As the healthcare regulatory landscape continues to evolve, new federal enforcement actions and state legislation are reshaping compliance requirements for providers and organizations. Here’s a summary of the most important updates for September 2025 — from nursing degree fraud to data privacy, information blocking enforcement, and scope-of-practice changes across several states.
National Compliance and Enforcement Updates
DOJ Expands Crackdown on Fraudulent Nursing Degrees
The U.S. Department of Justice (DOJ) announced that Operation Nightingale has entered its second phase, intensifying efforts to eliminate fake nursing credentials. After securing 30 criminal convictions in 2023, the DOJ has now arrested and charged 12 additional defendants in Florida.
Why it matters:
Verifying professional education and licensure through trusted databases such as FACIS® helps healthcare organizations prevent fraud and maintain workforce integrity.
Healthcare Data Breaches Surge Amid Ransomware Threats
A new industry report shows a 13% month-over-month increase in healthcare data breaches for August 2025, driven primarily by ransomware incidents. Although total breaches remain below this year’s average, the upward trend signals continued vulnerability in data security across healthcare systems.
Why it matters:
Organizations should implement continuous compliance monitoring, strengthen cyber risk management, and ensure HIPAA-aligned safeguards to protect patient data.
HHS Targets Information Blocking with Stronger Penalties
The Department of Health and Human Services (HHS) announced a renewed focus on enforcing information blocking rules, which prohibit the obstruction of patient data sharing. Violations now carry civil penalties of up to $1 million per infraction, emphasizing the government’s commitment to promoting transparency and patient access.
Why it matters:
Providers and health IT vendors should evaluate their data-sharing policies and ensure compliance to avoid significant financial and reputational penalties.
State Regulatory and Legislative Updates
California AB 876 Clarifies Independent Practice for CRNAs
The California Legislature passed AB 876, confirming that Certified Registered Nurse Anesthetists (CRNAs) may administer anesthesia independently when ordered by a physician or dentist. The bill was sent to Governor Newsom on September 11, 2025, and he has 12 days to sign or veto it.
Why it matters:
This clarification reinforces CRNAs’ autonomy and may require updates to credentialing and scope-of-practice policies within California healthcare facilities.
California AB 1018 Fails to Advance: AI Transparency Bill Shelved
The proposed Automated Decisions Safety Act (AB 1018)—which would have required organizations to notify individuals when using AI or automated decision systems for consequential choices such as hiring or healthcare—failed to pass in the final hours of the 2025 legislative session.
Why it matters:
Although it didn’t move forward, the bill reflects growing state interest in AI accountability and algorithmic transparency—an area likely to resurface in future sessions.
New Jersey A 5948 Expands Acupuncturist Scope of Practice
New Jersey A 5948 significantly expands what licensed acupuncturists can do, now authorizing them to:
-
Perform X-rays and electrodiagnostic testing
-
Administer injections and IV therapies
-
Prescribe and dispense nutritional supplements
Why it matters:
Credentialing teams must ensure their systems reflect these new privileges and competencies to remain compliant with state scope-of-practice laws.
Staying Ahead of Healthcare Compliance Change
September 2025 highlights how rapidly the compliance landscape can shift — from federal enforcement crackdowns to state-level licensing reforms. Healthcare organizations must maintain ongoing credentialing, verification, and data integrity processes to reduce risk and uphold patient safety.
Verisys continues to support healthcare entities nationwide with trusted provider data intelligence, sanction screening, and real-time monitoring solutions that ensure compliance with every regulatory update.
