OCR Announces $300,000 Settlement Related to Improper Disposal of Physical PHI

On August 23, 2022, the U.S. Department of Health & Human Services, Office for Civil Rights (“HHS”) announced that it had settled a case involving the disposal of physical protected health information (“PHI”).

OCR alleged that, on March 31, 2021, a specimen containing PHI was found by a third-party security guard in the parking lot of the New England Dermatology and Laser Center (“NEDLC”). The PHI included patient name, patient date of birth, date of sample collection, and the name of the provider who took the specimen, in violation of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

As part of the settlement, NEDLC agreed to pay HHS $300,640. According to NEDLC’s Resolution Agreement and the Corrective Action Plan, there were two potential violations by NEDLC. First, NEDLC allegedly failed to maintain appropriate safeguards to protect the privacy of PHI,” as required by 45 C.F.R. § 164.530(c). Second, NEDLC allegedly permitted the impermissible disclosure of PHI, in violation of Rule 45 C.F.R. § 164.502(a). The Corrective Action Plan requires NEDLC to develop, maintain and appropriately revise written policies and procedures in accordance with HIPAA.

Several highlights of the settlement include:

  1. Changes to Policies and Procedures. NEDLC must develop, maintain and revise, as necessary, its written HIPAA policies and procedures, and provide such policies and procedures to HHS for review and approval. NEDLC also must assess, update and revise, as necessary, such policies and procedures at least annually, or as needed, and seek HHS’s approval of the revised policies and procedures.
  2. Designation of Privacy Official. NEDLC must designate a privacy official who is responsible for the development and implementation of NEDLC’s HIPAA policies and procedures, and a contact person or office who is responsible for receiving relevant complaints.
  3. Training Requirements. NEDLC must provide HHS with training materials for its workforce members and seek HHS’s approval of such training materials. NEDLC must also distribute the HIPAA policies and procedures to its workforce members and relevant business associates, and obtain a written compliance certification from all such individuals. NEDLC must provide HIPAA training for new workforce members, and all workforce members at least every 12 months. Each workforce member must certify, in electronic or written form, that they received training. NEDLC must review the training at least annually, and update the training where appropriate. NEDLC must promptly investigate, review, report to HHS, and sanction any workforce member that does not comply with its HIPAA policies and procedures.
  4. Implementation Report and Annual Report.  NEDLC is required to submit to HHS a written report summarizing the status of its implementation of the requirements provided set forth in the settlement, and annual compliance reports.

For more Health Care legal news, click here to visit the National Law Review.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

911 Network Reliability Deadline Approaching

Earlier this monththe FCC announced that its 2022 911 Reliability Certification System is now open for Covered 911 Service Providers to file annual reliability certifications.  The filings are due on October 17, 2022.  Failure to submit the certification may result in FCC enforcement action.

Background

In 2013, the FCC adopted rules aimed at improving the reliability and redundancy of the nation’s 911 network.  Those rules require Covered 911 Service Providers (“C9SP”) to take steps that promote reliable 911 service with respect to three network elements: circuit auditing, central-office backup power, and diverse network monitoring.  The Commission identified these three network elements as vulnerabilities following a derecho storm in 2012 that significantly impacted 911 service along the eastern seaboard.

Applicability. The rules apply to all C9SPs, which are defined as any entity that provides 911, E911, or NG911 capabilities such as call routing, automatic location information (ALI), automatic number identification (ANI), or the functional equivalent of those capabilities, directly to a public safety answering point (PSAP).

Certification. The rules require C9SPs to certify annually that they have met the FCC’s safe harbor provisions for each of these elements or have taken reasonable alternative measures in lieu of those safe harbor protections.  The certification must be made under penalty of perjury by a corporate officer with supervisory and budgetary authority over network operations.

In 2018 and 2020, the FCC sought comment on changes to the 911 reliability certification rules, but the rules have not yet been updated as a result of those proceedings.

Enforcement Against Noncompliant Providers

Last year, the FCC entered into eight consent decrees with Covered 911 Service Providers that failed to submit their reliability certifications in 2019, 2020, or both.  A Consent Decree typically requires the recipient to admit it violated an FCC rule, pay a fine to the federal government, and implement a Compliance Plan to guard against future rule violations.  These Compliance Plans required the C9SPs to designate a compliance officer, establish new operating procedures, and develop and distribute a compliance manual to all employees.

Additionally, the providers were required to establish and implement a compliance training program, file periodic compliance reports with the FCC detailing the steps the provider has taken to comply with the 911 rules, and report any noncompliance with 911 rules within 15 days of discovering such noncompliance.

Looking Forward

C9SPs have about one month to confirm compliance with the reliability rules and submit a required certification.  Based on the FCC’s enforcement efforts last year, C9SPs would be well-advised to work diligently to meet this upcoming deadline.

© 2022 Keller and Heckman LLP

OFAC Offers Guidance in the Wake of Tornado Cash Sanctions

The U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) updated its “frequently asked questions” (FAQs) Tuesday, providing guidance relating to the sanctions against Tornado Cash, the Ethereum “mixer” it blacklisted in August, following allegations that North Korea used Tornado Cash to launder stolen digital assets. The updated information from OFAC comes as a welcome snippet of communication, allowing for clarity on the scope of the action taken against Tornado Cash, as well as providing guidance for U.S. persons affected by the blacklisting who, through no fault of their own, were caught up in federal action.

The updated FAQs provide guidance on four points: (1) the ability to withdraw funds from wallets associated with the Tornado Cash blacklist; (2) whether the OFAC reporting obligations apply to “dusting” transactions; (3) whether U.S. persons can engage in transactions involving addresses implicated in the blacklist without a license; and (4) what, more generally, is prohibited in the wake of the OFAC blacklisting of Tornado Cash.

(1)        Withdrawing Funds

If a U.S. person sent virtual currency to Tornado Cash, but did not complete the mixing transaction or otherwise withdraw such virtual currency prior to August 8, 2022 (the effective date of the OFAC blacklist), such person can request a specific license from OFAC to engage in transactions involving that virtual currency (assuming such person conducts the contemplated transactions within U.S. jurisdiction).

In order to obtain this license, such persons will need to provide, “at a minimum, all relevant information regarding these transactions with Tornado Cash, including the wallet addresses for the remitter and beneficiary, transaction hashes, the date and time of the transaction(s), as well as the amount(s) of virtual currency.”

OFAC indicates that they will embrace a favorable licensing policy towards such applications, so long as the contemplated transactions did not involve conduct that it deems to be otherwise sanctionable, and that licensing requests can be submitted by visiting the following link: https://home.treasury.gov/policy-issues/financial-sanctions/ofac-license-application-page.

(2)        “Dusting” Transactions

Dusting is the act of sending unsolicited and nominal amounts of virtual currency or other digital assets to third parties. This can be done in order to cause consternation on the part of the recipient, particularly in a situation where there is confusion as to the legality of receiving such funds or actions.

OFAC indicates that it has been made aware of Dusting involving virtual currency or other virtual assets from Tornado Cash, and indicates that while, technically, OFAC’s regulations would apply to these transactions, to the extent that these Dusting transactions have no other sanctions associated with them other than Tornado Cash, “OFAC will not prioritize enforcement against the delayed receipt of initial blocking reports and subsequent annual reports of blocked property from such U.S. persons.”

In short, while not a desirable transaction to take place, OFAC does not intend to pursue action against persons simply because they are the target of Dusting.

(3)        Engaging in Transactions With Tornado Cash

OFAC clarified that, without explicit license from OFAC, U.S. persons are prohibited from engaging in any transaction involving Tornado Cash, including any transaction done via currency wallet addresses OFAC has identified as part of the blacklist.

Specifically, “[i]f U.S. persons were to initiate or otherwise engage in a transaction with Tornado Cash, including or through one of its wallet addresses, such a transaction would violate U.S. sanctions prohibitions, unless exempt or authorized by OFAC.”

(4)        Further Tornado Cash Guidance

Referencing FAQs 561 and 562, OFAC reemphasized their authority to include as identifiers on the Specially Designated Nationals and Blocked Persons List (SDN List) specific virtual currency wallet addresses associated with blocked persons, and that such SDN List entry for Tornado Cash included as identifiers certain virtual currency wallet addresses associated with Tornado Cash, as well as the URL address for Tornado Cash’s website.

While the Tornado Cash website has been deleted, it remains available through certain Internet archives, and accordingly OFAC emphasized that engaging in any transaction with Tornado Cash or its blocked property or interests in property is prohibited for U.S. persons.

Interacting with open-source code itself, in a way that does not involve a prohibited transaction with Tornado Cash, is not prohibited. By way of example, “U.S. persons would not be prohibited by U.S. sanctions regulations from copying the open-source code and making it available online for others to view, as well as discussing, teaching about, or including open-source code in written publications, such as textbooks, absent additional facts.  Similarly, U.S. persons would not be prohibited by U.S. sanctions regulations from visiting the Internet archives for the Tornado Cash historical website, nor would they be prohibited from visiting the Tornado Cash website if it again becomes active on the Internet.”

While this update to FAQs come as a welcome bit of clarity, Web3 investors, entrepreneurs, and users should continue to tread carefully when engaging with opportunities and technologies on the periphery of Tornado Cash and the accompanying OFAC action. When questions arise, it is important to seek out informed counsel, to discuss the risks of proposed actions and how best to mitigate that risk while working to pioneer new and emerging technologies.

© 2022 Dinsmore & Shohl LLP. All rights reserved.

It’s Time To Review Your Online Patient-User Interface: DOJ Issues New Federal Guidance on Telemedicine and Civil Rights Protections

As online digital health services continue to enjoy broader use and appeal, federal regulators are concerned some telemedicine online patient-user interfaces fail to accommodate persons with disabilities and limited English proficiency. Such failures in “product design” can violate federal civil rights laws and the Americans with Disabilities Act (ADA), according to new policy guidance jointly issued by the U.S. Department of Health and Human Services (HHS) and Department of Justice (DOJ).

The document, Nondiscrimination in Telehealth, is specifically directed to companies offering telemedicine services and instructs such covered entities to immediately take specific steps to comply with the various “accessibility duties” under federal civil rights laws. The guidance focuses on ensuring accessibility for two populations of users: 1) people with disabilities and 2) people with Limited English Proficiency (LEP).

Who is Subject to these Rules?

The guidance refers to “covered entities” subject to these rules. Under the rules, “covered entities” are any health programs and activities receiving federal financial assistance (in addition to programs and activities administered by either a federal executive agency or an entity created by Title I of the Affordable Care Act). While the guidance does not define what constitutes “receiving federal financial assistance”, HHS has historically held that providers who receive federal dollars solely under traditional Medicare Part B were not covered entities. However, a recently-proposed rule suggests HHS will significantly expand the scope of covered entities, and soon. Telemedicine providers should be prepared to comply with these federal laws.

People with Disabilities

The guidance explains that no person with a disability shall – because of the disability – be excluded from participation in or be denied the benefits of the services, programs, or activities of a covered entity, or otherwise be subjected to discrimination by a covered entity. The requirements in the guidance is supported by several federal laws, including the Americans With Disabilities Act, the Affordable Care Act Section 1557, and the Rehabilitation Act Section 504.

Applying these federal civil rights protections to telemedicine services, the guidance states companies must make reasonable changes to their policies, practices, or procedures in order to provide “additional support to patients when needed before, during, and after a virtual visit.”

DOJ and HHS provided the following as examples of such “additional support” obligations:

  • A dermatology practice that typically limits telehealth appointments to 30 minutes may need to schedule a longer appointment for a patient who needs additional time to communicate because of their disability.

  • A doctor’s office that does not allow anyone but the patient to attend telehealth appointments would have to make reasonable changes to that policy to allow a person with a disability to bring a support person and/or family member to the appointment where needed to meaningfully access the health care appointment.

  • A mental health provider who uses telehealth to provide remote counseling to individuals may need to ensure that the telehealth platform it uses can support effective real-time captioning for a patient who is hard of hearing. The provider may not require patients to bring their own real-time captioner.

  • A sports medicine practice that uses videos to show patients how to do physical therapy exercises may need to make sure that the videos have audio descriptions for patients with visual disabilities.

People with LEP

The second area of the guidance is protections for LEP individuals under Title VI of the Civil Rights Act of 1964 (Title VI). Under Title VI, no person shall be discriminated against or excluded from participation in or be denied the benefits of services, programs, or activities receiving federal financial assistance on the basis of race, color, or national origin.

For telemedicine services, the guidance states that the prohibition against national origin discrimination extends to LEP persons. Namely, telemedicine companies must take reasonable steps to ensure meaningful access for LEP persons. Such “meaningful access” includes providing information about the availability of telehealth services, the process for scheduling telehealth appointments, and the appointment itself. In many instances, HHS states, language assistance services are necessary to provide meaningful access and comply with federal law.

These language assistance services can include such measures as oral language assistance performed by a qualified interpreter; in-language communication with a bilingual employee; or written translation of documents performed by a qualified translator

DOJ and HHS provided the following as examples of such “meaningful access” obligations:

  • In emails to patients or social media postings about the opportunity to schedule telehealth appointments, a federally assisted health care provider includes a short non-English statement that explains to LEP persons how to obtain, in a language they understand, the information contained in the email or social media posting.

  • An OBGYN who receives federal financial assistance and legally provides reproductive health services, using telehealth to provide remote appointments to patients, provides a qualified language interpreter for an LEP patient. The provider makes sure that their telehealth platform allows the interpreter to join the session. Due to issues of confidentiality and potential conflicts of interest (such as in matters involving domestic violence) providers should avoid relying on patients to bring their own interpreter.

What if Making These Changes is Expensive?

While not directly addressed in the guidance, the cost for implementing accessibility measures generally falls on the company itself. Federal ADA regulations prohibit charging patients extra for the cost of providing American Sign Language (ASL) interpreters or similar accommodations. In fact, a covered entity may be required to provide an ASL interpreter even if the cost of the interpreter is greater than the fee received for the telemedicine service itself. With respect to LEP interpreters, HHS issued separate guidance stating it is not sufficient to use “low-quality video remote interpreting services” or “rely on unqualified staff” as translators.

However, companies are not required to offer an aid or service that results in either an undue burden on the company or requires a fundamental alteration in the nature of the services offered by the company. This is an important counterbalance in the law. Yet, the threshold for what constitutes an “undue burden” on a company or a “fundamental alteration” to the nature of the services is not bright line and requires a fact-specific assessment under the legal requirements.

Conclusion

Telemedicine companies subject to the guidance should heed the government’s warning and look inward on patient-facing elements. The first step is to simply have the website and app platform reviewed (most particularly the patient online user interface) by a qualified third party to determine if its design and features are sufficiently accessible for people with disabilities, as well as LEP persons. That time is also a prudent opportunity to review the user interface to confirm it complies with state telemedicine practice standards, e-commerce rules, electronic signatures or click-sign laws, and privacy/security requirements. Because these laws have undergone rapid and extensive changes during the Public Health Emergency, it is recommended to conduct these assessments on a periodic/annual basis.

If a company believes the expense of making these product design changes to ensure accessibility would be prohibitively expensive, it should check with experienced advisors to determine if the changes would constitute an “undue burden” or “fundamental alteration.” Otherwise, federal guidance is clear that refusing to make reasonable changes can be a violation of federal civil rights laws.

© 2022 Foley & Lardner LLP

A Paralegal’s Guide to Legal Calendar Management

Law firms of all sizes are increasingly relying on legal technology to address their day-to-day responsibilities. From family law to criminal law to personal injury law, law practice management software can help law firms run smoothly and efficiently.

The benefits of this legal technology aren’t limited to lawyers — it extends to the paralegals they work closely with.

The demand for paralegals is growing at an average of 12% each year, and paralegal technology can be used to support their efficiency and workflows. Many of the manual tasks that paralegals do, such as creating, organizing, and filing court documents, can be automated to free time to focus on more critical tasks.

What Do Paralegals Do?

Working under the supervision of an attorney, a paralegal’s work is merged with and used as part of the attorney’s work for the client. Paralegals cannot give legal advice or perform any legal duties that fall under the scope of the licensed attorney, and they must be clear in their non-lawyer status with clients and the public.

The typical duties of a paralegal may include:

  • Conducting client interviews and maintaining client contact

  • Locating and interviewing witnesses

  • Conducting investigations and statistical and documentary research

  • Performing legal research

  • Drafting legal documents, correspondence, and pleadings

  • Summarizing depositions, interrogatories, and testimony

  • Attending executions of wills, real estate closings, depositions, court or administrative hearings, and trials with the attorney

  • Authoring and signing correspondence, as long as the paralegal status is clearly indicated and does not contain independent legal advice or opinions.

In a law firm, a paralegal’s time for legal work — not clerical or administrative work — may be billed to clients the same way as an attorney’s time, but at a lower hourly rate.

The paralegal profession originated in law firms, but now, paralegals may be employed by government organizations, banks, insurance companies, and healthcare providers.

Aside from basic technology tools for sending emails, making calls, or creating documents, there are resources specifically designed for paralegal work. Some of these include:

  • Case management software: One of the responsibilities of a paralegal is helping firms track client case information. Case management software supports paralegals and other staff to collaborate on cases in real time.

  • Billing software: Client billing is a time-consuming process at the end of the billing period. Paralegals may use billing software to help automate bill generation, collection, and review. Online billing allows clients to receive bills directly and gets the firm paid faster.

  • Client intake software: With manual client intake, clients fill out paperwork and the information must be transcribed digitally. This process is inefficient and error-prone, even with a fillable PDF. Automated client intake technology captures vital details for paralegals, and forms can be shared with a link. The information can be synced with other technologies to avoid duplicate data entry.

  • eSignature software: Signatures are required for most legal documents. Instead of hand-signing and scanning documents, e-signature technology allows paralegals to collect, sign, and store documents with a click of a button.

Paralegals may use some or all of these legal technologies, depending on the size of the firm and its practice areas.

Calendar management is the systematic process of organizing tasks, meetings, and events with the goal of maximizing the return on investment for the time put in. The work can be time-consuming, but it’s essential to the function of the firm.

A well-managed calendar should support attorneys to ensure success. Calendar management has the power to make or break the attorney’s daily workflow and long-term success, which is why it’s one of the most important skills for a paralegal to perform effectively.

Legal calendar management is a resource that manages deadlines, meetings, and events in a centralized location. Paralegals, attorneys, and other staff can have shared access and individual alerts or notifications to ensure that crucial tasks never fall through the cracks.

Prior to digital legal calendar management, attorneys had to calculate deadlines manually — a time-consuming and error-prone process. Legal calendar management automatically calculates deadlines to expedite the process and ensure accuracy.

With automated workflows, legal calendar management allows legal professionals to build workflows for each type of case or practice area of the firm.

For busy professionals juggling multiple responsibilities and clients, this ensures that important deadlines are not missed.

Just like you would schedule a meeting or task, paralegals should block focus time to manage and organize their calendars. Use these best practices to simplify how you manage your calendar.

Use a Coding System

Color coding creates an organizational schematic for the calendar. For example, using colors for different categories like client, internal, recurring, reminder, and travel helps everyone quickly identify the tasks that are relevant.

Implement a Centralized, Firm-Wide Calendar

Law firms should have a centralized calendar that’s used throughout the firm and managed by an experienced paralegal. This ensures that the firm staff has access to crucial information and deadlines from anywhere.

The calendar should be flexible and allow for different departments to toggle their view of desired information.

Legal calendars have a lot of moving parts that may involve multiple parties. This is why it’s important to create guidelines or rules for everyone in the firm when updating the calendar. For example, who submits case information? Who verifies the deadlines and completes follow-ups?

Incorporating this information in your firm’s workflows will ensure all staff members understand what they’re responsible for, and when. This process should be standardized, to alleviate bottlenecks or help with onboarding and training new staff.

Get The Entire Firm On Board

A new process takes time to implement and may come with learning curves. However, an efficient, organized legal calendar can’t be accomplished without buy-in across the firm.

There can be friction among staff when implementing new technology, especially if the firm has been more traditional. Take a top-down approach that begins with senior partners and managers. They can take the lead to bring everyone on board and get them excited about the capabilities of the new technology. No one likes change, but preparing the team can reduce friction and make the implementation process more efficient.

But remember, the best technology in the world is still just technology. It’s up to your firm and staff to use it to its fullest. Establishing clear roles and responsibilities for leaders and staff, providing training, and both giving and receiving feedback ensure that the legal calendar management software’s features and tools are used appropriately for your firm’s needs.

© Copyright 2022 PracticePanther

Speaker Pelosi Expresses Concerns With Federal Privacy Bill’s Preemption Provision

On Thursday, House Speaker Nancy Pelosi expressed concerns with certain features of the American Data Privacy and Protection Act (“ADPPA”) and its broad preemption provision, which as currently drafted would override the California Consumer Privacy Act (“CCPA”) and its subsequent voter- approved amendments.  The ADPPA was favorably reported by the House Committee on Energy and Commerce in July by a vote of 53-2.  The bill has not yet been scheduled for a vote on the House floor. Speaker Pelosi “commended” the Energy and Commerce Committee for its efforts, while also praising California Democrats for having “won the right for consumers for the first time to be able to seek damages in court for violations of their privacy rights.”  Speaker Pelosi noted that California leads the nation in protecting consumer privacy and it was “imperative that California continues offering and enforcing the nation’s strongest privacy rights.”

Speaker Pelosi stated that she and others would be working with Chairman Frank Pallone (D-NJ) to address concerns related to preserving  California privacy laws.  Although Speaker Pelosi’s comments cast doubt on the future of the ADPPA, we continue to believe that it will clear the House. We anticipate only modest tweaks to the preemption provision, which must be acceptable to the Republican leadership of the committee for the bill to move forward. As Speaker Pelosi noted, the bill contains a private right of action for consumers—the single most important provision to Republicans in return for strong preemption language. After more than a decade of effort, the Democratic leadership of the House will be hard pressed to let the perfect be the enemy of the really good.

© Copyright 2022 Squire Patton Boggs (US) LLP

Legal News Reach Episode 4: The Perfect Storm: Law Firm Marketing & Business Development Budgeting with Beth Cuzzone, Global Practice Leader of Intapp

Welcome to Season 2, Episode 4 of Legal News Reach! National Law Review Managing Director Jennifer Schaller is joined by Beth Cuzzone, Global Practice Leader of Intapp. Together, they discuss the best budgeting strategies for legal marketing departments as firms emerge from the pandemic with a new set of priorities and perspectives.

We’ve included a transcript of the conversation below, transcribed by artificial intelligence. The transcript has been lightly edited for clarity and readability.

Jennifer Schaller

This is Jennifer Schaller, and I’m the Managing Director of the National Law Review. We’ll be speaking with Beth Cuzzone, who’s the Global Practice Leader of Intapp. Beth, can you tell us a little bit about your background and what you do at Intapp?

Beth Cuzzone

Thank you for asking, Jennifer. I think it’s an important table-setting question. So I recently joined Intapp in 2022. It’s a global technology firm, and it partners with investors and advisors to help them run their businesses. And it basically follows those companies through the lifecycle of their companies, whether it’s intake or relationship management, or deal management, or billing or marketing or risk, and so many other operational functions. But my role Intapp sits in the marketing and business development corner of those companies. So as a Global Practice Leader, I’m responsible for working with a team of subject matter experts who help clients align their strategic priorities with our solutions. It’s been an interesting and challenging shift, because I spent more than 30 years of my career in the very types of companies that Intapp now helps. So it’s been an interesting and exciting and challenging change all at once. And I think it also gives me a unique lens into what we’re going to be diving into today.

Jennifer Schaller

Okay, wow, it sounds like a spot-on match here we have today. So let’s dig into it. We’re talking about law firm budgets. So for this upcoming budget cycle, for firms who are either almost done with it, or in the process, or close to wrapping it up. What’s different this year than in previous years in law firm marketing and business development departments?

Beth Cuzzone

In one word, everything. If we take a step back and look at the easy formula that law firms have used traditionally when creating their budgets, there hasn’t been a lot of secret sauce. In its simplest form, and I am oversimplifying it for illustrative purposes, but in its simplest form, law firms for years and years and years, and year over year, would take into consideration their former budget number and give it an increase that aligned with the firm’s increase in their revenue for that year. And then the real work would begin on saying, Okay, we’re going to give ourselves a 2 or 3% increase, because we increased our revenue by 8%. So we’re going to take some slice of that, and we’re going to increase what we did last year, and then they would reallocate that number. And so if it was my budget was $1,000 last year, and you know, now I’m going to increase it by 3%, it’s going to be $1,300. And now let me just play around with the line items and see where we want to spend a little more, where we want to spend a little less. Given the years that we’ve had coming up to the 2023 budget season, we had 2020, when the pandemic hit, we had 2021, where we were still experiencing the effects of that. And then in 2022 as people tried to move back into some normalcy of spend market, you know, marketing, outreach, awareness, credibility, relationships, going back into the office, that sort of thing, the budgets are a little bit all over the place. So to answer your question, why is this coming year’s budget different? It’s because you don’t have last year’s budget that you get to just reset.

The interesting thing is that I think it actually is going to provide opportunities to relook at the way you think of your budget and think a little bit about very specific line items. You know, I do think one of the places that people are going to spend a lot of time thinking about is digital marketing. And, you know, a question I had for you is, have you seen an uptick in the digital marketing spend from law firms, where we were pre-pandemic, to pandemic to where people are moving towards?

Jennifer Schaller

That’s kind of a multi-layered question. I mean, over the last five years, there’s obviously been a switch to more digital. There’s a couple of different things going on in the larger digital advertising industry. Advertising rates right now as a whole are pretty suppressed digitally. So that’s impacting us a little bit, just because the baseline is down. But if you’re in a specific niche, like the National Law Review, where you know, we very much have the traffic and the audience, there’s always going to be a demand for it. What’s going to be super interesting to see is when cookies go away. People keep talking about that, because that’s going to make the content on the website far more relevant, as opposed to having retargeting ads and things like that. But the date keeps changing on that. So, you know, we’ll let you know when we know. And related to publishing end of it, there’s been a bit of a sea change on that. There always was sort of a pushback or a stigma somewhat attached to pay-for-play publishing. But a little bit of a difference with that is, over time, most marketing professionals, especially in legal, understand that there’s costs involved in running a quality publication, if you want to have analytics, if you want to have a responsive staff who’s around to make edits, that you have to pay for that, and that, you know, if you don’t have money coming in from subscriptions, if you’re a no login website, that there’s going to be cost. So there’s been a bit of a change there. There’s more receptiveness to it. And I think maybe because law firms themselves understand what it takes to publish, they’re a little more forgiving, and understanding that we have costs too, if that makes any sense.

Beth Cuzzone

It makes complete sense. It makes complete sense. And again, there’s no direct answer to some of these complicated questions that we’re asking each other today about where people are spending and where it’s going versus where it’s been when we’ve had this pause on so many levels. And like you said, I also just think that the lens of the marketing and business development departments and law firms are really starting to appreciate that looking at digital assets as a way to create awareness and credibility is going to be a leader in their budget.

Jennifer Schaller

Well, yes, especially since events have changed and gone away. And a lot of sponsorships have changed. And given that pandemic ripple effect of live events versus sponsoring tables at events, which used to be a part of legal marketing department spends, what’s becoming more the standard for law firm, legal marketing department and business development spend, is it changed? Is it reallocating? How is that working?

Beth Cuzzone

That’s a great question. So typically–I heard somebody say once, law firms are like snowflakes, everyone is different. And I know that when I look at industry statistics that talks about the swing of spend, that has to do with you know, the percentage of revenue of law firms, that it goes anywhere from 2 or 3% to 18, 19, 20%. And the reason that they have that swing is because in some marketing and business development department budgets, they include personnel when others don’t, okay, or in some marketing and business development, department budgets, it’s all marketing, whether it’s for the HR department, or legal recruiting, or the firm, and others. Those are each very separate departments and separate budgets. So there is this huge spread across the industry. But I think for most firms, we’re going to find that there’s that 3.5 or 4% to 8% budget target of revenue. And that’s kind of where people settle in. There are outliers on both sides. And interestingly, there’s often some surprises. I find that sometimes some of the smaller, mid-sized firms have larger percentage budgets. But I think that’s because they can’t enjoy the scales of economy that larger firms can. If you’re looking at your budget, and we can talk about this in a little bit, you know, in 2020 when the pandemic started, all discretionary budget items were removed from law firms, whether it was in marketing and business development or not. So it was like, “Unless we’re contractually obligated to pay something, we’re taking it off the table.” And so now firms are getting that opportunity to rebuild it. And again, that approach and that budgeting exercise is a real opportunity for these firms to say, “What haven’t we been asking ourselves?” Or, “What haven’t we done that we’ve wanted to? What’s not in our budget? What should be or what are the opportunities out there in terms of places or people or technology or intersections that we’ve never tried before?” So I think there’s some of those questions that are happening, too.

Jennifer Schaller

Yeah, I think if anything, this is just helpful to know, to have legal marketers or even law firm administrators, or management know how to ask questions about legal marketing budgets, that there is such a wide range, but the wide range prompts people to ask the question, “What’s in that figure and what’s not?”  I’ve never really had it broken down that well before. So thank you for taking the time to spell that out. Because it’s not spelled out a lot of different places. Many people will appreciate that.

When you’re talking about law firm marketing budgets, what’s the difference between acquisition marketing and retention marketing and preparing budgets? Should law firms dedicate more resources to one or the other? Or is it some sort of blend?

Beth Cuzzone

That is a very forward-thinking question that you’re laying out there. Because I think that law firms basically had two types of buckets, if you will: they thought of it as awareness and credibility building, or relationship building, it was one of the two. And so they had some things around awareness and credibility, we talked a little bit about it earlier, you know, it’s that one to many, the website, you know, the content, the newsletters, the big events, that sort of thing. And then the relationships are kind of those one-on-ones. It’s the spending time going out and sitting down with a prospective client to learn something, or having an entertainment budget or doing some small roundtables with thought leadership, or sitting down with different decision makers at a particular client site so that you’re staying close to them. And it was a little bit all over the place. And the shift that I’m starting to see happen is that law firms are starting to break down their budgets into exactly what you said: acquisition marketing, which is, “How are we getting new clients?” versus retention marketing, which is, “how are we keeping and growing the clients that we have, or the brands that we have, or the relationships that we have?” And by doing that, they’re also starting to do account-based marketing. And they’re able to put their budgets together and say, “We’re going to spend 70, or 60, or 80% of our budget on our existing relationships, because we know that it costs six to eight time more money, resources, people budgets to get a new client than it does to keep and grow an existing one. So when you look at the scale of acquisition versus retention, retention is going to get that bigger budget. And then the acquisition is going to have a smaller wallet share of the overall budget. But within that big budget, you’re going to start that retention budget, you’re going to start to see that being broken down a little bit by account-based marketing as therefore account based budgeting. Again, this is a little bit around the corner. And this is I think what firms are going to be dealing with over the next five years of exactly being able to measure their return on objectives or their return on investments and where their money is really being spent. Because they’re going to be tying it down to very specific objectives and very specific strategies, if you will.

Jennifer Schaller

Okay, so what would be some of the areas that there would be an overlap, like between acquisition and retention marketing, would that fall in the digital area? Or where would that be?

Beth Cuzzone

That’s a perfect example, please look at what we’re talking about like a Venn diagram, right, you’ve got your acquisition, you’ve got your retention and then there’s the place where they overlay. Digital assets are a perfect example that fall into both. It’s helping you in the marketplace. And it’s helping you find your next big relationships and clients and referral sources. And those are the same assets that you can use to add value and stay close to some of your existing relationships, places where they start to separate a little bit, again, is really by account or by client, client-based marketing versus account-based marketing. And so you might have a firm where you say, we’re going to spend a lot of our travel and entertainment budget on going to each one of their offices and doing junior executive training. So that we’re aligning ourselves with the next generation of decision makers, and that’s how we want to spend our money and our time and our budget and our resources and our people on that particular client this year, sort of thing. So it all depends, again, on the strategy. And it also depends a little bit on the firm.

Jennifer Schaller

Yeah, would it vary by practice group, or just like, if you had a firm that was, you know, just intellectual property law based, would there be differences in the ratio or the mix or network?

Beth Cuzzone

That’s a great question. So there are some firms and also practice areas where there’s annuity streams, if you will, right. There’s just an ongoing, “We represent this particular finance institution on all of these sorts of loans. And, you know, we do 5, 10, 15 a year for them.” Think about if you were actually a litigator, and you were representing financial institutions where you didn’t know how many you were going to have in a year or whether you were not going to have any for two years and how they think of you and they call us when it’s about the company or they don’t call us when it’s about the company so you have to again, look at the firm, its strategy, the cadence of those open matters, the cadence of when they’re being asked to help clients and then try to align your budget and the activities in your budget around those very objectives. Does that make sense?

Jennifer Schaller

Yeah, it does. A lot of what you’re breaking down is really helpful because people throw numbers out there, but they don’t go into the details of what moves the numbers up or down, like your example of depending on if the law firm is including the expenses for HR, or including the salaries of the marketing department in there, that should make a big difference. And nobody really spells that out. So that was very helpful.

Beth Cuzzone

What kinds of trends are you seeing…there’s this nuance that’s happening now Jennifer, where there was a period of time “back in the day” where all law firms took out one-page ads in some of the biggest business-to-business publications and journals, or like yours, very, very niche, industry-specific news-related channels. And it was “we want to be top of mind” with whoever the reader is, whether it’s our peers, whether it’s our competition, whether it’s a referral source, whether it’s a potential client, whether it’s somebody on the other side of the table, and over time, that awareness campaign started to move into that content campaign. And I’d really be interested to see how are law firms maintaining that mindshare in the marketplace? What are you seeing?

Jennifer Schaller

Some big change from print, and what’s really changed–COVID was sort of terrible for the world, but in a lot of ways good for law firms and legal publishing. Because there were so many rapid developments of a legal or administrative or regulatory nature going on, there was just a lot of content to be written on and a lot of people looking for that content. So there was inherently a lot of traffic just being driven by COVID and all the related changes to it. Now that that’s leveled out a little bit, what we’re seeing from law firms is when they do their informative writing, meeting, talking about cases that happened and why that’s important to a particular industry, or new regulations that are on the horizon, what’s a little bit different is they’re starting to impose–not impose, but impart–their personality a little bit more. We’re seeing more content come in where it talks about people’s journey in the legal profession, how they balance working from home or transitioning out of working from home in a little bit more with the content. So before there was very little of that. I mean, there was some. It’s pretty prevalent now where we’ll see many law firms just have entire blogs and podcasts and a whole kind of vertical dedicated to life balance, people’s career paths, and things like that, which is a bit different than what we’ve seen before. I think it provides a good opportunity for law firms to tease out their competitive differences just by letting people know who they are, because ultimately, with law firms, they’re buying the person and their knowledge and their background. And this is kind of a more forward way of doing it than what’s been done in the past.

Beth Cuzzone

You know, it’s so interesting to hear you say that. I don’t think I really put such a fine point on it until you just mentioned it. All law firms do the same thing. For the most part, a general practice firm does the same thing as the next general practice, you know, an IP boutique does the same thing as the next IP. But how you do it, who you do it with and the culture is what your differentiator is. And you’re right, as I’m thinking a little bit about the sorts of information that I’m seeing, either the types of information or the personality in which people are writing, it really is giving firms a way to showcase their culture and who they are and their differentiator as opposed to all sounding like really smart law firms.

Jennifer Schaller

It’s that and I think it’s a little bit recruiting as well. I mean, the whole world has experienced quite a bit of turnover. Law firms have always had more turnover than other industries. So we’d have some stuff coming in where folks are interviewing their summer associates. And they’re doing that on a couple different levels. I think it plays to people who may be interested to know how a person got a summer associate position at an Am law firm, but also, you know, it’s a big hug to that person, and it shows in a recruiting sense that that law firm really cares about folks at all levels of the organization. We wouldn’t have seen that 10 years ago, so that’s just really different.

Okay, so let’s get into the fun part: budgeting tips! You’ve been doing budgets for years, you work with an organization that helps law firms kind of balance competing things for their attention and help tease out what’s probably the best bet for the firm. Do you have a few tips to share with our readers, or our readers and our listeners today, concerning law firm budgets, what to include what to not get pushed back on?

Beth Cuzzone

Yes, I think that there are a few best practices out there that law firm marketing and business development departments want to be thinking about as they’re either negotiating their budgets with firm management, or if they’re actually putting it together. We talked a little bit about the fact that historically firms have used the previous year and that budget number is a benchmark. Ironically, in 2022 law firm marketing and business development budgets increased by more than 100%. And again, it’s because in 2020, and 2021, they were decimated, it was the place where there was the most discretion in the budget, there were things like they weren’t going to be doing sponsorships, they weren’t going to be holding webinars, they weren’t going to be traveling to see clients or things–like take it all out. So then when we started to move towards this normalcy of, “let’s get back to business in 2022”, with a kinder, gentler, more softer approach, they had to increase their budgets by more than 100%. So the first thing I would say is, do not prepare your 2023 budget based on your 2022 budget, because you’re going to show that there’s already been 100% increase, and there will probably be very little wiggle room. I would also scrap 2020 and 2021. So I think one of my tips or best practices is, use 2019 as your benchmark, not 2021 or 22. For the reasons we’ve just talked about.

The other thing, you just mentioned this in the way you asked the question, is that there is a very complex ecosystem in law firms, and the marketing and business development budget is one of many competing priorities. And I think understanding that budgeting is a long-term game, not one you win every year. And so what I’m trying to say is, take a panoramic view of where the firm is, what they’re trying to accomplish, what some of their major goals are for the next year or two, look left and look right at what other operating department budgets are going to be impacted by that, and prepare your budget within the context of what’s happening. So don’t ask for the greatest budget increase among every operations department, every year. There becomes a fatigue, where it’s like, “Nope, just give them the 2%, we’re not going to listen to why they deserve more every year, year over year than every other department.” So I think walking in and being able to communicate, “We understand that lateral growth is one of our top strategic priorities, and that you’re going to be spending a lot of our budget on legal recruiting. So this year, I’ve put in some particular items and activities that will support legal recruiting, and I’ve moved my budget request from a 6% increase to a 2% increase.” And again, you can negotiate two or three years in advance, then say, “I just ask that when we’re looking at my budget in two years, or in three years that we appreciate that I’m asking for a smaller increase this year, given where we are, what we’re doing.” You know, it also goes a long way when there’s been a down year.

So, so far we’ve said, use 2019 as your benchmark, don’t ask for the greatest budget increase among every operations department every year, try to negotiate for two or three years in advance at your firm, but also negotiate two or three years in advance with your partners or vendors, depending on what you call them. You know, to be able to say, “Listen, we want to do this. And we can’t be all-in this year because our budget isn’t going to allow us, but can we negotiate an 18-month relationship with you and spread it over a 24-month period?” Negotiate a little bit! These are companies that want to partner with you. I also think it never hurts to ask and get comfortable with, again, just partnering with your vendors. That’s why I always call them partners and not vendors. Be comfortable with partnering with them and saying, “Look here are two or three things I’m trying to accomplish. And I only see one of those things in the proposal that you sent to me. Are there some things that you can put in here that are revenue neutral? Or are there ways that you can reallocate our spend and help me hit these other budget objectives?” They’ll work with you. So negotiate with management and then partner with your vendors.

I’ve been talking with a lot of firms. And another thing that I’m seeing firms really start to do is ask themselves, “Where is the lowest risk and the highest return?” and vice versa, and making sure that your budget is representing that like, “Boy, this is the lowest risk and a really good return. So we’re going to do more of this. And this is a really high risk, very questionable return. We’re going to do less of this.” And by the way, having those conversations with your management committee or your manageing partners or your executive committee about the ways that you’re looking at risk versus return, or contextually where you are in the firm’s operational churn, if you will, those sorts of things will help you in the long run.

Jennifer Schaller

It’s really great that you point out the need to let your vendors know what your goals are. It’s very challenging sometimes when people are like, “What’s the price? You know, what, what, what is your best price?” What is important to you? It’s not really a negotiating technique, we want to know where to focus to best meet your needs. And if we have no concept of what your goals are, or what you’re trying to highlight, it makes it infinitely more challenging.

This year, or any historically, are there budget items that you would suggest CMOs pay more attention to this year than in previous years or anything that’s unique about this year that they might want to highlight other than the points that you made about using 2019 as a base point versus the previous two years? Which were just weird. Is there anything else different?

Beth Cuzzone

You know, I think this is the time everybody is peeking over the horizon wondering, “Is there a downturn? Is there a recession? Is there a down year coming? What do we do?” You know, you’ve got, you’re asking yourself all of those questions. I think this is also a year, when you’re looking at your budget, to look at things that are driving efficiencies, scalability, revenue generation, right? There’s a difference between cost and investment. Make sure that your budget has a nice healthy mix of, “These are things where we want to spend money to get more money. And then these are places where we want to spend money so that we can meet an objective,” and I call them return on objectives, and return on investments. “We want to be known in this new market. We want to open up an office in Texas. And so we’re going to be spending a lot of time and money and energy and budget on really getting the word out creating some top of mind awareness in Texas.” That’s an objective, right? If it is that we really want to get a little closer to the bottom quartile of our clients in terms of revenue and say, “How can we help them with more problems than we do now? How do we take them and really try to grow the wallet share that they spend on outside counsel?” That’s a return on investment. So you know, have that healthy mix on return on investment, and return on objective.

Jennifer Schaller

Fair enough. So briefly, your firm Intapp? How do they help law firms with their budgeting process? Are there specific things that they’re set up to do to help?

Beth Cuzzone

Thank you for asking me that and for being so gracious. Because yes, I think the answer is yes. So Intapp can help law firms create insights to find revenue, find where there’s work that’s more profitable, find where, you know, there’s whitespace, and opportunities, or be able to basically measure things, and have this one source of truth in your law firm, where you’ve got all of these technologies that help all of these different operating departments that all connect, that’s why it’s called Intapp, there’s an integration to this, and they all integrate and talk to each other. And those kinds of insights can inform law firms about the kind of money that they’re spending and the kind of return that they’re getting. And it can be as simple as looking at your marketing campaign open rate for your last email, all the way to looking at some very strategic insights of “here are some spaces or places in our firm where we could be working closer with clients, or an industry where we haven’t saturated as much as we could.” So it can go from tactical to strategic, and that’s what Intapp does. That’s why it’s such an amazing company.

Jennifer Schaller

So is Intapp more process or technology based or kind of marrying the both of them when they work with law firms?

Beth Cuzzone

That’s another great question. So it’s a technology company. And I think the thing I’ve been most surprised with is the brainpower that sits in Intapp and all of the people that are there to help clients successfully deploy, or change management professionals that help you get more engagement at your firm, or help you with use cases of smarter ways to use the technology.

So Intapp sells technology that has professionals that help you with the people in the process as well. It’s a little competitive secret.

Jennifer Schaller

Sounds like a good match. As always, we appreciate Beth’s time sharing her thoughts with us and her experience and kind of the trends that she’s seeing and marrying it with the experience that she’s had over the years. Thank you very much.

Beth Cuzzone

It was so great to see you, Jennifer. So great to see you. Thank you for inviting me and be well. True North.

Conclusion

Thank you for listening to the National Law Review’s Legal News Reach podcast. Be sure to follow us on Apple Podcasts, Spotify, or wherever you get your podcasts for more episodes. For the latest legal news, or if you’re interested in publishing and advertising with us, visit www.natlawreview.com. We’ll be back soon with our next episode.

Copyright ©2022 National Law Forum, LLC

Acronis Reports Ransomware Damages Will Exceed $30B by 2023

In its Mid-Year Cyberthreat Report published on August 24, 2022, cybersecurity firm Acronis reports that ransomware continues to plague businesses and governmental agencies, primarily through phishing campaigns.

According to the report over 600 malicious email campaigns were launched in the first half of 2022, with the goal of stealing credentials to launch ransomware attacks. Other attack vectors included vulnerabilities to cloud-based networks, targeting unpatched or software vulnerabilities, and cryptocurrency and decentralized finance systems.

According to Acronis, “ransomware is worsening, even more so than we predicted.” It estimates that global damages related to ransomware attacks will top $30 billion by 2023.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.

All Federal Research Agencies to Update Public Access Policies

On 25 August 2022, the Office of Science and Technology Policy (OSTP) released a guidance memorandum instructing federal agencies with research and development expenditures to update their public access policies. Notably, OSTP is retracting prior guidance that gave discretion to agencies to allow a 12-month embargo on the free and public release of peer-reviewed publications, so that federal funded research results will be timely and equitably available at no cost. The memo also directs affected agencies to develop policies that:

  1. Ensure public access to scientific data, even if not associated with peer-reviewed publications;
  2. Ensure scientific and research integrity in the agency’s public access by requiring publication of the metadata, including the unique digital persistent identifier; and
  3. Coordinate with OSTP to ensure equitable delivery of federally funded research results and data.

KEY COMPONENTS OF GUIDANCE:

Updating Public Access Policies

Federal agencies will need to develop new, or update existing, public access plans, and submit them to OSTP and the Office of Management and Budget (OMB). Deadlines for submission are within 180 days for federal agencies with more than US$100 million in annual research and development expenditures, and within 360 days for those with less than US$100 million in expenditures.

Agencies will need to ensure that any peer-reviewed scholarly publication is free and available by default in agency-designated repositories without any embargo or delay following publication. Similarly, OSTP expects the access polices to address publication of any other federally funded scientific data, even if not associated with peer-reviewed scholarly publications. As a concession, federal agencies are being asked to allow researchers to include the “reasonable publication costs and costs associated with submission, curation, management of data, and special handling instructions as allowable expenses in all research budgets.1

Ensuring Scientific Integrity

To strengthen trust in governmentally funded research, the new or updated policies must transparently communicate information designed to promote OSTP’s research integrity goals. Accordingly, agencies are instructed to collect and make appropriate metadata available in their public access repositories, including (i) all author and co-author names, affiliations, and source of funding, referencing their digital persistent identifiers, as appropriate; (ii) date of publication; and (iii) a unique digital persistent identifier for research output. Agencies should submit to OSTP and OMB (by 31 December 2024) a second update to their policies specifying the approaches taken to implement this transparency, and publish such policy updates by 31 December 2026, with an effective date no later than one year after publication of the updated plan.

IMPLICATIONS FOR THE NATIONAL INSTITUTES OF HEALTH (NIH), OTHER FEDERAL AGENCIES, AND THEIR GRANTEES

The NIH is expected to update its Public Access Policy, potentially along with its Data Management and Sharing Policy to conform with the new OSTP guidance. Universities, academic medical centers, research institutes, and federally funded investigators should monitor agency publications of draft and revised policies in order to update their processes to ensure continued compliance.

In doing so, affected stakeholders may want to consider and comment to relevant federal agencies on the following issues in their respective public access policy development:

  • Federal agency security practices to prevent foreign misappropriation of research data;
  • Implications for research misconduct investigations and research integrity;
  • Any intellectual property considerations without a 12-month embargo, especially to the extent this captures scientific data not yet published in a peer-review journal; and
  • Costs allowable research budgets to support these data management and submission expectations.

1 Office of Science and Technology Policy, Memorandum for the Heads of Executive Departments and Agencies: Ensuring Free, Immediate, and Equitable Access to Federally Funded Research at p. 5 (25 August 2022) available at https://www.whitehouse.gov/wp-content/uploads/2022/08/08-2022-OSTP-Public-Access-Memo.pdf

Copyright 2022 K & L Gates

Children’s Advertising Rules Apply in the Metaverse Too, CARU Says

CARU, the Children’s Advertising Review Unit of BBB National programs, issued a compliance warning last week reminding industry that the self-regulating body on children’s advertising and privacy intends to enforce its advertising guidelines in the metaverse, just like in the real world.

CARU’s August 23 compliance warning puts companies on notice of what perhaps should have been obvious: its guidelines for advertising to children apply in the metaverse, too. The warning heavily analogizes the metaverse, augmented reality (AR) and virtual reality (VR) worlds to other digital spaces like smartphone apps and online videos. CARU emphasizes the need to:

  • avoid blurring the lines between advertising and non-advertising content;
  • clearly disclose the use of brand-sponsored avatar influencers;
  • avoid manipulative tactics that induce children to view or interact with ads or to make in-game purchases; and
  • use clear, understandable, easily noticeable and prominent disclosures, repeated if necessary to ensure children notice and understand them.

The metaverse is a new area of focus for CARU and BBB National Programs: two recent posts, Know the Rules: How to Be Age Appropriate in the Metaverse and Advertising And Privacy: The Rules Of The Road For The Metaverse, emphasize the need to make sure advertising is truthful, non-deceptive and clearly identifiable as advertising, especially in brand-sponsored worlds. CARU recommends that advertisers and operators anticipate and stay aware of how their child audiences interact with the metaverse experience, including how, when and where ads will be shown to them and how influencers will engage in the space.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.