5 min read
5 Healthcare Laws Impacting Patient Safety in 2025
Performance Health Partners
February 3, 2025

New healthcare laws are significantly reshaping the healthcare industry to improve patient safety in 2025. From reforms tackling cybersecurity in hospitals to regulations governing infertility treatments, these laws reflect a growing commitment to protecting patients' health, safety, and privacy.This blog post will explore five healthcare laws that will impact patient and healthcare worker safety across the United States this year. It will examine how each law aims to improve outcomes, protect sensitive patient information, and ensure that healthcare services are both safe and accessible.
Washington Healthcare Facility Employee Overtime Law (RCW 49.28.130)
Section 49.28.130 of the Revised Code of Washington was updated, changing Washington’s definition of healthcare employees to expand who is included in the state’s mandatory overtime prohibition law. The overtime prohibition law prevents employers from forcing certain healthcare workers in hospitals to work overtime. Prior to the revision, the law only included licensed practical nurses, technologists, and specialists.
After the change in definition, which went into effect on January 1, 2025, a healthcare employee is now defined as an individual employed by a health care facility, who is involved in the direct care of a patient or clinical services, and who received an hourly wage or is covered by a collective bargaining agreement. Additionally, the revision will also begin to apply to facilities with fewer than 25 beds on July 1, 2025.
The expansion of the definition allows for more healthcare employees to avoid burnout or stress and avoid coercion from employers to work excessive hours. By preventing mandatory overtime, employees will be able to maintain a better work-life balance which is crucial in the healthcare industry, known for its demanding work schedules. Not only will healthcare employees benefit, but patients will, too.
Well-rested healthcare workers will do a better job of ensuring patient safety and improving quality of care.
New Jersey Postpartum Care Plan Law (S912/A3887)
New Jersey Senate Bill 912 and Assembly Bill 3887 was signed on November 18, 2024, and will go into effect on May 17, 2025. The law focuses on bettering postpartum care for women, particularly addressing the need for comprehensive support following pregnancy, pregnancy loss, or stillbirth.
The law requires that health professionals must help women develop personalized postpartum care plans during their prenatal visits. These plans will include:
- Contact information
- Scheduled postpartum visits
- Breastfeeding guidance
- Details on pregnancy complications
- Signs of postpartum depression
- Ongoing health condition management
It is also required that upon discharge from a hospital, women must be provided with detailed postpartum care information, including what symptoms are normal, signs of complications, and when to seek medical help.
This law is designed to significantly improve the well-being of new mothers by ensuring they receive comprehensive and personalized care during the critical postpartum period. It focuses on the early detection and management of potential complications, helping reduce maternal mortality.
California AB 977: Strengthened Penalties for Violence Against Healthcare Workers
Effective January 1, 2025, California AB 977 marks a significant legislative enhancement to protect healthcare workers in emergency departments (ED) from acts of violence. Signed into law after advocacy from healthcare professionals across the state, this statute upgrades the consequences for assaulting ED staff from misdemeanors to felonies.
Under AB 977, acts of assault or battery against physicians, nurses, and other healthcare staff in EDs will now be punishable by up to one year in county jail, fines up to $2,000, or both. This legislative change was motivated by a growing need to address increasing incidents of violence against healthcare workers, which compromise both healthcare worker safety and patient care.
In response to the enhanced law, EDs are updating signage to clearly communicate the severe penalties for violence against healthcare workers. Additionally, training sessions are being planned to educate staff on the law, focusing on safety protocols and incident reporting procedures. The goal is to create a safer working environment that supports high-quality patient care by ensuring healthcare employee safety.
Connecticut Cybersecurity Audit Law (PA 24-19, Section 20)
According to the new Section 20 of Connecticut’s Public Act 24-19, every hospital in Connecticut, except those operated exclusively by the state, must annually undergo a cybersecurity audit by an independent, certified auditor or expert. This law went into effect on January 1, 2025.
These audits will assess the adequacy of each hospital’s plans for responding to healthcare cybersecurity disruptions and suggest necessary improvements. The results of these audits, along with details about any improvements the hospitals are making based on the recommendations, must be submitted to various state departments including the Department of Public Health and the Department of Emergency Services and Public Protection, while maintaining strict confidentiality. This information is also protected from public disclosure under the Connecticut Freedom of Information Act to ensure privacy and security.
The new cybersecurity law will bring multiple positive effects for hospitals and their patients. By requiring annual audits of hospitals’ cybersecurity plans, the law ensures that these institutions maintain high standards of data protection, reducing the risk of breaches that could compromise patient privacy.
This evaluation process will also help identify any weaknesses in current systems, promoting continuous improvement in hospital security. Ultimately, these actions will bolster public trust in the healthcare system’s ability to safeguard sensitive health information.
Pennsylvania Biomarker Testing Coverage Law (HB 1754)
Pennsylvania House Bill 1754 updated the state’s insurance laws to include coverage for biomarker testing under health insurance plans when the tests are necessary for diagnosing, treating, managing, or monitoring a patient’s condition. Biomarker tests analyze a sample of tissue, blood, or other bodily fluid to identify biomarkers that indicate the presence of cancer. These biomarkers can be DNA mutations, protein level changes, and certain gene patterns.
The law was approved on July 1, 2024, but went into effect on January 1, 2025. It states that insurers must cover the costs of biomarker testing under the terms of the health insurance policy, which could include some costs to the patient, such as co-pays. The coverage must also align with both state and federal regulations. The amendment also impacts Medicaid and Children’s Health Insurance Program plans, which must provide similar coverage, but these plans only go into effect in 2026.
This legislation ensures that patients have access to important diagnostic and treatment options for cancer without facing the full financial burden, helping tailor medical treatments to individual health needs more effectively.
Federal Laws to Look Out for During 2025
Expansion of Telehealth Services
On December 21, 2024, Congress passed the American Relief Act of 2025, which went into effect on Jan 1, 2025. The Act not only ensures the continuation of essential healthcare programs but also includes provisions to sustain telehealth access for millions of Americans for 90 days into the new year.
The Act removes geographical barriers for telehealth, allowing Medicare beneficiaries to access services from any location, and expands the types of healthcare providers who can offer telehealth. It also includes provisions for audio-only telehealth services, increasing accessibility.
While these extensions are set to expire on March 31, 2025, only being effective for a brief period, this act shows the importance of telehealth care. Hopefully, it also signals the necessity for future legislative action to ensure these services can continue to evolve and can serve as a steppingstone to permanently adopt telehealth into modern healthcare and support patient needs effectively.
New HIPAA Regulations in 2025
In January of 2025, an update to the HIPAA Security Rule was proposed. Throughout the coming year, the HIPAA Security Rule will be undergoing updates to enhance cybersecurity measures for protected health information. The updates will involve several key changes to strengthen the security and compliance protocols for healthcare providers and their associates.
For example, healthcare entities will be required to conduct risk analyses and maintain inventories of their technology assets that handle public health information. This helps with identifying vulnerabilities and ensuring appropriate safeguards are in place. The update also requires better incident response plans and contingency measures. Systems and data must be restored within 72 hours of a cybersecurity incident. This is crucial for minimizing downtime and protecting patient data during emergencies.
These updates are designed to address cybersecurity threats and ensure that healthcare entities can better protect the confidentiality, integrity, and availability of public health information.
Final Thoughts
Looking for a way to make sure your organization stays in compliance with new laws and regulations being put into effect? Click here to learn more about Performance Health Partners’ award-winning compliance and audit solutions.