The Health Record - Healthcare Law Insights, V 2, Issue 7, July 2025

Matthew Georgitis, Brienne Marco, Bryan Neft
Spilman Thomas & Battle, PLLC
Contact
LinkedIn
Facebook
X
Send
Embed
 

Volume 2, Issue 7, 2025

Welcome

Welcome to our seventh issue of 2025 of The Health Record -- our healthcare law insights e-newsletter.

In this edition, we look at the so called “One, Big, Beautiful Bill Act” and its impacts on Medicaid and healthcare, the effect of federal actions on academic medical centers, the deadly consequences of ransomware on healthcare, the increasing prominence of fraud and phishing for the industry, a new Virginia law protecting healthcare workers, and trends in artificial intelligence and telemedicine.

During the summer months, our firm is pleased to host a talented group of law students, who get the opportunity to research and write, shadow our attorneys, and learn about the practice of law in a firm setting. As young professionals still deeply involved in higher education, our Summer Associates will be contributing to our summer publications and sharing their perspectives as both students and future legal practitioners. Please join us in welcoming Jonathan Gharib, Gabriel Papadopoulos and Addelyn Slyh to The Health Record team for this special summer edition.

We hope you enjoy this issue and will let us know if you have any questions or suggestions.

Historic Medicaid Cuts to Come as Trump Signs Domestic Policy Bill

“President Donald Trump signed the massive tax bill on Friday, which marks the biggest cuts to Medicaid ever.”

Why this is important: The recently passed “One, Big, Beautiful Bill Act” could wreak havoc with rural hospitals, including many in our regional footprint. The Congressional Budget Office predicts that the new law will reduce federal Medicaid spending by $793 billion and increase the number of uninsured individuals by 10.9 million nationwide. Not only would there be no reimbursement for many health claims, but those who are uninsured would begin to seek treatment at emergency rooms, where they cannot be refused. The bottom line is that in order to reduce exposure of non-covered treatments, hospitals will be forced to contract services, convert facilities or close. This includes seven hospitals in West Virginia. --- Bryan S. Neft

The Impact of Federal Actions on Academic Medicine and the U.S. Health Care System

“As devastating as the cuts to NIH-funded grants in 2025 have been, they represent just one of many threats to academic medicine and the health of millions of patients who receive care at our nation’s academic health systems.”

Why this is important: Many of us have heard about the assault on Harvard University by the Trump administration, an almost delusory conflict that defies explanation, but a much less publicized conflict has hit academic teaching hospitals and institutions. The Trump administration has terminated 1,100 grants through the National Institutes of Health, which has undoubtedly impacted medical institutions throughout the country. These funding cuts are but one aspect of the impacts that research/teaching institutions face in the current political environment. With the passage of the “One, Big, Beautiful Bill Act” and its cutting of Medicaid funding, hospitals and medical professionals will feel the squeeze, which could have an impact on the research done at those facilities, necessitating cost cutting procedures or elimination of programs altogether. This article discusses this new reality and the possible effects occasioned by this legislation. --- Matthew W. Georgitis

Patient Death Linked to Ransomware Attack on Pathology Services Provider

“This is one of the first times that a patient’s death has been directly linked to a cyberattack.”

Why this is important: Synnovis, a pathology services provider to the National Health Service (NHS) in the United Kingdom, fell victim to a ransomware attack on June 3, 2024. The attack was conducted by a group known for engaging in ransomware attacks and caused massive disruption across healthcare services in London. The attack resulted in over 10,000 appointments being cancelled, and the problems caused by the attack lasted for several months. The attack was so disruptive that it led to a blood shortage in the impacted areas and caused healthcare providers “to use O-negative blood due to limitations placed on blood matching due to the attack.”

The Kings Collect Hospital NHS foundation, after a lengthy investigation, confirmed that the death of a patient, which occurred during the attack, was caused in part by the chaos that the cyberattack caused. Specifically, the patient had to wait longer than normal for results of a blood test due to the impact of the attack, and this caused their care to diminish and eventually contributed to their death. In addition to this solemn consequence, around 1,000,000 patients had their data (including names, dates of birth, and medical history) stolen during the attack, and the attack caused over $40 million dollars in damages.

The massive amount of private, sensitive data stolen and the tragic death of a patient shine a light on the need for increased and improved cybersecurity. Much has been said, and rightfully so, in recent years about the need for Americans to improve their cybersecurity infrastructure to prevent attacks such as this on sectors important for national security. While less attention is paid to sectors of the economy traditionally considered to be primarily civilian-focused, it is clear they can no longer be ignored. This attack in the U.K. shows the damage even a relatively small attack can do and should motivate us to improve our cybersecurity capabilities quickly. --- Jonathan E. Gharib, Summer Associate

FBI; CMS Issue Warning About Fraud and Phishing Attempts on Healthcare Orgs

“The Federal Bureau of Investigation (FBI), its Internet Crime Complaint Center (IC3), and the HHS Centers for Medicare & Medicaid Services (CMS) have issued warnings to the healthcare and public health (HPH) sector about ongoing fraud schemes.”

Why this is important: The FBI and the Center for Medicare and Medicaid Services are warning healthcare providers and the public concerning several continuing fraud schemes. The agencies claim that scammers are sending faxes impersonating the Centers for Disease Control seeking medical records in pursuit of audits. The agencies reiterate that they would never initiate a request for medical records for use in an audit by fax. The FBI sent a separate notice about ongoing phishing schemes whereby scammers are impersonating legitimate health insurers and investigative team members looking for protected health information. Fraudulent scams are a nuisance to all, but in this case, could prompt the disclosure of HIPAA-protected health information and could subject the person releasing the records to liability for improper disclosure. All patients and healthcare providers should be familiar with scams and its obligations to protect private health information. --- Bryan S. Neft

New Law to Protect Health Care Professionals in Virginia Goes Into Effect July 1

“The goal is to create a safer environment for health care workers who increasingly find themselves at risk.”

Why this is important: As of July 1st, hundreds of new laws have gone into effect across Virginia. Two of those laws, co-patroned by 97th District Delegate Jackie Hope Glass, are part of the effort to provide much needed protection to healthcare professionals. House Bill 2269 and Senate Bill 1260 mandate all Virginia hospitals to implement reporting and tracking systems for workplace violence and report their data to the Virginia Department of Health quarterly.

According to Delegate Glass, the goal of this legislation is to create a safer environment for heathcare workers who have found themselves increasingly at risk from not only their patients, but family members and visitors as well. CDC statistics show that healthcare workers are disproportionately at risk of being attacked at work. Despite making up merely 10 percent of the national workforce, healthcare workers suffer 48 percent of non-lethal workplace violence.

While this legislation marks a step forward for the state, some healthcare providers like Sentara have already acted. Due to growing safety concerns, Sentara established a Workplace Violence Prevention Task Force in 2021 and began rolling out weapons detection systems in 2022. Sentara currently has officers equipped with firearms or tasers at its facilities to respond to emergency situations and de-escalate them if possible. Stephen Hollowell, Sentara’s System-Wide Security Senior Director, believes that documenting these incidents will allow healthcare providers to discover trends and deploy their resources more efficiently to prevent harm.

In addition to private efforts, the two new bills build on the efforts of the Virginia General Assembly, which passed a bill in 2019 making it a Class 1 misdemeanor to assault a healthcare worker. However, not everyone is convinced this was a strong enough measure. Hollowell, for example, supports Virginia upgrading assaults on healthcare workers to a felony. Delegate Glass, on the other hand, is cautious of taking such a measure due to the life-altering impact having a felony on your record can have. While requiring documentation of workplace violence is the right step forward, how this data is used will prove far more important. Hopefully, receiving this data will give policymakers the insight they need to take further action and keep healthcare workers safe. --- Gabriel P. Papadopoulos, Summer Associate

How AI is Changing Telemedicine in 2025

“AI is virtually expanding, reshaping and personalizing telehealth practices in triaging, image analysis, patient diagnoses, treatment planning, monitoring and mental health.”

Why this is important: Artificial intelligence (AI) is a growing phenomenon in today’s world. Whether it’s writing emails, creating marketing tools, drafting speeches, making lesson plans, or answering everyday questions, AI is all around us, and making big impacts. Specifically, in the medical and healthcare world, AI is expanding, reshaping, and personalizing telehealth practices in a variety of ways.

Take a moment to think about the process of making, and then subsequently going to, a doctor’s appointment. You first have to make the appointment, either through a phone call or now with the use of AI through contact center assistance. AI-powered assistance can handle scheduling, provide appointment reminders, provide medication reminders, and even answer simple medical questions. Not only that, but innovative AI chatbots can conduct intake before provider visits, possibly reducing wait time and increasing patient engagement. Not only does the new technology of AI assist during pre-appointment, but AI is also being used during medical evaluations for medical image analysis, patient diagnosis, treatment plans, and patient monitoring. All of which improve care, shorten wait times, and provide support to medical staff and personnel.

While the rise of AI in the medical world most certainly has benefits, it also has significant drawbacks. Not only is implementing AI tools expensive, but it also comes with risks to patient privacy and HIPAA violations. In addition, patients may feel less connected or supported by their providers, which is especially important for medical fields dealing with mental and behavioral health. Human interaction is what makes us feel like we have a community -- like we are heard, wanted, and seen. Perhaps AI in the healthcare world is creating easier access and options for individuals to get care, but the question remains as to whether AI can in fact meet all of our needs. Is the tradeoff of quick care for human interaction and connection enough to support the push for AI? Maybe in certain practices the pros outweigh the cons, such as emergency medicine, where time and efficiency are of the essence. But, maybe in other practice areas, the need for human support and community requires less reliance on AI and more reliance on building rapport with patients.

All doctors take an oath to cure and to care, to do no harm, and to put their patients above all else. If the use of AI violates these promises, then, regardless of the benefits, it may be time to take a second look at the reasons behind the need or want for AI in the healthcare world. --- Addelyn C. Slyh, Summer Associate

Featured Attorney Question & Answer

This is our Featured Attorney Q&A to introduce you to our large healthcare law team. To help you get to know our team a little better, we are highlighting attorneys in each issue by asking them a healthcare-related question. We hope their responses will be insightful for you.

Will Thompson is one of the newest members of our healthcare practice group. We tapped his knowledge as the immediate past United States Attorney for the Southern District of West Virginia and former President of Madison Healthcare to address questions about healthcare fraud, including civil and criminal liabilities.

Q: Is healthcare fraud something I should be concerned with if I am in the medical industry?

A: Absolutely. Healthcare fraud is almost always a priority of every administration, and even more so with the current administration. On June 30 of this year, the Department of Justice made a national announcement of the largest healthcare fraud takedown in history that involved over $14.6 billion of intended loss. Given the multiple statements about eliminating fraud, waste and abuse from The White House, the Department of Health and Human Resources, and the Attorney General, there is no question that healthcare fraud is a top priority of the current administration. Additionally, given the recent passage of the “One, Big, Beautiful Bill Act,” one of its tenets was eliminating fraud within Medicaid, which will engender even more investigations into healthcare fraud.

Anyone involved in the healthcare industry should be taking proactive steps to ensure that there is no fraud contained within their system. The Department of Justice and United States Attorneys will be taking a close look for any fraud within healthcare systems, so those systems need to be prepared. Most healthcare organizations are not knowingly committing fraud, but the federal laws, rules and regulations are very complex and well-versed legal counsel should be used. Furthermore, even if there is no criminal exposure for healthcare fraud, there are some significant and expensive civil penalties and forfeitures involved, often up to three times the amount that was billed.

Q: When it comes to healthcare fraud, there are two areas that should be considered – criminal and civil liability. What are your best practice suggestions for healthcare organizations when dealing with fraud issues?

A: As with any company or organization facing liability issues regarding fraud, crisis management is key. And this is absolutely no different for the healthcare industry. Most organizations have attorneys on staff to address potential litigation. But when facing criminal and civil litigation, it is imperative that you have counsel who knows the differences of both and how best to proceed. Your attorneys should know every facet of your business and, therefore, should be able to move quickly. You are going to immediately preserve evidence and conduct an internal investigation. Well-versed counsel will know how best to do this while representing the company and key individuals.

Risk mitigation and compliance are essential. What is the scope of your liability? And once you have a handle on that, engaging a compliance expert can be extremely beneficial. This expert can also look at notifying any insurers and if self-disclosure is the best course of action. Getting ahead of a situation can help alleviate some penalties. But again, your counsel should know the best step forward and can guide you through that process.

Once you are through the weeds, ongoing compliance is going to be paramount. Is your compliance program up to snuff? What changes should you consider – including removal of certain individuals or the addition of staff? You want to be transparent with your staff and stakeholders, but not at the risk of further litigation.

When it comes to fraud, having legal counsel who has experience in every scenario is going to be pivotal. They can guide you through every component of your situation – and this includes areas that you may not have considered needing a legal viewpoint. Having counsel weigh in, especially on those issues, will make this process much easier.

Q: Are there any particular issues that a healthcare administrator should be prepared for when it comes to healthcare fraud?

A: Federal investigators will always be looking for billing practices, so healthcare administrators should make sure their providers and anyone else involved in billing systems are cognizant of applicable federal rules and regulations. Another issue that will be at the forefront is data breaches. Within the past few years, there has been a significant uptick in criminal organizations stealing Medicare and Medicaid billing information to order medical devices and supplies that are unnecessary, unwanted and unneeded by unsuspecting patients.

These organizations use medical providers who sometimes are unaware of their involvement, while at other times might be part of the criminal enterprise themselves. Healthcare providers should be making themselves aware of both the necessity to protect their patients’ data, as well as policing their own providers to make sure they are not participating in this type or any type of fraud. The best way to do this is to have legal counsel to advise, and when necessary, to conduct internal investigations to make sure the healthcare organizations are taking the necessary and required safeguards to prevent healthcare fraud.

 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Spilman Thomas & Battle, PLLC

Written by:

Spilman Thomas & Battle, PLLC
Spilman Thomas & Battle, PLLC
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Spilman Thomas & Battle, PLLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide