Insights

In a somewhat ambiguous press release on Wednesday, June 18, 2025, the Food and Drug Administration (FDA) announced a halt and “immediate review” of new clinical trials where American patients’ cells are sent to China or other “hostile countries” for genetic engineering with the expectation that the cells will be infused back into U.S. patients.[1] A subsequent podcast published by the agency also said that therapies that involved cells that were sent to China for genetic engineering and intended for subsequent infusion into U.S. patients would not be approved going forward. The announcement said that there is “mounting evidence” that some clinical researchers failed to obtain informed consent from trial participants about the international transfer and manipulation of biological material.

On May 1, the NIH issued an update on its grants policy, establishing a “new award structure” that would prohibit foreign subawards from being nested under the parent grant, replacing them with direct awards linked to a prime award. Effective immediately, NIH will no longer issue awards that include a subaward to a foreign entity until the new structure is implemented. The notice did not limit this new structure for foreign recipients to any particular jurisdiction, potentially impacting a wide range of grants and limiting international collaboration with U.S. researchers through the subaward model.

On March 27, 2025, HHS announced a “dramatic restructuring” of its various agencies and offices in accordance with President Trump's Executive Order, “Implementing the President’s ‘Department of Government Efficiency’ Workforce Optimization Initiative.” HHS also published a Fact Sheet.

On March 12, the California Consumer Privacy Protection Agency (“Agency”) announced it had entered into a settlement (“Settlement”) with American Honda Motor Company (“Honda”) to resolve the Agency’s claims that Honda violated the California Consumer Privacy Act (“CCPA”). The total fine to be paid by Honda is $632,500. The investigation came out of the Agency’s Enforcement Division’s focused review of privacy practices of connected vehicles and related technologies announced in July 2023. That review highlighted vehicles with embedded features such as location sharing, smartphone integration, and cameras, and we expect more automotive related Agency settlements to be issued in the near future.

On February 28, the Department of Health and Human Services (HHS) announced that it was rescinding the Richardson Waiver, a policy in place since 1971 which said HHS would provide notice of proposed rulemaking in certain cases where it was not otherwise required to do so by law. This announcement signals a policy shift for the agency and suggests that where permitted by law, HHS will generally now issue rules relating to “agency management or personnel or to public property, loans, grants, benefits, or contracts” without providing notice and comment to stakeholders, and may otherwise find good cause to forego notice and comment procedures.

On Friday, February 21, Rep. Brett Guthrie (R-KY) and Rep. John Joyce (R-PA), the Chairman and Vice Chairman of the U.S. House Committee on Energy and Commerce, issued a Request for Information (RFI) inviting stakeholders to provide comment as the Committee explores the development of a federal data privacy and security framework. After efforts to consider a bipartisan and bicameral bill failed last year under former Chair Cathy McMorris Rodgers (R-WA), Chairman Guthrie is starting the effort anew, forming a working group with the goal of developing comprehensive legislation “that can get across the finish line.”

Days after President Trump issued an executive order (EO) taking aim at diversity, equity, and inclusion (DEI) programs and prohibiting federal recognition of gender identity apart from biological sex, previously issued draft guidance on diversity in clinical trials was removed from the website of the U.S. Food and Drug Administration (FDA). While the removed guidance was in draft form, it is highly unusual for FDA to revoke or alter draft guidance without issuing a statement or further guidance. This move raises questions about the applicability of statutory obligations to submit clinical trial Diversity Action Plans and the agency’s current thinking on best practices for clinical development.

On January 6, with increased attention and scrutiny from patients, providers, developers, and payors on the accelerated approval pathway for drugs, the Food and Drug Administration (FDA) released new draft guidance for industry on what it means for a drug’s confirmatory trial to be “underway” under section 506(c) of the Federal Food, Drug, and Cosmetic Act.

On October 29, 2024, the Department of Justice (DOJ) published a Notice of Proposed Rulemaking (NPRM) to implement Executive Order 14117 “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the E.O.).  The E.O. addresses the national security threat posed by the continued effort of certain countries of concern to access and exploit certain kinds of Americans’ sensitive personal data, which includes health data and genetic data. This builds on DOJ’s Advance Notice of Proposed Rulemaking (ANPRM) published on March 5.  Comments are due on November 29, 2024.

On September 12, 2024, the Department of Health and Human Services’ (“HHS”) Office of Research Integrity (“ORI”) released a final rule updating 42 CFR Section 93, Public Health Service Policies (“PHS”) on Research Misconduct (“Final Rule”). The research misconduct rule was promulgated almost 20 years ago without subsequent revision, until now. It affects all recipients of Public Health Service funding for biomedical or behavioral research, requiring them to update their policies and procedures governing research misconduct to remain in compliance with the regulation.

The Federal Trade Commission (FTC) recently entered into a settlement with Monument, Inc., an alcohol addiction treatment service, for allegedly disclosing users’ personal health data to third-party advertising platforms without consumer consent and violating their own website claims to consumers with respect to the disclosure of such data. The action follows other settlements by the FTC focused on tracking technologies collecting sensitive health information through web pages and web portals. “This action continues the FTC’s work to ensure strict limits on how firms handle sensitive health data, rather than putting the onus on consumers to protect themselves,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “Following on the heels of actions against GoodRx, BetterHelp, and Premom, the market should be getting the message that consumer health data should be handled with extreme caution.”