Insights

In mid-April, a bipartisan coalition of 45 State Attorneys General (AG) submitted a formal letter to the U.S. Department of Labor (DOL) expressing their collective support for a proposed rule (Improving Transparency into Pharmacy Benefit Manager Fee Disclosure, or RIN 1210-AB37), which would — if enacted — impose new disclosure obligations on pharmacy benefit managers (PBM) regulated under the Employee Retirement Income Security Act of 1974 (ERISA).

On April 6, 2026, the Centers for Medicare & Medicaid Services (CMS) published its final rule governing the Medicare Advantage (Part C) and Prescription Drug Benefit (Part D) programs for Contract Year (CY) 2027. The final rule is effective June 1, 2026, with most provisions applicable to coverage beginning January 1, 2027, and marketing and communications changes taking effect October 1, 2026. Beyond payment, the rule pursues a broad deregulatory agenda aligned with Executive Order 14192, reversing marketing and enrollment safeguards introduced in 2023 and easing documentation and reporting obligations, while introducing new program integrity requirements.

In Fortress Iron, LP v. Digger Specialties, Inc., No. 24-2313 (Fed. Cir. Apr. 2, 2026), the U.S. Court of Appeals for the Federal Circuit reaffirmed what happens when a patent incorrectly lists the true inventors, and that error cannot be corrected under 35 U.S.C. § 256(b), which requires notice and a hearing for all “parties concerned.” In Fortress, the patent owner sought judicial correction to add an inventor under § 256(b), but that inventor could not be located. Because the missing inventor qualified as a “concerned” party under the statute, the lack of notice and a hearing for that inventor made correction under § 256(b) impossible, and the patents could not be saved from invalidity.

The Federal Risk and Authorization Management Program (FedRAMP) continues to advance its modernization agenda. On April 8, 2026, FedRAMP released RFC-0031, Updated Incident Communications Procedures for public comment. This RFC proposes replacing the current FedRAMP Incident Communications Procedures (ICP) with what FedRAMP calls “a clear set of reporting requirements … established using a modern rules-based format.” 

On April 6, 2026, the Centers for Medicare and Medicaid Services (CMS) circulated the Announcement of Calendar Year (CY) 2027 Medicare Advantage (MA) Capitation Rates and Part C and Part D Payment Policies (the CY 2027 Rate Announcement) to communicate Medicare Advantage (MA) capitation rates and Parts C and D payment policies. The Rate Announcement announces decisions regarding proposals initially published on January 26, 2026, in CMS’s CY 2027 Advance Notice for MA and Part D. The following is a summary of the most significant issues in the Rate Announcement, with further details below: 

The U.S. Court of Appeals for the Federal Circuit recently decided in Bd. of Trs. of Columbia Univ. v. Gen Digital Inc., No. 2024-1243 (Fed. Cir. 2026) that the district court erred in its denial of judgment as a matter of law as to damages resulting from foreign sales of downloadable software. At Columbia University's request, the jury had been instructed that “Columbia [was] entitled to damages based on sales to customers located outside of the United States if . . . the infringing product sold to those customers was made in or distributed from the United States, even if the infringing product [was] delivered to and used by the customer outside the United States.” The court concluded as a matter of law that the software sold to Gen Digital‘s (Norton) foreign customers was made outside the United States, and therefore the $94 million in foreign sales damages could not stand.

As pharmaceutical weight-loss therapies have surged in popularity, health plans, regulators, and courts have found themselves grappling with a set of increasingly pressing and complex questions: who must cover these drugs, under what circumstances, and for whom?

Organizations facing cyber incidents increasingly encounter follow-on civil litigation alleging failures to implement reasonable security measures. In response, a growing number of states — the most recent being Oklahoma this year — have enacted safe harbor laws designed to both protect consumers and reward organizations that take a proactive, documented, and structured approach to cyber threats.

On March 23, 2026, the Federal Communications Commission (FCC) updated its Covered List—a list of communications equipment and services deemed to pose an unacceptable risk to U.S. national security or the safety and security of U.S. persons—to include consumer-grade routers produced in a foreign country, absent an exemption granted by the U.S. Departments of War (DoW) or Homeland Security (DHS). This designation effectively prohibits the import of all consumer routers that are not produced in the United States.

The National Association of Insurance Commissioners (NAIC) is intensifying its oversight of how insurers use AI — and the pace of regulatory activity shows no signs of slowing. Over the past several months, the NAIC has published a formal Issue Brief staking out its position on federal AI legislation, launched a multistate AI Evaluation Tool pilot aimed at examining insurers’ AI governance programs, and continued to expand adoption of its AI Model Bulletin across state lines. These developments continue a trend towards enhancing regulation; the NAIC adopted AI Principles in 2020 and a Model Bulletin in 2023 clarifying that existing insurance laws apply to AI systems and establishing expectations for governance, documentation, testing, and third-party oversight. That Model Bulletin has now been adopted in approximately 24 states.

False Claims Act (FCA) settlements and judgments hit record highs yet again in FY 2025, surpassing the previous record by over $1 billion and setting a new high-water mark for the number of new FCA cases filed.  These records were built both on existing enforcement priorities such as pandemic-related fraud and healthcare enforcement actions and new guidance from the Executive Branch instructing the Department of Justice to enforce its 2025 priorities including Diversity, Equity, and Inclusion (DEI), civil rights, and customs issues.  Procurement fraud, cybersecurity issues, and small business fraud also remained focal points, with significant settlements in each of those areas.  In the courts, an Eleventh Circuit decision expanded relators’ ability to use discovery to avoid dismissal under Rule 9(b), and a Ninth Circuit ruling clarified a number of customs fraud issues while applying the Supreme Court’s Schutte scienter test.  Debate over the qui tam provisions’ constitutionality continued to grow, with arguments made in multiple circuits, including an Eleventh Circuit oral argument in the appeal of the Middle District of Florida’s Zafirov decision that helped to spark the recent wave of challenges.  Crowell FCA attorneys explain these developments, trends, and what’s next for the FCA in a “Feature Comment” published in The Government Contractor.

On March 11, 2026, U.S. Patent and Trademark Office (USPTO) Director Squires issued a memorandum (2026 memo) to all Patent Trial and Appeal Board (PTAB) users titled “Additional Discretionary Institution Considerations — U.S. Manufacturing and Small Business Use of AIA Proceedings.”[1] In the 2026 memo, the director adds three new factors in determining whether to institute inter partes review (IPR) and post-grant review (PGR) proceedings.[2] The factors focus on domestic manufacturing and the use of these proceedings by small businesses.[3] The memo applies immediately to all pending IPR and PGR proceedings in which the due date for the patent owner’s discretionary brief has not yet elapsed.[4] Patent owners, petitioners with domestic manufacturing ties, and small business petitioners should take note.

In Wake Chapel Church, Inc. v. Church Mutual Insurance Company, the Fourth Circuit affirmed a $1.1 million jury verdict in favor of a policyholder, reaffirming that under North Carolina law insurers cannot defeat all-risk coverage by pointing to a postulated inherent defect or other excluded cause if a covered peril also contributed to the loss.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued six new general licenses, and updated a seventh that allow for many activities related to: the export of Venezuelan oil and petrochemical products from Venezuela; the exploration, development, and production of oil, gas, and petrochemical products in Venezuela; the generation, transmission, storage, or distribution of electricity in Venezuela; the export to Venezuela of U.S.-origin diluents; negotiating for investment in the oil, gas, petrochemical, and electricity sectors in Venezuela; and the export of Venezuelan gold.

Ex parte reexamination is seeing a resurgence in popularity as a cost-effective means to challenge a patent’s validity and should be part of your patent strategy. An ex parte reexamination is a proceeding in which any party — including a patent owner or an anonymous third party — may submit prior art to request that the United States Patent and Trademark Office (USPTO) reassess an issued patent's validity. Once overshadowed by the introduction of inter partes review (IPR) and post-grant review (PGR) following the enactment of the America Invents Act in 2012, ex parte reexamination is now experiencing a significant resurgence as a strategic alternative to both proceedings. This client alert explains what is driving ex parte reexamination’s resurgence and what it means for your patent strategy.

On February 13, 2026, the U.S. Department of Homeland Security (DHS) announced upcoming virtual town hall meetings scheduled for March 2026 regarding the implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).  The meetings will allow industry stakeholders to provide input to DHS to refine the “scope and burden” of the forthcoming CIRCIA final rule.

The federal Defend Trade Secrets Act (“DTSA”) is celebrating its 10th anniversary.  After many years of consideration, in 2016, Congress passed and the President signed the DTSA.  Patterned on the Uniform Trade Secrets Act adopted in most states, the DTSA creates a federal cause of action for misappropriation of trade secrets and thereby gives litigants a direct avenue into federal court.  Since then, the federal courts have been grappling with how to manage DTSA cases.  One issue still to be resolved is the absence of model jury instructions in most jurisdictions.

The U.S. Court of Appeals for the 6th Circuit may no longer be as favorable a venue for health plans engaged in legal disputes with members who allege that insufficiently detailed claim denials violate the Employee Retirement Income Security Act’s (ERISA) protections against “arbitrary and capricious” decision making.

On January 5, 2026, District of Colorado Magistrate Judge Cyrus Chung issued a recommendation that the district court grant a motion to quash a Department of Justice (DOJ) administrative subpoena that sought records about the provision of gender-related care by Children’s Hospital Colorado (Children’s) in In re: Department of Justice Administrative Subpoena No. 25-1431-030, U.S. District Court for the District of Colorado, No. 1:25-mc-00063. The court concluded that the DOJ had failed to carry its “light” burden, noting that no other courts that had considered the more than 20 similar subpoenas issued by DOJ had ruled in the DOJ’s favor.  

California state and federal courts continue to see extensive litigation involving the California Invasion of Privacy Act (“CIPA”). When enacted in 1967, CIPA targeted traditional telephone wiretapping. However, its reach has expanded as new technologies enter the market. Today, private CIPA claims often concern website tracking and a business’s choice to embed analytic tools on its website.