Category: Technology

Cyber Incident Reporting for Critical Infrastructure Act

On September 12, 2022, the Cybersecurity and Infrastructure Security Agency (“CISA”) released a Request for Information (“RFI”) seeking public input regarding the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”). The public comment period will close on November 14th, 2022. The RFI provides a “non-exhaustive” list of topics on which CISA seeks public input, including:

  • Definitions and criteria of various terms, such as “covered entity,” “covered cyber incident,” “substantial cyber incident,” “ransom payment,” “ransom attack,” “supply chain compromise” and “reasonable belief;”
  • Content of reports on covered cyber incidents and the submission process (e.g., how entities should submit reports, report timing requirements, and which federal entities should receive reports;
  • Any conflict with existing or proposed federal or state cyber incident reporting requirements;
  • The expected time and costs associated with reporting requirements; and
  • Common best practices governing the sharing of information related to security vulnerabilities in the U.S. and internationally.

In March 2022, President Biden signed CIRCIA into law. CIRCIA creates legal protections and provides guidance to companies that operate in critical infrastructure sectors, including a requirement to report cyber incidents within 72 hours, and report ransom payments within 24 hours. The CISA website features more information about the law, the RFI, and a list of public listening sessions with CISA to provide input.

Article By Privacy and Cybersecurity Practice Group at Hunton Andrews Kurth

For more privacy and cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

Tax Credits in the Inflation Reduction Act Aim to Build a More Equitable EV Market

In February of this year, it was high time for me to buy a new car. I had driven the same car since 2008, and getting this-or-that replaced was costing more and more every year. As a first-time car buyer, I had two criteria: I wanted to go fast, and I wanted the car to plug in.

Like many prospective purchasers, I started my search online and by speaking with friends and who drove electric vehicles, or EVs for short. I settled on a plug-in hybrid sedan, reasoning that a plug-in hybrid electric vehicle (PHEV) was the best of both worlds: the 20-mile electric range was perfect for my short commute and getting around Houston’s inner loop, and the 10-gallon gas tank offered freedom to roam. In the eight months since I’ve had the car, I’ve bought less than ten tanks of gas. As the price of a gallon in Texas soared to $4.69 in June, the timing of my purchase seemed miraculous.

When it was time to transact, the dealer made vague mention of rebates and tax credits, but didn’t have a comprehensive understanding of the details. Enter Texas’s Light-Duty Motor Vehicle Purchase or Lease Incentive Program (LDPLIP). Administered by the Texas Commission on Environmental Quality (TCEQ), the program grants rebates of up to $5,000 for consumers, businesses, and government entities who buy or lease new vehicles powered by compressed natural gas or liquefied petroleum gas (propane), and up to $2,500 for those who buy or lease new EVs or vehicles powered by hydrogen fuel cells.

Rebates are only available to purchasers who buy or lease from dealerships (so some of the most popular EVs in the U.S. don’t qualify). There is no vehicle price cap, nor is there an income limit for purchasers. In June of 2022, the average price for a new electric vehicle was over $66,000, according to Kelley Blue Book estimates. But the median Texan household income (in 2020 dollars) for 2016-2020 was $63,826.

According to the grant specialist to whom I initially sent my application, the TCEQ has received “a vigorous response” from applicants, however, the TCEQ is limited in the number of rebate grants that it can award: 2,000 grants for EVs or vehicles powered by hydrogen fuel cells, and 1,000 grants for vehicles powered by compressed natural gas or liquefied petroleum gas (propane).

The grant period in Texas ends on January 7, 2023, but on July 5, 2022, the TCEQ suspended acceptance of applications for EVs or vehicles powered by hydrogen fuel cells. As of the writing of this post, the total number of applications received and reservations pending on the program’s website is 2,480.

In comparison with Texas’s rebate program, the EV tax credits in the Inflation Reduction Act of 2022 demonstrate a commitment to building a more equitable EV market. While EVs may be cheaper to own than gas-powered vehicles—especially when gas prices are high—a lot of lower and middle-income families have historically been priced out of the EV market. The IRA takes several meaningful steps towards accessibility and sustainability for a more diverse swath of consumers:

  • Allows point-of-sale incentives starting in 2024. Purchasers will be able to apply the credit (up to $7,500) at the dealership, and because sticker price is such an important factor for so many purchasers, this incentive will make buying an EV more attractive up front.
  • Removes 200,000 vehicle-per-manufacturer cap. Some American manufacturers are already past the maximum. Eliminating the cap means bringing back the tax credit for many popular and affordable EVs, which should attract new buyers.
  • Creates income and purchase price limits. SUVs, vans, and pickup trucks under $80,000, and all other vehicles (e.g. sedans) under $55,000, will qualify for the EV tax credit. For new vehicles, purchaser income will be subject to an AGI cap: $150,000 for individuals and $300,000 for a joint filers.
  • Extends the tax credit to pre-owned EVs. As long as the purchase price does not exceed $25,000, purchasers of pre-owned EVs (EVs whose model year is at least two years earlier than the calendar year in which the purchase occurs) will receive a tax credit for 30% of the sale price up to $4,000. The income cap for pre-owned EVs is $75,000 for individuals and $150,000 for a joint filers.

A purchaser who qualifies under both programs can get both incentives. Comparing Texas’s state government-level incentives and those soon to be offered at the federal level reveals a few telling differences—new vs. used, income caps, purchase price caps, post-purchase rebates vs. up-front point-of-sale incentives—but the differences all fall under the same umbrella: equity. The IRA’s tax credits are designed, among other things, to make purchasing an EV more attractive to a wider audience.

Of course, the EV incentive landscape has greatly changed since the Energy Improvement and Extension Act of 2008 first granted tax credits for new, qualified EVs. The LDPLIP wasn’t approved by the TCEQ until late 2013, so the U.S. government has arguably had more time to get it right. Some might say that the fact that Texas’s program offers the purchaser of the $150,000+ PHEV the same opportunity to access grant funds as the purchaser of the $30,000 EV means that the LDPLIP is even more “equal.”

It is worth noting that the IRA also sets a handful of production and assembly requirements. For instance, to qualify for the credit, a vehicle’s final assembly must occur in North America. Further, at least 40% the value of the critical minerals contained in the vehicle’s battery must be “extracted or processed in any country with which the United States has a free trade agreement in effect” or be “recycled in North America”—and this percentage increases each year, topping out at 80% in 2027. There is also a rising requirement that 50% of the vehicle’s battery components be manufactured or assembled in North America, with the requirement set to hit 100% in 2029. It is unclear whether automotive manufacturers and the U.S. critical mineral supply chains will be able to meet these targets—and that uncertainty may cause a potential limiting effect on the options a purchaser would have for EVs that qualify for the tax credit.

Time will tell whether the intentions behind the EV tax credits in the IRA have the effect that this particular blogger and PHEV owner is hoping for. While we wait to see whether this bid at creating an equitable EV market bears fruit, we can at least admire this attempt at, as the saying goes, “giving everyone a pair of shoes that fits.”

Article By Dania Abbasi of Foley & Lardner LLP

For more energy and environment legal news, click here to visit the National Law Review.

© 2022 Foley & Lardner LLP

NYC Issues Proposed Rules for Its Automated Employment Decision Tools Law

On Friday, September 23, 2022, the New York City Department of Consumer and Worker Protection (“DCWP”) releasedNotice of Public Hearing and Opportunity to Comment on Proposed Rules related to its Automated Employment Decision Tool law (the “AEDT Law”), which goes into effect on January 1, 2023. As we previously wrote, the City passed the AEDT Law to regulate employers’ use of automated employment decision tools, with the aim of curbing bias in hiring and promotions; as written, however, it contains many ambiguities, which has left covered employers with open questions about compliance.

The proposed rules are intended to clarify the requirements for the use of automated employment decision tools within New York City, the definitions of key terms in the AEDT law, the notices to employees and applicants regarding the use of the tool, the bias audit for the tool, and the required published results of the bias audit.

The DCWP’s public hearing on the proposed rules and deadline for comments are October 24, 2022. Although the proposed rules may be modified prior to adoption, the following summarizes the key provisions.

“Substantially assist or replace discretionary decision making”

The AEDT Law applies to an automated decision tool that is used “to substantially assist or replace discretionary decision making.” It does not, however, specify the type of activities that constitute such conduct or what particular AI-powered employment tools are covered by the law.

The proposed rules attempt to provide guidance on this issue by defining “substantially assist or replace discretionary decision-making” as one of the following actions:

  1. relying solely on a simplified output (score, tag, classification, ranking, etc.), without considering other factors; or
  2. using a simplified output as one of a set of criteria where the output is weighted more than any other criterion in the set; or
  3. using a simplified output to overrule or modify conclusions derived from other factors including human decision-making.

“Bias Audit”

Pursuant to the AEDT Law, before using an automated employment decision tool, a covered employer or employment agency must subject the tool to a “bias audit” no more than one year prior to the use of the of the tool.  The law explains that “bias audit” means an “impartial evaluation by an independent auditor,” but does not otherwise specify who or what constitutes an “independent auditor” or what the “bias audit” must contain. The proposed rules address these gaps.

First, the proposed rules define “independent auditor” as “a person or group that is not involved in using or developing an [automated employment decision tool] that is responsible for conducting a bias audit of such [tool].” This definition does not specify that the auditor must be a separate legal entity from the creator or vendor of the tool and therefore suggests that it may be acceptable for the auditor to be employed by the organization using the tool, provided the auditor does not use and has not been involved in developing the tool.

Second, the proposed rules state that the required contents of a “bias audit” will depend on how the employer or employment agency uses the tool.

If the tool selects individuals to move forward in the hiring process or classifies individuals into groups, the “bias audit,” at a minimum, would need to:

  1. calculate the selection rate for each category;
  2. calculate the impact ratio for each category; and
  3. where the tool classifies candidates into groups, the bias audit must calculate the selection rate and impact ratio for each classification.

If the automated employment decision tool merely scores candidates, the “bias audit” at a minimum, would need to:

  1. calculate the average score for individuals in each category; and
  2. calculate the impact ratio for each category.

The preamble to the proposed rules makes clear that DCWP intends these calculations to be consistent with the Uniform Guidelines on Employee Selection Procedures (“UGESP”), 29 C.F.R. § 1607.4, and borrows concepts from the framework established by the UGESP in the definitions of “impact ratio” and “selection rate.”

Under the AEDT Law, upon completion of a bias audit, and prior to using the automated employment decision tool, covered employers and employment agencies must make the date and summary of the results of the bias audit publicly available on the careers or job section of their website in a clear and conspicuous manner. The proposed rules clarify that publication may be made via an active hyperlink to a website containing the required information, as long as the link is clearly identified as linking to the results of the bias audit. The required information must remain posted for at least six months after the covered employer or employment agency uses the tool for an employment decision.

Required Notices

The AEDT Law also specifies that employers and employment agencies must notify candidates for employment and employees who reside in New York City as follows:

  1. at least ten business days prior to using an automated decision tool, that such a tool will be used to assess or evaluate the candidate or employee, and allow the individual to request an alternative selection process or accommodation;
  2. at least ten business days prior to use, the job qualifications and characteristics that the tool will use in the assessment or evaluation; and
  3. if not disclosed on the employer or employment agency’s website, information about the type of data collected for the tool, the source of such data, and the employer or employment agency’s data retention policy shall be available upon written request by the individual and be provided within thirty days of the written request.

Covered employers and employment agencies have expressed concern about the practical and administrative difficulties of providing the above notices in the fast-paced environment of today’s recruiting and hiring.

In apparent response to these concerns, the proposed rules clarify that the employer or employment agency may provide the notices required by paragraphs (1) and (2) by:

  1. (a) in the case of candidates, including notice on the careers or jobs section of its website at least ten business days prior to the use of the tool, and (b) in the case of employees, including notice in a written policy or procedure that is provided to employees at least ten business days prior to use;
  2. including notice in a job posting at least ten days prior to using the tool; or
  3. (a) in the case of candidates, providing notice via U.S. mail or email at least ten business days prior to use of the tool; and (b) in the case of employees, providing written notice in person, via U.S. mail, or email at least ten business days prior to use.

In short, under the proposed rule, an employer or employment agency could comply with the AEDT Law by providing the required notice when first posting the job.

With respect to the notice requirement in paragraph (3), the proposed rules state that an employer or employment agency must provide notice to covered individuals by including notice on the careers or jobs section of its website, or by providing written notice in person, via U.S. mail, or by email within 30 days of receipt of a written request for such information. If notice is not posted on the website, the employer or agency must post instructions for how to make a written request for such information on its careers or job section of the website.

Finally, although the AEDT Law requires an employer or employment agency to allow covered individuals to request an alternative selection process, the proposed rules state that nothing requires an employer or employment agency to provide an alternative selection process.

Article By Adam S. Forman, Nathaniel M. Glasser, Robert J. O’Hara, Alexander J. Franchilli, and Ridhi D. Madia of Epstein Becker & Green, P.C.

For more labor and employment legal news, click here to visit the National Law Review.

©2022 Epstein Becker & Green, P.C. All rights reserved.

OCR Announces $300,000 Settlement Related to Improper Disposal of Physical PHI

On August 23, 2022, the U.S. Department of Health & Human Services, Office for Civil Rights (“HHS”) announced that it had settled a case involving the disposal of physical protected health information (“PHI”).

OCR alleged that, on March 31, 2021, a specimen containing PHI was found by a third-party security guard in the parking lot of the New England Dermatology and Laser Center (“NEDLC”). The PHI included patient name, patient date of birth, date of sample collection, and the name of the provider who took the specimen, in violation of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

As part of the settlement, NEDLC agreed to pay HHS $300,640. According to NEDLC’s Resolution Agreement and the Corrective Action Plan, there were two potential violations by NEDLC. First, NEDLC allegedly failed to maintain appropriate safeguards to protect the privacy of PHI,” as required by 45 C.F.R. § 164.530(c). Second, NEDLC allegedly permitted the impermissible disclosure of PHI, in violation of Rule 45 C.F.R. § 164.502(a). The Corrective Action Plan requires NEDLC to develop, maintain and appropriately revise written policies and procedures in accordance with HIPAA.

Several highlights of the settlement include:

  1. Changes to Policies and Procedures. NEDLC must develop, maintain and revise, as necessary, its written HIPAA policies and procedures, and provide such policies and procedures to HHS for review and approval. NEDLC also must assess, update and revise, as necessary, such policies and procedures at least annually, or as needed, and seek HHS’s approval of the revised policies and procedures.
  2. Designation of Privacy Official. NEDLC must designate a privacy official who is responsible for the development and implementation of NEDLC’s HIPAA policies and procedures, and a contact person or office who is responsible for receiving relevant complaints.
  3. Training Requirements. NEDLC must provide HHS with training materials for its workforce members and seek HHS’s approval of such training materials. NEDLC must also distribute the HIPAA policies and procedures to its workforce members and relevant business associates, and obtain a written compliance certification from all such individuals. NEDLC must provide HIPAA training for new workforce members, and all workforce members at least every 12 months. Each workforce member must certify, in electronic or written form, that they received training. NEDLC must review the training at least annually, and update the training where appropriate. NEDLC must promptly investigate, review, report to HHS, and sanction any workforce member that does not comply with its HIPAA policies and procedures.
  4. Implementation Report and Annual Report.  NEDLC is required to submit to HHS a written report summarizing the status of its implementation of the requirements provided set forth in the settlement, and annual compliance reports.

For more Health Care legal news, click here to visit the National Law Review.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

Reinventing the American Road Trip: What the Inflation Reduction Act Means for Electric Vehicle Infrastructure

The Inflation Reduction Act of 2022 (“IRA”) signifies a turning point in domestic efforts to tackle climate change. Within the multibillion-dollar package are robust investments in climate mitigation initiatives, such as production tax credits, investment tax credits for battery and solar cell manufacturers, tax credits for new and used electric vehicles (“EV”)1, automaker facility transition grants, and additional financing for the construction of new electric vehicle manufacturing facilities.2 One thing is abundantly clear, the IRA’s focus on stimulating domestic production of electric vehicles means that the marketplace for electric vehicles will see a dramatic change. The Biden Administration has set an ambitious target of 50% of EV sale shares in the U.S. by 2030. However, if electric vehicles are going to achieve mass market adoption, a central question remains — where is the infrastructure to support them?

Addressing gaps in EV Supply and EV Infrastructure

As it stands, the shortage of charging infrastructure is a substantial barrier in the push for mass consumer adoption of EVs.3 Experts estimate that in order to meet the Biden Administration’s EV sale target by 2030, America would require 1.2 million public EV chargers and 28 million private EV chargers by that year.4 Department of Energy data shows that approximately 50,000 EV public charging sites are currently operational in the United States.5 In comparison, gasoline fueling stations total more than 145,000.6 However, federal legislation such as the Bipartisan Infrastructure Law (“BIL”) passed earlier this year signifies a clear commitment to remedying this disparity. The BIL establishes a National Electric Vehicle Infrastructure Formula Program (“NEVI”) to provide funding to States and private entities to deploy EV-charging infrastructure and to establish an interconnected network to facilitate “data collection, access and reliability.”7 The Federal Highway Administration, the federal agency charged with implementing NEVI, proposed minimum standards and requirements that states must meet to spend NEVI funds:

  • Installation, operation and maintenance by qualified technicians of EV infrastructure

  • Interoperability of EV charging infrastructure

  • Network connectivity of EV charging infrastructure

  • Data collection pertaining to pricing, real-time availability and accessibility8

The goal of the proposed rule is to secure EV charging infrastructure that works seamlessly for industrial, commercial and consumer drivers. Combining the historic investments in clean energy and climate infrastructure in the BIL and IRA, the federal government has jumpstarted what will be a fundamental shift in how consumers use transportation. Earlier this week, the Biden Administration announced more than two-thirds of EV Infrastructure Deployment Plans from States, the District of Columbia and Puerto Rico have been approved ahead of schedule under NEVI.9 With this early approval, these states can now unlock more than $900 million in NEVI funding from FY22 and FY23 to help build EV chargers across highways throughout the country.10

Section 13404’s Alternative Fuel Refueling Property Credit

Building up the U.S. capacity to build EVs, and then ensuring people can use said vehicles more easily by shoring up EV infrastructure is a crucial facet of the Inflation Reduction Act. Section 13404 of the IRA provides an Alternative Fuel Refueling Property Credit that targets the accelerated installation of EV charging infrastructure and assets.11 Section 13404 extends existing alternative fuel vehicle refueling property credit through 2032, and significantly restructures the credit by allowing taxpayers to claim a base credit of 6% for expenses up to $100,000 (for each piece refueling property located at a given facility) so long as the property is placed in service before Jan. 1, 2033.12 However, the alternative fuel property must be manufactured for use on public streets, roads and highways, but only if they are (1) intended for general public use, or (2) intended for exclusive use by government or commercial vehicles and (3) must be located in a qualifying census tract (i.e., low-income communities or non-urban areas).13 From a job creation standpoint, the IRA also provides an alternative bonus credit for taxpayers that meet certain wage requirements during the construction phase.14

The Future of EV Infrastructure

EV stations in city streets, parking garages and gas stations will become a prominent part of the nation’s infrastructure as it moves towards a green future. The effort will require coordination among municipal, state and federal policymakers. Even more, electric utilities must ensure that local infrastructure can support the additional strain on the grid. Utilities also have a direct interest in a cleaner, efficient, and less overburdened grid. Federal tax incentives, like the IRA, and subsides from states and local ordinances are integral to the implementation and construction of these networks. The private sector has already taken steps to do its part. In a recent study conducted by consulting company AlixPartners, as of June 2022, automakers and suppliers expect to invest at least $526 billion to fund the transition from gasoline powered vehicles to EVs through 2026.15 This is double the five-year EV investment forecast of $234 billion from 2020-2024.16 Even more, according to Bloomberg, not including deals that have disclosed financials, more than $4.8 billion has already been invested in the EV charging industry this year in the form of debt financing and acquisitions.17 Driven by fast growth and robust availability of government funds, financiers and large companies seeking to acquire EV charging companies, sense immense opportunity.18

FOOTNOTES

1“Electric Vehicle” is used interchangeably with the acronym “EV” throughout this article.

Isaacs-Thomas, I. (2022, August 11). What the Inflation Reduction act does for green energy. PBS. https://www.pbs.org/newshour/science/what-the-inflation-reduction-act-do…

3 Consumer Reports (2022, April). Breakthrough Energy: A Nationally Representative Multi-Mode Survey. https://article.images.consumerreports.org/prod/content/dam/surveys/Cons…

4 Kampshoff, P., Kumar, A., Peloquin, S., & Sahdev, S. (2022, August 31). Building the electric-vehicle charging infrastructure America needs. McKinsey & Company. https://www.mckinsey.com/industries/public-and-social-sector/our-insight…

5 U.S Department of Energy. (2022). Alternative Fueling Station Locator. Alternative Fuels Data Center: Alternative Fueling Station Locator. https://afdc.energy.gov/stations/#/find/nearest?fuel=ELEC&ev_levels=all&…

6 American Petroleum Institute. (n.d.). Service station FAQs. Energy API. https://www.api.org/oil-and-natural-gas/consumer-information/consumer-re…

7 U.S. Department of Transportation/Federal Highway Administration. (n.d.). Bipartisan Infrastructure Law – National Electric Vehicle Infrastructure (NEVI) formula program fact sheet: Federal Highway Administration. U.S. Department of Transportation/Federal Highway Administration. https://www.fhwa.dot.gov/bipartisan-infrastructure-law/nevi_formula_prog…

8 The Office of the Federal Register of the National Archives and Records Administration and the U.S. Government Publishing Office. (2022, June 22). National Electric Vehicle Infrastructure Formula Program. Federal Register. https://www.federalregister.gov/documents/2022/06/22/2022-12704/national…

United States Department of Transportation. (2022, September 14). Biden-Harris Administration announces approval of First 35 state plans to build out EV charging infrastructure across 53,000 miles of Highways. United States Department of Transportation. https://highways.dot.gov/newsroom/biden-harris-administration-announces-…

10 See Id.

11 As a note, “refueling property” is property used for the storage or dispensing of clean-burning fuel or electricity into the vehicle fuel tank or battery.  Clean-burning fuels include CNG, LNG, electricity, and hydrogen.

12 Inflation Reduction Act of 2022, H.R. 5376, 117th Cong. § 13404 (2022); See also Wells Hall III, C., Holloway, M. D., Wagner, T., & Baldwin, E. (2022, August 10). Nelson Mullins tax report–Senate passes Inflation Reduction Act. Nelson Mullins Riley & Scarborough LLP. https://www.nelsonmullins.com/idea_exchange/alerts/additional_nelson_mul…

13  Id.

14  Id.

15 AlixPartners, LLP. (2022, June 22). 2022 Alixpartners global automotive outlook. AlixPartners. https://www.alixpartners.com/media-center/press-releases/2022-alixpartne… See also Lienert, P. (2022, June 22). Electric vehicles could take 33% of global sales by 2028. Reuters. https://www.reuters.com/business/autos-transportation/electric-vehicles-…

16 Id.

17 Fisher, R. (2022, August 16). Electric car-charging investment soars driven by EV Growth, government funds. Bloomberg. https://www.bloomberg.com/news/articles/2022-08-16/car-charging-investme…

18 Id.

Article By Lawrence L. Ostema and Jeffrey E. Joseph of Nelson Mullins

For more utilities and transportation legal news, click here to visit the National Law Review.

Copyright ©2022 Nelson Mullins Riley & Scarborough LLP

911 Network Reliability Deadline Approaching

Earlier this monththe FCC announced that its 2022 911 Reliability Certification System is now open for Covered 911 Service Providers to file annual reliability certifications.  The filings are due on October 17, 2022.  Failure to submit the certification may result in FCC enforcement action.

Background

In 2013, the FCC adopted rules aimed at improving the reliability and redundancy of the nation’s 911 network.  Those rules require Covered 911 Service Providers (“C9SP”) to take steps that promote reliable 911 service with respect to three network elements: circuit auditing, central-office backup power, and diverse network monitoring.  The Commission identified these three network elements as vulnerabilities following a derecho storm in 2012 that significantly impacted 911 service along the eastern seaboard.

Applicability. The rules apply to all C9SPs, which are defined as any entity that provides 911, E911, or NG911 capabilities such as call routing, automatic location information (ALI), automatic number identification (ANI), or the functional equivalent of those capabilities, directly to a public safety answering point (PSAP).

Certification. The rules require C9SPs to certify annually that they have met the FCC’s safe harbor provisions for each of these elements or have taken reasonable alternative measures in lieu of those safe harbor protections.  The certification must be made under penalty of perjury by a corporate officer with supervisory and budgetary authority over network operations.

In 2018 and 2020, the FCC sought comment on changes to the 911 reliability certification rules, but the rules have not yet been updated as a result of those proceedings.

Enforcement Against Noncompliant Providers

Last year, the FCC entered into eight consent decrees with Covered 911 Service Providers that failed to submit their reliability certifications in 2019, 2020, or both.  A Consent Decree typically requires the recipient to admit it violated an FCC rule, pay a fine to the federal government, and implement a Compliance Plan to guard against future rule violations.  These Compliance Plans required the C9SPs to designate a compliance officer, establish new operating procedures, and develop and distribute a compliance manual to all employees.

Additionally, the providers were required to establish and implement a compliance training program, file periodic compliance reports with the FCC detailing the steps the provider has taken to comply with the 911 rules, and report any noncompliance with 911 rules within 15 days of discovering such noncompliance.

Looking Forward

C9SPs have about one month to confirm compliance with the reliability rules and submit a required certification.  Based on the FCC’s enforcement efforts last year, C9SPs would be well-advised to work diligently to meet this upcoming deadline.

Article By Wesley K. Wright and Liam Fulling of Keller and Heckman LLP.

For more communications and telecom legal news, click here to visit the National Law Review.

© 2022 Keller and Heckman LLP

It’s Time To Review Your Online Patient-User Interface: DOJ Issues New Federal Guidance on Telemedicine and Civil Rights Protections

As online digital health services continue to enjoy broader use and appeal, federal regulators are concerned some telemedicine online patient-user interfaces fail to accommodate persons with disabilities and limited English proficiency. Such failures in “product design” can violate federal civil rights laws and the Americans with Disabilities Act (ADA), according to new policy guidance jointly issued by the U.S. Department of Health and Human Services (HHS) and Department of Justice (DOJ).

The document, Nondiscrimination in Telehealth, is specifically directed to companies offering telemedicine services and instructs such covered entities to immediately take specific steps to comply with the various “accessibility duties” under federal civil rights laws. The guidance focuses on ensuring accessibility for two populations of users: 1) people with disabilities and 2) people with Limited English Proficiency (LEP).

Who is Subject to these Rules?

The guidance refers to “covered entities” subject to these rules. Under the rules, “covered entities” are any health programs and activities receiving federal financial assistance (in addition to programs and activities administered by either a federal executive agency or an entity created by Title I of the Affordable Care Act). While the guidance does not define what constitutes “receiving federal financial assistance”, HHS has historically held that providers who receive federal dollars solely under traditional Medicare Part B were not covered entities. However, a recently-proposed rule suggests HHS will significantly expand the scope of covered entities, and soon. Telemedicine providers should be prepared to comply with these federal laws.

People with Disabilities

The guidance explains that no person with a disability shall – because of the disability – be excluded from participation in or be denied the benefits of the services, programs, or activities of a covered entity, or otherwise be subjected to discrimination by a covered entity. The requirements in the guidance is supported by several federal laws, including the Americans With Disabilities Act, the Affordable Care Act Section 1557, and the Rehabilitation Act Section 504.

Applying these federal civil rights protections to telemedicine services, the guidance states companies must make reasonable changes to their policies, practices, or procedures in order to provide “additional support to patients when needed before, during, and after a virtual visit.”

DOJ and HHS provided the following as examples of such “additional support” obligations:

  • A dermatology practice that typically limits telehealth appointments to 30 minutes may need to schedule a longer appointment for a patient who needs additional time to communicate because of their disability.

  • A doctor’s office that does not allow anyone but the patient to attend telehealth appointments would have to make reasonable changes to that policy to allow a person with a disability to bring a support person and/or family member to the appointment where needed to meaningfully access the health care appointment.

  • A mental health provider who uses telehealth to provide remote counseling to individuals may need to ensure that the telehealth platform it uses can support effective real-time captioning for a patient who is hard of hearing. The provider may not require patients to bring their own real-time captioner.

  • A sports medicine practice that uses videos to show patients how to do physical therapy exercises may need to make sure that the videos have audio descriptions for patients with visual disabilities.

People with LEP

The second area of the guidance is protections for LEP individuals under Title VI of the Civil Rights Act of 1964 (Title VI). Under Title VI, no person shall be discriminated against or excluded from participation in or be denied the benefits of services, programs, or activities receiving federal financial assistance on the basis of race, color, or national origin.

For telemedicine services, the guidance states that the prohibition against national origin discrimination extends to LEP persons. Namely, telemedicine companies must take reasonable steps to ensure meaningful access for LEP persons. Such “meaningful access” includes providing information about the availability of telehealth services, the process for scheduling telehealth appointments, and the appointment itself. In many instances, HHS states, language assistance services are necessary to provide meaningful access and comply with federal law.

These language assistance services can include such measures as oral language assistance performed by a qualified interpreter; in-language communication with a bilingual employee; or written translation of documents performed by a qualified translator

DOJ and HHS provided the following as examples of such “meaningful access” obligations:

  • In emails to patients or social media postings about the opportunity to schedule telehealth appointments, a federally assisted health care provider includes a short non-English statement that explains to LEP persons how to obtain, in a language they understand, the information contained in the email or social media posting.

  • An OBGYN who receives federal financial assistance and legally provides reproductive health services, using telehealth to provide remote appointments to patients, provides a qualified language interpreter for an LEP patient. The provider makes sure that their telehealth platform allows the interpreter to join the session. Due to issues of confidentiality and potential conflicts of interest (such as in matters involving domestic violence) providers should avoid relying on patients to bring their own interpreter.

What if Making These Changes is Expensive?

While not directly addressed in the guidance, the cost for implementing accessibility measures generally falls on the company itself. Federal ADA regulations prohibit charging patients extra for the cost of providing American Sign Language (ASL) interpreters or similar accommodations. In fact, a covered entity may be required to provide an ASL interpreter even if the cost of the interpreter is greater than the fee received for the telemedicine service itself. With respect to LEP interpreters, HHS issued separate guidance stating it is not sufficient to use “low-quality video remote interpreting services” or “rely on unqualified staff” as translators.

However, companies are not required to offer an aid or service that results in either an undue burden on the company or requires a fundamental alteration in the nature of the services offered by the company. This is an important counterbalance in the law. Yet, the threshold for what constitutes an “undue burden” on a company or a “fundamental alteration” to the nature of the services is not bright line and requires a fact-specific assessment under the legal requirements.

Conclusion

Telemedicine companies subject to the guidance should heed the government’s warning and look inward on patient-facing elements. The first step is to simply have the website and app platform reviewed (most particularly the patient online user interface) by a qualified third party to determine if its design and features are sufficiently accessible for people with disabilities, as well as LEP persons. That time is also a prudent opportunity to review the user interface to confirm it complies with state telemedicine practice standards, e-commerce rules, electronic signatures or click-sign laws, and privacy/security requirements. Because these laws have undergone rapid and extensive changes during the Public Health Emergency, it is recommended to conduct these assessments on a periodic/annual basis.

If a company believes the expense of making these product design changes to ensure accessibility would be prohibitively expensive, it should check with experienced advisors to determine if the changes would constitute an “undue burden” or “fundamental alteration.” Otherwise, federal guidance is clear that refusing to make reasonable changes can be a violation of federal civil rights laws.

Article By Kate L. Pamperin, Larry S. Perlman, and Nathaniel M. Lacktman of Foley & Lardner LLP

For more health and telemedicine legal news, click here to visit the National Law Review.

© 2022 Foley & Lardner LLP

FTC Commercial Surveillance and Data Security Forum Highlights Industry and Consumer Perspectives

On September 8, 2022, the Federal Trade Commission hosted a virtual public forum on its Advanced Notice of Proposed Rulemaking (“ANPR”) concerning “commercial surveillance and lax data security.” The forum featured remarks from FTC Chair Lina Kahn, Commissioner Rebecca Kelly Slaughter and Commissioner Alvaro Bedoya, as well as panels with industry leaders and consumer advocates.

Remarks from Chair Khan and Commissioners Slaughter and Bedoya focused on the need for public participation in the rulemaking process and the FTC’s role in privacy regulation in the absence of comprehensive federal legislation. Commissioner Slaughter noted that, until such federal legislation is passed, the FTC will continue to use its Section 5 authority to regulate unfair and deceptive practices related to privacy and data security.

The industry panel was moderated by FTC Senior Advisor Olivier Sylvain and focused in part on how the FTC should structure a potential rule. Multiple industry panelists emphasized the need for rules that limit out-of-context data use or tracking, while still allowing in-context use to as consumers expect. Industry panelists also highlighted the need for heightened rules for “dominant” industry players and financial penalties for bad behaviors.

The consumer advocate panel focused on issues surrounding meaningful consumer consent and the negative effects of commercial surveillance on consumers, such as one-click background checks and demographic-tailored advertising that disproportionately affects minority groups in negative ways. Similar to the industry panel, consumer advocate panelists also highlighted out-of-context data use and dominant industry actors as some of the major issues the FTC should address in its rulemaking.  The FTC will receive public comments on the ANPR until October 21, 2022.

Article By Privacy and Cybersecurity Practice Group of Hunton Andrews Kurth

For more antitrust and FTC legal news, click here to visit the National Law Review.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

A Paralegal’s Guide to Legal Calendar Management

Law firms of all sizes are increasingly relying on legal technology to address their day-to-day responsibilities. From family law to criminal law to personal injury law, law practice management software can help law firms run smoothly and efficiently.

The benefits of this legal technology aren’t limited to lawyers — it extends to the paralegals they work closely with.

The demand for paralegals is growing at an average of 12% each year, and paralegal technology can be used to support their efficiency and workflows. Many of the manual tasks that paralegals do, such as creating, organizing, and filing court documents, can be automated to free time to focus on more critical tasks.

What Do Paralegals Do?

Working under the supervision of an attorney, a paralegal’s work is merged with and used as part of the attorney’s work for the client. Paralegals cannot give legal advice or perform any legal duties that fall under the scope of the licensed attorney, and they must be clear in their non-lawyer status with clients and the public.

The typical duties of a paralegal may include:

  • Conducting client interviews and maintaining client contact

  • Locating and interviewing witnesses

  • Conducting investigations and statistical and documentary research

  • Performing legal research

  • Drafting legal documents, correspondence, and pleadings

  • Summarizing depositions, interrogatories, and testimony

  • Attending executions of wills, real estate closings, depositions, court or administrative hearings, and trials with the attorney

  • Authoring and signing correspondence, as long as the paralegal status is clearly indicated and does not contain independent legal advice or opinions.

In a law firm, a paralegal’s time for legal work — not clerical or administrative work — may be billed to clients the same way as an attorney’s time, but at a lower hourly rate.

The paralegal profession originated in law firms, but now, paralegals may be employed by government organizations, banks, insurance companies, and healthcare providers.

Aside from basic technology tools for sending emails, making calls, or creating documents, there are resources specifically designed for paralegal work. Some of these include:

  • Case management software: One of the responsibilities of a paralegal is helping firms track client case information. Case management software supports paralegals and other staff to collaborate on cases in real time.

  • Billing software: Client billing is a time-consuming process at the end of the billing period. Paralegals may use billing software to help automate bill generation, collection, and review. Online billing allows clients to receive bills directly and gets the firm paid faster.

  • Client intake software: With manual client intake, clients fill out paperwork and the information must be transcribed digitally. This process is inefficient and error-prone, even with a fillable PDF. Automated client intake technology captures vital details for paralegals, and forms can be shared with a link. The information can be synced with other technologies to avoid duplicate data entry.

  • eSignature software: Signatures are required for most legal documents. Instead of hand-signing and scanning documents, e-signature technology allows paralegals to collect, sign, and store documents with a click of a button.

Paralegals may use some or all of these legal technologies, depending on the size of the firm and its practice areas.

Calendar management is the systematic process of organizing tasks, meetings, and events with the goal of maximizing the return on investment for the time put in. The work can be time-consuming, but it’s essential to the function of the firm.

A well-managed calendar should support attorneys to ensure success. Calendar management has the power to make or break the attorney’s daily workflow and long-term success, which is why it’s one of the most important skills for a paralegal to perform effectively.

Legal calendar management is a resource that manages deadlines, meetings, and events in a centralized location. Paralegals, attorneys, and other staff can have shared access and individual alerts or notifications to ensure that crucial tasks never fall through the cracks.

Prior to digital legal calendar management, attorneys had to calculate deadlines manually — a time-consuming and error-prone process. Legal calendar management automatically calculates deadlines to expedite the process and ensure accuracy.

With automated workflows, legal calendar management allows legal professionals to build workflows for each type of case or practice area of the firm.

For busy professionals juggling multiple responsibilities and clients, this ensures that important deadlines are not missed.

Just like you would schedule a meeting or task, paralegals should block focus time to manage and organize their calendars. Use these best practices to simplify how you manage your calendar.

Use a Coding System

Color coding creates an organizational schematic for the calendar. For example, using colors for different categories like client, internal, recurring, reminder, and travel helps everyone quickly identify the tasks that are relevant.

Implement a Centralized, Firm-Wide Calendar

Law firms should have a centralized calendar that’s used throughout the firm and managed by an experienced paralegal. This ensures that the firm staff has access to crucial information and deadlines from anywhere.

The calendar should be flexible and allow for different departments to toggle their view of desired information.

Legal calendars have a lot of moving parts that may involve multiple parties. This is why it’s important to create guidelines or rules for everyone in the firm when updating the calendar. For example, who submits case information? Who verifies the deadlines and completes follow-ups?

Incorporating this information in your firm’s workflows will ensure all staff members understand what they’re responsible for, and when. This process should be standardized, to alleviate bottlenecks or help with onboarding and training new staff.

Get The Entire Firm On Board

A new process takes time to implement and may come with learning curves. However, an efficient, organized legal calendar can’t be accomplished without buy-in across the firm.

There can be friction among staff when implementing new technology, especially if the firm has been more traditional. Take a top-down approach that begins with senior partners and managers. They can take the lead to bring everyone on board and get them excited about the capabilities of the new technology. No one likes change, but preparing the team can reduce friction and make the implementation process more efficient.

But remember, the best technology in the world is still just technology. It’s up to your firm and staff to use it to its fullest. Establishing clear roles and responsibilities for leaders and staff, providing training, and both giving and receiving feedback ensure that the legal calendar management software’s features and tools are used appropriately for your firm’s needs.

Article By Kamron Sanders of PracticePanther

For more business of law legal news, click here to visit the National Law Review.

© Copyright 2022 PracticePanther

Acronis Reports Ransomware Damages Will Exceed $30B by 2023

In its Mid-Year Cyberthreat Report published on August 24, 2022, cybersecurity firm Acronis reports that ransomware continues to plague businesses and governmental agencies, primarily through phishing campaigns.

According to the report over 600 malicious email campaigns were launched in the first half of 2022, with the goal of stealing credentials to launch ransomware attacks. Other attack vectors included vulnerabilities to cloud-based networks, targeting unpatched or software vulnerabilities, and cryptocurrency and decentralized finance systems.

According to Acronis, “ransomware is worsening, even more so than we predicted.” It estimates that global damages related to ransomware attacks will top $30 billion by 2023.

Article By Linn F. Freedman of Robinson & Cole LLP

For more cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.