Health Law Advisor

Anthropic’s new initiative—“Project Glasswing,” announced in April 2026—reflects a significant development in the cybersecurity landscape that should command the immediate attention of every C-suite leader, privacy officer, information security professional, and compliance executive in health care and life sciences, financial services and other critical infrastructure industries, and their legal counsel.

On March 12, 2026, Microsoft officially launched Copilot Health — a dedicated, secure space within its Copilot AI platform designed to aggregate a user’s health records, wearable data, and lab results into a single, personalized health profile. While the product has drawn considerable excitement in the health-tech space, it also raises significant legal considerations for individual adopters and their healthcare providers.

On April 3, 2026, the director of the Office of Management and Budget submitted to Congress President Donald Trump’s budget for 2027—proposing $111.1 billion in discretionary budget authority for the U.S. Department of Health and Human Services (HHS) for Fiscal Year 2027, beginning October 1, 2026, and ending September 30, 2027. The number represents a $15.8 billion or 12.5 percent decrease from the 2026 enacted level and suggests ongoing emphasis on combatting improper payments and practices in health care. The proposed budget investments also signal potential shifts that will impact service delivery for certain communities and business operations for entities that contract with the federal government or federal government grantees. We’ve noted the following key takeaways from the HHS Budget in Brief on these points, below.

On April 10, the U.S. Department of Justice (DOJ) announced the first settlement to resolve False Claims Act (FCA) allegations regarding a private employer’s failure to comply with anti-discrimination requirements in contracts with the federal government. The settlement with IBM comes just two weeks after the March 26 signing of a new executive order called “Addressing DEI Discrimination by Federal Contractors” (EO 14398), curbing diversity, equity, and inclusion (DEI) programming (read more here). 

What health care and life sciences organizations need to know:

• “Bulk” Has a New Definition: The volume thresholds under the U.S. Department of Justice’s (DOJ’s) Bulk Sensitive Data (BSD) Transfer Rule are surprisingly low—sharing genomic data on just 100 people can trigger compliance requirements, catching many organizations off guard.
• HIPAA Compliance Is Not Enough: The BSD Transfer Rule creates an entirely new compliance layer that goes beyond existing privacy frameworks, such as the Health Insurance Portability and Accountability Act (HIPAA), applying even when data has been de-identified or anonymized.
• It’s About Access, Not Just Transfers: Simply giving a foreign vendor, board member, or investor the ability to view sensitive data can trigger the BSD Transfer Rule—no formal data-sharing agreement is required.

In this episode of Diagnosing Health Care^®, Epstein Becker Green attorneys Laura DePonio, Elizabeth McEvoy, and Elena Quattrone walk health care and life sciences organizations through the DOJ’s BSD Transfer Rule—from scoping and compliance to enforcement risks and exemptions.

The Food and Drug Administration (FDA) is urging innovators, providers, and patients to “reimagine the home as an integral part of the health care system.” If you’re skeptical, the “Home as a Health Care Hub” initiative was introduced in 2024 by the FDA’s Center for Devices and Radiological Health (CDRH) in response to changing needs of health care and feedback from the public, accelerated by the COVID-19 pandemic.

On March 27, 2026, the Food and Drug Administration (“FDA”) held a public meeting entitled “Exploring the Scope of Dietary Supplement Ingredients.” Sponsored by FDA’s Office of Dietary Supplement Programs (“ODSP”), the meeting was designed for agency officials and stakeholders “to discuss the evolving landscape of dietary supplement ingredients and how recent scientific and technological advances are shaping the industry.”

On March 23, 2026, the U.S. House of Representatives’ Committee on Oversight and Government Reform sent a letter to California Governor Gavin Newsom requesting “documents and communications” surrounding the state’s oversight of its federally funded hospice programs.

On March 4, the Department of Health and Human Services (“HHS”) Office of the Inspector General (“OIG”) issued a favorable result in OIG Advisory Opinion No. 26-03, regarding a Requestor’s proposal to offer discounts to certain ambulatory surgery centers (“ASCs”) on intraocular lenses (“IOLs”) and supplies in cataract surgery. The discounts would be contingent on physician practices—with ophthalmic surgeons performing cataract surgery at the ASCs—purchasing and entering into subscription agreements for the Requestor’s software product (the “Proposed Arrangement”).

In the wake of shootings in early March at hospitals in Atlanta and Milwaukee, the nation’s attention again turns to how to prevent workplace violence in health care settings.