Health Law Advisor

On April 3, 2026, the director of the Office of Management and Budget submitted to Congress President Donald Trump’s budget for 2027—proposing $111.1 billion in discretionary budget authority for the U.S. Department of Health and Human Services (HHS) for Fiscal Year 2027, beginning October 1, 2026, and ending September 30, 2027. The number represents a $15.8 billion or 12.5 percent decrease from the 2026 enacted level and suggests ongoing emphasis on combatting improper payments and practices in health care. The proposed budget investments also signal potential shifts that will impact service delivery for certain communities and business operations for entities that contract with the federal government or federal government grantees. We’ve noted the following key takeaways from the HHS Budget in Brief on these points, below.

On April 10, the U.S. Department of Justice (DOJ) announced the first settlement to resolve False Claims Act (FCA) allegations regarding a private employer’s failure to comply with anti-discrimination requirements in contracts with the federal government. The settlement with IBM comes just two weeks after the March 26 signing of a new executive order called “Addressing DEI Discrimination by Federal Contractors” (EO 14398), curbing diversity, equity, and inclusion (DEI) programming (read more here). 

What health care and life sciences organizations need to know:

• “Bulk” Has a New Definition: The volume thresholds under the U.S. Department of Justice’s (DOJ’s) Bulk Sensitive Data (BSD) Transfer Rule are surprisingly low—sharing genomic data on just 100 people can trigger compliance requirements, catching many organizations off guard.
• HIPAA Compliance Is Not Enough: The BSD Transfer Rule creates an entirely new compliance layer that goes beyond existing privacy frameworks, such as the Health Insurance Portability and Accountability Act (HIPAA), applying even when data has been de-identified or anonymized.
• It’s About Access, Not Just Transfers: Simply giving a foreign vendor, board member, or investor the ability to view sensitive data can trigger the BSD Transfer Rule—no formal data-sharing agreement is required.

In this episode of Diagnosing Health Care^®, Epstein Becker Green attorneys Laura DePonio, Elizabeth McEvoy, and Elena Quattrone walk health care and life sciences organizations through the DOJ’s BSD Transfer Rule—from scoping and compliance to enforcement risks and exemptions.

The Food and Drug Administration (FDA) is urging innovators, providers, and patients to “reimagine the home as an integral part of the health care system.” If you’re skeptical, the “Home as a Health Care Hub” initiative was introduced in 2024 by the FDA’s Center for Devices and Radiological Health (CDRH) in response to changing needs of health care and feedback from the public, accelerated by the COVID-19 pandemic.

On March 27, 2026, the Food and Drug Administration (“FDA”) held a public meeting entitled “Exploring the Scope of Dietary Supplement Ingredients.” Sponsored by FDA’s Office of Dietary Supplement Programs (“ODSP”), the meeting was designed for agency officials and stakeholders “to discuss the evolving landscape of dietary supplement ingredients and how recent scientific and technological advances are shaping the industry.”

On March 23, 2026, the U.S. House of Representatives’ Committee on Oversight and Government Reform sent a letter to California Governor Gavin Newsom requesting “documents and communications” surrounding the state’s oversight of its federally funded hospice programs.

On March 4, the Department of Health and Human Services (“HHS”) Office of the Inspector General (“OIG”) issued a favorable result in OIG Advisory Opinion No. 26-03, regarding a Requestor’s proposal to offer discounts to certain ambulatory surgery centers (“ASCs”) on intraocular lenses (“IOLs”) and supplies in cataract surgery. The discounts would be contingent on physician practices—with ophthalmic surgeons performing cataract surgery at the ASCs—purchasing and entering into subscription agreements for the Requestor’s software product (the “Proposed Arrangement”).

In the wake of shootings in early March at hospitals in Atlanta and Milwaukee, the nation’s attention again turns to how to prevent workplace violence in health care settings. 

On Friday February 13, 2026, the Department of Government Efficiency (“DOGE”) unit working within the U.S. Department of Health and Human Services (“HHS”) released to the public on https://opendata.hhs.gov/ what it hailed as “the largest Medicaid dataset in department history.” 

DOGE has been mining Medicaid and Medicare data for the past year. The newly released dataset aggregates provider-level claims data by billing or servicing provider, procedure code, and month, and covers fee-for-service, managed care, and CHIP claims from 2018-2024.

In early March, word came that Dr. Mehmet Oz, administrator of the Centers for Medicare and Medicaid Services (CMS) is investigating New York’s Medicaid program—claiming it is riddled with fraud and waste. The news came at the same time as Minnesota filed a federal lawsuit against Oz, CMS, the U.S. Department of Health and Human Services (HHS) and its secretary, Robert F. Kennedy Jr., for withholding Medicaid funding, accusing the federal government of “weaponiz[ing] Medicaid against Minnesota as a political punishment.”