Healthcare Regulatory Check-Up Newsletter | October 2025 Recap

October regulatory update summary

MWE.COM This issue of McDermott's Healthcare Regulatory Check-Up highlights regulatory activity for October 2025, which was relatively quiet due to the federal government shutdown. This month's summary discusses revisions to the US Department of Health and Human Services (HHS) grants policy statement, the US Department of Education (DOE) public service loan forgiveness (PSLF) final rule, enforcement efforts and guidance from the US Food and Drug Administration (FDA) regarding biosimilars and weight loss drugs. We also review an Office of Inspector General (OIG) report regarding improper durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) payments, and the latest developments in judicial invalidation of Biden-era nondiscrimination rules under Section 1557 of the Affordable Care Act (ACA). This issue examines the calendar year (CY) 2026 Physician Fee Schedule (PFS) from the Centers for Medicare & Medicaid Services (CMS), and CMS's decision to lift claim holds that were in place during the shutdown because of expired Medicare payment provisions. We also discuss updates to the Advanced Medical Technology Association (AdvaMed) Code of Ethics, a recent California law regulating pharmacy benefit managers, and a HIPAA security risk assessment tool published by HHS.

Notable agency activity

HHS IMPLEMENTS UPDATED GRANTS POLICIES STATEMENT

Effective October 1, 2025, HHS implemented its grants policy statement v2.0, consistent with its prior adoption of 2 CFR part 200 with HHS-specific provisions at 2 CFR part 300. Separately, the Health Resources and Services Administration (HRSA) published a strategic priority areas memorandum stating that subject to applicable law and court orders, HRSA will deprioritize programs that engage in certain medical interventions for minors with gender dysphoria, and HRSA funds will not support the costs of those practices.

The HHS grants policy statement outlines the general terms and conditions for all HHS discretionary grant and cooperative agreement awards, except those from the National Institutes of Health (NIH), which continue to be governed by the NIH grants policy statement. HRSA has indicated that recipients will see these changes in awards issued after October 1, 2025, and should expect updated application materials and frequently asked questions (FAQs) that reflect the new framework.

In practice, "deprioritize" has two dimensions: lower competitiveness in discretionary selections and a likelihood that such costs will be treated as unallowable under the terms of an award. A nationwide preliminary injunction (PFLAG v. Trump) and a four-state preliminary injunction (Washington v. Trump) currently prohibit HHS/HRSA from punishing recipients because they provide gender-affirming care to people under age 19, but the injunctions do not convert costs that are identified as not supported in the award into allowable charges.

For more information, please see our FAQs on this topic.

DOE WILL EXCLUDE EMPLOYERS ENGAGED IN "SUBSTANTIALLY ILLEGAL" ACTIVITIES FROM PUBLIC SERVICE LOAN FORGIVENESS

On October 30, 2025, the DOE released a final rule addressing employer eligibility for the PSLF program by excluding employers that engage in activities that have a "substantial illegal purpose," including:

• Aiding and abetting violations of federal immigration laws
• Supporting terrorism or engaging in violence for the purpose of obstructing or influencing federal government policy
• Engaging in the chemical and surgical castration or mutilation of children under the age of 19 (which includes the use of puberty blockers, sex hormones, and surgical procedures) in violation of federal or state law
• Engaging in the trafficking of children to states for purposes of emancipation from their lawful parents in violation of federal or state law
• Engaging in a pattern of aiding and abetting illegal discrimination
• Engaging in a pattern of violating state laws.

The PSLF program provides loan forgiveness to student loan borrowers who work for qualifying government and nonprofit organizations after making 120 monthly payments. The final rule:

• Defines the illegal activities that could disqualify an employer from participating in the PSLF program
• Establishes a process for determinations of employer disqualification
• Provides a reconsideration process for employers in the event they are removed from qualifying employer status
• Requires timely notification to borrowers and employers of any relevant determinations
• Will only be applied prospectively, effective July 1, 2026.

This rule could have a significant impact on the healthcare sector, particularly on medical residents and other providers that work for nonprofit, PSLF-eligible hospitals or other employers that are found to engage in illegal activities. While the rule is not effective until July 1, 2026, medical residents and providers who are unable to change employers could lose their PSLF eligibility on a prospective basis.

FDA PROPOSES METHODS TO ACCELERATE APPROVAL OF BIOSIMILAR DRUGS

On October 29, 2025, FDA released draft guidance with proposals intended to make development of biosimilar medicines faster and less costly. Biosimilars are lower-cost "generic" alternatives to biologic drugs that treat serious and chronic diseases. FDA's proposed actions would streamline the development process for biosimilars, including by reducing the number of clinical studies necessary to prove that a biosimilar product is sufficiently similar to an existing FDA-approved biologic drug.

FDA ISSUES WARNING LETTERS ON COMPOUNDED WEIGHT LOSS DRUG ADVERTISING

Following US President Donald Trump's September 9, 2025, memorandum on prescription drug advertisements that called on the FDA commissioner and the HHS secretary to take actions to enforce prescription drug advertising laws and regulations, FDA recently issued warning letters to more than 40 compounding pharmacies, demanding that they cease certain advertising practices for a variety of compounded drug products, including GLP-1 medications. In addition to the warning letters, FDA sent thousands of letters to pharmaceutical companies and issued about 100 additional cease-and-desist letters for deceptive advertising.

MEDICARE IMPROPERLY PAID SUPPLIERS $22.7M FOR INPATIENT DMEPOS

On October 24, 2025, OIG released the results of an audit analyzing Medicare payments to suppliers for DMEPOS items provided to Medicare enrollees during inpatient stays from 2018 through 2024. OIG found that $22.7 million in payments for DMEPOS items covered by the audit should not have been paid by Medicare. The audit report highlights that Medicare should not pay a supplier for DMEPOS provided to an enrollee during an inpatient stay. Instead, DMEPOS items should be provided directly by the inpatient facility or under arrangements between the facility and the supplier.

The audit also found that suppliers may have improperly collected up to $5.9 million in deductible and coinsurance amounts from Medicare enrollees or their representatives. OIG conducted a similar audit of payments from 2015 to 2017 and found that Medicare incorrectly paid suppliers $34 million for DMEPOS items provided to enrollees during inpatient stays.

OIG recommends that CMS:

• Direct Medicare durable medical equipment contractors to recover the improper payments from suppliers and to refund enrollees for deductible and coinsurance amounts that were incorrectly collected
• Assess whether any refinements to CMS's system edits are necessary to prevent improper payments to suppliers for DMEPOS items provided to enrollees during inpatient stays.

JUDGE VOIDS HHS RULE BANNING GENDER IDENTITY DISCRIMINATION

A federal judge voided parts of the Biden administration's Section 1557 final rule that prohibited gender identity discrimination under the ACA. On October 22, 2025, Judge Louis Guirola Jr. of the US District Court for the Southern District of Missouri ruled that federal officials exceeded their authority by broadening the definition of sex discrimination to cover gender identity. The ACA bars discrimination under Title IX, and Judge Guirola stated that gender identity discrimination goes beyond the definition of sex discrimination contemplated in 1972, when Title IX was passed.

CMS regulatory updates

CMS RELEASES CY 2026 PHYSICIAN FEE SCHEDULE FINAL RULE

On October 31, 2025, CMS released the CY 2026 Medicare PFS final rule, which will take effect on January 1, 2026. The final rule largely tracks the policies of the July 14, 2025, proposed rule. Among other notable changes to payment policies under the PFS, the final rule sets forth two separate PFS conversion factor (CF) updates: one for clinicians who participate in advanced alternative payment models (APMs) and are considered qualifying APM participants ($33.5675), and one for all other clinicians ($33.4009). These CFs represent an increase of 3.77% and 3.26%, respectively, from the final CY 2025 CF. CMS also finalized a 2.5% efficiency adjustment for all codes except those specifically excluded, which include time-based codes, services on the telehealth list, and maternity care codes with an MMM global period. In a notable change from the proposed rule, CMS also exempted new services from the efficiency adjustment.

For more information, please see this +Insight from our colleagues at McDermott+.

Other notable developments

ADVAMED MODERNIZES ITS CODE OF ETHICS FOR THE DIGITAL ERA

On October 6, 2025, AdvaMed announced its updated Code of Ethics on Interactions with US Health Care Professionals. The update builds upon the June 2023 version and extends guidance for data-driven technologies and issues such as cybersecurity and ethical data management. The revised code took effect on November 1, 2025, and remains labeled as a voluntary set of guidelines; however, certain states, such as California, Connecticut, and Nevada, have made the code's provisions mandatory. Medical technology companies and healthcare professionals should consider whether the 2025 code warrants updates to their compliance policies and procedures.

For more information, please see our client alert on this topic.

CALIFORNIA ENACTS SB 41 TO REGULATE OPERATIONS OF PHARMACY BENEFIT MANAGERS

On October 11, 2025, California enacted Senate Bill (SB) 41, effective January 1, 2026, to extensively regulate pharmacy benefit managers (PBMs). SB 41 will:

• Require PBMs to be licensed with the California Department of Managed Health Care (DMHC) by January 1, 2027
• Establish various anti-steering and other prohibitions that prevent PBMs from discriminating against nonaffiliated pharmacies to steer patients to their affiliated pharmacies
• Impose pricing restrictions such as a prohibition on spread pricing, a requirement for 100% pass-through of rebates, and a limit on compensation to a flat management fee
• Instate ethical and fiduciary duties for PBMs
• Require PBMs to make various financial disclosures to payors, pharmacies, and DMHC.

Violations of most provisions of the law will result in a fine of $1,000 to $7,500 per violation, and the state attorney general may seek further equitable relief as necessary.

HHS RELEASES UPDATED HIPAA SECURITY RISK ASSESSMENT TOOL

The Office of the National Coordinator for Health Information Technology and the HHS Office for Civil Rights released an updated security risk assessment tool to assist small and medium-sized practices in complying with the Health Insurance Portability and Accountability Act security rule. The new version of the security risk assessment tool is anticipated to improve usability and includes audit-ready reporting features for stakeholders.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.