

The flurry of proposed economic and healthcare policy changes coming out of Congress and the new administration are creating a lot of challenges and uncertainty for healthcare systems across the U.S.—financially, legally and operationally. This should be a call to action for every provider to take a hard look at the risks they face and the ability of their organization to respond.
Consider some of the policy proposals being put forth and their potential implications on your organization:
Medicaid and Medicare
Per capita caps or other limits on federal Medicaid contributions would shift greater financial responsibility to states, likely resulting in reduced coverage and reimbursement for low-income individuals. Likewise, Medicare payment reforms such as site-neutral reimbursement and uncompensated care funding reductions could shift financial burdens to healthcare providers.
New Medicaid eligibility requirements such as work requirements and other restrictive criteria could create barriers to access, resulting in coverage losses and increased uncompensated care for health systems. A recent report by the Commonwealth Fund and the George Washington University Milken Institute School of Public Health estimates that between 4.6 million and 5.2 million adults would be impacted.
The diversion of funds from traditional Medicare to Medicare Advantage plans could also exacerbate disparities in coverage and limit access to care for beneficiaries.
Lastly, altering Medicare’s drug price negotiation policies established under the Inflation Reduction Act could raise pharmaceutical costs for health systems and reduce affordable care options for patients.
Changes to the Affordable Care Act (ACA) and Public Health Programs
Among the biggest concerns coming out of the policy changes are the proposed alterations to the ACA that would reduce Medicaid expansion and weaken the insurance marketplace. Enforcement of delayed Medicaid DSH payment reductions could also reduce critical funding.
Cuts to public health agency funding are already weakening disease prevention and emergency preparedness while also reducing health system grants and community program support.
Proposed cuts to the Agency for Healthcare Research and Quality (AHRQ) will limit the creation of new Patient Safety Organizations and reduce federal oversight of patient safety data reporting and healthcare quality research.
Reduced NIH research grants and overhead reimbursement could limit research activities, affecting biomedical innovation and the financial stability of AMCs. Similarly, cuts to GME payments and federal higher education aid could limit funding for AMCs and physician training, worsening shortages and straining research capacity.
Restrictions on hospital eligibility for the 340B drug program including reductions in discounts and limits on contract pharmacy arrangements could erode 340B savings. Though the impact is likely to be less significant than the other changes mentioned above.
Economic and Legal Factors
While tariffs and retaliatory trade measures threaten the entire global economy, they will be especially disruptive to healthcare supply chains and access to essential goods, including pharmaceuticals, medical devices, and raw materials. This could lead to delays, increased procurement costs, and shortages, particularly for hospitals reliant on globally sourced inputs.
Removal of the tax exemption on municipal bond interest would increase borrowing costs for health systems. And potential changes in federal or state tax policies could eliminate the tax-exempt status of non-profit hospitals, increasing their financial burdens and reducing the resources that have available for community benefits.
Immigration also plays a role here. Increased ICE enforcement and visa restrictions could disrupt the healthcare workforce and deter immigrant patients from seeking care.
Re-thinking risk management for health systems
Entering 2025, healthcare systems already faced a variety of financial and operational risks, including razor-thin margins, rising costs, workforce shortages, cyber threats, and growing regulatory requirements. The proposed policy changes outlined above exacerbate those risks and force providers to divert critical resources to rapidly assess and respond to them. Each system must independently interpret these complex proposals, assess risks, and implement response plans—resulting in fragmented response efforts nationally. This reactive cycle isn’t new; COVID-19, cybersecurity breaches, inflation, and reimbursement threats have exposed the challenges of decentralized risk management and the need for centralized risk intelligence. This approach does not provide health systems with the responsiveness or scalability they need to stay ahead of emerging threats and proactively manage new challenges—individually or as an industry.
Most enterprise risk management (ERM) solutions do not yet reflect the full complexity of healthcare models. As a result, many healthcare organizations still rely on internally-developed processes that reflect deep institutional knowledge but can limit consistency and make it more challenging to respond rapidly to emerging risks.
Without a standard framework and shared intelligence, risk analyses often rely on qualitative judgment rather than hard data. Today, healthcare systems each define their own standards and risk management activities are often handled within individual departments. Creating more cross-functional and cross-organizational risk visibility would strengthen overall readiness and enable healthcare organizations to strengthen the connection between risk management, mitigation efforts, and the resulting ROI.
With that in mind, here’s what we believe is needed to change the way health systems approach risk management:
- A mechanism for collaboration and risk intelligence-sharing across healthcare systems. This includes a common language for risk with definitions and best practices.
- This common language will help providers quickly recognize, define, and prioritize the most significant risks to their enterprise.
- A more quantitative and data-driven approach to risk management, to complement the judgement and experience already in place.
- Automated risk management workflows that are integrated with existing information systems. This increases visibility and accelerates action across the organization.
- Connecting the organization’s most important risks with mitigating activities, including accountability and ROI tracking.
- Increased engagement across the organization. Risk management is everyone’s job, and leadership plays a critical role in setting the tone and ensuring visibility. Make sure the Board and executive teams have visibility into your risk management efforts, and have a forum to share their perspectives. Sharing relevant data will make this a lot easier.
Given the decentralized nature of current approaches, providers often face challenges in coordinating risk responses—highlighting the need for shared tools and insights. What’s needed is a standardized, cross-industry assessment of the environment and its accompanying risks. This will enable providers to be more proactive, make better informed decisions, and align on more responsive mitigation strategies.
About Jeff Ellis and Chris Giuliano
Jeff Ellis and Chris Giuliano are former Goldman Sachs healthcare investment bankers and co-founders of 1m, a risk management platform for healthcare providers which serves healthcare systems in the US. They are experts at the intersection of healthcare risk management, finance, and strategy.