Telemedicine – Are There Increased Risks With Virtual Doctor Visits?

“Telemedicine” or “Telehealth” are the terms most often used when referring to clinical diagnosis and monitoring that is delivered by technology. Telemedicine encompasses healthcare provided via real time two-way video conferencing; file sharing, including transmission of health history, x-rays, films, or photos; remote patient monitoring; and consumer mobile health apps on smart phones, tablets, and devices that collect data and transmit it to a healthcare provider. Telemedicine is increasingly being used for everything from diagnosing common viruses to monitoring patients with serious long-term health issues.

The American Telemedicine Association reports that majority of hospitals now use some form of telemedicine. Two years ago, there were approximately 20 million telemedicine video consultations; that number is expected to increase to about 160 million by 2020. An estimated one-third of employer group plans already cover some type of telehealth.

Telemedicine implicates legal and regulatory issues as licensing, prescribing, credentialing, and cybersecurity. Pennsylvania recently passed legislation joining the Interstate Medical Licensing Compact, an agreement whereby licensed physicians can qualify to practice medicine across state lines within the Compact if they meet the eligibility requirements. The Compact enables physicians to obtain licenses to practice in multiple states, while strengthening public protection through the sharing of investigative and disciplinary information.

Federal and state laws and regulations may differ in their definitions and regulation of telemedicine. New Jersey recently passed legislation authorizing health care providers to engage in telemedicine and telehealth. The law establishes telemedicine practice standards, requirements for health care providers, and telehealth coverage requirements for various types of health insurance plans. Earlier this year, Texas became the last state to abolish the requirement that patient-physician relationships must first be established during an in-person patient/doctor visit before a telemedicine visit.

As telemedicine use increases, there will likely be an increase in related professional liability claims. One legal issue that arises in the context of telemedicine involves the standard of care that applies. The New Jersey statute states that the doctor is held to the same standard of care as applies to in-person settings. If that is not possible, the health care provider is required direct the patient to seek in-person care. However, the standard of care for telemedicine is neither clear nor uniform across the states.

Another issue that arises in the context of telemedicine is informed consent, especially in terms of communication, and keeping in mind that the Pennsylvania Supreme Court recently held that only the doctor, and not staff members, can obtain informed consent from patients. Miscommunication between a healthcare provider and patient is often an underlying cause of medical malpractice allegations in terms of whether informed consent was obtained.

In addition, equipment deficiencies or malfunctions can mask symptoms that would be evident during an in-person examination or result in the failure to transmit data accurately or timely, affecting the diagnosis or treatment of the patient.

Some of these issues will likely ultimately be addressed by legislative or regulatory bodies but others may end up in the courts. According to one medical malpractice insurer, claims relating to telemedicine have resulted from situations involving the remote reading of x-rays and fetal monitor strips by physicians, attempts to diagnose a patient via telemedicine, delays in treatment, and failure to order medication.

recent Pennsylvania case illustrates how telemedicine may also impact the way medical malpractice claims are treated in the courts. In Pennsylvania, a medical malpractice lawsuit must be filed in the county where the alleged malpractice occurred. Transferring venue back to Philadelphia County, the Superior Court in Pennsylvania found that alleged medical malpractice occurred in Philadelphia — where the physician and staff failed to timely transmit the physician’s interpretation of an infant’s echocardiogram to the hospital in another county where the infant was being treated.

The use of telemedicine will likely have wide-reaching implications for health care and health care law, including medical malpractice.

This post was written by Michael C. Ksiazek of STARK & STARK, COPYRIGHT ©
2017
For more Health Care legal analysis, go to The National Law Review 

Attorneys: A Common Interest Agreement May Not Be Worth the Paper It’s Written On

It is a very common practice for counsel to co-defendants or co-plaintiffs to enter into agreements that shield their communications. The agreements are expressions of intent that the communications will be protected by the “common interest doctrine” that extends the attorney-client privilege to discussions with parties that share a common interest. Under the doctrine, the attorney-client privilege is not waived when such communications are made between parties sharing a common legal interest.

In Ambac Assur. Corp. v Countrywide Home Loans, Inc., 27 NY3d 616 (2016), the New York Court of Appeals expressly limited the application of the common interest doctrine to “co-defendants, co-plaintiffs or persons who reasonably anticipate that they will become co-litigants.…” In doing so, the Court of Appeals clarified that the policy underpinning the doctrine was to enable two or more parties to coordinate a common claim or defense without fear that such efforts might later become the subject of disclosure.

Despite the frequent use of common interest agreements, there are limitations that may vitiate the privilege entirely and leave communications unprotected and discoverable to the other side. In applying the holding in Ambac, a New York County Supreme Court judge recently ruled that the common interest doctrine did not apply to communications between counsel where one party assigned claims to the other.

In 59 S. 4th LLC v A-Top Ins. Brokerage, Inc., 2017 N.Y. Slip. Op. 30050[U] (Sup. Ct., N.Y. County, Jan. 10, 2017), an owner of a residential development project initiated a lawsuit against an insurance broker, alleging that the broker had misrepresented the scope of work the general contractor could undertake with its current insurance. In addition, the owner obtained an unconditional assignment of any potential claims the general contractor may have possessed against the broker regarding the procurement of insurance. Subsequent to the assignment and during the litigation, the plaintiff owner and (non-party) general contractor entered into a “common interest agreement” before entering into a series of discussions. That agreement contemplated that certain communications between the owner and the general contractor would be privileged and confidential. When counsel for the broker sought production of those communications, the owner refused to produce them citing the common interest doctrine. The broker then moved to compel.

In granting the broker’s motion, the Court reaffirmed the limited applicability of the common interest doctrine as set forth by the Court of Appeals in Ambac. The Court reasoned that, because the assignment completely divested the general contractor of any interest it may have had in the outcome of the litigation, the general contractor could not – by definition – become a co-plaintiff in the action. As a result, the entirety of verbal and written communications between the owner and general contractor were deemed not privileged and subject to disclosure to the other side.

Following the holdings in Ambac and 59 S. 4th LLC, any lawyer considering entering into a common interest agreement should be mindful that these agreements are not automatically upheld. Instead, careful practitioners must confirm whether their situation meets the requirements set forth in Ambac above, or they, too, may see their private communications deemed unprotected.

© 2017 Wilson Elser

You’re Hired: President Trump Introduces Ethics Pledge For His Appointees With Serious Departures from Obama’s Ethics Pledge

Donald Trump ethics pledgeOn January 28, 2017, President Trump signed an executive order that requires all full-time political appointees to sign an ethics pledge (the “Trump ethics pledge”) that “contractually” binds them to certain ethical standards.  The Trump ethics pledge supersedes and is different from the ethics pledge that President Obama required appointees to sign during his administration (the “Obama ethics pledge”), and includes a five-year lobbying ban that severely restricts the ability of covered appointees to engage in the policy advocacy business upon leaving government.

The Trump ethics pledge applies to all full-time, non-career political appointees regardless of whether they are appointed by the president, the vice president, an agency head, or other government official.  It is unclear, without further guidance from the Office of Government Ethics, whether the Trump ethics pledge invalidates the Obama ethics pledge, or if that pledge remains intact for those who signed it.  In any event, a summary of the Trump ethics pledge highlighting the key restrictions and key differences from the Obama ethics pledge is below.  Please contact one of K&L Gates’ political ethics lawyers with any questions.

Appointees Leaving Government

Lobbying Ban

The Trump ethics pledge includes a “lobbying ban” that is far more restrictive than the Obama ethics pledge.  Not only is the lobbying ban extended from two years to five years, the scope of the ban is substantially expanded.  Under the terms of the Trump ethics pledge, covered appointees may not engage in “lobbying activities” with his or her former agency for five years upon leaving the government.  “Lobbying activities” is the defined term that appears in the Lobbying Disclosure Act (“LDA”) that includes both lobbying contacts and background preparation and strategy work.  This restriction also applies toengaging in lobbying activities with any covered executive branch official or non-career Senior Executive Service appointee for the remainder of the Trump Administration.

Therefore, as opposed to the Obama ethics pledge, which prohibited covered appointees from “lobbying” as defined as “acting as a registered lobbyist,” any covered appointee under the Trump ethics pledge is prohibited not just from acting as a registered lobbyist, but from engaging in the “behind the scenes” activity, regardless of whether the covered appointee’s lobbying contacts trigger lobbying registration.  Given the incredibly restrictive nature of this provision, the Office of Government Ethics may produce additional guidance, in which case we will supplement this alert with further analysis.

Cooling-off Period

The Trump ethics pledge restores the one-year “cooling-off” restriction for certain senior administration officials on contacting employees in their former agency that is codified in Section 207(c) of Title 18 of the United States Code.  Note that this is a broader restriction on making contacts than that of the lobbying ban since it applies to contacts with any employee of the former agency (as opposed to contacting covered officials and non-career Senior Executive Service appointees for purposes of the lobbying ban).  This is a departure from the Obama ethics pledge, which extended the statutory prohibition on contacting and appearing before former agency officials for two years.  As noted above, it is unclear whether this portion of the Obama ethics pledge still applies to signees of the Obama ethics pledge or if it has been invalidated.

Lifetime Ban on FARA Representation of Foreign Governments and Political Parties

The Trump ethics pledge also prohibits any covered appointee from engaging in any activity on behalf of a foreign government or political party that would require registration under the Foreign Agents Registration Act of 1938 (“FARA”) for the remainder of the appointee’s life.  This is another massive departure from the Obama ethics pledge.  FARA, which implements strict disclosure requirements for any person who represents a foreign entity in seeking to influence U.S. public opinion, policy, and laws, is enforced by the Department of Justice.

Appointees Entering Government

Ban on Participating in Matters Involving Former Client or Employer

The Trump ethics pledge imposes a two-year ban on covered appointees from participating in matters that are directly and substantially related to their former client or employer, including regulations and contracts, when the former client or employer is, or represents, a party to that matter.  This includes any clients or employers for whom the covered appointee worked for during the two years prior to his or her appointment.  This language is identical to the Obama ethics pledge.

Ban on Participating in Matters Lobbied in the Past

The Trump ethics pledge prohibits covered appointees from working on particular matters on which the covered appointee lobbied (as a registered lobbyist) in the two years prior to their appointment.  This prohibition applies for two years after the covered appointee enters the government.  It also applies to participating in any matter that falls within the same specific issue area.  The terms of this prohibition are similar to those of the Obama ethics pledge.  However, in another departure from the more restrictive Obama ethics pledge language, the Trump ethics pledge does not prevent a covered appointee from working in an agency that he or she lobbied in the past.

Gift Ban

Like the Obama ethics pledge, covered appointees under the Trump ethics pledge are prohibited from accepting gifts from registered lobbyists or lobbyist organizations during their time in the Trump Administration.  The term “gift” has the same definition as under Office of Government Ethics rules, although covered appointees are not subject to all of the same exceptions.  Of note, covered appointees may not accept gifts that fall under the de minimis exception ($20 per gift/$50 per year), and may not attend widely attended gatherings free of charge.

Professional Liability: Punishing Effect of Rule 11 in Keister v. PPL Corp.

professional liabilityFederal courts correct bad litigation behavior, eventually.

People take being sued personally, and lawsuits can take an emotional toll on defendants, whether as an individual or as a representative of an employer. Anger and frustration always lead to the same questions: Can we sanction them for lying? Can I get my fees (or my insurance deductible) back? Won’t the court do something?

Federal courts can and do sanction attorneys for lying, failing to investigate claims and “posturing” a case to get a settlement. But sanctions are reserved for the worst offenders, and it often takes multiple violations before attorneys’ fees, costs or other monetary fines are imposed.

A Case in Point

In Keister v. PPL Corp., U.S. District Court Judge Matthew W. Brann of the Middle District of Pennsylvania directed Attorney X to pay opposing counsel’s fees and costs in excess of $103,000.

What did Attorney X, a solo practitioner in a rural Pennsylvania county, do to potentially warrant more than $100,000 in sanctions? In a 55-page Opinion (which supplemented a 48-page summary judgment opinion), the court explained that  Attorney X:

  • Engaged in “litigious necromancy” by “conjuring” facts to support the age discrimination claim of his client, Ernest Keister, a 34-year employee of PPL and a union member, who worked in a unique position (i.e., his job could not be compared with others) and who was neither fired nor replaced by a younger worker.

  • Proceeded with the claim, in the absence of any evidence that Keister’s age was a factor in (1) his employer’s 2011 denial of a request to reevaluate his job title, duties, salary and management role or (2) the union’s decision not to support moving Keister’s position from the collective bargaining unit.

  • Alleged that Keister faced “ongoing” discrimination in order to avoid dismissal of his client’s lawsuit, despite the complete absence of evidence that anyone insulted or otherwise mistreated Keister.

  • Intentionally asserted claims that were directly contradicted by Keister’s testimony, failed to comply with local motion practice by failing to admit undisputed facts, and submitted documents that were “calculated” to confuse the court and opposing counsel.

  • Failed to investigate the facts and observe procedural requirements, including following the union’s grievance process and filing the federal action within the applicable limitations period (as established by the EEOC’s denial of a claim filed by Attorney X).

  • Amended the complaint for the sole purpose of forcing a mediation to settle a valueless case.

  • Engaged in this conduct after receiving two (non-monetary) Rule 11 sanctions in other cases as well as a public reprimand by the Pennsylvania Disciplinary Board.

Judge Brann repeatedly stated that Rule 11 sanctions are not a “general fee-shifting device” and are not available merely because one side was successful. Sanctions were imposed because Attorney X “is simply not getting the message,” despite prior federal court and state bar disciplinary reprimands. The court held that the “least severe sanctions adequate to serve the purpose” of punishing Attorney X’s conduct and deterring it in the future was to award all costs and fees to the defendants.

Summary

The Keister ruling suggests that a Rule 11 motion should only be filed when it can be proven that opposing counsel did not have the facts to back up a client’s claims and made an effort to hide the absence of a factual dispute. However, even when such proof can be found, federal courts will first award non-monetary sanctions for an attorney’s first and even second offense, as happened here with Attorney X.

When facing a litigation opponent who lies to the court, it is best to prove the lie, document it, and then decide the most appropriate way to bring it to the attention of opposing counsel and, if appropriate, the court or disciplinary authorities. The work might not yield monetary sanctions in the first instance, but the federal courts may not act to stop abusive litigators until presented with multiple examples of bad conduct.

In the short run, it may seem more cost-effective to ignore an opponent’s abusive actions because a judicial reprimand does not return money to the client. But in the long run, the federal courts will not protect a client from future bad acts or additional lawsuits until an attorney’s repeated pattern of deception is established.

© 2016 Wilson Elser

Panama Papers: What Attorneys Can Learn from History’s Largest Data Breach

Background

It is estimated that since its inception in 1977, MF has incorporated 250,000 businesses, largely in offshore jurisdictions. MF serves a wide range of clients, including politicians, celebrities and corporations. Incorporating “anonymous” businesses is entirely legal. There is, however, a stigma attached to “shell companies,” and several of the public figures associated with these businesses have already been embarrassed by exposé-style articles. The ICIJ has promised that additional, highly compromising articles will be published.

Following the disclosure of the breach, MF stated that it experienced an “e-mail server breach” at one if its data centers. It also has been reported that the documents were removed over the course of a year, beginning in early 2015. This followed a 2014 “whistleblower” data breach involving MF’s activities in Germany.

The details of how MF’s client data was removed, who removed it and why are not known and may never be made public. Regardless, the breach raises important questions that are relevant to any lawyer who uses a computer to create, store and access attorney-client materials:

    • After a whistleblower distributed client materials to the German government in 2014, what additional safeguards were implemented to protect client files? Does your firm regularly review security procedures? What process does your firm implement when computers, phones or remote storage devices are lost, stolen or decommissioned? What process does your firm follow if a data breach or virus is discovered in your system?
    • How long should client files remain on accessible servers? More than 11.5 million MF documents dating from 1977 forward were exposed by an “e-mail server breach.” Many of these documents surely predated MF’s current computer system. For whatever reason, “historical” documents were stored on the same servers that handled routine e-mail functions. What is your firm’s protocol for retaining “historical” documents on “active” servers?
    • Were notifications issued when non-active files were accessed? MF apparently had a policy of assuring that all documents for the 250,000 companies that it formed were readily available. But did the “primary” attorney on those files receive any type of notification when materials from their assigned clients were accessed? Did the system administrator receive notification when older files that had not been accessed for a significant period were suddenly downloaded? Does your firm have electronic notifications in place when files are accessed? Are sensitive files restricted to certain users? Are your files password protected?
  • News articles indicate that the breach was publicly disclosed only because a journalist contacted a representative of the Russian government who raised the possibility of a data breach with MF on March 28, 2016. MF notified their clients on April 1, 2016. ICIJ then issued a press release about the breach on April 3, 2016. The data breach(es) likely occurred over the course of several months, starting in 2015. When should the breach(es) have been discovered and disclosed to MF’s clients? Does your firm regularly monitor its access logs? Does your firm have a data breach response plan? Has your firm prepared a letter to advise a client of a discovered breach? Has your firm prepared a press release if a wider disclosure is necessary?

Lessons Learned

The MF data breach represents a sea change in the management of client data by law firms. The bar for safeguarding client data has risen. All attorneys must now consider the potential pitfalls of maintaining “historical” data on their servers, the implementation of notifications when files are accessed and protocols for issuing client disclosures when files are accessed. It is likely that MF will face considerable litigation over the undocumented data breach. Attorneys seeking to avoid litigation need to learn from MF’s failure and ensure that their data is protected.

© 2016 Wilson Elser

Case of First Impression: Federal Circuit Endorses Patent-Agent Privilege

In a case of first impression regarding whether communications between a non-lawyer patent agent and a client are legally privileged, a split panel of the US Court of Appeals for the Federal Circuit held that a patent-agent privilege is warranted on a limited basis where an agent is engaged in the congressionally endorsed, authorized practice of law. In Re Queen’s University at Kingston, PARTEQ Research and Development, Case No. 2015-145 (Fed. Cir., Mar. 7, 2016) (O’Malley, J) (Reyna, J, dissenting).

The opinion followed the plaintiffs’ petition for mandamus. At the district court, the petitioners withheld documents reflecting communications between the plaintiffs’ employees and the non-lawyer patent agents who prosecuted the patents-in-suit based on an alleged patent-agent privilege. The district court overruled objections to the magistrate’s order granting defendants’ motion to compel production over the alleged privilege, but agreed to stay the discovery order pending a writ of mandamus. Applying Federal Circuit law, the Court found that mandamus was warranted to decide the issue of first impression, which had split the lower courts.

The Federal Circuit first recognized that “Rule 501 of the Federal Rules of Evidence authorizes federal courts to define new privileges by interpreting ‘common law principles.’” Finding that the respondents did not argue that a patent-agent privilege was foreclosed by the US Constitution, any federal statute or any rule prescribed by the Supreme Court of the United States, the Court turned to reason and experience, as directed by Rule 501, in order to determine whether recognizing a privilege was now appropriate. The majority concluded that it was, holding that the unique roles of patent agents, the congressional recognition of their authority to act, the Supreme Court’s characterization of their activities as the practice of law, and the current realities of patent litigation warranted an independent patent-agent privilege.

The Federal Circuit relied on the Supreme Court’s prior assertion that the preparation and prosecution of patent applications for others constitutes the practice of law. Further, the majority found that Congress had delegated to the commissioner of patents oversight authority concerning lawyers, agents or other persons representing applicants or other parties before the US Patent and Trademark Office (PTO), and that the commissioner had, in fact, allowed both lawyers and agents to practice before the PTO.

In further support, the majority panel cited both the Supreme Court’s recognition of Congress’s delegation of supervisory authority to the commissioner of patents for lawyers and agents alike, and related legislative history acknowledging the practitioners’ equivalent professional rights before the PTO. The majority found that a client has a reasonable expectation that all communications relating to obtaining legal advice on patentability and legal services in preparing a patent application will be kept privileged, and that denying privilege to agents would frustrate Congress’s intent to provide clients a choice between agent and lawyer. As a result, the majority found that a patent-agent privilege is coextensive with the rights Congress affords to patent agents, and serves the same important public interests as the attorney-client privilege.

The Court also noted that the new privilege’s scope is necessarily limited to communications with non-lawyer patent agents when those agents are acting within their authorized practice of law before the PTO. The Court found that the Code of Federal Regulations (CFR) sets forth the acts permitted by non-lawyer agents and helps to define the scope of communications covered under the privilege. For example, communications are due the privilege if made in furtherance of the performance of tasks specifically set forth in the CFR, or “are reasonably necessary and incident to the preparation and prosecution of patent applications or other proceedings before the [PTO] involving a patent application or patent in which the practitioner is authorized to participate.” The Court stressed that it is the burden of the person asserting the privilege to justify its applicability. The Court also cited examples of non-privileged communications, including those with a patent agent who offers an opinion on the validity of another party’s patent in contemplation of litigation or the sale or purchase of a patent, or on infringement.

In dissent, Judge Reyna argued that the public’s need for open discovery outweighed the need for the privilege. The dissent also argued against the new privilege with the following reasoning:

  • The privilege may adversely affect an agent’s duty of candor.

  • Agent communications are already routinely protected because of lawyer involvement.

  • Patent agents and clients are able to destroy written communications through implementation of document-destruction policies.

  • Determining the scope of the privilege is complicated and uncertain.

  • Congress and the Supreme Court have recognized a difference between agents and lawyers.

  • Evidence suggests that Congress did not intend that agents have a privilege.

  • No state has created an agent-client privilege.

  • The Judicial Conference Advisory Committee has not recommended creating the privilege.

  • Lawyers hold the privilege because of their professional status.

  • The Supreme Court has never held that patent agents practice law; it has merely recognized that the Florida Supreme Court has done so under Florida law.

  • Congress has never believed that patent agents practice law.

The Federal Circuit remanded the issue to the district court to determine whether the patent-agent privilege applied.

Article By John C. Low, PhD
© 2016 McDermott Will & Emery

Lawyers in the United States Should Pay Attention to the Panama Papers

The Panamanian law firm that was the source of the “Panama Papers” says it was hacked, exposing its clients’ personal and financial data to the world.

For American lawyers subject to the Rules of Professional Conduct, the problems facing the Panamanian firm Mossack Fonseca should serve as a reminder to take extra care to secure electronic data.  Lawyers have an obligation under Model of Rule Professional Conduct 1.6(c) to “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”  This data security obligation was added to Massachusetts Rule of Professional Conduct 1.6(c) last year.

In the Panama Papers case, Mossack Fonseca blamed the hack on an “unauthorized breach of our email server.”  That should give American lawyers pause, even if they do not count the prime minister of Icelandcronies of Vladimir Putin, or members of the Chinese Politburo among their clients.  Massachusetts lawyers should pay attention, and consider what would happen if their clients’ confidential information became publicly available.  Although exposure of such information might not make headlines, it could devastate clients if it fell into wrong hands.

What Constitutes “Reasonable Efforts?”

Rule 1.6(c) does not say what constitutes “reasonable efforts.”  But Comment 18 to the rule says:

[f]actors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use).

Comment 18 also states that a lawyer does not violate Rule 1.6(c) if someone gains unauthorized access to information, notwithstanding reasonable efforts to prevent the access.

Still, it would be embarrassing, or worse, for any lawyer to explain to his or her client – and, possibly, the Board of Bar Overseers – that confidential documents were exposed because they were held in the lawyer’s Hotmail account, for which the password was “password.”  Even if the password were stronger, lawyers must remember that someone who knows the answers to a security question might be able to gain access to web-based email.  If the question is something like: “Where did you go to high school?” sensitive client information might be at risk to anyone who knows anything about you – or is willing to invest in a little internet sleuthing

The need to protect client information is not lessened if a lawyer’s clients are not public figures.  Adversaries, business competitors and jealous ex-spouses, among others, may be highly interested in a client’s confidential electronic files, to say nothing of identity thieves and fraudsters.

Lawyers and firms should tailor their data security to their clients and their practices.  There are numerous actions lawyers can take to protect their data, but some of the simplest and most non-burdensome steps include the following:

  • Adopt an information security policy that covers all information systems, including e-mail, voicemail, text messages, computers, cellphones, remote access and passwords, among others.

  • Use difficult passwords. A random collection of characters is far stronger than an English-language word.  Letters and numbers can be added or switched to make the password easier to remember; for example, the dog’s name – “skippy” –might become “$k1ppy!” Change passwords regularly.

  • Lawyers who use web-based email should check their security questions, and make sure they are not obvious and well-known to others. All web-based email should also utilize two-step verification.

  • Consider retaining an outside IT expert to make sure your security is as strong as possible.

  • Finally, use common sense, and train your employees to do the same. For example, do not click on suspicious links and attachments, or keep your password written down in an obvious place on your desk.

The upshot is that it is better to consider – and possibly upgrade – your security before a hack, rather than to have to defend it afterwards.

Article By Thomas W. Kirchofer of Sherin and Lodgen LLP

© 2016 SHERIN AND LODGEN LLP