About
Health Care

Health Care

Tracking Health Care legal and regulatory developments.

15 entries in Litigator Tracker

LawSnap Briefing Updated May 11, 2026

State of play.

  • Enforcement has moved from policy to litigation. A state AG has filed the first major enforcement action targeting a chatbot that impersonated a physician in a clinical setting, treating deceptive AI conduct as consumer fraud . Class actions against Sutter Health and MemorialCare over ambient AI scribe deployments follow a November 2025 case against Sharp HealthCare, establishing a pattern of wiretapping and consent-based claims against health systems — not vendors .
  • The federal preemption play is live but unresolved. The White House's March 2026 National Policy Framework proposes legislation to preempt state AI laws imposing "undue burdens," distributing oversight across FDA, CMS, HHS, OCR, FTC, and DOJ — but no preemptive statute has passed, and over 177 state bills remain active across 31 states .
  • Genetic data from M&A is the next class action frontier. Tempus AI faces multi-state class actions alleging it transferred genetic data from over one million Ambry Genetics patients — without consent — to train AI models and license to more than 70 pharma and biotech partners under agreements valued above $1.1 billion .
  • The Second Circuit has narrowed insurer fraud defenses in no-fault reimbursement. The panel held that anti-kickback violations do not automatically disqualify providers from no-fault eligibility under New York law, certifying the core question to the New York Court of Appeals — affecting hundreds of pending cases and more than $1 billion in annual reimbursements .
  • For counsel advising health systems, digital health platforms, or life sciences companies, the practical baseline is simultaneous exposure across three vectors: AI deployment consent failures generating wiretapping and HIPAA-adjacent liability, acquisition-triggered genetic data claims, and a federal preemption framework that may or may not arrive before state enforcement accelerates further.

Where things stand.

  • AI scribe consent litigation is a pattern, not an isolated case. The Sutter Health/MemorialCare class action alleges CMIA, CIPA, and Federal Wiretap Act violations, with plaintiffs pointing to false chart documentation of consent — and Abridge, the vendor, is not named as a defendant, placing institutional liability squarely on the health system . The Sharp HealthCare case filed November 2025 established the template.
  • State AG enforcement is treating deceptive AI conduct as consumer fraud. The first enforcement action against a chatbot impersonating a physician signals that regulators will not wait for AI-specific statutes — existing consumer protection authority is the vehicle .
  • Federal AI governance is distributed, not centralized. The March 2026 National Policy Framework routes oversight through existing agencies rather than a new body; the Department of Commerce would evaluate conflicting state laws; compliance sandboxes are proposed but not yet operative .
  • Genetic data de-identification is contested doctrine. Tempus AI's defense that transferred Ambry data was de-identified faces the plaintiffs' argument that genetic information is inherently identifiable — a question courts have not yet resolved under state genetic privacy statutes .
  • AI drug discovery is compressing timelines and creating IP gaps. A Nature Reviews Drug Discovery review by Pun et al. documents AI embedding patentability and competitor analysis into target selection; the FDA fast-tracked 12 AI-identified oncology drugs in 2024; premature patents on unvalidated candidates and inventorship gaps under EPC Article 81 and U.S. law remain unresolved .
  • Consumer-facing AI health platforms are proliferating without a settled regulatory framework. Microsoft Copilot Health, launched March 2026, aggregates EHR, lab, and wearable data for roughly 50,000 U.S. hospital-connected organizations; Microsoft's commitment not to use Copilot Health data for model training is positioned as a voluntary benchmark, not a legal requirement .
  • The FTC under reconstituted Republican leadership has signaled enforcement focus on hidden fees, dark patterns, and subscription traps across healthcare and digital platforms. Following the 2025 dismissals of Democratic commissioners, Chairman Ferguson has outlined a shift toward fraud redress over structural antitrust .
  • No-fault reimbursement enforcement authority has shifted toward state regulators. The Second Circuit's March 2026 decision constrains insurers' unilateral denial of claims based on provider misconduct, leaving GEICO's fraud and RICO theories for further proceedings pending New York Court of Appeals resolution .

Latest developments.

  • State AG files first enforcement action against AI chatbot impersonating a physician in a clinical setting, framing the conduct as consumer fraud .
  • Class action against Sutter Health and MemorialCare alleges CIPA, CMIA, and Federal Wiretap Act violations over Abridge ambient scribe deployment without patient consent; false chart documentation of consent alleged .
  • Tempus AI faces multi-state class actions alleging unconsented transfer of genetic data from over one million Ambry Genetics patients for AI model training and pharma licensing .
  • White House National Policy Framework for AI proposes federal preemption of state AI laws; no preemptive statute has passed; 177 state bills remain active .
  • Second Circuit vacates GEICO summary judgment in no-fault kickback case, holding anti-kickback violations do not automatically disqualify providers from reimbursement eligibility; question certified to New York Court of Appeals .
  • Microsoft launches Copilot Health, aggregating EHR, lab, and wearable data; commits not to use data for model training; competes directly with OpenAI ChatGPT Health and Anthropic Claude for Healthcare .
  • Senate Commerce Committee holds first FTC oversight hearing in nearly six years; Chairman Ferguson outlines enforcement priorities including healthcare dark patterns and subscription traps .
  • Nature Reviews Drug Discovery review documents AI embedding patentability analysis into drug target selection; USPTO extends AI Search Automated Pilot through June 2026 .
  • McKinsey 2025 survey finds 50 percent of healthcare organizations have implemented generative AI; agentic AI emerging as next deployment wave .

Active questions and open splits.

  • Whether health systems or vendors bear liability for AI scribe consent failures. The Sutter/MemorialCare complaint names only the health systems, not Abridge — but vendor agreements, indemnification provisions, and BAA structures will determine ultimate allocation; courts have not yet resolved the institutional-vs.-vendor responsibility split .
  • Whether genetic data can be meaningfully de-identified under state genetic privacy statutes. Tempus AI's de-identification defense is untested at the class action level; the outcome will govern how every healthcare platform structures post-acquisition data integration and downstream licensing .
  • Whether the federal AI preemption framework displaces state enforcement before state litigation matures. With 177 state bills active and no federal statute enacted, the window for state-law claims is open; if preemption legislation advances, retroactive effect on pending suits is unsettled .
  • What consent standard satisfies CIPA and the Federal Wiretap Act for ambient AI documentation. Boilerplate chart language stating patients "were advised" has been directly challenged as fabricated; whether any disclosure-at-intake mechanism satisfies all-party consent in California remains unresolved .
  • Whether AI chatbot impersonation of clinicians triggers consumer fraud liability independent of harm. The state AG enforcement action frames deception as the violation — not a specific patient injury — which, if sustained, sets a low threshold for future enforcement across clinical AI deployments .
  • Inventorship and patentability gaps in AI-generated drug candidates. With AI now embedding patentability analysis into target selection, premature filing on unvalidated candidates and inventorship attribution under EPC Article 81 and U.S. law remain open — and the USPTO's AI Search Automated Pilot does not resolve the underlying inventorship question .
  • Whether the Second Circuit's no-fault ruling shifts enforcement leverage from insurers to state regulators. The New York Court of Appeals certification will determine whether anti-kickback violations can ever serve as a reimbursement-eligibility defense — with hundreds of pending cases in the balance .

What to watch.

  • New York Court of Appeals resolution of the certified no-fault eligibility question — outcome reshapes insurer fraud-defense strategy across the $1 billion-plus annual no-fault market .
  • Early motions practice in the Sutter Health/MemorialCare AI scribe case — particularly whether courts treat vendor-deployed ambient recording as categorically different from provider-initiated recording under CIPA .
  • Whether additional state AGs file consumer fraud actions against AI health tools following the chatbot-impersonation enforcement template .
  • Congressional movement on the White House AI preemption framework — any committee action will signal whether federal standards will arrive before state litigation produces binding precedent .
  • Tempus AI's de-identification defense in the Northern District of Illinois — the court's treatment of genetic data anonymization will set the M&A data-integration standard for life sciences transactions .
  • USPTO expiration of the AI Search Automated Pilot on June 1, 2026 — whether it is extended or replaced will affect prosecution strategy for AI-identified drug candidates .

15 Contributing Entries

UN releases 2026 International AI Safety Report warning of enormous benefits and existential risks

The United Nations released the International AI Safety Report 2026, a comprehensive assessment concluding that advanced artificial intelligence presents both transformative opportunities and escalating dangers. The report, led by the UN agency for digital technology, finds that AI can accelerate development in health, education, and financial services in developing nations while simultaneously enabling cyberattacks, deepfake fraud, non-consensual intimate imagery, and biological weapon design. The core finding: AI capabilities in critical fields like biological research are advancing faster than governance frameworks, creating a dangerous gap between what is technologically possible and what remains safe.

Meta Loses Bid to Dismiss Lawsuit Over Children's Social Media Addiction

California Attorney General Rob Bonta won a significant procedural victory when U.S. District Judge Yvonne Gonzalez Rogers denied Meta Platforms' motion for summary judgment, clearing the way for a multi-state lawsuit alleging the company deliberately designed Facebook and Instagram to addict children. The judge found material factual disputes exist about whether Meta's platforms are addictive and whether the company misled the public about these risks. Critically, Rogers granted summary judgment to the states on one count: Meta failed to obtain sufficient parental consent under the Children's Online Privacy Protection Act (COPPA).

House Appropriations Committee Votes to Defund WISeR AI Prior Authorization Pilot

The House Appropriations Committee voted unanimously Tuesday to strip funding for WISeR, a CMS pilot program that uses artificial intelligence to impose prior authorization requirements on traditional Medicare beneficiaries. The committee adopted an amendment to the FY 2027 HHS appropriations bill that prohibits the Centers for Medicare & Medicaid Services from spending federal dollars on WISeR or any similar prior authorization model targeting traditional Medicare. The vote represents the first formal legislative action against the program, which CMS launched last year as a six-year Innovation Model beginning January 1, 2026.

UN independent panel warns unchecked AI progress poses catastrophic risks

On July 1, 2026, the UN's Independent International Scientific Panel on Artificial Intelligence released a preliminary report warning that unregulated AI development is outpacing both scientific understanding and government policy, with no guarantee against catastrophic harm. Led by UN Secretary-General António Guterres and computer scientist Yoshua Bengio, the panel identified specific risks: loss of control over autonomous systems, deceptive AI behaviors, and exploitation for fraud, cyberattacks, and biological threats. The report notes that AI already demonstrates expert-level reasoning in mathematics and science, with task complexity doubling every four to seven months, while current models trained on only a fraction of the world's 7,000 languages produce dangerous errors in health diagnoses for many populations.

California AG Bonta Sues Trump Admin Over Unlawful Medicaid Work Rules

California Attorney General Rob Bonta co-led a 24-state coalition and two governors in filing suit against the Trump Administration on June 29, 2026, challenging Medicaid work requirements enacted under the One Big Beautiful Bill Act. The lawsuit targets an interim final rule issued June 3, 2026, by the Department of Health and Human Services and Centers for Medicare & Medicaid Services. The coalition seeks to block and strike down the rule's provisions.

Blank Rome Hit With Two Class Actions After May Data Breach Exposes 57,000 Clients

Blank Rome LLP, a Philadelphia-based firm, faces two proposed class-action lawsuits following a May 2026 data breach that compromised the personal information of 57,554 current, former, and prospective clients. A cybercriminal impersonating an IT staff member tricked an attorney into uploading sensitive files to an unauthorized external Google Drive. The exposed data includes Social Security numbers, medical records, driver's license numbers, passport information, and health insurance details.

ChatGPT and Claude Account Sharing Leads to Privacy Breaches, Data Mix-ups, and Cybersecurity Risks

Users are sharing login credentials for premium AI services—ChatGPT Plus and Claude Pro—exposing themselves to serious privacy breaches. Connor Effrain, a 22-year-old digital fundraising associate, shared his ChatGPT account and inadvertently gave others access to sensitive health information about his Crohn's disease and personal details he had discussed with the chatbot. Both OpenAI and Anthropic explicitly prohibit account sharing in their terms of service, classifying these subscriptions as single-user only. The platforms detect concurrent sessions and suspend accounts that violate this rule.

CES 2026 Highlights Critical Safety Gaps as Humanoid Robots Shift to Real-World Use

At the 2026 Consumer Electronics Show, industry leaders and safety experts confronted an urgent problem: humanoid robots entering hospitals, homes, and factories are injuring people. Recent incidents involving Boston Dynamics' Atlas, Figure AI's Figure 3, 1X's Neo, and other platforms have exposed critical gaps in safety design. The machines' hard bodies, pinch points, and unpredictable movements in unstructured environments pose immediate physical risks that current protocols fail to address. The core issue is functional insufficiency—robots cannot reliably perceive and plan their actions in real-world conditions outside controlled labs.

American Healthcare Systems Files Amended Complaint Against Former Counsel Over Takeover Scheme

American Healthcare Systems Corp. and its founder Mike Sarian filed an amended complaint in California state court on Tuesday, July 7, 2026, accusing their former in-house counsel Faisal Gill of orchestrating an extortion and takeover scheme. The complaint also names Dr. Aramais Paronyan, a minority shareholder and director, as a participant in efforts to remove Sarian from control and restrict his access to company finances. AHS operates five Florida hospitals, including Palmetto General and Coral Gables Hospital.

Blank Rome Sued Over May 2026 Data Breach Exposing 57K Clients' Data

Blank Rome LLP, a Philadelphia-based national law firm, faces a proposed class action lawsuit alleging it failed to protect sensitive client data after a May 2026 social-engineering attack compromised information on over 57,000 individuals. An unauthorized third party impersonated IT staff and tricked a Blank Rome attorney into uploading confidential files to an external Google Drive account, exposing names, Social Security numbers, and potentially financial and medical records. The lawsuit names Blank Rome as defendant and alleges violations of common law, industry standards, the Federal Trade Commission Act, and HIPAA due to inadequate cybersecurity safeguards and delayed notification.

China to Launch "AI Plus" Initiative in 2026 to Embed AI Across Industry and Services

China will formally launch its "AI Plus" initiative in 2026, a sweeping program to embed artificial intelligence across industry, healthcare, services, and government as part of its economic modernization strategy. The rollout is scheduled to coincide with China's five-year plan due in March 2026 and represents a shift from research to sector-specific deployment, with the stated goal of creating a fully AI-driven society by 2035. The State Council and Cyberspace Administration of China are driving the effort, building on regulatory frameworks established since 2017 and labeling mandates for AI-generated content issued in March 2025.

3rd Circuit Panel Questions Diabetic Worker's AI-Cited Motion and Late Disclosure

A Third Circuit panel questioned on Tuesday whether a hospital employee's disclosure of her diabetes came too late to trigger accommodation rights under the ADA, after she was disciplined for sleeping at work. The same hearing surfaced a separate problem: her attorneys submitted a motion containing AI-hallucinated legal citations, raising the prospect of sanctions for the legal team.

Utah Enacts SB 319 Adding to Wave of State Laws Limiting AI in Health Insurance Denials

Utah enacted Senate Bill 319 on March 19, 2026, effective January 1, 2027, requiring human medical judgment for all adverse insurance preauthorization decisions. The law prohibits insurers from relying solely on AI recommendations when denying coverage and mandates that a licensed reviewer evaluate the provider's request, the patient's medical history, and individual clinical circumstances before any denial. Utah joins Washington, Nebraska, Texas, Colorado, and California in implementing AI guardrails for coverage determinations.

First Circuit Affirms Dismissal of Bayamón Medical Data Breach Case for Untraceable Injury

The First Circuit Court of Appeals has affirmed dismissal of a data breach class action against Bayamón Medical Center, ruling that the plaintiff failed to establish Article III standing. In Santos-Pagán v. Bayamón Medical Center, the court acknowledged that plaintiff Santos-Pagán suffered concrete injury from actual misuse of her information following BMC's 2019 ransomware attack. However, the court held she did not plausibly allege that her injuries were traceable to the breach itself—a fatal gap under Article III's "fairly traceable" requirement. The decision turns on a straightforward principle: allegations of identity-related harm occurring after a data breach do not establish standing without specific factual allegations connecting the breach to the misuse.

mail Subscribe to Health Care email updates

Primary sources. No fluff. Straight to your inbox.

Also on LawSnap