Legislature Tries Again To Put Citizens United On California Ballot

Nearly two years ago, I wrote that the California Supreme Court had blocked an effort to include an advisory vote in the statewide ballot. Proposition 49 asked whether the United States Congress and California Legislature should approve an amendment to the U.S. Constitution overturning the United States Supreme Court decision in Citizens United v. Federal Election Commission, 130 S. Ct. 876 (2010).  Just after New Year’s Day, the California Supreme Court issued an opinion addressing the merits of the argument.  The Court concluded:

  • As a matter of state law, the Legislature has authority to conduct investigations by reasonable means to inform the exercise of its other powers;

  • Among those other powers are the power to petition for national constitutional conventions, ratify federal constitutional amendments, and call on Congress and other states to exercise their own federal article V powers (U.S. Const., art. 5);

  • Although neither constitutional text nor judicial precedent provide definitive answers to the question, long-standing historical practice among the states demonstrates a common understanding that legislatures may formally consult with and  seek nonbinding input from their constituents on matters relevant to the federal constitutional amendment process;

  • Nothing in the state Constitution prohibits the use of advisory questions to inform the Legislature’s exercise of its article V-related powers; and

  •  Applying deferential review, Proposition 49 is reasonably related to the exercise of those powers and thus constitutional.

Howard Jarvis Taxpayers Assn. v. Padilla, 62 Cal. 4th 486, 494 (2016).

Earlier this month, Senators Benjamin Allen and Mark Leno decided to take another run at putting an advisory vote on the ballot. They gutted SB 254, a bill amending the Streets and Highways Code, and inserted legislation calling a special statewide election to be consolidated with the November 8, 2016 general election.  At this special election, the voters will be asked to vote on the following “advisory” question:

Shall the Congress of the United States propose, and the California Legislature ratify, an amendment or amendments to the United States Constitution to overturn Citizens United v. Federal Election Commission (2010) 558 U.S. 310, and other applicable judicial precedents, to allow the full regulation or limitation of campaign contributions and spending, to ensure that all citizens, regardless of wealth, may express their views to one another, and to make clear that the rights protected by the United States Constitution are the rights of natural persons only?

When Governor Brown allowed Proposition 49 (SB 1272) to become law without his signature, he observed “we should not make it a habit to clutter our ballots with nonbinding measures as citizens rightfully assume that their votes are meant to have legal effect.”  (Letter to Members of Cal. State Senate, July 15, 2014.). Perhaps the same could be said of proxy statements.

Article By Keith Paul Bishop of Allen Matkins Leck Gamble Mallory & Natsis LLP
© 2010-2016 Allen Matkins Leck Gamble Mallory & Natsis LLP

U.S. Department of Labor Issues Final Rule Greatly Expanding Scope of Reportable “Persuader” Activities

DOLOn March 23, 2016, the U.S. Department of Labor (DOL) issued a final rule, first proposed in June 2011, requiring employers and their labor relations consultants, including law firms, to report to DOL any agreements pursuant to which the consultant undertakes activities with “an object directly or indirectly to persuade employees concerning their rights to organize and bargain collectively.” Reports are to be filed electronically and are subject to immediate public access. Failure to report is subject to criminal sanctions.

The new rule reverses a decades-old DOL interpretation of the “advice” exception to reporting requirements. Previously, if the agreement between the employer and consultant involved nothing more than the consultant providing the employer with materials or advice that the employer had the right to accept or reject, so long as the consultant had no direct contact with employees, no report was required.

The new rule requires an employer to report on Form LM-10 and consultants to report on Form LM-20 information relating to the scope of the agreement and fees paid for the provision of both direct and indirect persuader materials or activities.

The new rule narrows the “advice” exception to oral or written recommendations from the consultant regarding a decision or course of conduct by the employer including, for example, counseling a business about its plans to undertake a particular course of action, legal vulnerabilities and how they may be minimized, identification of unsettled areas of the law and representation of the employer in disputes or negotiations that may arise.

The greatly expanded definition of reportable persuader activities, provided the object is to directly or indirectly persuade employees concerning their rights to organize and bargain collectively, includes, among many other activities:

  • Planning, directing or coordinating activities undertaken by supervisors or other employer representatives with employees.

  • Providing persuader materials or communications to the employer in oral, electronic or written form for dissemination or distribution to employees, including drafting and revising of such materials. (The sale, rental or other use of “off the shelf” persuader materials not created for the particular employer is excluded, unless the consultant assists the employer in selecting materials).

  • Conducting a seminar for supervisors or other employer representatives if the seminar includes development of anti-union tactics and strategies.

  • Developing or implementing personnel policies or actions which have a direct or indirect object of persuading employees concerning their rights to organize and bargain collectively.

The rule is applicable to agreements and payments made on or after July 1, 2016. Legal challenges and an attempt to block enforcement of the new persuader rules are a certainty—the outcome is not.

Article By Thomas E. Obenberger of Michael Best & Friedrich LLP

© MICHAEL BEST & FRIEDRICH LLP

Choosing the Next Vice President [PODCAST]

Every election, months before an official candidate is nominated, the names of potential vice presidents are floated around. For each presidential candidate there are different factors to consider, and over the years the role of the vice president seems to have changed. This podcast, featuring Vincent C. Immel Professor of Law Joel K. Goldstein, will explore what the future holds for the candidates and for the office itself.

Corie:

I’m Corie Dugas. Thanks for joining us. We have Professor Joel Goldstein, the Vincent C. Immel Professor of Law and highly respected scholar on the Vice Presidency. Today we will explore what the future holds for the candidates and for the office itself. Welcome to the show Joel.

Joel:

Hi, Corie.

Corie:

Well to start things off, can you give the listeners a refresher on the important responsibilities of the vice president once elected?

Joel:

The constitution gives the vice president two responsibilities. He or she is the president of the Senate and is the first successor in case of a death, resignation, removal or disability of the president. But, in fact, that doesn’t really describe very well what the modern Vice President does. The Vice President rarely presides over the senate. Instead, ever since Walter Mondale was Vice President in 1977, the vice presidents become a highly important, engaged, involved member of the Executive Branch, who works closely with the president in the White House, is a close presidential advisor, and takes on assignments from the president.

Corie:

Ok, so now that things have sort of changed since Mondale, what makes a good vice president?

Joel:

It’s a difficult job because for a vice president to be successful, he has to have a good relationship with the president. He has to add something substantive to the administration that it needs, whether it’s the ability of a spokesperson, or as a diplomat or a congressional liaison. But, really a vice president has to be both a leader and a follower. A vice president has to be able to deal with world leaders and congressional leaders as an equal, but also has to be able to operate in a situation where he or she isn’t the decider; rather they’re implementing what somebody else has decided.

Corie:

 So we’re really amping up into the election season. In general, what are the presidential candidates that we have out there looking for in a potential vice president?

Joel:

The basic things that a presidential candidate looks for in a vice president is somebody at the least who hopefully can help them improve their chances of being elected, but who at least won’t hurt them. They don’t want the vice president to become a major drag on their candidacy. So there’s an elaborate vetting process that takes place to see, to examine the potential vice presidential candidates in detail. Find out everything about their lives. Joe Liebermann said that it was like having a colonoscopy without an anesthesia. So they do this to try and eliminate candidates who will have negative baggage that will hurt the ticket. But they usually are looking for somebody who could at least provide or who could hopefully provide some boost. Sometimes it’s a question of picking somebody who could help unify the party. Sometimes it’s helping them with a demographic where they’re weak or where they’re a part of the party or the constituency where the presidential candidate is weak.

Corie:

Are there any particular personality characteristics that you think are important for a vice candidate?

Joel:

Well vice presidential candidates I think needs to be presidential. There’ll be a debate of probably 90 minutes where the vice presidential candidates and if you’re a presidential candidate, you don’t want to be sitting watching that debate as your campaign goes down the tubes because people see that you’ve put somebody potentially a heartbeat away from the presidency who doesn’t belong there. Moreover, you want somebody who is presidential because who you choose as vice president is often sort of the first presidential decision that a presidential candidate makes. So it’s sometimes viewed as sort of a test on how good of a decision maker somebody is. The other thing you need in a vice presidential candidate is somebody who is a good follower. Somebody who will recognize that two greats they’re being given a plan, a script and they need to follow it. They’re not the person who gets to dictate strategy. They help implement a strategy that others have set.

Corie:

So, if the vice presidential candidates are followers, which seems that that is really important and that makes perfect sense, can they really be influential in the policy that’s presented in the campaign?

Joel:

Well they can be in some respects. I mean, they can be influential with the presidential candidate and his or her advisors to the extent that they’re respected by the presidential candidate. I mean for instance when Michael Dukakis chose Lloyd Benson, Dukakis and Dukakis’s top aides really grew to respect Benson a lot and sometimes Dukakis’s aids would even go to Benson and ask Benson to say things to Dukakis as a way to persuading him. But they also can be influential in the campaign, to the extent that they’re an effective sales person for the presidential candidate, to the extent that they are good at articulating themes that the campaign wants to get across. In 1960, when John Kennedy was running for president, he was attacked on the ground that he was Catholic. Lyndon Johnson very effectively went through the south and would talk about JFK’s war record and the war record of John F. Kennedy’s brother who was killed in World War II, and would say that when those young men went out to fight for their country, nobody asked what religion they were. And so a vice presidential candidate who is an effective messenger and an effective articulator of the themes that the campaign wants to get across can also be influential in the campaign.

Corie:

So you’ve listed a number of characteristics and given some great examples of some excellent vice presidential candidates and what they’ve helped the presidential candidates with. What do you think are some of the names that we will be hearing on the democratic ticket in the upcoming election?

Joel:

Well it’s always a bit unpredictable until you get closer, but I think some of the people that might be considered, especially if Secretary Clinton is the nominee, would be Secretary Castro, who is the Secretary of Housing and Urban Development, and Secretary Lopez, who is the Secretary of Labor – have both been widely mentioned. They are two candidates who are young – relatively new to the national scene, but are thought to be helpful in terms of mobilizing support among the Hispanic community. Senator Cory Booker from New Jersey is sort of a up and coming new member of the senate. Senator Ted Cain of Virginia was one of the ten finalists that then Senator Obama considered in 2008. He’s an influential senator from a potential swing state. Senator Sherrod brown from Ohio is another who, I think, Secretary Clinton might consider. Again, somebody who is well thought of by the more liberal wing from the Democratic Party also comes from Ohio. So I think those may be the people who will be considered on the democratic side.

Corie:

Is there any names that come to mind if Bernie Sanders moves forward as the nominee?

Joel:

Well I think that if Senator Sanders was the nominee, I think some of the same names. You would expect that he would try and strengthen himself in some of the areas where he’s been weaker. Let’s say some of the traditional democratic constituencies, African Americans, Hispanics –where he hasn’t run as well. He also would be somebody who, unlike Secretary Clinton, who doesn’t have perceived national security credential. So, he also would be looking for somebody stronger in that area. You know, where as in her case, she doesn’t really need to cover that.

Corie:

That makes a lot of sense. Is there anybody that you see potentially popping up on the Republican ticket?

Joel:

Well the Republican ticket a lot depends on who the nominee is. But one person who has been mentioned widely and who would be considered on the Republican side would be Governor Nikki Haley of South Carolina. She was the person chosen to give the response to President Obama’s State of the Union address in January. She’s supported Senator Rubio, which would mean if somebody other than Senator Rubio is the nominee she would be perceived as a bridge to that part of the party. Also is a woman and somebody who I think is perceived as an effective governor of South Carolina. She would be helpful in a race against Secretary Clinton. I think there could be some people from Donald Trump –said he would take a political insider and said Governor Haley would fit that bill. People like Senator John Thune from South Dakota or Senator John Corn from Texas might be sort of people who might be considered. It could be a long list and this point it is sort of unpredictable to say. There could some different dynamics that play out on the Republican Party that we have encountered in recent times.

Corie:

How will the naming of the Vice Presidential candidate, when we get there, change how the campaigns look?

Joel:

Well once you name one vice presidential candidate and then two vice presidential candidates, instead of the race becoming a competition between two people; it becomes a competition, in a way, between two couples. Particularly, if either of the running mates is a new face, there is almost a feeding frenzy that takes place as America is introduced to somebody new. Paul Ryan in 2012. Governor Palin in 2008. Even somebody like Senator Biden, who had been in the Senate for 36 years, have shared major committees, run for president and so forth; the level of coverage that you receive as a vice presidential nominee is well beyond anything you have ever received in any other type of political life. So there’ll be a focus of the new candidate and what that selection says about the person who selected him or her. I mean ultimately people vote based upon their preferences of the presidential candidates but how they perceive the vice presidential candidates, what messages it sends about the presidential candidates are things that some people take into account. I think those are ways in which selection changes the dynamic of the campaign. It gives us somebody new to talk about, somebody new to write about. And often times, new candidates – in which the presidential candidates have been doing this for long periods of time, I mean it is if they’re in mid-season farm. Vice presidential candidates is somebody who is selected and hasn’t been used to doing this. So, sometimes in the early stages they have committed gaffes and those create their own sort of patterns of coverage and problems for a ticket.

Corie:

And by the time we get to the naming of Vice Presidential candidates, we’ll have been with months and months of hearing of hearing form the presidential candidates, so it might be fresh new voices in there as well. In the recent elections, have you seen any examples of vice presidential candidate that have stood out as good picks that have really helped elevate the presidential candidate?

Joel:

Well, I think there have been a few. I think that, depending on how far back one goes, in 1976, I think that pretty clearly that Jimmy Carter would not have been elected if not have been for Mondale’s role in the campaign. And in the vice presidential debate, Mondale helped Carter in a couple of decisive states. I think that in 1992, Al Gore really helped Bill Clinton reinforce the image of Clinton as a young southern democratic centrist. Gore was the same thing. So when you put the two together, the picture of the two of them, their spouses, really presented a image of change that was more powerful than just seeing Governor Clinton. I think that Dick Cheney in 2000, lent gravitas to President Bush’s candidacy. I think it was reassuring that where you had somebody who could governor, but had someone with no national security experience to be bringing on to his ticket somebody who had experience leading the defense department during the Persian Gulf War. I think the choice of Governor Palin in 2008, initially really energized the Republican base, the conservative part of the republican party who had never been enamored with Senator McCain became enthusiastic about him for the first time. Ultimately, over the course of the campaign, I think Governor Palin had some fairly disastrous interviews and so forth. Her numbers went down and she became something of an albatross for the campaign, but the initial period of selection, she really provided some energy and boost for his campaign. But one of the lessons I think is that sometimes presidential candidates choose somebody who will look good in July and August and while that may be important, ultimately it’s also important as to how they’re going to be perceived in October and November.

Corie:

Professor Goldstein also has a new book on this topic, The White House Vice Presidency: The Path to Significance, Mondale to Biden. This book is out now. So thank you so much for joining us today Joel. I hope you all had a chance to read the book. This has all been very informative and interesting discussion.

Joel:

Thanks Corie, it’s been fun.

Supreme Court Agrees to Review the Appropriate Measure of Design Patent Damages

On March 21, 2016, the Supreme Court agreed to hear Samsung Electronics Co.’s appeal regarding what it must pay Apple Inc. for infringing the design of Apple’s iPhone. This will mark the first time in over a century that the Supreme Court will hear a case involving design patents.

In 2012, a jury found that Samsung infringed Apple utility and design patents and awarded Apple $1.05 billion in damages. On appeal, damages were nearly cut in half to $548 million, which Samsung later agreed to pay to settle the dispute, all the while reserving its right to appeal to the Supreme Court.

Samsung has challenged the Federal Circuit’s decision that the company must pay its entire profits from smartphones that infringed Apple’s design patents, which amounted to $399 million. In making the damages determination, the Federal Circuit relied on Section 289 of the Patent Act, which dates to the 19th century and provides in relevant part: “[w]hoever during the term of a patent for a design, without license of the owner, (1) applies the patented design, or any colorable imitation thereof, to any article of manufacture for the purpose of sale, or (2) sells or exposes for sale any article of manufacture to which such design or colorable imitation has been applied shall be liable to the owner to the extent of his total profit.” 35. U.S.C. § 289 (emphasis added).

A number of tech companies, including Google and Facebook, submitted a brief in support of Samsung’s petition. In the brief, those companies argued that Section 289 is outdated and when enacted, failed to contemplate “products with significant functional features at all.” Thus, Section 289 is obsolete and should not govern awards involving the complex products available today.

When the Court hears the case later this term, the specific question it will address is, “Where a design patent is applied to only a component of a product, should an award of infringer’s profits be limited to those profits attributable to the component?”

Article by Kevin P. Moran & Joseph P. Serge of Michael Best & Friedrich LLP
© MICHAEL BEST & FRIEDRICH LLP

OCR Kicks Off HIPAA Audits After Issuing Two Major Settlements

HIPAAOn Monday, the HHS Office for Civil Rights (OCR) launched phase two of its much-anticipated audit program for covered entities and business associates. The announcement comes in the wake of OCR’s issuance of two major settlements—totaling more than $5 million—which highlighted the critical importance of managing the security basics, such as the business associate agreement (BAA) and the organization-wide risk analysis. These developments are summarized below, with practical tips that can help organizations mitigate related risks.

Summary

2016 Audit Program Begins

In announcing the 2016 audit program launch, OCR confirmed it will contact organizations by email to verify contact information and complete a pre-audit questionnaire. Organizations selected for audit will be subject to either a desk audit, an onsite audit or potentially both. Organizations will have a short period to produce requested documents, typically 10 business days, so it is important to have HIPAA privacy and security policies, security risk assessments, breach notification documentation, BAAs, and other HIPAA documentation up-to-date and readily available. While there is a detailed audit protocol from the phase one OCR audits, that protocol has not been updated for the final rules implementing the HITECH Act. OCR has committed to issuing an updated audit protocol closer to the date the audits will be conducted, which will set forth the criteria that auditors will review. Importantly, the phase two audits will extend to business associates. Although the risk of being selected for an audit is low, organizations would be well advised to review the existing and, when available, new audit protocols, conduct a compliance gap assessment and take corrective actions as needed, as part of overall HIPAA compliance efforts. While OCR states that the audits are primarily a compliance improvement activity, enforcement may follow where a serious issue is identified.

The North Memorial Settlement – The Importance of Business Associate Agreements

In the first of two recent settlements, North Memorial Health System, a nonprofit organization, will pay $1.55 million and enter into a two-year corrective action plan to settle charges that it violated HIPAA by failing to have a written BAA with a key contractor. OCR’s investigation followed the 2011 theft of an unencrypted laptop from a contractor’s workforce member’s vehicle. The settlement notes that the laptop contained protected health information (PHI) of approximately 9,497 North Memorial patients. For its part, the contractor separately settled HIPAA violations for $2.5 million, and entered into a related 20-year FTC consent order relating to its security procedures.[1] OCR also alleged that North Memorial failed to conduct an organization-wide risk analysis that covered all of its IT infrastructure.

OCR’s investigation indicated that North Memorial failed to execute a BAA with the contractor as required by HIPAA Privacy and Security Rules. OCR asserted that North Memorial gave the contractor access to its hospital database, which stored the electronic PHI of 289,904 patients, as well as access to non-electronic PHI as it performed services on-site at North Memorial.[2] In total, OCR’s investigation found that, from March 21, 2011, to October 14, 2011, North Memorial impermissibly disclosed the PHI of at least 289,904 individuals to the contractor without obtaining a proper BAA.[3] The investigation further indicated that North Memorial failed to complete a comprehensive risk analysis to identify all potential risks and vulnerabilities to the electronic PHI (ePHI) that it maintained, accessed or transmitted across its entire IT infrastructure, as required by the HIPAA Security Rule.[4]In settling the matter, North Memorial did not concede liability.

In addition to the $1.55 million payment, North Memorial agreed to a two-year corrective action plan (CAP) that requires it to develop policies and procedures related to business associate relationships and to conduct an organization-wide risk analysis and risk management plan, as required under the HIPAA Security Rule.[5] The CAP also requires North Memorial to train appropriate workforce members on all policies and procedures newly developed or revised pursuant to the CAP.[6]

OCR has previously (and repeatedly) emphasized the importance of having an organization-wide, thorough analysis, which it reinforces here with North Memorial. In addition, this settlement highlights the importance that OCR attaches to having BAAs where required, which OCR describes as another “cornerstone” of effective security.[7] Further, the settlement illustrates that, when a breach occurs with a business associate, the impacted covered entity should expect OCR to request a copy of the underlying BAA. Where that BAA cannot be found, the covered entity and business associates should expect potential enforcement.

FIMR Settlement: Basic Compliance Required of All Covered Entities (and Business Associates)

In the second settlement, Feinstein Institute for Medical Research (FIMR), a nonprofit research institute, will pay $3.9 million and enter into a three-year corrective action plan to settle charges it violated HIPAA, following its breach when an employee’s unencrypted laptop containing patient information of 13,000 individuals was stolen. OCR’s investigation determined that FIMR’s security management process was limited, it had failed to conduct a thorough risk analysis, and lacked sufficient policies and procedures. In its press release, OCR emphasized that it expects research institutions that are covered entities to comply with the same standards as other covered entities.

OCR’s investigation of FIMR stemmed from a self-reported breach after an employee’s unencrypted laptop was stolen. Based on the resolution agreement, OCR’s investigation appears to have identified widespread non-compliance. For example, OCR alleged that FIMR: (1) failed to conduct an accurate and thorough risk analysis of the potential risks and vulnerabilities to all of the ePHI held by FIMR, including the ePHI on the employee’s laptop; (2) failed to implement policies and procedures for granting access to ePHI by its workforce members and restricting access by unauthorized users; (3) failed to implement physical safeguards for the laptop; (4) failed to implement policies and procedures that govern receipt and removal of hardware and electronic media that contain ePHI into and out of a facility, and the movement of these items within the facility; and (5) failed to encrypt ePHI on the laptop or, alternatively, document why encryption was not reasonable and appropriate and implement an equivalent safeguard.

As part of an extensive three-year CAP, FIMR must conduct an organization-wide risk analysis and develop a corresponding risk management plan, develop a process for evaluating environmental or operational changes to the security of ePHI, revise its policies and procedures for privacy and security, and provide extensive training and reporting.

Tips to Mitigate Risks

Covered entities and business associates can enhance HIPAA compliance, and reduce audit risk, by taking a number of practical steps outlined below.

Business Associate Risks:

  1. train workforce (at onboarding and at least annually thereafter) to recognize situations where a BAA (or subcontractor BAA) is required and understand how to activate the organization’s process for securing one;

  2. conduct periodic audits of existing outside service relationships to ensure that all necessary BAAs (or subcontractor BAAs) are, in fact, in place;

  3. periodically audit BAAs (and subcontractor BAAs) on file to ensure they are fully compliant (including as to the final HITECH rule content requirements), in full force and effect, and readily retrievable; and

  4. retain records of training and audits conducted for at least six years.

This also is an excellent time for covered entities and business associates to re-examine the effectiveness of their processes for conducting initial diligence and periodic audits of the security compliance of their key business associates and subcontractors.

Risk Analysis:

While not a new point, it remains critical for covered entities and business associates to conduct and document the requisite security risk analysis on a regular basis, and take prompt corrective action to manage identified risks. It is particularly important to ensure that the risk analysis covers all ePHI maintained, accessed or transmitted across the organization’s entire IT infrastructure, including but not limited to all applications, software, databases, servers, workstations, mobile devices and electronic media, network administration and security devices, and associated business processes. This can be a challenge—particularly in light of the pace of developments and acquisitions/consolidations in the health care industry—but is essential. Organizations should develop a complete inventory of all electronic equipment data systems, and applications controlled by, administered or owned by the organization and its workforce that contain or store ePHI, including personally owned devices. Organizations should make sure their process includes equipment purchased outside of standard procurement processes.

Audit Preparation Tips:

  1. Confirm that all required HIPAA privacy and security policies and procedures are implemented and up-to-date;

  2. Make sure a through, organization-wide security risk analysis as described above has recently been conducted, and that resulting corrective actions have been taken;

  3. Confirm that BAAs are fully up-to-date and accessible, and follow the steps above to further reduce business associate risks;

  4. Use the audit protocols to conduct a gap assessment;

  5. Be prepared to provide documentation showing that breach notices have been provided as required by HIPAA; and

  6. Covered entities should ensure their notices of privacy practices are up-to-date and provided as required.

Other Basics:

  1. Encryption: Encryption of laptops, thumb drives and other mobile devices remains a critical risk mitigation strategy. HIPAA does not require encryption of ePHI in all cases “per se”; however, it does require organizations to specifically address, as part of their required risk analysis, whether encryption is a reasonable and appropriate safeguard (and if so, it requires organizations to encrypt; if not, it requires organizations to document why encryption is not reasonable and appropriate, and adopt an alternative safeguard ). However, encryption per the HHS guidance provides a “safe harbor” from breach notification under HIPAA and generally obviates the need to make state law data breach notifications as well, in the event of loss of encrypted data. Further, because encryption will, in fact, be “reasonable and appropriate” in many cases, often it is effectively required.

  2. Training: The scope and frequency of training also should be regularly reviewed to ensure training covers key aspects of privacy and security policies. In addition, training should address current and emerging threats and risk areas. For example, in light of the significant role of phishing attacks and malware in cyber-breaches, training should include employee awareness of how to identify and respond to these types of attacks.

[1] The related 2012 settlement by business associate Accretive Health with the Minnesota attorney general for violations of the HIPAA rules and state law was widely touted within the industry as the first HIPAA enforcement action against a business associate. See Settlement Agreement, Release, and Order, 12-cv-00145, ECF No. 90 (July 30, 2012). Because the breach occurred prior to the issuance of final rules implementing the HITECH Act’s extension of direct liability for HIPAA violations to business associates, OCR—the primary federal HIPAA enforcement agency—had indicated it would not enforce the HITECH Act changes against business associates until issuance of the final rules. However, this did not prevent the Minnesota attorney general from proceeding to enforce HIPAA, using newly expanded enforcement authority granted to state attorneys general under the HITECH Act. Accretive Health also entered into a related, 20-year consent order with the FTC, pursuant to which no fine or penalty was paid but in which Accretive Health agreed to establish and maintain a comprehensive information security program, and to periodic evaluations of that program. See Press Release, FTC approves final consent order settling charges that Accretive Health failed to adequately protect consumers’ personal information (Feb. 24, 2014).

[2] See North Memorial Resolution Agreement and Corrective Action Plan, I.2.A, (Mar. 16, 2016).

[3] See id. at I.2.B.

[4] See id. at I.2.C.

[5] See id. at I.V.A-C.

[6] See id. at I.V.D.

[7] See Press Release, $1.55 million settlement underscores the importance of executing HIPAA business associate agreements (Mar. 16, 2016).

Article By Matthew R. BakerMichael R. CallahanDoron S. Goldstein & Megan Hardiman of Katten Muchin Rosenman LLP
©2016 Katten Muchin Rosenman LLP

Increased Sanctions on North Korea Focus on China and Russia

Last week, President Obama significantly increased sanctions on North Korea through Executive Order 13722, which implements the North Korea Sanctions and Policy Enhancement Act of 2016 (H.R. 757). The Executive Order’s prohibitions and blocking provisions, and designation criteria are substantially more expansive than that Act. Concurrently with the issuance of the Executive Order, OFAC announced the designations of 17 North Korean government officials and organizations, 15 entities, two individuals, and identified 40 blocked vessels under various sanctions authorities.

While neither Congress nor the President imposed secondary sanctions per se, China and Russia should  interpret the Executive Order as a clear warning about their economic ties with North Korea. In the Iran sanctions program, secondary sanctions require that a foreign financial institution “knowingly facilitate or conduct a significant financial transaction” for a particular individual or entity. This evidentiary standard greatly limited the use of those sanctions authorities. The new sanctions against North Korea are clearly aimed at foreign business interests, but unlike secondary sanctions, this new authority does not have an evidentiary impediment to its implementation.

Transportation, Mining, Energy, and Financial Services

Subsection 2(a)(i) of the Executive Order authorizes the Secretary of the Treasury to identify industries in the North Korean economy, the participants of which may be designated solely based on their operating within that industry. The Secretary of the Treasury determined that entities within the transportation, mining, energy, and financial services industries are subject to designation. The Treasury Department’s Office of Foreign Assets Control (OFAC) then designated Ilsim International Bank and Korea United Development Bank for operating in the financial services industry.

OFAC’s authority to derivatively designate any bank that provides services to any identified North Korean bank creates de facto secondary sanctions. Executive Order 13722 authorizes OFAC to designate any individual or entity that provides services to any identified Korean bank. Therefore, any financial institution that provides an identified North Korean bank with an account, serves as an intermediary, confirms or advises a letter of credit, or provides any other service can be designated. The most likely targets of these derivative actions are Russian and Chinese financial institutions.

North Korean Slave Labor and Coal

The Executive Order authorizes OFAC to designate businesses that “have engaged in, facilitated, or been responsible for the exportation of workers from North Korea, including exportation to generate revenue for the Government of North Korea.” According to open source reporting, North Korea has between 50,000 and 100,000 “state-sponsored slaves” predominantly located in China and Russia. The North Korean regime earns between $1.2 and $2.3 billion annually in foreign currency through these slave laborers. Apart from the appalling human rights violations, this practice finances the North Korean nuclear and missile development programs.

In addition to companies that utilize North Korean slave labor, entities that deal in metal, graphite, coal, or software to or from North Korea are now subject to designation, “where any revenue or goods received may benefit the Government of North Korea.” United Nations Security Council Resolution 2270 of March 2, 2016 address the sale of coal and iron from North Korea, but in a very limited manner. Unlike the United States sanctions program, the prohibitions do not apply to transactions  “exclusively for livelihood purposes and unrelated to generating revenue for the DPRK’s nuclear or ballistic missile programs.” As a result of these substantial limitations, any application of the sanctions on coal and iron are likely to be enforced unilaterally by the United States.

Chinese companies are clearly the most susceptible to this designation criteria. According to the press release announcing the Executive Order and designations, “coal generates over $1 billion in revenue per year for North Korea.” Open source reporting also indicates that in 2015, North Korea supplied China with 19.63 metric tons of coal.

Return to a Comprehensive Sanctions Program

In addition to the designation criteria highlighted above, Executive Order 13722 also transitions U.S. sanctions against North Korea back into a comprehensive sanctions program. All property and interests in property of the North Korean government are now blocked, and the Department of Commerce licensing requirements are now supplemented with a prohibition on the exportation of goods and services.

OFAC released a series of 9 General Licenses to address issues that commonly arise from comprehensive programs. These include authorization of certain legal services, certain services in support of nongovernmental organizations,  transactions related to intellectual property, and noncommercial personal remittances.

Article By Jeremy P. Paner of Holland & Hart LLP.
Copyright Holland & Hart LLP 1995-2016.

Distressed Assets in Connecticut: What to Know Before Jumping In

There are many benefits for out of state lenders or investors looking to engage in business in Connecticut, one of the wealthiest (per capita) states in the United States of America. For example, Connecticut has relatively stable property values. However, Connecticut also has a number of legal pitfalls for lenders or investors who acquire Connecticut mortgages as part of a loan sale transaction. These pitfalls may end up causing undue delays and unnecessary expense when it comes to the legal process. A lender or entity unfamiliar with Connecticut specific laws and procedures should, prior to committing to acquire an asset secured by property in Connecticut, undertake due diligence and seek advice on what programs and statutes are or are not applicable prior to consummating the deal. Below are a few of the procedural thickets that must be navigated prior to being able to seek to foreclose a mortgage deed, the most common form of collateral for a real estate transaction, in Connecticut.

Preliminarily (and interestingly), Connecticut is unique in the United States in that it, as of January 1, 2015, recognizes three separate and distinct methods of foreclosure of a mortgage deed: Strict Foreclosure (appropriation of the mortgaged property after passage of law days set by judicial order); Foreclosure by Sale (created by statute and permits judicially ordered and overseen auction process); and Foreclosure by Market Sale (created by statute and permits agreement for marketing and private sale of property by mortgagor with consent of the mortgagee). Every foreclosure commenced in Connecticut is a judicial proceeding regardless of which of the above three forms the judgment of foreclosure will eventually take. The fact that every foreclosure is a judicial action alone can create havoc to the plans of a party who is otherwise unfamiliar with the foreclosure process in Connecticut and is best understood up front before committing any sum to a transaction where the main source of potential recovery is a parcel of property in Connecticut.

Secondly, Connecticut has many legislatively imposed requirements which must be met prior to even commencing an action for foreclosure of a mortgage deed. The vast majority of these programs were implemented either during or immediately after the nancial crisis of 2007 through (roughly) 2014 and, accordingly, revolve around 1 to 4 family owner-occupied residential property but are nonetheless worded vaguely enough so that they arguably apply to non-owner occupied or commercial properties as well. Amongst these programs are the Emergency Mortgage Assistance Program (“EMAP”), codified at Conn. Gen. Stat. 8-265dd, et seq., and the Foreclosure by Market Sale procedure, codi ed at Conn. Gen. Stat. 49-24b, et seq.

Article By Alena C. Gfeller & Andrew P. Barsom of Murtha Cullina

© Copyright 2016 Murtha Cullina

Busted [Bracket]: Facebook Posts From Employee’s Vacation Undermine FMLA Claims

Ah, the tell-tale signs of March are here.  The winter is starting to dissipate in the northern climes, we’ve set the clocks forward, and Syracuse is bound for another Final Four run.  Unfortunately, most teams won’t be so lucky and many coaches will soon find themselves on a beach.  And why not?  After a long, hard-fought season that fell just a bit short, might as well take a warm-weather vacation – go for a quick swim, maybe hit the amusement park, and take a few pictures of all the fun in the sun and post them to Facebook.  Sounds like a marvelous idea for many NCAA coaches, but not so much for employees out on FMLA leave.  The plaintiff in Jones v. Gulf Coast Health Care of Delaware, a recent case out of a Florida federal court, learned this the hard way.

Background

Rodney Jones, an employee of Accentia Health, took 12 weeks of FMLA leave for shoulder surgery, but was unable to provide a “fitness for duty” certification because, his doctor said, he needed additional therapy on his shoulder.  Accentia permitted him to take an additional month of non-FMLA leave.  Towards the end of his FMLA leave and during his non-FMLA leave, Jones took trips to Busch Gardens in Florida and to St. Martin.  Jones posted several pictures of his excursions to Facebook – including, for example, pictures of him swimming in the ocean (this, of course, during the time in which he was supposed to be recovering from shoulder surgery).

Accentia discovered the photos Jones posted to Facebook and provided him with an opportunity to explain the pictures.  When he could not do so, Accentia terminated his employment.  Jones then sued Accentia, claiming it interfered with his exercise of FMLA rights and retaliated against him for taking leave under the FMLA.

Termination Not Illegal

The court sided with Accentia.  First, Jones’ interference claim failed because Accentia provided him with the required 12 week leave and did not unlawfully interfere with his right to return to work thereafter.  Accentia had a uniform policy and practice of requiring each employee to provide a “fitness for duty” certification before returning from FMLA leave.  When Jones failed to provide such certification at the end of his FMLA leave, he forfeited his right to return under the FMLA.

Second, Jones’ retaliation claim failed because he failed to show Accentia terminated his employment because he requested or took FMLA leave.  Rather, Accentia terminated his employment for his well-documented conduct during his FMLA leave and non-FMLA leave.

Takeaways

This case provides several important lessons for employers.

  1. It is important to provide employees with an opportunity to explain conduct that appears to be an abuse of their FMLA leave entitlement. Employers who defend FMLA retaliation cases based on their “honest belief” that employees were misusing FMLA are much more likely to succeed if they conduct a thorough investigation into the employee’s conduct and give the employee an opportunity to explain the conduct.

  2. Ensure that any “fitness for duty” certification requirement applies uniformly to all similarly-situated employees (e., same job, same serious health condition) who take FMLA leave. The court in this case found that Jones’ interference claim failed, in part, because Accentia’s “fitness for duty” certification requirement applied to all employees similarly-situated to Jones.  Had it enforced this policy on an ad hoc basis, the outcome may have been different.

Article By Daniel R. Long of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
©1994-2016 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

A Change to the Suspending and Debarring Official (SDO) Position at NASA

On March 8, 2016, a final rule changed the position of the National Aeronautics and Space Administration’s (“NASA”) suspending and debarring official (“SDO”).  The SDO had been NASA’s Assistant Administrator for Procurement.  The final rule reassigns the position to NASA’s Deputy General Counsel.  Public comments were not accepted because NASA concluded that the change “affects only the internal operating procedures” of the agency.

Not mentioned in this action is Section 861(a) of the National Defense Authorization Act of 2013.  That law applies to the U.S. Department of Defense (“DoD”), the U.S. Department of State (“State”), and the U.S. Agency for International Development (“USAID”), not to NASA, but for those agencies it specifically prohibits the not-uncommon practice of having a procurement officer act as an SDO.  Last year, in International Relief and Development, Inc. et al. v. United States Agency for International Development et al., No. 15-CV-854 RCL (D.D.C.), a federal court concluded that such an arrangement at USAID likely violated Section 861(a).

Section 861(a) precipitated a necessary discussion on the independence and impartiality of SDOs.  It is not hard to imagine how an SDO who also serves as a procurement officer could be predisposed against a contractor.  But even if NASA’s change tacitly acknowledges this concern, it hardly resolves it.  Conditioned already to advocate for a particular client, agency counsel are sure to have predispositions, as well.

Article By Frederic M. Levy & Jade C. Totman of Covington & Burling LLP

© 2016 Covington & Burling LLP

Entrepreneur’s Spotlight: South Loop Strength and Conditioning (Chicago, Illinois)

South LoopWelcome to the latest installment of Entrepreneur’s Spotlight on the Health and Fitness Law Blog.  In this series, we look at successful startups and ventures in the health and fitness industry and interview the hard-working entrepreneurs behind these companies to discuss how they did it and what they learned along the way.

Today, the spotlight is on South Loop Strength and Conditioning (“SLSC”).  SLSC is one of the most popular CrossFit gyms in the greater Chicago area, and is located at 645 S. Clark Street in Chicago, Illinois. For more information on what sets SLCS apart from other gyms in Chicago (and nationwide), please check out its website at http://southloopsc.com/.

SLCS is co-owned and operated by four individuals.  We met with one of the original founders, Todd Nief, to listen to his story.  As you will read below, Todd originally did not have a background in fitness, but he has gone on to obtain a wide variety of certifications, including the following:

  • Certified CrossFit Trainer (CrossFit Level 3)
  • CrossFit Specialty: Movement & Mobility, Running, Powerlifting, Kettlebell
  • DNS “A” Course (Dynamic Neuromuscular Stabilization)
  • DNS Exercise Level 2 (Dynamic Neuromuscular Stabilization)
  • FMS Level 2 (Functional Movement Systems)
  • OPEX CCP Level 2 (Formerly OPT)
  • Poliquin BioSignature Level 2
  • POSE Running Coach
  • Precision Nutrition Level 1
  • SFMA Level 2 (Selective Functional Movement Assessment)
  • USA Weightlifting Level 2

Due to the abundance of information Todd was willing to share, we have decided to break this interview into a two part series.  This is Part I of II.  Part II of II will be posted next week.  If you want to learn more or have questions for Todd, he can be reached at todd@southloopsc.com.

Enjoy!

South Loop

H&F Law Blog: You made the transition to CrossFit owner a few years ago.  Could you please tell us a little bit more about how you made the transition from Environmental Consultant to Gym Owner?

Todd Nief:  This was an entirely accidental transition. I had been doing CrossFit on my own for a few years – mostly training out of a Bally’s. So, I was the weird guy doing weird stuff that I should not have been doing and attempting to lift weights that I had no business lifting. I mostly followed workouts from www.crossfit.com but I also had gone in to CrossFit Chicago to receive a bit of instruction.

I had started going in to Atlas CrossFit on occasion so that I would be able to do workouts with a lot of weight dropping (they did not like that at Bally’s) as well as things like ring muscle-ups. I was not expecting to coach there, but, after being around a bit, I started working with some of the beginner classes there right around the time that I was laid off from my consulting gig.

After spending about a year at Atlas, I wanted to run a facility based upon what I considered to be best practices in coaching and training. So, I started looking into what it would take to open a gym and began heading down that path. Within the CrossFit community, there is a lot of glorification of the gym owner (which makes sense from a business model perspective as well…), so it never seemed that impossible to get into the gym business – especially after seeing some of the back-end of what a successful gym looked like

H&F Law Blog: What was the hardest part of going into business for yourself?  Who did you look to for advice when you first started out?

Todd Nief: Well I certainly had absolutely no understanding of business, sales or marketing. I was a coach and a musician with a chemical engineering degree – as well as a negative attitude towards business based upon a youth spent in punk, metal and hardcore.  So, the most consistently challenging thing for me has been overcoming my own negative and maladjusted thoughts surrounding what it means to own a business and what it means to promote yourself, take money from people, and hold others accountable to your principles (employees, clients, business partners, investors, etc).

We also opened probably about 9 months too late to really reap the benefit of “early adopters” to the CrossFit program. The gyms that opened about a year before us basically had to do nothing to attract clients, since they were some of the first gyms in the city and all they had to do was open up and put “CrossFit” on the door. There was a whole city of people learning about CrossFit and searching out gyms. By the time we opened, there was a certain level of saturation and a lot of the early adopters had already found a home.  So, we were in a position where – to have success out the gate – we would have needed to open at scale and have an understanding of marketing, positioning, sales funnels, and customer experience. Instead, we opened in a little hallway on the second floor of another gym with an attitude towards sales and marketing that resembled a depressed vegan sixteen-year-old talking shit about McDonald’s (I was that teenager).

And, man, we also really got kicked around on the real estate market quite a bit (leases falling through, leases not being countersigned, lack of respect from landlords, etc.)

H&F Law Blog: What was one thing you expected would be easy in owning or managing the business that was actually much more difficult than anticipated?

Todd Nief: I do not know if “easy” is the right word, but the CrossFit community has a lot of cultural push towards a meritocracy of marketing that I think is, at best, misguided and, at worst, disingenuous and pandering.  The assumption is that, by providing a great service to your clients and getting them results, they will do all the marketing for you and you can focus on coaching. This may work in an early adopter environment, but, as soon as the market reaches a certain level of saturation, this is an impossible way to exist and grow a business.

So, I got into the business to coach, and now my main role is understanding how to grow the business – by understanding how to communicate with potential clients and how to reach them.  I do not think I ever thought that marketing was easy, but I also underestimated how much marketing I would be doing.

H&F Law Blog: Conversely, is there anything that you expected would be difficult that turned out to be very easy to manage or figure out?

Todd Nief: This is a tough question for me, since I think that I generally assume that most things will be “difficult” but that I also trust myself to be able to figure them out.

I think that a lot of businesses have a lot of challenges around hiring, finding the right people, and raising cash when they need it. We have certainly had some frustrating, bizarre, and sketchy endeavors in all of these arenas, but we have also had some insanely fortuitous occurrences here as well – one employee leaving and another walking in the door within a few days, one investor flaking out and another reaching out within a few weeks, one lease falling through and another falling into our lap, etc..

Picture--Crossfit Gym

H&F Law Blog: It is my understanding that there are a few different owners of SLSC, and these owners have slightly changed over time without any hiccups in the business.  Speaking from our experience as outside general counsel to gyms with multiple owners, conflicts come up all the time between owners of gyms and we are often asked to interpret poorly drafted or virtually non-existent Operating Agreements or Shareholder Agreements (drafted by other attorneys, of course!).  How has South Loop Strength and Conditioning managed to have multiple owners (including some transition of owners), while running one of the elite CrossFit facilities in Chicago?

Todd Nief: Fortunately, one of my partners is a mergers and acquisitions lawyer, so he was able to get us set up with a pretty sturdy operating agreement when we started the business.  The business started as three of us, and there are now four; over four years we have removed one partner from the operating agreement and added two.

While the operating agreement did make these processes pretty clear in terms of what removal and addition of partners looks like, I think one of the biggest things here has been maintaining a level of respect between partners.  Even when one of our original partners was dissociating (which does not tend to happen if things are going swimmingly), there was never any bad blood and things never became unprofessional in that process. The operating agreement pretty clearly stated that we would buy out his shares for an agreed upon fair market value, so we crunched some numbers, went back and forth on a few things, and came to an agreement pretty quickly.  In terms of adding partners, it was a situation where two people came along at the right time that had an interest in the business and the right skillset to jump in and move us forward, so – similarly – we hashed out agreements that we thought were fair and amended our then-existing agreements.

[Note from Aaron Werner (Health and Fitness Attorney/Interviewer): Be sure you have a very clear and enforceable Operating Agreement (LLCs) or Shareholders’ Agreement (Corporations) when starting or buying a business with other people.  If you are raising outside capital, you need to be very careful about the securities laws involved concerning fundraising and documenting the business deal with your investors.  Be sure to work with an attorney well-versed in Operating Agreements/Shareholders’ Agreements/Other Fundraising Documents.]

H&F Law Blog: What advice do you have for other people that are going to go into business with other co-owners of a gym or studio?  What characteristics in your own business partners makes your partnership work so well?

Todd Nief: This is a somewhat challenging question since I think that this is somewhat similar to hiring – and there are many books and courses and videos and seminars and masterminds on this topic.

There are all kinds of things you can do to vet people, but the only consistent thing that works seems to be working with them to see what happens. Sometimes you make good calls, and sometimes you make bad calls.  And, similarly to hiring, sometimes you meet the right person at the right time, and then you can end up starting some gym together and having to figure out a bunch of stuff that no one ever told you before.

People say all kinds of corny stuff about vision and mission and whatnot, but that is all kind of inspirational quote fodder as far as I am concerned. I think there are basic understandings of how human beings should relate to each other that are essential for an effective partnership – most important is honestly probably generally treating other people with respect, whether that is clients, employees, or your other partners. Once contempt, deceit or manipulation enter a relationship, it can be impossible to salvage.

So, my advice would be to work with people before you enter into a partnership with them so that you know what you are getting into.

To be continued next week…

Article By Aaron D. Werner of Horwood Marcus & Berk Chartered
© Horwood Marcus & Berk Chartered 2016. All Rights Reserved.