vulnerable. In their experience, the speakers have seen an uptick in attacks during or right before American holidays, such as the Fourth of July and Thanksgiving. They also noted that sophisticated attackers will sometimes target organizations during times of transition, such as post-merger or post-acquisition. Moreover, attackers appear to have targeted the healthcare industry; anecdotally, attackers have become more brazen and leveraged the vulnerability of actual patient lives in their attacks.
  • Contact your attorney first.  One of your first steps in responding to an incident should be contacting your legal counsel, which is critical for a number of reasons. First, doing so may allow you to preserve privilege over reports and other documents created during an investigation. Second, allowing legal counsel to arrange for a forensic investigation of the incident makes it more likely that the resulting report will be protected by privilege. Third, legal counsel can help you navigate the next steps, including advising you on when to contact your cyber liability insurance carrier and determining if state or federal law has been triggered by the incident. Remember: when responding to a cyber incident, you are creating evidence in real-time. That is why it is critical to preserve privilege whenever possible and to avoid creating unnecessary discoverable documentation.
  • Use tabletop exercises and other training to prepare your organization.  Having documented procedures may not be enough to prepare your organization to respond, particularly given that stress and emotions will be running high during an actual attack. It is critical to test your procedures by running tabletop exercises and training workforce members on the procedure.
  • Vendor security is critical to protecting your organization's information.  Your information is only as secure as your weakest vendor. Therefore, vetting vendors properly is critical.
  • Class actions are on the rise. There is significant class action activity in the data breach space. Class action suits are mobilizing following data breaches, even for small breaches impacting less than 10,000 individuals. Therefore, it is critical that your incident response is executed with an eye toward litigation. This includes protecting privilege and remembering that, again, you are creating evidence in real time.

Roundtable: Healthcare Compliance Effectiveness

Lauren Gaffney, Member at Bass, Berry & Sims, led a discussion with Tizgel High, Chief Compliance Officer at Prime Therapeutics, and LeToia Jenkins-Crozier, Chief Compliance Officer at Mosaic Health, on how to lead effective compliance programs. As new technologies and artificial intelligence (AI) become more prevalent, companies are facing new and evolving challenges. Both Tizgel and LeToia emphasized the importance of building a culture where compliance is a top priority and a shared responsibility across the entire organization.

With the new administration, the panelists noted that compliance and enforcement of the False Claims Act remain top priorities for the Department of Justice (DOJ), as highlighted by Michael Granston, Deputy Assistant Attorney General, in February 2025. In fiscal year 2024 alone, civil fraud investigations resulted in $2.92 billion in recoveries, with 57% coming from the healthcare industry. To stay current with compliance expectations, the panelists rely on the DOJ's Evaluation of Corporate Compliance Programs, which was updated in September 2024 (available  here). The panelists also rely on the General Compliance Program Guidance and Industry Segment-Specific Compliance Guidance issued by HHS-OIG. It is anticipated that HHS-OIG will continue to update and release additional Industry Segment-Specific Compliance Guidance in the coming months.

The updated 2024 DOJ compliance guidance includes direction on navigating emerging technologies, including AI. Tizgel highlighted that using AI to process data and regulations can be useful for business decisions and risk analysis but cautioned that AI should always be used with an understanding of its limitations. LeToia agreed, stressing the need for companies to work closely with their data security and IT teams to ensure compliance with data privacy laws, such as HIPAA, and to develop systems that make the data understandable and useful to the business team.

When it comes to leading a compliance program today, both panelists highlighted the importance of compliance teams having a deep understanding of the business. Compliance officers should be able to assess the risks of business decisions and recognize when outside help, such as audits, may be needed. The panelists also discussed the value of making compliance training and education accessible to all types of learners to encourage company-wide participation. They emphasized that compliance programs should not be seen as a simple checklist, but adaptable frameworks that respond to changing regulations and risks in healthcare. They also noted that having fewer, clearer policies is often more effective than maintaining a large binder of policies that employees do not understand, cannot find, or do not know how to apply in their daily work.

Finally, regarding post-transaction compliance integration, the panelists stressed the importance of evaluating a target company's compliance program during due diligence. If the compliance program is found to need improvement, certain priorities should be addressed immediately, such as making sure everyone knows who the compliance contact is and ensuring that policies are easily accessible.

What's Next in Healthcare Transparency: No Surprises Act, Hospital Price Transparency Rule, and Transparency in Coverage Rules

Jeff Davis, Member at Bass, Berry & Sims, and Cara Tucker, Legal Counsel at Ensemble Health Partners, co-led an insightful discussion on recent developments in the healthcare transparency space. Jeff and Cara provided up-to-date coverage of the new administration's executive order on price transparency, enforcement of the No Surprises Act (NSA), and developments in hospital and health plan transparency rulemaking. Attendees left the session with the understanding that price transparency is likely to be an enforcement priority going forward and that regulated entities should continue to monitor updates in this space.

Jeff described the overarching theme of “revisiting issues first addressed during the first Trump administration,” including price transparency rules promulgated during the first term. The new administration's executive order on price transparency directs three agencies—HHS, the Department of Treasury, and the Department of Labor—to update and enforce healthcare price transparency regulations by May 26, 2025 (90 days from issuance of the executive order).

Jeff highlighted hospital and payor transparency requirements to post charges and other information online, including negotiated charges with payors, and the government's concern that this information is currently not tailored enough to specific patients. Jeff also identified health plan transparency rules as an area ripe for enforcement since health plans are also subject to requirements to publish “machine readable files” and price comparison tools online.

Cara discussed the NSA within the context of the “payor-provider adversarial dynamic,” which is one of the main reasons Congress initially passed the law in 2020. While payors and providers are still operating under interim final rules published in 2021, there has been continued litigation on the Federal Independent Dispute Resolution process to resolve payment disputes between providers and payors. Cara and Jeff flagged that CMS has also started investigating patient complaints of balance billing and violation of the requirement to provide a good faith estimate to uninsured and self-pay patients. CMS is requesting written documentation from providers to explain policies and procedures and corrective actions in cases of violations. Cara highlighted that vendors are important compliance partners in this space to ensure effective enterprise-wide implementation of policies, audits, and training.

Ethical and Practical Considerations in Conducting Investigations

Anna Grizzle, Member at Bass, Berry & Sims, provided insight and moderated an engaging panel on the life cycle of internal investigations with Elle Box, Chief Compliance Officer at Lifepoint Health, and Rachel Freyman, Senior Litigation & Regulatory Counsel at MultiCare Health System. The panelists discussed the practical factors impacting when, with whom, and what to investigate. Key insights included:

  • Investigation triggers. The panelists discussed potential triggers for conducting an internal investigation and the importance of reviewing a concern to validate facts and determine if additional review is needed. This assessment is based on the availability of resources and how the concern was raised, including the likely need to conduct a thorough review if concerns are validated during the initial fact-finding phase or if concerns are raised based upon government outreach.
  • Lead investigator.  The individuals involved and the subject of the investigation often dictate whether the investigation is conducted by the compliance or legal departments. The panelists discussed bringing in outside counsel to provide deep expertise (e.g., in fraud, waste and abuse matters) and to protect the subject of the investigation under attorney-client privilege.
  • Investigation scope.  The panelists provided helpful tips to focus the scope of an investigation, including identifying specific allegations, addressing the highest risk or exposure, incrementally expanding claims sampling, and not letting historic knowledge create “scope creep.”

The discussion also included insights into documentation preservation and collection best practices and witness interview considerations. Specifically, Anna and Rachel discussed the importance of giving Upjohn  warnings, making sure the employees understand the organization is the client, and strategically using and protecting attorney-client privilege.

Elle emphasized the importance of policies and procedures that reflect that documents belong to the company and implement timely access cutoffs to sensitive information if an employee is terminated or on leave.

The panelists agreed that the collective goals of internal investigations should be to reveal relevant facts, stop conduct or prevent further violations, memorialize an organization's good faith response, and promote a culture of transparency and compliance.

Conclusion

The Summit emphasized the increasing complexity associated with operating within the healthcare space, highlighting the need for agility and thoughtful analysis in navigating this rapidly evolving environment. If you have any questions, please do not hesitate to contact our attorneys.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Person photo placeholder
Bass, Berry & Sims
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More