Federal and state enforcement actions continued to close out 2025, reinforcing the importance of strong compliance oversight across healthcare operations. December’s updates highlight intensified mental health parity enforcement, renewed congressional focus on healthcare cybersecurity, increased state oversight of long-term care facilities, and a federal healthcare fraud sentencing that underscores the consequences of noncompliance.
Below are the key legislative and compliance developments healthcare organizations should be tracking.
Federal Enforcement and Legislative Updates
Mental Health Parity Enforcement Actions
Agency: Washington State Office of the Insurance Commissioner (OIC)
Action Date: November 24, 2025
The Washington State Office of the Insurance Commissioner issued a $550,000 fine against Regence BlueShield for violations related to the Mental Health Parity and Addiction Equity ACT (MHPAEA).
The OIC cited the insurer’s failure to provide sufficient documentation demonstrating that non-quantitative treatment limitations applied to mental health and substance use disorder benefits were comparable to those applied to medical and surgical benefits.
Why this matters:
- Parity enforcement is focused on documentation and comparative analyses, not just benefit design
- Regulators are increasing scrutiny of MHPAEA compliance
- State regulators are actively enforcing federal parity standards
Key takeaways:
- Health plans must maintain current, defensible parity analyses
- Documentation should be readily available for regulatory review
- Delegated entities should understand how parity requirements apply across their networks
Healthcare Cybersecurity Legislation Reintroduced
Committee: Senate Health, Education, Labor, and Pensions (HELP) Committee
Bill Reintroduced: December 4, 2025
Lawmakers reintroduced the Health Care Cybersecurity and Resilience Act of 2025, led by Senator Bill Cassidy, MD (R-LA), Chair of the Senate HELP Committee.
The legislation aims to strengthen cybersecurity across the healthcare sector through:
- Expanded cybersecurity training and technical assistance
- Improved coordination between HHS and the Cybersecurity and Infrastructure Security Agency (CISA)
- Support for rural and under-resourced healthcare providers
- Enhanced incident response planning
Why this matters: Healthcare organizations remain frequent targets of cyberattacks. Federal lawmakers are signaling momentum toward stronger cybersecurity expectations. Future legislation may impact HIPAA security and risk management requirements.
Actionable reminders:
- Healthcare organizations should assess their current cybersecurity readiness
- Incident response and risk management plans should be reviewed regularly.
- Organizations should monitor legislative progress in 2026
Federal Healthcare Fraud Sentencing
Sentencing Date: December 8, 2025
Court: U.S. District Court (Nebraska)
A physician based in Omaha, Nebraska, was sentenced in federal court for healthcare fraud-related offenses involving improper billing practices. According to federal prosecutors, the case involved fraudulent claims submitted to government healthcare programs, resulting in significant financial losses.
The sentencing reflects continued enforcement by the DOJ targeting fraudulent billing, improper claims, and abuse of federal healthcare programs.
Why this matters: Federal authorities continue to pursue healthcare fraud cases aggressively. Individual providers face criminal penalties, not just civil fines. Billing accuracy and oversight remain high-risk compliance areas.
Actionable reminders:
- Providers should ensure billing practices align with program requirements
- Compliance programs should include regular audits and monitoring
- Credentialing, sanctions screening, and ongoing provider oversight are critical
State Oversight
New Jersey Nursing Home Investigation
Jurisdiction: State – New Jersey
Report Issued: December 10, 2025
The New Jersey Office of the State Comptroller released an investigative report identifying significant compliance failures at two nursing facilities.
Findings included:
- Chronic understaffing below the required minimum levels
- Improper related-party financial arrangements
- Misuse of Medicaid funds
- Inaccurate cost and staffing data submitted to regulators
Why this matters: State agencies are increasing oversight of long-term care facilities. Staffing and financial reporting directly impact patient safety and public funding. Medicaid participation carries heightened compliance expectations
Key takeaways:
- Long-term care providers should review staffing compliance practices
- Financial relationships and disclosures must be transparent and accurate
- Internal audits can help identify risks before regulatory review
Verisys Compliance Perspective
December’s enforcement actions reinforce several compliance trends healthcare organizations should prioritize as they enter 2026:
- Parity enforcement continues to expand at the state level
- Cybersecurity preparedness remains a legislative focus
- State oversight of long-term and publicly funded care is increasing
- Healthcare fraud enforcement highlights the importance of billing integrity and provider oversight
Verisys supports healthcare organizations by delivering verified, real-time provider data solutions that help strengthen compliance programs, reduce risk exposure, and protect patient safety across provider networks.
Sources:
https://www.hipaajournal.com/health-insurers-penalty-mental-health-parity-compliance/
https://www.nj.gov/comptroller/reports/2025/20251210.shtml
https://www.wowt.com/2025/12/08/omaha-doctor-sentenced-health-care-fraud-federal-court/
