Across the healthcare industry, providers are increasingly relying on AI-assisted billing tools to automate medical coding, prior authorization workflows, and the submission of claims to Medicare, Medicaid and other federal payors. The efficiency gains can be substantial, as can the heightened False Claims Act (FCA) exposure these systems can create. As AI continues to develop and becomes more widely integrated into healthcare billing, relators and prosecutors are likely to explore new avenues for evaluating, and litigating, how these tools are deployed, monitored and overseen.

Like every billing system, AI-assisted billing tools can make mistakes. However, AI-assisted systems can scale those mistakes across thousands of claims, and the records those systems generate may make it easier for the government or relators to argue that a provider’s submission of those claims violated the FCA.

Read more

On June 4, 2026, Reps. Jay Obernolte and Lori Trahan released a discussion draft of the Great American Artificial Intelligence Act. The proposal has generated significant attention, but many organizations may be overestimating its practical significance for day-to-day operations. The bill is directed primarily at developers of “frontier” AI models, so its requirements will not apply. Nonetheless, the bill has sparked conversation. It incorporates multiple bipartisan bills on AI, its drafters wrote an op-ed calling on the U.S. to create a national framework covering AI, and the U.S. House Democratic Commission on AI and the Innovation Economy released a statement that the draft “does not meet the enormity of the moment.” Read on to learn more about the discussion draft, which companies should view as a planning signal rather than a reason to pause or modify governance efforts.

Read more

The General Services Administration Federal Acquisition Service has released draft contract terms and conditions related to AI-related procurements through a new proposed GSAR clause 552.239-7001, “Basic Safeguarding of Artificial Intelligence Systems” (February 2026), that would impose material new requirements on contractors and service providers supplying AI capabilities to the federal government. If adopted, the clause would be inserted into all solicitations and contracts for AI capabilities and would govern data rights, disclosure obligations, security protocols and performance standards for AI systems used in federal operations. Federal contractors, technology vendors, and their in-house operations and counsel teams should closely review the proposed terms, as they represent one of the most comprehensive efforts to date to regulate the procurement and use of AI systems across the federal enterprise.

The proposed clause would significantly alter the landscape for companies providing AI capabilities to the federal government. Read on to learn more about the proposed rule and its implications.

On April 1, 2026, the U.S. Court of Appeals for the Seventh Circuit, which consolidated three interlocutory appeals, issued a significant ruling in Clay v. Union Pacific Railroad Co., that resolves the question of whether Illinois’s 2024 amendment to the Biometric Information Privacy Act (“BIPA”) applies retroactively to cases pending when it was enacted.[1] The court answered in the affirmative, and held that the amendment applies retroactively. This decision is a victory for businesses facing astronomical exposure in pending BIPA litigation.

Continue Reading Seventh Circuit Delivers Major Win for Businesses By Holding BIPA Damages Amendment Applies Retroactively

On Friday, April 3, 2026, the U.S. District Court for the District of Massachusetts preliminarily enjoined the Trump administration from requiring public colleges and universities in 17 states to submit seven years’ worth of Integrated Postsecondary Education Data System (IPEDS) Admission and Consumer Transparency Supplement (ACTS) survey data. The reporting deadline for the members of two intervenor organizations remains April 14, pending the outcome of a hearing scheduled for April 13.

Read more

Colleges and universities should assess their cybersecurity compliance posture and incident response readiness and harden their networks as soon as possible in light of elevated threats.

Since June 2025, the Cybersecurity and Infrastructure Security Agency has cautioned that Iranian government-affiliated actors routinely target U.S. networks and internet-connected devices. The war in Iran and recent Iranian state-sponsored malicious cyber operations suggest U.S. educational institutions may be more vulnerable than usual. They already face a complex web of overlapping federal and state data breach notification requirements, cybersecurity-related risks to Title IV funding eligibility and lasting reputational harm due to cyberattacks.

Read on to learn more about current cyber threats and what institutions should do to prepare.

On March 20, 2026, the White House unveiled its National Policy Framework for Artificial Intelligence, providing a blueprint on legislative recommendations and urging Congress to act. It recommends that Congress create a unified federal standard to reduce the regulatory friction of competing state AI regimes, promote AI innovation, and develop an AI-ready workforce, while ensuring the protection of children, consumers, and intellectual property rights. 

Continue Reading White House Releases AI Legislative Recommendations—Congress Has the Blueprint, but Questions Remain

The California Privacy Protection Agency (CalPrivacy) is entering an aggressive new phase of privacy regulation and enforcement, of which companies doing business in California should be aware. CalPrivacy already brought enforcement actions against many companies, maintains over 100 active investigations and has signaled an increased pace of enforcement.

Continue Reading CalPrivacy Ramps Up Privacy Enforcement

Overview

As we enter the 2026 tax filing season, organizations face a heightened risk of cyberattacks targeting employee information. Tax season is a busy time for cybercriminals, who ramp up efforts to trick businesses and individuals into sharing personal information. Bad actors can use stolen personally identifying information (“PII”) in a variety of harmful ways, including to file fraudulent tax returns and claim refunds. Below we provide an overview of the current threat landscape, key warning signs to watch for, practical prevention strategies, and guidance on legal obligations if your organization is targeted.

Continue Reading Protecting Employee Information From Tax Season Phishing Schemes

On Feb. 10, 2026, U.S. District Judge Jed Rakoff of the Southern District of New York issued a bench ruling holding that a defendant’s use of generative AI to analyze legal exposure is not protected under attorney-client privilege or the work product doctrine. See When AI Isn’t Privileged: SDNY Rules Generative AI Documents Not Protected. On Feb. 17, 2026, Judge Rakoff issued a written opinion confirming the bench ruling and adding important analysis. Read on to learn what the opinion adds on confidentiality, work product and waiver, and for details of the practical implications and open questions left by Judge Rakoff’s opinion.

Read more