This monthly update highlights key regulatory developments, enforcement trends, and compliance issues affecting health-care providers across the continuum – from solo practices to hospitals and large physician groups. Each section includes practical action items to help you assess risk and prepare for upcoming obligations.

Regulatory Developments

HIPAA Notice of Privacy Practices Updates Due February 16, 2026

Covered entities must update their Notice of Privacy Practices (NPP) by February 16, 2026 to comply with HIPAA Privacy Rule amendments addressing substance use disorder (SUD) records under 42 CFR Part 2.  The amendments affect providers that create or maintain SUD-related records, including mental health practices, primary care providers, hospitals, and integrated care settings. Even providers that do not offer substance use disorder treatment must update their NPP, as the obligation applies broadly to covered entities and is not limited to Part 2 programs.  Under the revised rule, Part 2 records may generally be disclosed for treatment, payment, and health care operations based on a single written consent, rather than requiring separate consents for each disclosure. At the same time, heightened protections remain in place, including limits on redisclosure and restrictions on using SUD records in criminal, civil, or administrative proceedings against a patient.  Many existing NPPs do not reflect these changes or treat SUD records the same as other protected health information. Those notices should be reviewed and updated to avoid compliance gaps and patient confusion.

Action Items:

  • Review your current NPP for compliance with the 2026 HIPAA updates, even if you do not provide SUD treatment services.
  • Update posted notices, including websites, patient portals, and intake materials, by February 16, 2026.
  • Ensure staff understand that SUD records remain subject to heightened privacy protections despite expanded consent rules.

Contracting Focus

Employment vs. Independent Contractor Arrangements in Health Care

Health-care providers frequently use independent contractor arrangements for clinical services, coverage, or specialized roles. In practice, many of these relationships function more like employment, which can create legal, tax, and regulatory risk if the structure does not match how the individual is actually treated.  Misclassification issues arise when contractors are subject to the same scheduling, supervision, and operational controls as employees, or when contracts do not clearly define responsibilities, compensation, and termination rights. In health care, these risks can extend beyond wage-and-hour concerns and affect reimbursement, licensure, supervision requirements, and liability exposure.  Recent enforcement and audit activity across multiple agencies has increased scrutiny of contractor arrangements, particularly in settings involving clinical supervision, use of facility resources, and long-term or exclusive relationships.

Action Items:

  • Review whether individuals classified as independent contractors are truly operating with appropriate independence.
  • Confirm that contractor agreements clearly define scope of services, compensation, scheduling authority, and termination rights.
  • Evaluate whether supervision, documentation, and coverage requirements are consistent with the contractor model.

Compliance Focus

Responding to ICE Requests in Health-Care Settings

Health-care providers increasingly face questions about how to respond when Immigration and Customs Enforcement (ICE) agents request information or access to patients or facilities. While providers must comply with applicable law, HIPAA and state privacy laws continue to apply.  ICE agents do not have automatic authority to access patient information. HIPAA generally prohibits disclosure of protected health information without patient authorization unless a specific exception applies. Administrative warrants or subpoenas may not require immediate compliance and should be reviewed carefully. Patient-care areas also raise heightened privacy and safety concerns.  Providers should be prepared to respond calmly and consistently, without interfering with law enforcement activity or disclosing information unnecessarily.

Action Items:

  • Develop or update a written policy addressing law-enforcement requests, including ICE inquiries.
  • Train front-desk and clinical staff not to release information or grant access without appropriate authorization.
  • Identify a single internal point of contact for law-enforcement interactions.

Litigation & Risk Management Trends

Balancing Patient Privacy and Law Enforcement Requests

Recent complaints and enforcement actions show that providers face risk on both sides from improper disclosures of patient information to failures to follow internal procedures when law enforcement is involved.  Common problem areas include staff releasing information without authorization, inconsistent responses across departments or locations, lack of documentation of law-enforcement interactions, and confusion between administrative requests and judicial orders. Regulators and investigators increasingly expect providers to demonstrate reasonable, documented decision-making, even in high-pressure situations.

Action Items:

  • Confirm that privacy policies clearly address responses to law-enforcement requests.
  • Ensure interactions with law enforcement are documented and reviewed internally.
  • Align privacy, security, and risk-management teams on response protocols.

FAQ of the Month

“If ICE asks for patient information, do we have to comply?”

Not automatically.  HIPAA generally prohibits disclosure of protected health information without patient authorization unless a specific exception applies. Whether disclosure is permitted depends on the type of request, the information sought, and applicable federal and state law. In many cases, providers may decline immediate disclosure and request time to review the request with legal counsel.  Providers should not ignore ICE requests, but they should not comply without understanding their legal obligations.

Upcoming Deadlines & Reminders

  • February 16, 2026: Updated HIPAA Notice of Privacy Practices must be implemented and posted.
  • Q1 HIPAA Security Risk Assessments: Many organizations target early-year completion.
  • Professional License Renewals: Several health professions renew in Q1; verify staff deadlines.
  • Policy Reviews: Early 2026 is an ideal time to update privacy, compliance, and emergency response policies.

Disclaimer: The information provided here is for general informational purposes only and does not constitute legal advice. No attorney-client relationship is created by this communication. Parties should consult with their own qualified attorney for advice regarding their specific legal situation.

For questions or assistance, contact Paul A. Drey or Emily E. Reiners of the Brick Gentry P.C. Healthcare & Regulatory Team.

Brick Gentry P.C. is pleased to announce the relaunch of our Healthcare Law Update, a monthly publication designed for Iowa’s healthcare providers, including hospitals, clinics, rural health systems, behavioral health organizations, physician groups, and individual practitioners.

Beginning January 2026, our healthcare practice group will provide regular insights on key legal and regulatory developments affecting healthcare entities and providers across the State of Iowa. Each monthly update will feature:

  • Regulatory and compliance changes, including HIPAA, Stark/AKS, telehealth, reimbursement, credentialing, and licensing.
  • Litigation trends and notable case developments impacting healthcare providers.
  • Federal and state guidance relevant to Iowa’s hospitals, clinics, physician groups, behavioral health providers, and individual practitioners.
  • Practical considerations for administrators, executives, and boards.
  • Hands-on considerations necessary to navigate healthcare contracts.

As state and federal requirements continue to evolve, our goal is to offer clear, Iowa-focused guidance that helps organizations and individuals navigate operational and legal challenges throughout 2026 and beyond.

We welcome suggestions from healthcare leaders and partners regarding topics of interest for future updates. Please contact us with questions or ideas.

– Paul Drey & Emily Reiners

Brick Gentry, P. C., and the Iowa Healthcare Law Blog are excited to announce that Emily Reiners is now a shareholder with Brick Gentry and will be a key contributor to the Iowa Healthcare Law Blog.  Emily brings her past healthcare experience from her time as an attorney in private practice and at Unity Point.  She brings a keen understanding of regulatory and compliance law issues in the healthcare arena, as well as superior skills in drafting and reviewing healthcare contracts and advising healthcare professionals in Iowa.  Her approach and knowledge of the important issues make her a trusted advisor to those with whom she works.  We are so pleased that she is now part of our Brick Gentry Healthcare Team.

MACRA’S QUALITY PAYMENT PROGRAM HAS GONE LIVE – ACTION REQUIRED IN 2017 TO AVOID PART B PAYMENT REDUCTIONS IN 2019 – QPP BASICS TO KNOW IN GETTING STARTED

A new Congress has convened, a new administration is at the helm, and repeal of the Affordable Care Act (ACA) is on the docket, an action of consequence for, among other things, the Medicare Shared Savings Program (MSSP), primary care medical homes, and other Medicare-developed alternative payment models (APMs). On the other hand, the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), establishing a Medicare Part B Quality Payment Program (QPP), is bipartisan legislation of little debate. The American Medical Association, the American Hospital Association, and over 100 other health care entities have appealed to the Administration to preserve value-based care.  https://www.premierinc.com/wp-content/uploads/2017/01/Jan-25-letter1-24-17-Administration.pdf. So, even in the midst of ACA uncertainty, MACRA and its QPP are moving forward. The Centers for Medicare and Medicaid Services (CMS), by rule, has developed a QPP structure that went live on January 1, 2017.

Continue Reading MACRA’s Quality Payment Program Has Gone Live

Medicare/Medicaid Reform and ACA Repeal on the Horizon, MACRA Moves Forward for Now

The new administration’s agenda for health care may have come into clearer focus with President-Elect Donald Trump’s nomination of House Representative Tom Price, MD, a Republican from Georgia, as Secretary of Health and Human Services (HHS) and Seema Verma, MPH, as CMS Administrator. The American Medical Association (AMA) released a statement of strong support for Congressman Price, encouraging a swift confirmation vote. “Dr. Price,” the AMA said, “has been a leader in the development of health policies to advance patient choice and market-based solutions as well as reduce excessive regulatory burdens that diminish time devoted to patient care and increase costs.”

Continue Reading President-Elect Trump Names Rep. Tom Price, MD (R-GA) as HHS Secretary, Seema Verma, Health Care Consultant, as CMS Administrator

QRUR Informal Review Also Available.

Physicians and other eligible professionals and practices who failed to meet criteria for satisfactory PQRS reporting in calendar year (CY) 2015 now face a negative 2% adjustment in Medicare Part B payments for CY 2017. Physicians who believe CMS has inappropriately determined that a negative PQRS payment adjustment applies to them have until November 30* to request an informal review.  CMS set forth the following instructions for requesting an informal review.  *Deadline for requesting informal review of VM calculations now extended to December 7, 2016.

Continue Reading Time Remains to File a request for Informal Review of CY 2017 PQRS Negative Payment Adjustment

On October 14, 2016, the Centers for Medicare & Medicaid Services (CMS) released its final rule implementing the new Quality Payment Program for physicians in lieu of the repealed sustainable growth rate factor (SGR). Rather than facing substantial annual reductions in Medicare payment fees as a result of the SGR, physicians now have two interrelated pathways to earn quality-based, cost efficient incentive payments under Medicare:  the Merit-based Incentive Payment System (MIPS) or Advanced Alternative Payment Models (Advanced APMs). MIPS consolidates three existing quality-based incentives programs – the Physician Quality Reporting System (PQRS), the Physician Value-based Payment Modifier (VM), and the Medicare Electronic Health Record (EHR) Incentive Program – while maintaining an ongoing focus on achieving quality and cost efficiencies through use of certified EHR technology (CEHRT).

Continue Reading CMS publishes Final MACRA Rule for MIPS and APM Incentives

Physicians subject to the Rule must meet notice and posting obligations by October 16, 2016.

The federal Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), has published its final Rule implementing Section 1557 of the Affordable Care Act (ACA), 42 U.S.C. 18116, prohibiting discrimination in health care programs and activities. The new Rule, like Section 1557, specifically focuses its prohibitions and requirements on four already existing federal nondiscrimination laws: 1) Title VI of the Civil Rights Act of 1964, prohibiting discrimination based on race, color and national origin; 2) the Age Discrimination Act of 1975; 3) Section 504 of the Rehabilitation Act of 1973; and, 4) the sex discrimination provisions of Title IX of the Education Amendments of 1972 (extended by Section 1557 to health care). Section 1557 is in addition to rights and remedies available under these four laws. While the nondiscrimination prohibitions of Section 1557 have been in effect since passage of the ACA in March of 2010, this final Rule advises health care consumers of their Section 1557 rights and informs affected health care programs and activities of their Section 1557 obligations.

Continue Reading Hhs’ Final Nondiscrimination Rule Impacts Most Physicians

CMS proposed rule details Medicare’s new physician “Quality Payment Program”

Reporting under new measures slated to begin in 2017

The Centers for Medicare & Medicaid Services (CMS), the federal agency responsible for Medicare payment to physicians, released a proposed rule on April 27, 2016, setting forth key provisions of its Quality Payment Program for physicians, implementing key provisions in the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA). MACRA repealed the Sustainable Growth Rate (SGR) formula for annually adjusting Medicare payment to the nation’s physicians, replacing the SGR with a value-based payment system to be developed by CMS consistent with MACRA’s directives. The proposed rule has been published in the May 9, 2016 Federal Register. Comments are due by June 27, 2016.

Continue Reading MACRA on the Move!

2016 Amendments Permit Disclosure for Care Coordination Only Under State Law

One of the more challenging aspects of medical records management are federal and state legalities around release of substance abuse and mental health patient information. This year, the Iowa General Assembly passed legislation, Senate File 2144, to permit disclosure of otherwise confidential behavioral health information under Iowa law for care coordination purposes. SF 2144 was signed by Governor Branstad on April 6 and became effective on that day.

Continue Reading Iowa Legislature Amends Behavioral Health Disclosure Laws