AI Regulation Continues to Grow as Illinois Amends its Human Rights Act

Following laws enacted in jurisdictions such as ColoradoNew York CityTennessee, and the state’s own Artificial Intelligence Video Interview Act, on August 9, 2024, Illinois’ Governor signed House Bill (HB) 3773, also known as the “Limit Predictive Analytics Use” bill. The bill amends the Illinois Human Rights Act (Act) by adding certain uses of artificial intelligence (AI), including generative AI, to the long list of actions by covered employers that could constitute civil rights violations.

The amendments made by HB3773 take effect January 1, 2026, and add two new definitions to the law.

“Artificial intelligence” – which according to the amendments means:

a machine-based system that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.

The definition of AI includes “generative AI,” which has its own definition:

an automated computing system that, when prompted with human prompts, descriptions, or queries, can produce outputs that simulate human-produced content, including, but not limited to, the following: (1) textual outputs, such as short answers, essays, poetry, or longer compositions or answers; (2) image outputs, such as fine art, photographs, conceptual art, diagrams, and other images; (3) multimedia outputs, such as audio or video in the form of compositions, songs, or short-form or long-form audio or video; and (4) other content that would be otherwise produced by human means.

The plethora of AI tools available for use in the workplace continues unabated as HR professionals and managers vie to adopt effective and efficient solutions for finding the best candidates, assessing their performance, and otherwise improving decision making concerning human capital. In addition to understanding whether an organization is covered by a regulation of AI, such as HB3773, it also is important to determine whether the technology being deployed also falls within the law’s scope. Assuming the tool or application is not being developed inhouse, this analysis will require, among other things, working closely with the third-party vendor providing the tool or application to understand its capabilities and risks.

According to the amendments, covered employers can violate the Act in two ways. First, an employer that uses AI with respect to – recruitment, hiring, promotion, renewal of employment, selection for training or apprenticeship, discharge, discipline, tenure, or the terms, privileges, or conditions of employment – and which has the effect of subjecting employees to discrimination on the basis of protected classes under the Act may constitute a violation. The same may be true for employers that use zip codes as a proxy for protected classes under the Act.

Second, a covered employer that fails to provide notice to an employee that the employer is using AI for the purposes described above may be found to have violated the Act.

Unlike the Colorado or New York City laws, the amendments to the Act do not require a impact assessment or bias audit. They also do not provide any specifics concerning the notice requirement. However, the amendments require the Illinois Department of Human Rights (IDHR) to adopt regulations necessary for implementation and enforcement. These regulations will include rules concerning the notice, such as the time period and means for providing same.

We are sure to see more regulation in this space. While it is expected that some common threads will exist among the various rules and regulations concerning AI and generative AI, organizations leveraging these technologies will need to be aware of the differences and assess what additional compliance steps may be needed.

Jackson Lewis P.C. © 2024

FCC’s New Notice of Inquiry – Is This Big Brother’s Origin Story?

The FCC’s recent Notice of Proposed Rulemaking and Notice of Inquiry was released on August 8, 2024. While the proposed Rule is, deservedly, getting the most press, it’s important to pay attention to the Notice of Inquiry.

The part which is concerning to me is the FCC’s interest in “development and availability of technologies on either the device or network level that can: 1) detect incoming calls that are potentially fraudulent and/or AI-generated based on real-time analysis of voice call content; 2) alert consumers to the potential that such voice calls are fraudulent and/or AI-generated; and 3) potentially block future voice calls that can be identified as similar AI-generated or otherwise fraudulent voice calls based on analytics.” (emphasis mine)

The FCC also wants to know “what steps can the Commission take to encourage the development and deployment of these technologies…”

The FCC does note there are “significant privacy risks, insofar as they appear to rely on analysis and processing of the content of calls.” The FCC also wants comments on “what protections exist for non-malicious callers who have a legitimate privacy interest in not having the contents of their calls collected and processed by unknown third parties?”

So, the Federal Communications Commission wants to monitor the CONTENT of voice calls. In real-time. On your device.

That’s not a problem for anyone else?

Sure, robocalls are bad. There are scams on robocalls.

But, are robocalls so bad that we need real-time monitoring of voice call content?

At what point, did we throw the Fourth Amendment out of the window and to prevent what? Phone calls??

The basic premise of the Fourth Amendment is “to safeguard the privacy and security of individuals against arbitrary invasions by governmental officials.” I’m not sure how we get more arbitrary than “this incoming call is a fraud” versus “this incoming call is not a fraud”.

So, maybe you consent to this real-time monitoring. Sure, ok. But, can you actually give informed consent to what would happen with this monitoring?

Let me give you three examples of “pre-recorded calls” that the real-time monitoring could overhear to determine if the “voice calls are fraudulent and/or AI-generated”:

  1. Your phone rings. It’s a prerecorded call from Planned Parenthood confirming your appointment for tomorrow.
  2. Your phone rings. It’s an artificial voice recording from your lawyer’s office telling you that your criminal trial is tomorrow.
  3. Your phone rings. It’s the local jewelry store saying your ring is repaired and ready to be picked up.

Those are basic examples, but for them to someone to “detect incoming calls that are potentially fraudulent and/or AI-generated based on real-time analysis of voice call content”, those calls have to be monitored in real-time. And stored somewhere. Maybe on your device. Maybe by a third-party in their cloud.

Maybe you trust Apple with that info. But, do you trust someone who comes up with fraudulent monitoring software that would harvest that data? How do you know you should trust that party?

Or you trust Google. Surely, Google wouldn’t use your personal data. Surely, they would not use your phone call history to sell ads.

And that becomes data a third-party can use. For ads. For political messaging. For profiling.

Yes, this is extremely conspiratorial. But, that doesn’t mean your data is not valuable. And where there is valuable data, there are people willing to exploit it.

Robocalls are a problem. And there are some legitimate businesses doing great things with fraud detection monitoring. But, a real-time monitoring edict from the government is not the solution. As an industry, we can be smarter on how we handle this.

© 2024 Troutman Amin, LLP
For more on the FCC, visit the NLR Communications Media Internet section

DOJ Implements New Whistleblower Reward Program

Companies who submit healthcare claims to private payors, provide financial services to customers, interact with domestic or foreign public officials, or otherwise operate in highly regulated industries should take note that the Department of Justice (DOJ) has taken another significant step in its ongoing effort to encourage new whistleblowers with information about potential corporate criminal malfeasance to report that information to the government. On August 1, 2024, the DOJ announced its long awaited Corporate Whistleblower Awards Program. The program seeks to fill “gaps” in existing whistleblower programs by providing awards of up to 30% of forfeited proceeds for reporting criminal conduct that is not otherwise covered by an existing system for awarding whistleblowers. The silver lining for companies is that the program incentivizes the whistleblowers to cooperate with the company’s internal compliance function. DOJ also provides for a presumptive declination of criminal charges for companies that self-report to DOJ within 120 days of the time the issue is first raised internally by the whistleblower, providing strong incentives for companies to investigate issues quickly.

The program represents the DOJ’s latest effort to increase the number of voluntary self-disclosures of corporate criminal activity. In January 2023, the DOJ announced its revised Corporate Enforcement and Voluntary Self Disclosure Policy, which sought to expand the incentives for companies to voluntarily self-disclose misconduct, cooperate with DOJ investigations, and take prompt and full remedial measures. The policy’s primary incentive was the prospect of a presumed declination for companies who followed its mandates.

As we discussed in a previous post, efforts to increase voluntary self-disclosures continued in April 2024 when the DOJ launched a Pilot Program on Voluntary Self Disclosures for Individuals. That initiative expanded the scope of potential whistleblowers by including those complicit in wrongdoing, granting them eligibility for immunity from prosecution in return for reporting the activity. In substance, that structure incentivized both individual wrongdoers and the corporations for whom they worked to be the first to report criminal activity. By pitting the would-be whistleblowers and the companies against each other, the DOJ effectively constructed a prisoners’ dilemma where the government stood to benefit regardless of which party acted first.

The program is a different verse from the same hymnal. It offers a different (but more traditional) incentive for whistleblowers – the opportunity for financial reward – while maintaining the goal of increasing the number of voluntary self-disclosures. The program seeks to achieve that objective by motivating those who are aware of misconduct, but perhaps are otherwise unable to qualify for a bounty under the current framework or otherwise uninterested in reporting the activity without a personal benefit.

The Basic Framework

Under the program, eligible individuals who voluntarily provide original information to the government in certain areas of focus and cooperate with the resulting investigation stand to receive 30% of any criminal or civil forfeitures over $1 million in accordance with a defined payment priority. The program lays out a basic structure for determining whether an individual is entitled to an award, but also affords the DOJ substantial discretion in deciding whether to make such awards, and in what amount. The key elements are:

  • Areas of focus – The program identifies four subject matter areas: 1) violations by financial institutions, their insiders and agents involving money laundering, fraud, and fraud against or non-compliance with regulators; 2) foreign corruption and bribery and violations of money laundering statutes; 3) domestic corruption violations including bribes and kickbacks paid to domestic public officials; and 4) healthcare offenses involving private or non-public healthcare benefit programs and fraud against patients, investors or other non-governmental entities in the healthcare industry, or other violations of federal law not covered by the federal False Claims Act (FCA).
  • Eligible individuals – The program excludes several categories of individuals, including those eligible to report under other whistleblower programs and those who “meaningfully participated” in the criminal activity reported (although those who played a “minimal role” can still participate).
  • “Original information” – Essentially, independent non-public knowledge or analysis in the individual’s possession is considered “original” information. Notably, information can be deemed “original” if it “materially adds to the information that the Department already possesses.” Information that the individual has already reported through the company’s internal whistleblower, legal or compliance procedures can still be deemed “original,” provided the individual also reports that information to the government within 120 days of reporting internally. Privileged information is not considered “original” unless the crime, fraud or other exception to state attorney conduct rules apply.
  • “Voluntary” submission – The information must be reported before the DOJ or any federal law enforcement or civil enforcement agency initiates any inquiry relating to the subject matter.
  • “Cooperation” – Individuals who report must also cooperate fully with the DOJ’s investigation, including by participating in interviews, testifying before a grand jury or at trial, producing documents and, if requested, working in a “proactive manner” with federal law enforcement. This could include clandestine activities to gather evidence, such as recording phone calls or wearing a wire.
  • Criteria for determining amount of award – The program lists several factors that could militate in favor of increasing or decreasing the whistleblower’s financial award. Increases may be justified by the significance of the information provided, by the nature and extent of assistance provided, and, notably, by participation in internal compliance programs. Decreases may be appropriate where the reporting individual was a minimal participant in the underlying activity, or where the individual unreasonably delayed reporting, interfered with the company’s internal compliance and reporting systems, or had management or oversight responsibilities over the offices or personnel involved in the conduct.
  • Payment priority – When the victim is an individual, he or she must first be compensated “to the fullest extent possible” before a whistleblower can recover. When the victim is a corporate entity or government agency, the whistleblower jumps the line and is compensated first.
  • Relationship to the Corporate Enforcement and Voluntary Self Disclosure Policy – While the program incentivizes whistleblower reports to the DOJ, a simultaneous amendment to the self-disclosure policy provides that “if a whistleblower makes both an internal report to a company and a whistleblower submission” to the DOJ, companies who self-report that conduct within 120 days of the internal report “will still qualify for a presumption of a declination[.]” This amendment underscores the DOJ’s focus on increasing self-disclosures, inasmuch as it effectively removes the need for them to be truly “voluntary.” A company that receives a complaint through its whistleblower program may still be eligible under the self-disclosure policy even if the individual has already reported the conduct to the DOJ, but it has a limited time to investigate and decide whether to self-report the conduct.

Key Takeaways

Reading the tea leaves, we see several potentially significant takeaways for companies evaluating the program’s likely impact.

  1. As a starting point, companies should evaluate whether and to what extent their operations create new reporting opportunities under the program, and thus necessitate action. That process should involve answering the following questions:
    • Does the company operate in one of the areas of focus? If so, the program creates new opportunities and incentives for whistleblowers, and the company must assess whether it is prepared to address an increase in reports and to recognize that a reporter may have already disclosed information to the DOJ.
    • Is the company publicly traded? If so, the company is already subject to the Sarbanes-Oxley Act (SOX), which should mean that systems are already in place to receive, investigate and determine whether to take action, including potentially making a voluntary self-disclosure. The program provides an opportunity to reassess the efficacy of those systems but should not necessarily require the creation of new ones. Note that even those companies with existing whistleblower programs should consider the need to expand those systems to cover new areas of focus. For example, a company with a SOX whistleblower policy should consider the need to expand its scope to cover domestic corruption violations, which may not otherwise be covered.
    • Does the company submit claims to government payors? If so, it is already subject to the FCA and should already have a system in place to analyze internal compliance concerns. If that system focuses on or prioritizes issues regarding government payors, the company should expand its focus to include claims and conduct regarding private payors, which may now be subject to whistleblower bounties under the program.
  2. For privately held companies operating in the areas of focus that are not subject to the FCA, the program necessitates a thorough and candid assessment of the risk the program creates. Depending on the extent of that danger, companies should consider the following measures:
    • Create, or enhance as necessary, internal reporting mechanisms to receive and evaluate whistleblower reports.
    • Publicize the company’s expectation that employees should promptly report concerns internally about potential violations of law or company policy, making clear that no retaliation will result from reports made in good faith.
    • Design a process for investigating whistleblower reports based on their nature and seriousness. Establish criteria for identifying those that can be investigated by HR, those that require the involvement of in-house counsel, and those that must be handled by outside counsel. If there is any possibility of criminal exposure, ensure an appropriate investigation is conducted and concluded in time to allow the company to determine whether to self-report in the 120-window for a presumptive declination.
  3. All companies should have in place a system for quickly and accurately evaluating whether to voluntarily self-disclose violations. This process is a multi-factor calculus that considers a range of factors, including primarily the merits of the underlying information and the amount of financial loss or gain that resulted. While decision-making in this context varies by situation, one essential element remains constant: the need for accurate information regarding the nature, scope and effect of the underlying conduct.

Only time will tell exactly how the program will impact the number and nature of whistleblower reports. But companies can take practical steps now to gauge whether and to what extent they are likely to be affected and begin installing the measures necessary to minimize the risk that might otherwise result.

Listen to this post 

© 2024 Bradley Arant Boult Cummings LLP
For more on Whistleblowers, visit the NLR Criminal Law Business Crimes section

It’s Official – BIPA’s “Per-Scan” Damages Are Out; Electronic Signatures Are In

If you heard a collective sigh of relief last week, it was probably businesses reacting as Illinois Governor Pritzker finally signed Senate Bill 2979, officially reforming BIPA for the first time since 2008. As a reminder, SB 2979 was passed back in May, but has been awaiting the Governor’s signature.

This development is significant for two reasons. First, the new law prohibits the recovery of “per-scan” damages. This means that if a business collects or discloses an individual’s biometric data without consent, then that business is only liable for one BIPA violation as to that individual. In 2023, the Illinois Supreme Court’s decision in Cothron v. White Castle Systems decided that violations were accrued on a “per-scan” basis, leading to an outpouring of claims. This law effectively overrules that decision. Second, the bill permits businesses to fulfill the “written release” requirement for consent via “electronic signature.” This will make it easier for businesses to collect – and individuals to provide – consent for the collection and retention of biometric information.

Putting it into Practice: These amendments became effective on August 2, 2024. Businesses that anticipated costly litigation from a “per-scan” BIPA demand may have cause for relief. However, the prohibition on “per-scan” damages may not apply retroactively to pending BIPA actions. Additionally, businesses can reconfigure their consent flows to enable electronic signatures.

Listen to this post here

by: David M. Poell Kathryn Smith of Sheppard, Mullin, Richter & Hampton LLP

For more news on the Illinois Biometric Information Privacy Act (BIPA), visit the NLR Consumer Protection section.

OSHA Proposes New, Far-Reaching Workplace Heat Safety Rule

In July 2024, the Department of Labor’s Occupational Safety and Health Administration (OSHA) announced a proposed rule (the “Proposed Rule” or “Rule”) aimed at regulating and mitigating heat-related hazards in the workplace. If enacted, the long-anticipated Rule will have far-reaching impacts on businesses with employees who work in warm climates or who are otherwise exposed to heat-related hazards.

According to OSHA, out of all hazardous weather conditions, heat is the leading cause of death in the U.S. The Proposed Rule seeks to protect employees from hazards associated with high heat in the workplace and would apply to both indoor and outdoor work settings. Among other requirements, the Proposed Rule would mandate that employers evaluate heat-related workplace hazards and implement a Heat Illness and Injury Prevention Plan (HIIPP) to address heat hazards through methods which include rest breaks, shade requirements, the provision of drinking water, acclimatization procedures, heat monitoring, and other tactics to protect workers. The proposed HIIPP requirement takes cues from state-level occupational safety and health agencies — like Cal/OSHA (California) and Oregon OSHA — which have already implemented heat safety and HIIPP requirements.

One provision of the Proposed Rule that has garnered significant attention is the paid rest break provision. As currently drafted, the Proposed Rule would require employers to provide one paid15-minute rest break every two hours on days where the heat index reaches 90° F or higher. The paid rest break provision implicates questions about the concurrent application of the Fair Labor Standards Act. For example, does this 15-minute break period count toward an employee’s “hours worked” for the purposes of calculating overtime?

Moreover, in light of the Supreme Court’s recent decision in Loper Bright Enterprises v. Raimondo — in which the court overturned the longstanding principle of deference to agency interpretations previously set out under the 1984 Chevron U.S.A., Inc. v. Natural Resources Defense Council, Inc. case — significant questions remain about whether far-reaching mandates (like the paid rest break provision) are within OSHA’s authority. Given this new administrative landscape, if the Proposed Rule is enacted, we can expect challenges stemming from Loper Bright.

The Proposed Rule has not yet been published in the Federal Register. However, when such publication occurs, the Rule will be open to commentary from the public before becoming final. When OSHA announced the Proposed Rule, it simultaneously “encourage[d] the public to participate by submitting comments when the proposed standard is officially published in the Federal Register[,]” in order to “develop a final rule that adequately protects workers, is feasible for employers, and is based on the best available evidence.”

For more information regarding how to provide comments on this Proposed Rule, visit https://www.osha.gov/laws-regs/rulemakingprocess#v-nav-tab2.

© 2024 Foley & Lardner LLP
For more on OSHA, visit the NLR Labor Employment section

Hurricanes and Earthquakes and Wildfires, Oh My!—Key Disaster Preparedness Considerations for Employers

A rash of recent natural disasters, from hurricanes to earthquakes to wildfires, serves as a timely reminder to employers of the potential for natural disasters to disrupt their operations and cause imminent hazards in the workplace.

Quick Hits

  • Natural disasters may be unpredictable and devastating, but employers can take steps to mitigate the impact of natural disasters on their businesses and workforces.
  • Employers may want to brush off and review their disaster-response plans and consider other legal implications for responding to natural disasters.

Tropical Storm Debby has reportedly caused at least six deaths since making landfall in Florida as a Category 1 hurricane on August 5, 2024. The storm is now progressing up the East Coast, dropping heavy rains and spawning tornadoes.

Meanwhile, on August 6, a 5.2-magnitude earthquake struck Southern California, sparking fears of another devastating major earthquake. Both come as wildfires continue to ravage the Pacific Northwest and Canada, with experts warning of the risk of more in the coming weeks due to a combination of seasonal lightning and dry forests.

Mid-August to mid-October is typically peak hurricane season, but hurricanes, earthquakes, floods, and wildfires can occur at almost any time and with little warning. Such natural disasters cause physical damage, disrupt business operations, and affect employees’ well-being.

Given these risks, employers may need to take proactive steps to ensure the safety of their workforce and the continuity of their operations. Here are some considerations for employers that need to prepare for and manage the impacts of these natural disasters on their workplaces.

A Comprehensive Disaster Plan

Many employers have already crafted well-thought-out emergency or disaster-response plans tailored to their organizations and workplaces. Employers may want to review and regularly update these plans, which may include:

  • Emergency Communication: A plan may establish and outline clear communication channels, ideally through multiple avenues, with employees before, during, and after an event. To be effective, an emergency communication plan relies on a current and complete roster of employees, including home addresses, cell phone numbers, and personal email addresses. Now might be a good time for employers to ensure that rosters include all personnel added since the list was created and that they account for all changes in employee data.
  • Evacuation Procedures: A plan may set safe evacuation routes and meeting points. The plan might also include a designated date to reenact these procedures on a recurring basis.
  • Employee Support: A plan may establish a check-in system to account for the status and whereabouts of all employees during and after a disaster.
  • Data Protection: Employers may want to ensure that important company information and data are protected, backed up, and accessible from remote locations. This aspect of the plan will likely require collaboration with a company’s IT group and may involve purchasing additional equipment or software.

Flexibility in Work Arrangements

Natural disasters may cause physical damage to workplaces, create hazards for travel or commutes, and cause other disruptions that make it difficult for some employees to be physically present in the workplace or to work their regular hours. Given these challenges, employers may want to consider implementing:

  • flexible work arrangements, including temporary remote work policies;
  • adjustments to work schedules to accommodate transportation or safety issues;
  • leave availability for certain employees who may be forced to deal with family or medical issues caused by a natural disaster; or
  • a temporary suspension of operations if possible and if safety cannot be guaranteed.

Legal and Insurance Considerations

Understanding the legal and financial aspects of managing natural disasters is critical for any employer in a disaster scenario. Employers may want to review insurance policies to understand disaster coverage and be prepared to promptly report damage from a natural disaster. Further, employers in certain regulated industries may need to contact regulatory agencies regarding the status of their operations.

Applicable Federal Laws and Regulations

Natural disasters and disruptions to employee schedules may implicate a host of federal laws and regulations, including the Worker Adjustment and Retraining Notification (WARN) Act, the Fair Labor Standards Act (FLSA), the Occupational Safety and Health (OSH) Act, and the National Labor Relations Act (NLRA).

  • WARN Act: Typically, the law requires employers with fifty or more employees to provide advanced notice of plant closings or mass layoffs, but the law has an exception for plant closings or natural disasters that are the direct result of natural disasters. Natural disasters are defined in the WARN Act regulations as “[f]loods, earthquakes, droughts, storms, tidal waves or tsunamis and similar effects of nature are natural disasters.” Employers are still required to provide “as much notice as is practicable, and at that time shall give a brief statement of the basis for reducing the notification period.”
  • FLSA: Employers are required to pay employees for all hours worked, and if time records are lost as a result of the disaster, then they must pay employees based on their regular hours or have employees self-report hours worked. The FLSA does not require employers to continue to pay nonexempt workers if they are not required to work, or are unable to work, following a disaster, but the law does require that exempt, salaried workers be paid for any workweek in which some work has been performed.
  • OSH Act: The law, enforced by the Occupational Safety and Health Administration (OSHA), requires employers to protect employees against “recognized hazards,” including those caused by natural disasters. Notably, employees have a right to refuse to work if they have a good-faith belief that they might be exposed to imminent danger.
  • NLRA: Labor protections for workers who engage in “concerted protected activity” apply to issues over working conditions impacted by natural disasters. Employers may have further obligations in cases of natural disasters under their collective bargaining agreements.
  • State Law: Some states, like Texas and California, prohibit employers from discharging or taking other adverse action against employees who leave work, or fail to report to work, due to their participation in an emergency evacuation order issued for the public. Specifically, the California law took effect on January 1, 2023, and prohibits employers from taking adverse action against employees  “for refusing to report to, or leaving, a workplace or worksite within the affected area because the employee has a reasonable belief that the workplace or worksite is unsafe” in the event of an emergency condition.

Next Steps

Natural disasters may be unpredictable and devastating, but employers can mitigate the impact on their businesses and workforces through proper planning. As such, employers may want to consider reviewing or developing disaster preparedness plans and policies to ensure they are ready to handle complications caused by any natural disaster.

© 2024, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.
For more news on Disaster Preparedness in the Workplace, visit the NLR Labor Employment section.

Supreme Court Ruling on Affirmative Action and Impact on Companies’ DEI Programs

In June 2023, the US Supreme Court voted 6-3 in a decision that significantly changed the way colleges and universities used affirmative action in their admissions. The targets of the lawsuit were Harvard University and University of North Carolina for alleged racial discrimination in admissions.

The Ruling 

The Court ruled that race conscious college admission policies aimed at maintaining racially diverse student bodies violated the Equal Protection Clause of the Fourteenth Amendment. The court, though ruling out admissions solely based on race, did state, “Nothing in the opinion should be construed as prohibiting universities from considering an applicant’s discussion of how race affected his or her life.” It should be noted that court did not impose the same ruling on military academies because of their “distinct interest” in the benefits of a diverse officer corp. Though the ruling has caused an uproar in both academic and business communities, we need to remember the ruling does not significantly impact effect corporate America, yet.

Race Based Employment 

The affirmative action ruling only applies to colleges and universities admissions processes. Employers are subject to Title VII of the Civil Rights Act of 1964, which is a federal law that prohibits employment discrimination based on certain factors which include race, color, religion sex (including pregnancy, sexual orientation, and gender identity) and national origin. Further, Title VII applies to all aspects of employment, including, but not limited to recruiting, hiring, promoting training and discharge. Several states, like Massachusetts, have their own version of Title VII to protect both employers and employees. Despite these protections, employers are still cautious with implementing and maintaining diversity equity and inclusion (DEI) programs. This is probably true because most companies do not see the difference between the two. Though they are similar, Title VII protects the employer and employee, while DEI programs aim to enhance the workplace experience and to some extent maximize profits. Plus, most DEI programs go beyond race based concerns and tend to embrace various other aspects of people’s lives that may be subject to bias.

Attack on DEI 

Since the ruling by the Supreme Court, several state attorney generals sent letters to Fortune 500 companies stating that race-based preferences “whether under the label of diversity, equity and inclusion or otherwise” may violate federal and state antidiscrimination laws. In addition, corporations like Amazon and Comcast have had their DEI practices challenged. Several states like Florida have proposed and passed anti-DEI legislation banning certain DEI practices in state agencies. All this fervor has created the concern that the “right case” can outright destroy DEI practices and programs. Most recently, which seems like an act out of an abundance of caution, the well-known longstanding Society for Human Resources Management (SHRM) changed their focus from Inclusion, Equity and Diversity (IE&D) to Inclusion and Diversity (I&D). The concern relating to the future of DEI is palatable.

Safety Net for DEI Programs 

The DEI movement is far from defeated, we must remember DEI and Affirmative Action are not the same. DEI programs, though want to ensure that various races feel accepted in the workplace, should focus on anti-bias, inclusion of all employees from various backgrounds, allyship and the appreciation of everyone’s professional and personal life experiences. You can call your program whatever you want, but it is really the approach used by employers that will survive future legal scrutiny.

©2024 CMBG3 Law, LLC. All rights reserved.
For more on Affirmative Action, visit the NLR Civil Rights section

FDA Releases Summary Report on Fresh Herbs Sampling Assignment

  • On July 26, 2024, the U.S. Food and Drug Administration (FDA) released findings from its sampling assignment that collected and tested domestic and imported basil, cilantro, and parsley. FDA sought to estimate the prevalence of Cyclospora, Salmonella, and Shiga toxin-producing Escherichia coli (STEC) in these herbs as part of its ongoing effort to ensure food safety and prevent contamination.
  • From September 2017 to September 2021, FDA collected and tested 1,383 samples of fresh basil, cilantro, and parsley. The Agency detected Salmonella in 17 samples, detected Cyclospora in 18 samples, and detected STEC in 1 sample. The contaminated products were quickly removed from the market.
  • The sampling assignment was conducted in response to food-borne illness outbreaks of Cyclospora, Salmonella, and STEC. From 2000 through 2016, cilantro was potentially linked to at least three outbreaks in the US. And since 2017, the US has experienced at least six additional outbreaks involving basil, cilantro, and parsley. More than 1,200 illnesses and 80 hospitalizations were tied to these outbreaks.
© 2024 Keller and Heckman LLP
For more news on Food Safety, visit the NLR Biotech Food Drug section.

Top Questions Health Care Providers Should Consider in a Post-Chevron World – A Polsinelli Round Table Discussion

Health Care is one of the most regulated industries in the country, and for many years, one of the key administrative agencies overseeing health care in the United States, the Department of Health and Human Services’ (“HHS”) Centers for Medicare & Medicaid Services (“CMS”), has enjoyed broad authority to regulate health care under the “Chevron doctrine.” Under this doctrine, CMS and other federal agencies were granted broad discretion to interpret and implement the law, thus allowing them to drive how care is delivered and paid for in the United States. It was difficult for providers to successfully challenge agency rulemaking in federal court, even if they thought the agency’s interpretation of the law was incorrect. The Supreme Court’s dismantling of Chevron doctrine will have a significant impact on health care providers, which we may begin to see as we move into CMS’s annual rulemaking cycle.

The Supreme Court’s decision to overturn Chevron was expected, but it is still too soon to truly understand the full impact of the decisions on the health care industry. A round table of attorneys and policy advisors from Polsinelli’s Health Care, Public Policy and Government Investigations Department discussed the potential short and long-term implications of the decision and offer the following insights for health care providers across this ever-changing industry for navigating the web of statutes, rules and other sub-regulatory guidance post-Chevron.

1. What do the Loper/Relentless Decisions Change for Health Care Organizations in the Short-Term? Has CMS’s Authority to Regulate Health Care Gone Away or Been Substantially Limited?

“Likely, not. Many of the health care regulations are based on clear statutory language and will continue to give providers the rules for the road from a compliance standpoint. More controversial rules – like mental health parity, payment cuts, surprise billing, antidiscrimination, etc. – may be further delayed or even tabled for the short term while we learn more about how these challenges will be viewed by the courts. To the extent health care providers are struggling with a rulemaking negatively impacting them, it is worth beginning to evaluate whether challenging it may be warranted.” – Bragg Hemme

“CMS’s authority to regulate today is just like yesterday and probably tomorrow. Without a challenger to a rule, any rule continues unchanged – at least for the short-term. We have already seen; however, some regulated entities challenge a particular rule to a federal court and get some immediate regulatory relief. Members of Congress who want to see large scale changes to regulatory authority may well pursue identification of rules that were upheld in lower courts citing Chevron with an eye towards vitiating those rules with broad Congressional action. There are thousands of such cases and potentially impacted rules.” – Jennifer Evans

“Where the crux of Loper Bright unravels the courts’ existing practice of deferring to regulators’ interpretation of a statute that is unclear or ambiguous, we can expect to see increased litigation that challenges agency action arguing that the foundational law for such action was ambiguous and the agency has exceeded its statutory authority. It is unlikely we will see any change in regulator action or regulatory enforcement unless and until courts begin to overturn agency action on the basis that a statute is ambiguous and the agency that interpretated the statute was incorrect. We can also expect to see increased legislation explicitly delegating more authority to agencies.” – Meredith Duncan and Sara Avakian

2. What are Some Specific Areas of Health Care Regulation that may be Impacted?  

Health Care Fraud, Waste, and Abuse Laws

“The overruling of Chevron may have a significant effect on the application of the health care fraud and abuse laws, particularly the Physician Self-Referral Law (“Stark Law”) and Anti-Kickback Statute (“AKS”). Over the years, agencies including the HHS Office of Inspector General (“OIG”) and CMS have published hundreds of pages of rules, preamble language, and explanatory sub-regulatory guidance regarding the application of these laws. Some of these interpretations favor regulated entities, while others favor enforcers. To the extent Loper Bright represents a fundamental change in the role of agencies in clarifying or refining the scope and effect of statutory language, these implementing regulations and, thus, some longstanding health care industry practices could be impacted.” – Neal Shah

Reimbursement

“Coverage and payment rules from CMS (Medicare and Medicaid) and DHA (TriCare) may be ripe for attack. It will be interesting to see if the agencies are able or willing to engage in active negotiations to avoid or settle litigation that they did not face with Chevron deference.” – Jennifer Evans

“I anticipate that many of the routine Medicare reimbursement-related rulemakings (e.g., IPPS, OPPS, Physician Fee Schedule) will continue as they have in the past. Certain aspects of those rules or any controversial rulemakings may now be up for challenge. For instance, rules related to Disproportionate Share Hospitals have already been challenged since the Loper Bright decision. Any type of payment cut or agency effort to rein in health care costs, like Medicare drug pricing rules, surprise billing, mental health parity will also be closely scrutinized and likely challenged.” – Bragg Hemme

FDA

“Immediate impact is likely to be felt by the Lab Developed Test rule FDA is trying to finalize. Congress tried, but failed, to give the FDA statutory authority in this space via the VALID Act. The FDA went ahead and went through the rulemaking process in one year. This was lightspeed for the FDA. The rule was challenged prior to the reversal of Chevron. I expect to see the plaintiff amending their complaint now.”  – Michael Gaba

Surprise Billing

“I expect the Loper/Relentless decisions will impact the continued rollout of the regulations implementing the No Surprises Act. Since the law went into effect in 2022, regulations and guidance implementing the No Surprises Act have been vacated following challenges under the Administrative Procedures Act on four separate occasions – and that was under the prior Chevron standard, which of course was more deferential to agency decisions. But there are more rules that the Agencies are expected to issue – both as a result of the prior lawsuits and as part of their ongoing obligation to implement the law – that will have a significant impact on how the No Surprises Act functions in practice. These rules will also likely depend on the Departments’ interpretation of the No Surprises Act, and such interpretation will now not be afforded the deference that existed in the pre-Loper/Relentless landscape.” – Josh Arters

3. What Areas of Health Care Regulation are less Likely to be Impacted?

HIPAA

“From an HHS data privacy/security/breach perspective, the Jarkesy and Chevron decisions will arguably have very little impact unless parties are willing to challenge HHS HIPAA decisions in court. In other words, HHS OCR is proceeding as normal, and will continue to do so, particularly given that the HIPAA Rules were codified and specifically modified by Congress in the HITECH Act in 2009. However, to the extent a client would like to appeal a civil money penalty directly to a district court (Jarkesy) or attack a specific provision of sub regulatory guidance post-Chevron (Loper Bright), we could certainly attempt to do so.” – Iliana Peters

Long-Term Care

“Long term care providers are unlikely to see any immediate changes in regulation or enforcement. In most authorizing statutes, Congress delegated authority to CMS to develop and implement conditions of participation, and the guidance that has been provided interpreting those rules. It is unlikely the Loper Bright decision will cause CMS to change its survey process or the remedies imposed therefrom. However, any regulation or sub-regulatory guidance, such as the State Operations Manual, which is not expressly authorized by statute or otherwise interprets an ambiguous statute could be ripe for litigation to challenge CMS’ authority and/or CMS’ interpretation of the statute. To determine whether specific regulations and guidance is subject to challenge will require careful consideration of the Social Security Act and the deference, if any, afforded to CMS for rulemaking.” – Meredith Duncan and Sara Avakian

State Licensing & Practice Rules

“Many of the laws that impact health care providers, such as professional or facility licensing requirements and corporate practice of medicine prohibitions, are state laws that are unlikely to be immediately impacted by Loper Bright. However, Loper Bright may become a catalyst for new challenges to state-level administrative actions, which could create uncertainty related to state agency actions, such as Medical Board rules or guidance.”  – Kathleen Sutton

4. What Issues Should Health Care Organizations Anticipate in the Long-Term?

“It is unclear if there will be rule/no rule ‘chaos’ for health care organizations. When we think of all of the arrangements that default to ‘compliance with laws’ those provisions may lose meaning and effectiveness if the underlying legal rule-structure is threatened” – Jennifer Evans

“With the rise of litigation to combat potentially adverse rulemakings, we may see disagreement within the provider community to the extent some providers are ’winners’ and others are ‘losers.’ Further, we could see the same rulemaking get treated differently by courts depending on where the rules are being challenged. This will be very difficult to navigate for national providers. Hopefully, this ruling will cause regulatory agencies to take more shareholder feedback in their rulemaking. We will likely see more work needed at a Congressional level, however, if a statute is required for things that have historically been dealt with at a regulatory level, causing a slowdown.  This will be a challenge, particularly for innovative providers that are changing care models or adopting new technology, for instance. Health care rules often were behind the evolution of health care. Requiring Congressional action may present some opportunities but will not make things move faster.” – Bragg Hemme

“In the long-term, health care organizations should anticipate an increased opportunity to challenge unlawful regulations that run afoul of Congressional action. That is generally a good thing. But a negative consequence of the Loper Bright decisions is the likely impact on the agency rulemaking process, and the time it might take for agencies to issue regulations. Agencies are likely to move a bit slower when issuing new regulations in light of the dramatic change to how their rulemaking will be scrutinized by the courts going forward.” – Josh Arters

“It is likely that Congress will carefully craft new statutes and delegate more clear authority to the administrative agencies charged with enforcement. We also anticipate agencies taking more time to carefully craft their rules and guidance to mitigate the challenges that could arise based on these decisions. For providers, this will only further delay an already backlogged process.” – Meredith Duncan and Sara Avakian

Loper Bright creates opportunities for health care organizations to challenge agency actions, but this opportunity comes at the expense of clarity and certainty that came from deference to agencies. The health care regulatory landscape is already complex and ever-changing, but the lack of uniformity that may result from different courts interpreting the same set of rules is going to create further complexity and confusion. The aftermath of Loper Bright may create a chilling effect for innovation or growth for health care businesses. Health care organizations will have to be strategic and stay up-to-date on the changing laws to maintain and grow their businesses while navigating this uncertainty.” – Kathleen Sutton

5. What can Health Care Organizations do if a CMS Rulemaking Has a Significant Impact on their Organization?

“If a rule isn’t working and there is a reasonable interpretation that the statue enabling the rule offers a better outcome, it may be time for health care organizations to start their engines and challenge rules that don’t match specific statutory requirements and fundamental principles. For example, think about adequate reimbursement and access to care. Does this reopen a provider’s ability to litigate payment rules that do not ensure access to care? Maybe.” – Jennifer Evans

“When faced with rulemaking that has a significant impact on operations, health care organizations might be presented with an opportunity to work with federal agencies to find a resolution without having to resort to litigation. Now that agencies understand that their rulemaking may be challenged under a less deferential standard, and, at least for now, most courts have held that a district court may vacate unlawful rules nationally, agencies might be more willing to find more creative and/or individualized solutions to the unique impact their rules might have on a particular health care organization.” – Josh Arters

6. Does this Decision Provide a Greater Ability for Health Care Providers to Advocate for Laws and Regulations to CMS and/or Congress?

“Providers have always had the opportunity to make a contribution in the public policy process; Loper means it is even more important. Engagement in the public policy process does not guarantee success, but lack of involvement almost certainly means a loss.  Both the legislature and agencies may be more open to negotiated laws and regulations. These processes will take longer, however.” – Julius Hobson

“Being part of the debate in the US Congress on health care legislation (and any legislation for that matter) is now more crucial than ever. Members of Congress will no longer be able to write laws that are ambiguous, which would give the agency of jurisdiction the authority to legislate through regulatory fiat. Congress now will be required to be more prescriptive in their laws, outlining specifically in statute the intent of the law. Congress currently relies on ‘report language’ that accompanies legislation, which expresses the legislative intent; however, the report language is not the black letter of the law and more often than not, the agency of jurisdiction ignores report language.  Finally, now that the Congress will need to be more prescriptive in its drafting of legislation Congress will be required be even more deliberative in crafting a bill. This will mean that laws will require more consensus to get the bills it works on approved.”  – Harry Sporidis

“In 2019, when the Supreme Court issued the Azar v. Allina Health Services decision, every component in CMS was tasked with reviewing, analyzing, and verifying that all the guidance materials had regulatory and/or statutory support. For a few years after the decision, CMS went through the rulemaking process for any guidance/policy that was not clearly articulated or supported by regulation. Now that the Supreme Court has overturned Chevron, CMS will likely conduct a similar exercise to determine all of the policy areas where the law is ambiguous, and the Agency has made the determination on how best to carry out the law. CMS will also likely consult with its legislative arm to work with Congress to clarify such laws. This undertaking will take CMS several years to complete. While CMS is engaged its review, there is an opportunity for health care organizations to engage with CMS to review policy position that result from an ambiguous statute and reconsider a more favorable interpretation on of the law.” – Ronke Fabayo

Sara Avakian, Iliana L. Peters, Kathleen Snow Sutton, Julius W. Hobson, Jr., Harry Sporidis, and Ronke Fabayo also contributed to this article.

© Polsinelli PC, Polsinelli LLP in California
by: Bragg E. HemmeJennifer L. EvansMeredith A. DuncanNeal D. Shah Michael M. Gaba, and Joshua D. Arters of Polsinelli PC

For more news on the Health Care Industry Post-Chevron, visit the NLR Health Law & Managed Care section.