Supreme Court Agrees to Review the Appropriate Measure of Design Patent Damages

On March 21, 2016, the Supreme Court agreed to hear Samsung Electronics Co.’s appeal regarding what it must pay Apple Inc. for infringing the design of Apple’s iPhone. This will mark the first time in over a century that the Supreme Court will hear a case involving design patents.

In 2012, a jury found that Samsung infringed Apple utility and design patents and awarded Apple $1.05 billion in damages. On appeal, damages were nearly cut in half to $548 million, which Samsung later agreed to pay to settle the dispute, all the while reserving its right to appeal to the Supreme Court.

Samsung has challenged the Federal Circuit’s decision that the company must pay its entire profits from smartphones that infringed Apple’s design patents, which amounted to $399 million. In making the damages determination, the Federal Circuit relied on Section 289 of the Patent Act, which dates to the 19th century and provides in relevant part: “[w]hoever during the term of a patent for a design, without license of the owner, (1) applies the patented design, or any colorable imitation thereof, to any article of manufacture for the purpose of sale, or (2) sells or exposes for sale any article of manufacture to which such design or colorable imitation has been applied shall be liable to the owner to the extent of his total profit.” 35. U.S.C. § 289 (emphasis added).

A number of tech companies, including Google and Facebook, submitted a brief in support of Samsung’s petition. In the brief, those companies argued that Section 289 is outdated and when enacted, failed to contemplate “products with significant functional features at all.” Thus, Section 289 is obsolete and should not govern awards involving the complex products available today.

When the Court hears the case later this term, the specific question it will address is, “Where a design patent is applied to only a component of a product, should an award of infringer’s profits be limited to those profits attributable to the component?”

Article by Kevin P. Moran & Joseph P. Serge of Michael Best & Friedrich LLP
© MICHAEL BEST & FRIEDRICH LLP

OCR Kicks Off HIPAA Audits After Issuing Two Major Settlements

HIPAAOn Monday, the HHS Office for Civil Rights (OCR) launched phase two of its much-anticipated audit program for covered entities and business associates. The announcement comes in the wake of OCR’s issuance of two major settlements—totaling more than $5 million—which highlighted the critical importance of managing the security basics, such as the business associate agreement (BAA) and the organization-wide risk analysis. These developments are summarized below, with practical tips that can help organizations mitigate related risks.

Summary

2016 Audit Program Begins

In announcing the 2016 audit program launch, OCR confirmed it will contact organizations by email to verify contact information and complete a pre-audit questionnaire. Organizations selected for audit will be subject to either a desk audit, an onsite audit or potentially both. Organizations will have a short period to produce requested documents, typically 10 business days, so it is important to have HIPAA privacy and security policies, security risk assessments, breach notification documentation, BAAs, and other HIPAA documentation up-to-date and readily available. While there is a detailed audit protocol from the phase one OCR audits, that protocol has not been updated for the final rules implementing the HITECH Act. OCR has committed to issuing an updated audit protocol closer to the date the audits will be conducted, which will set forth the criteria that auditors will review. Importantly, the phase two audits will extend to business associates. Although the risk of being selected for an audit is low, organizations would be well advised to review the existing and, when available, new audit protocols, conduct a compliance gap assessment and take corrective actions as needed, as part of overall HIPAA compliance efforts. While OCR states that the audits are primarily a compliance improvement activity, enforcement may follow where a serious issue is identified.

The North Memorial Settlement – The Importance of Business Associate Agreements

In the first of two recent settlements, North Memorial Health System, a nonprofit organization, will pay $1.55 million and enter into a two-year corrective action plan to settle charges that it violated HIPAA by failing to have a written BAA with a key contractor. OCR’s investigation followed the 2011 theft of an unencrypted laptop from a contractor’s workforce member’s vehicle. The settlement notes that the laptop contained protected health information (PHI) of approximately 9,497 North Memorial patients. For its part, the contractor separately settled HIPAA violations for $2.5 million, and entered into a related 20-year FTC consent order relating to its security procedures.[1] OCR also alleged that North Memorial failed to conduct an organization-wide risk analysis that covered all of its IT infrastructure.

OCR’s investigation indicated that North Memorial failed to execute a BAA with the contractor as required by HIPAA Privacy and Security Rules. OCR asserted that North Memorial gave the contractor access to its hospital database, which stored the electronic PHI of 289,904 patients, as well as access to non-electronic PHI as it performed services on-site at North Memorial.[2] In total, OCR’s investigation found that, from March 21, 2011, to October 14, 2011, North Memorial impermissibly disclosed the PHI of at least 289,904 individuals to the contractor without obtaining a proper BAA.[3] The investigation further indicated that North Memorial failed to complete a comprehensive risk analysis to identify all potential risks and vulnerabilities to the electronic PHI (ePHI) that it maintained, accessed or transmitted across its entire IT infrastructure, as required by the HIPAA Security Rule.[4]In settling the matter, North Memorial did not concede liability.

In addition to the $1.55 million payment, North Memorial agreed to a two-year corrective action plan (CAP) that requires it to develop policies and procedures related to business associate relationships and to conduct an organization-wide risk analysis and risk management plan, as required under the HIPAA Security Rule.[5] The CAP also requires North Memorial to train appropriate workforce members on all policies and procedures newly developed or revised pursuant to the CAP.[6]

OCR has previously (and repeatedly) emphasized the importance of having an organization-wide, thorough analysis, which it reinforces here with North Memorial. In addition, this settlement highlights the importance that OCR attaches to having BAAs where required, which OCR describes as another “cornerstone” of effective security.[7] Further, the settlement illustrates that, when a breach occurs with a business associate, the impacted covered entity should expect OCR to request a copy of the underlying BAA. Where that BAA cannot be found, the covered entity and business associates should expect potential enforcement.

FIMR Settlement: Basic Compliance Required of All Covered Entities (and Business Associates)

In the second settlement, Feinstein Institute for Medical Research (FIMR), a nonprofit research institute, will pay $3.9 million and enter into a three-year corrective action plan to settle charges it violated HIPAA, following its breach when an employee’s unencrypted laptop containing patient information of 13,000 individuals was stolen. OCR’s investigation determined that FIMR’s security management process was limited, it had failed to conduct a thorough risk analysis, and lacked sufficient policies and procedures. In its press release, OCR emphasized that it expects research institutions that are covered entities to comply with the same standards as other covered entities.

OCR’s investigation of FIMR stemmed from a self-reported breach after an employee’s unencrypted laptop was stolen. Based on the resolution agreement, OCR’s investigation appears to have identified widespread non-compliance. For example, OCR alleged that FIMR: (1) failed to conduct an accurate and thorough risk analysis of the potential risks and vulnerabilities to all of the ePHI held by FIMR, including the ePHI on the employee’s laptop; (2) failed to implement policies and procedures for granting access to ePHI by its workforce members and restricting access by unauthorized users; (3) failed to implement physical safeguards for the laptop; (4) failed to implement policies and procedures that govern receipt and removal of hardware and electronic media that contain ePHI into and out of a facility, and the movement of these items within the facility; and (5) failed to encrypt ePHI on the laptop or, alternatively, document why encryption was not reasonable and appropriate and implement an equivalent safeguard.

As part of an extensive three-year CAP, FIMR must conduct an organization-wide risk analysis and develop a corresponding risk management plan, develop a process for evaluating environmental or operational changes to the security of ePHI, revise its policies and procedures for privacy and security, and provide extensive training and reporting.

Tips to Mitigate Risks

Covered entities and business associates can enhance HIPAA compliance, and reduce audit risk, by taking a number of practical steps outlined below.

Business Associate Risks:

  1. train workforce (at onboarding and at least annually thereafter) to recognize situations where a BAA (or subcontractor BAA) is required and understand how to activate the organization’s process for securing one;

  2. conduct periodic audits of existing outside service relationships to ensure that all necessary BAAs (or subcontractor BAAs) are, in fact, in place;

  3. periodically audit BAAs (and subcontractor BAAs) on file to ensure they are fully compliant (including as to the final HITECH rule content requirements), in full force and effect, and readily retrievable; and

  4. retain records of training and audits conducted for at least six years.

This also is an excellent time for covered entities and business associates to re-examine the effectiveness of their processes for conducting initial diligence and periodic audits of the security compliance of their key business associates and subcontractors.

Risk Analysis:

While not a new point, it remains critical for covered entities and business associates to conduct and document the requisite security risk analysis on a regular basis, and take prompt corrective action to manage identified risks. It is particularly important to ensure that the risk analysis covers all ePHI maintained, accessed or transmitted across the organization’s entire IT infrastructure, including but not limited to all applications, software, databases, servers, workstations, mobile devices and electronic media, network administration and security devices, and associated business processes. This can be a challenge—particularly in light of the pace of developments and acquisitions/consolidations in the health care industry—but is essential. Organizations should develop a complete inventory of all electronic equipment data systems, and applications controlled by, administered or owned by the organization and its workforce that contain or store ePHI, including personally owned devices. Organizations should make sure their process includes equipment purchased outside of standard procurement processes.

Audit Preparation Tips:

  1. Confirm that all required HIPAA privacy and security policies and procedures are implemented and up-to-date;

  2. Make sure a through, organization-wide security risk analysis as described above has recently been conducted, and that resulting corrective actions have been taken;

  3. Confirm that BAAs are fully up-to-date and accessible, and follow the steps above to further reduce business associate risks;

  4. Use the audit protocols to conduct a gap assessment;

  5. Be prepared to provide documentation showing that breach notices have been provided as required by HIPAA; and

  6. Covered entities should ensure their notices of privacy practices are up-to-date and provided as required.

Other Basics:

  1. Encryption: Encryption of laptops, thumb drives and other mobile devices remains a critical risk mitigation strategy. HIPAA does not require encryption of ePHI in all cases “per se”; however, it does require organizations to specifically address, as part of their required risk analysis, whether encryption is a reasonable and appropriate safeguard (and if so, it requires organizations to encrypt; if not, it requires organizations to document why encryption is not reasonable and appropriate, and adopt an alternative safeguard ). However, encryption per the HHS guidance provides a “safe harbor” from breach notification under HIPAA and generally obviates the need to make state law data breach notifications as well, in the event of loss of encrypted data. Further, because encryption will, in fact, be “reasonable and appropriate” in many cases, often it is effectively required.

  2. Training: The scope and frequency of training also should be regularly reviewed to ensure training covers key aspects of privacy and security policies. In addition, training should address current and emerging threats and risk areas. For example, in light of the significant role of phishing attacks and malware in cyber-breaches, training should include employee awareness of how to identify and respond to these types of attacks.

[1] The related 2012 settlement by business associate Accretive Health with the Minnesota attorney general for violations of the HIPAA rules and state law was widely touted within the industry as the first HIPAA enforcement action against a business associate. See Settlement Agreement, Release, and Order, 12-cv-00145, ECF No. 90 (July 30, 2012). Because the breach occurred prior to the issuance of final rules implementing the HITECH Act’s extension of direct liability for HIPAA violations to business associates, OCR—the primary federal HIPAA enforcement agency—had indicated it would not enforce the HITECH Act changes against business associates until issuance of the final rules. However, this did not prevent the Minnesota attorney general from proceeding to enforce HIPAA, using newly expanded enforcement authority granted to state attorneys general under the HITECH Act. Accretive Health also entered into a related, 20-year consent order with the FTC, pursuant to which no fine or penalty was paid but in which Accretive Health agreed to establish and maintain a comprehensive information security program, and to periodic evaluations of that program. See Press Release, FTC approves final consent order settling charges that Accretive Health failed to adequately protect consumers’ personal information (Feb. 24, 2014).

[2] See North Memorial Resolution Agreement and Corrective Action Plan, I.2.A, (Mar. 16, 2016).

[3] See id. at I.2.B.

[4] See id. at I.2.C.

[5] See id. at I.V.A-C.

[6] See id. at I.V.D.

[7] See Press Release, $1.55 million settlement underscores the importance of executing HIPAA business associate agreements (Mar. 16, 2016).

Article By Matthew R. BakerMichael R. CallahanDoron S. Goldstein & Megan Hardiman of Katten Muchin Rosenman LLP
©2016 Katten Muchin Rosenman LLP

Increased Sanctions on North Korea Focus on China and Russia

Last week, President Obama significantly increased sanctions on North Korea through Executive Order 13722, which implements the North Korea Sanctions and Policy Enhancement Act of 2016 (H.R. 757). The Executive Order’s prohibitions and blocking provisions, and designation criteria are substantially more expansive than that Act. Concurrently with the issuance of the Executive Order, OFAC announced the designations of 17 North Korean government officials and organizations, 15 entities, two individuals, and identified 40 blocked vessels under various sanctions authorities.

While neither Congress nor the President imposed secondary sanctions per se, China and Russia should  interpret the Executive Order as a clear warning about their economic ties with North Korea. In the Iran sanctions program, secondary sanctions require that a foreign financial institution “knowingly facilitate or conduct a significant financial transaction” for a particular individual or entity. This evidentiary standard greatly limited the use of those sanctions authorities. The new sanctions against North Korea are clearly aimed at foreign business interests, but unlike secondary sanctions, this new authority does not have an evidentiary impediment to its implementation.

Transportation, Mining, Energy, and Financial Services

Subsection 2(a)(i) of the Executive Order authorizes the Secretary of the Treasury to identify industries in the North Korean economy, the participants of which may be designated solely based on their operating within that industry. The Secretary of the Treasury determined that entities within the transportation, mining, energy, and financial services industries are subject to designation. The Treasury Department’s Office of Foreign Assets Control (OFAC) then designated Ilsim International Bank and Korea United Development Bank for operating in the financial services industry.

OFAC’s authority to derivatively designate any bank that provides services to any identified North Korean bank creates de facto secondary sanctions. Executive Order 13722 authorizes OFAC to designate any individual or entity that provides services to any identified Korean bank. Therefore, any financial institution that provides an identified North Korean bank with an account, serves as an intermediary, confirms or advises a letter of credit, or provides any other service can be designated. The most likely targets of these derivative actions are Russian and Chinese financial institutions.

North Korean Slave Labor and Coal

The Executive Order authorizes OFAC to designate businesses that “have engaged in, facilitated, or been responsible for the exportation of workers from North Korea, including exportation to generate revenue for the Government of North Korea.” According to open source reporting, North Korea has between 50,000 and 100,000 “state-sponsored slaves” predominantly located in China and Russia. The North Korean regime earns between $1.2 and $2.3 billion annually in foreign currency through these slave laborers. Apart from the appalling human rights violations, this practice finances the North Korean nuclear and missile development programs.

In addition to companies that utilize North Korean slave labor, entities that deal in metal, graphite, coal, or software to or from North Korea are now subject to designation, “where any revenue or goods received may benefit the Government of North Korea.” United Nations Security Council Resolution 2270 of March 2, 2016 address the sale of coal and iron from North Korea, but in a very limited manner. Unlike the United States sanctions program, the prohibitions do not apply to transactions  “exclusively for livelihood purposes and unrelated to generating revenue for the DPRK’s nuclear or ballistic missile programs.” As a result of these substantial limitations, any application of the sanctions on coal and iron are likely to be enforced unilaterally by the United States.

Chinese companies are clearly the most susceptible to this designation criteria. According to the press release announcing the Executive Order and designations, “coal generates over $1 billion in revenue per year for North Korea.” Open source reporting also indicates that in 2015, North Korea supplied China with 19.63 metric tons of coal.

Return to a Comprehensive Sanctions Program

In addition to the designation criteria highlighted above, Executive Order 13722 also transitions U.S. sanctions against North Korea back into a comprehensive sanctions program. All property and interests in property of the North Korean government are now blocked, and the Department of Commerce licensing requirements are now supplemented with a prohibition on the exportation of goods and services.

OFAC released a series of 9 General Licenses to address issues that commonly arise from comprehensive programs. These include authorization of certain legal services, certain services in support of nongovernmental organizations,  transactions related to intellectual property, and noncommercial personal remittances.

Article By Jeremy P. Paner of Holland & Hart LLP.
Copyright Holland & Hart LLP 1995-2016.

Distressed Assets in Connecticut: What to Know Before Jumping In

There are many benefits for out of state lenders or investors looking to engage in business in Connecticut, one of the wealthiest (per capita) states in the United States of America. For example, Connecticut has relatively stable property values. However, Connecticut also has a number of legal pitfalls for lenders or investors who acquire Connecticut mortgages as part of a loan sale transaction. These pitfalls may end up causing undue delays and unnecessary expense when it comes to the legal process. A lender or entity unfamiliar with Connecticut specific laws and procedures should, prior to committing to acquire an asset secured by property in Connecticut, undertake due diligence and seek advice on what programs and statutes are or are not applicable prior to consummating the deal. Below are a few of the procedural thickets that must be navigated prior to being able to seek to foreclose a mortgage deed, the most common form of collateral for a real estate transaction, in Connecticut.

Preliminarily (and interestingly), Connecticut is unique in the United States in that it, as of January 1, 2015, recognizes three separate and distinct methods of foreclosure of a mortgage deed: Strict Foreclosure (appropriation of the mortgaged property after passage of law days set by judicial order); Foreclosure by Sale (created by statute and permits judicially ordered and overseen auction process); and Foreclosure by Market Sale (created by statute and permits agreement for marketing and private sale of property by mortgagor with consent of the mortgagee). Every foreclosure commenced in Connecticut is a judicial proceeding regardless of which of the above three forms the judgment of foreclosure will eventually take. The fact that every foreclosure is a judicial action alone can create havoc to the plans of a party who is otherwise unfamiliar with the foreclosure process in Connecticut and is best understood up front before committing any sum to a transaction where the main source of potential recovery is a parcel of property in Connecticut.

Secondly, Connecticut has many legislatively imposed requirements which must be met prior to even commencing an action for foreclosure of a mortgage deed. The vast majority of these programs were implemented either during or immediately after the nancial crisis of 2007 through (roughly) 2014 and, accordingly, revolve around 1 to 4 family owner-occupied residential property but are nonetheless worded vaguely enough so that they arguably apply to non-owner occupied or commercial properties as well. Amongst these programs are the Emergency Mortgage Assistance Program (“EMAP”), codified at Conn. Gen. Stat. 8-265dd, et seq., and the Foreclosure by Market Sale procedure, codi ed at Conn. Gen. Stat. 49-24b, et seq.

Article By Alena C. Gfeller & Andrew P. Barsom of Murtha Cullina

© Copyright 2016 Murtha Cullina

Busted [Bracket]: Facebook Posts From Employee’s Vacation Undermine FMLA Claims

Ah, the tell-tale signs of March are here.  The winter is starting to dissipate in the northern climes, we’ve set the clocks forward, and Syracuse is bound for another Final Four run.  Unfortunately, most teams won’t be so lucky and many coaches will soon find themselves on a beach.  And why not?  After a long, hard-fought season that fell just a bit short, might as well take a warm-weather vacation – go for a quick swim, maybe hit the amusement park, and take a few pictures of all the fun in the sun and post them to Facebook.  Sounds like a marvelous idea for many NCAA coaches, but not so much for employees out on FMLA leave.  The plaintiff in Jones v. Gulf Coast Health Care of Delaware, a recent case out of a Florida federal court, learned this the hard way.

Background

Rodney Jones, an employee of Accentia Health, took 12 weeks of FMLA leave for shoulder surgery, but was unable to provide a “fitness for duty” certification because, his doctor said, he needed additional therapy on his shoulder.  Accentia permitted him to take an additional month of non-FMLA leave.  Towards the end of his FMLA leave and during his non-FMLA leave, Jones took trips to Busch Gardens in Florida and to St. Martin.  Jones posted several pictures of his excursions to Facebook – including, for example, pictures of him swimming in the ocean (this, of course, during the time in which he was supposed to be recovering from shoulder surgery).

Accentia discovered the photos Jones posted to Facebook and provided him with an opportunity to explain the pictures.  When he could not do so, Accentia terminated his employment.  Jones then sued Accentia, claiming it interfered with his exercise of FMLA rights and retaliated against him for taking leave under the FMLA.

Termination Not Illegal

The court sided with Accentia.  First, Jones’ interference claim failed because Accentia provided him with the required 12 week leave and did not unlawfully interfere with his right to return to work thereafter.  Accentia had a uniform policy and practice of requiring each employee to provide a “fitness for duty” certification before returning from FMLA leave.  When Jones failed to provide such certification at the end of his FMLA leave, he forfeited his right to return under the FMLA.

Second, Jones’ retaliation claim failed because he failed to show Accentia terminated his employment because he requested or took FMLA leave.  Rather, Accentia terminated his employment for his well-documented conduct during his FMLA leave and non-FMLA leave.

Takeaways

This case provides several important lessons for employers.

  1. It is important to provide employees with an opportunity to explain conduct that appears to be an abuse of their FMLA leave entitlement. Employers who defend FMLA retaliation cases based on their “honest belief” that employees were misusing FMLA are much more likely to succeed if they conduct a thorough investigation into the employee’s conduct and give the employee an opportunity to explain the conduct.

  2. Ensure that any “fitness for duty” certification requirement applies uniformly to all similarly-situated employees (e., same job, same serious health condition) who take FMLA leave. The court in this case found that Jones’ interference claim failed, in part, because Accentia’s “fitness for duty” certification requirement applied to all employees similarly-situated to Jones.  Had it enforced this policy on an ad hoc basis, the outcome may have been different.

Article By Daniel R. Long of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
©1994-2016 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

A Change to the Suspending and Debarring Official (SDO) Position at NASA

On March 8, 2016, a final rule changed the position of the National Aeronautics and Space Administration’s (“NASA”) suspending and debarring official (“SDO”).  The SDO had been NASA’s Assistant Administrator for Procurement.  The final rule reassigns the position to NASA’s Deputy General Counsel.  Public comments were not accepted because NASA concluded that the change “affects only the internal operating procedures” of the agency.

Not mentioned in this action is Section 861(a) of the National Defense Authorization Act of 2013.  That law applies to the U.S. Department of Defense (“DoD”), the U.S. Department of State (“State”), and the U.S. Agency for International Development (“USAID”), not to NASA, but for those agencies it specifically prohibits the not-uncommon practice of having a procurement officer act as an SDO.  Last year, in International Relief and Development, Inc. et al. v. United States Agency for International Development et al., No. 15-CV-854 RCL (D.D.C.), a federal court concluded that such an arrangement at USAID likely violated Section 861(a).

Section 861(a) precipitated a necessary discussion on the independence and impartiality of SDOs.  It is not hard to imagine how an SDO who also serves as a procurement officer could be predisposed against a contractor.  But even if NASA’s change tacitly acknowledges this concern, it hardly resolves it.  Conditioned already to advocate for a particular client, agency counsel are sure to have predispositions, as well.

Article By Frederic M. Levy & Jade C. Totman of Covington & Burling LLP

© 2016 Covington & Burling LLP

Entrepreneur’s Spotlight: South Loop Strength and Conditioning (Chicago, Illinois)

South LoopWelcome to the latest installment of Entrepreneur’s Spotlight on the Health and Fitness Law Blog.  In this series, we look at successful startups and ventures in the health and fitness industry and interview the hard-working entrepreneurs behind these companies to discuss how they did it and what they learned along the way.

Today, the spotlight is on South Loop Strength and Conditioning (“SLSC”).  SLSC is one of the most popular CrossFit gyms in the greater Chicago area, and is located at 645 S. Clark Street in Chicago, Illinois. For more information on what sets SLCS apart from other gyms in Chicago (and nationwide), please check out its website at http://southloopsc.com/.

SLCS is co-owned and operated by four individuals.  We met with one of the original founders, Todd Nief, to listen to his story.  As you will read below, Todd originally did not have a background in fitness, but he has gone on to obtain a wide variety of certifications, including the following:

  • Certified CrossFit Trainer (CrossFit Level 3)
  • CrossFit Specialty: Movement & Mobility, Running, Powerlifting, Kettlebell
  • DNS “A” Course (Dynamic Neuromuscular Stabilization)
  • DNS Exercise Level 2 (Dynamic Neuromuscular Stabilization)
  • FMS Level 2 (Functional Movement Systems)
  • OPEX CCP Level 2 (Formerly OPT)
  • Poliquin BioSignature Level 2
  • POSE Running Coach
  • Precision Nutrition Level 1
  • SFMA Level 2 (Selective Functional Movement Assessment)
  • USA Weightlifting Level 2

Due to the abundance of information Todd was willing to share, we have decided to break this interview into a two part series.  This is Part I of II.  Part II of II will be posted next week.  If you want to learn more or have questions for Todd, he can be reached at todd@southloopsc.com.

Enjoy!

South Loop

H&F Law Blog: You made the transition to CrossFit owner a few years ago.  Could you please tell us a little bit more about how you made the transition from Environmental Consultant to Gym Owner?

Todd Nief:  This was an entirely accidental transition. I had been doing CrossFit on my own for a few years – mostly training out of a Bally’s. So, I was the weird guy doing weird stuff that I should not have been doing and attempting to lift weights that I had no business lifting. I mostly followed workouts from www.crossfit.com but I also had gone in to CrossFit Chicago to receive a bit of instruction.

I had started going in to Atlas CrossFit on occasion so that I would be able to do workouts with a lot of weight dropping (they did not like that at Bally’s) as well as things like ring muscle-ups. I was not expecting to coach there, but, after being around a bit, I started working with some of the beginner classes there right around the time that I was laid off from my consulting gig.

After spending about a year at Atlas, I wanted to run a facility based upon what I considered to be best practices in coaching and training. So, I started looking into what it would take to open a gym and began heading down that path. Within the CrossFit community, there is a lot of glorification of the gym owner (which makes sense from a business model perspective as well…), so it never seemed that impossible to get into the gym business – especially after seeing some of the back-end of what a successful gym looked like

H&F Law Blog: What was the hardest part of going into business for yourself?  Who did you look to for advice when you first started out?

Todd Nief: Well I certainly had absolutely no understanding of business, sales or marketing. I was a coach and a musician with a chemical engineering degree – as well as a negative attitude towards business based upon a youth spent in punk, metal and hardcore.  So, the most consistently challenging thing for me has been overcoming my own negative and maladjusted thoughts surrounding what it means to own a business and what it means to promote yourself, take money from people, and hold others accountable to your principles (employees, clients, business partners, investors, etc).

We also opened probably about 9 months too late to really reap the benefit of “early adopters” to the CrossFit program. The gyms that opened about a year before us basically had to do nothing to attract clients, since they were some of the first gyms in the city and all they had to do was open up and put “CrossFit” on the door. There was a whole city of people learning about CrossFit and searching out gyms. By the time we opened, there was a certain level of saturation and a lot of the early adopters had already found a home.  So, we were in a position where – to have success out the gate – we would have needed to open at scale and have an understanding of marketing, positioning, sales funnels, and customer experience. Instead, we opened in a little hallway on the second floor of another gym with an attitude towards sales and marketing that resembled a depressed vegan sixteen-year-old talking shit about McDonald’s (I was that teenager).

And, man, we also really got kicked around on the real estate market quite a bit (leases falling through, leases not being countersigned, lack of respect from landlords, etc.)

H&F Law Blog: What was one thing you expected would be easy in owning or managing the business that was actually much more difficult than anticipated?

Todd Nief: I do not know if “easy” is the right word, but the CrossFit community has a lot of cultural push towards a meritocracy of marketing that I think is, at best, misguided and, at worst, disingenuous and pandering.  The assumption is that, by providing a great service to your clients and getting them results, they will do all the marketing for you and you can focus on coaching. This may work in an early adopter environment, but, as soon as the market reaches a certain level of saturation, this is an impossible way to exist and grow a business.

So, I got into the business to coach, and now my main role is understanding how to grow the business – by understanding how to communicate with potential clients and how to reach them.  I do not think I ever thought that marketing was easy, but I also underestimated how much marketing I would be doing.

H&F Law Blog: Conversely, is there anything that you expected would be difficult that turned out to be very easy to manage or figure out?

Todd Nief: This is a tough question for me, since I think that I generally assume that most things will be “difficult” but that I also trust myself to be able to figure them out.

I think that a lot of businesses have a lot of challenges around hiring, finding the right people, and raising cash when they need it. We have certainly had some frustrating, bizarre, and sketchy endeavors in all of these arenas, but we have also had some insanely fortuitous occurrences here as well – one employee leaving and another walking in the door within a few days, one investor flaking out and another reaching out within a few weeks, one lease falling through and another falling into our lap, etc..

Picture--Crossfit Gym

H&F Law Blog: It is my understanding that there are a few different owners of SLSC, and these owners have slightly changed over time without any hiccups in the business.  Speaking from our experience as outside general counsel to gyms with multiple owners, conflicts come up all the time between owners of gyms and we are often asked to interpret poorly drafted or virtually non-existent Operating Agreements or Shareholder Agreements (drafted by other attorneys, of course!).  How has South Loop Strength and Conditioning managed to have multiple owners (including some transition of owners), while running one of the elite CrossFit facilities in Chicago?

Todd Nief: Fortunately, one of my partners is a mergers and acquisitions lawyer, so he was able to get us set up with a pretty sturdy operating agreement when we started the business.  The business started as three of us, and there are now four; over four years we have removed one partner from the operating agreement and added two.

While the operating agreement did make these processes pretty clear in terms of what removal and addition of partners looks like, I think one of the biggest things here has been maintaining a level of respect between partners.  Even when one of our original partners was dissociating (which does not tend to happen if things are going swimmingly), there was never any bad blood and things never became unprofessional in that process. The operating agreement pretty clearly stated that we would buy out his shares for an agreed upon fair market value, so we crunched some numbers, went back and forth on a few things, and came to an agreement pretty quickly.  In terms of adding partners, it was a situation where two people came along at the right time that had an interest in the business and the right skillset to jump in and move us forward, so – similarly – we hashed out agreements that we thought were fair and amended our then-existing agreements.

[Note from Aaron Werner (Health and Fitness Attorney/Interviewer): Be sure you have a very clear and enforceable Operating Agreement (LLCs) or Shareholders’ Agreement (Corporations) when starting or buying a business with other people.  If you are raising outside capital, you need to be very careful about the securities laws involved concerning fundraising and documenting the business deal with your investors.  Be sure to work with an attorney well-versed in Operating Agreements/Shareholders’ Agreements/Other Fundraising Documents.]

H&F Law Blog: What advice do you have for other people that are going to go into business with other co-owners of a gym or studio?  What characteristics in your own business partners makes your partnership work so well?

Todd Nief: This is a somewhat challenging question since I think that this is somewhat similar to hiring – and there are many books and courses and videos and seminars and masterminds on this topic.

There are all kinds of things you can do to vet people, but the only consistent thing that works seems to be working with them to see what happens. Sometimes you make good calls, and sometimes you make bad calls.  And, similarly to hiring, sometimes you meet the right person at the right time, and then you can end up starting some gym together and having to figure out a bunch of stuff that no one ever told you before.

People say all kinds of corny stuff about vision and mission and whatnot, but that is all kind of inspirational quote fodder as far as I am concerned. I think there are basic understandings of how human beings should relate to each other that are essential for an effective partnership – most important is honestly probably generally treating other people with respect, whether that is clients, employees, or your other partners. Once contempt, deceit or manipulation enter a relationship, it can be impossible to salvage.

So, my advice would be to work with people before you enter into a partnership with them so that you know what you are getting into.

To be continued next week…

Article By Aaron D. Werner of Horwood Marcus & Berk Chartered
© Horwood Marcus & Berk Chartered 2016. All Rights Reserved.

An OSHA Violation Today Can Cost You Almost 80% More in Penalties After August 1, 2016

osha-logoThe maximum penalty that the Occupational Safety and Health Administration (OSHA) can assess for a violation of an OSHA standard has been a constant source of consternation within the agency as well as with workers’ rights advocates. The statutory maximum, which currently is set at $70,000 for willful and repeat violations and $7,000 for serious and other than serious violations, has remained unchanged since 1990. The Protecting America’s Workers Act (PAWA), first introduced by Senator Edward Kennedy in 2004, and reintroduced in each congressional session since 2004, sought to increase the maximum amount of statutory penalties as well as make other changes to the Occupational Safety and Health Act. In each congressional session, PAWA died in committee.

But a little known section of the Bipartisan Budget Act of 2015, which authorized funding for federal agencies through September 30, 2017, will change all of this.

Section 701 of the Bipartisan Budget Act of 2015 contains the Federal Civil Penalties Inflation Adjustment Improvements Act of 2015, which requires OSHA and most other federal agencies to implement inflation-adjusted civil penalty increases. The Inflation Adjustment Act requires a one time “catch-up adjustment” that is based upon the percent change in the Consumer Price Index in October of the year of the last adjustment and October, 2015. Subsequent annual inflation adjustments are also required.

On February 24, 2016, the Office of Management and Budget issued guidance on the implementation of the Inflation Adjustment Act. This guidance set the catch-up adjustment multiplier for OSHA penalties at 1.78156 – which roughly equates to an increase in the maximum penalty per violation as follows:

An OSHA Violation Today Can Cost You Almost 80% More in Penalties After August 1, 2016

The Inflation Adjustment Act allows OSHA to request a reduced catch-up adjustment if it demonstrates the otherwise required increase of the penalty would have a negative economic impact or that social costs would outweigh the benefits. But given published comments from OSHA administrators over the years, which were openly critical of the current statutory maximum amount, the prospect for any such reduction request is remote.

OSHA is required to publish the new penalty levels through an interim final rule in the Federal Register no later than July 1, 2016. The new penalty levels will take effect on August 1, 2016. Because OSHA is subject to a six-month statute of limitations, it is possible that violations occurring on or after March 2, 2016 will be subject to the new maximum penalty amounts if OSHA uses the entire six month period before issuing the citation and assessment of penalties.

The Inflation Adjustment Act does not impact OSHA’s discretion to reduce a proposed penalty in accordance with its current procedures, which take into account the size of the employer, the gravity of the violation, the employer’s history of prior violation, good faith compliance and “quick fix” abatement measures. The Act also does not govern those States which have OSHA approved plans. However, because States have to establish that their plan is as effective as federal OSHA, one would expect that OSHA will develop guidance that requires the States to increase their maximum penalty levels to comport with the new federal penalty amounts.

In the meantime, employers would be well-advised to conduct a self-audit of their workplace safety programs to ensure compliance with applicable state and federal OSHA standards.

© Polsinelli PC, Polsinelli LLP in California
  • See more at: http://www.natlawreview.com/article/osha-violation-today-can-cost-you-almost-80-more-penalties-after-august-1-2016#sthash.BKZUg7Sa.dpuf

U.S. Court of Appeals Issues Split WOTUS Ruling

On February 22, a three-judge panel of the U.S. Court of Appeals for the Sixth Circuit (Cincinnati) issued a split 2-1 decision, ruling that it has jurisdiction to proceed with challenges to the Obama administration’s “Waters of the United States” rule, or WOTUS, as opposed to federal district courts. A wide range of government, industry and agriculture interests have filed lawsuits in several district courts across the U.S. challenging the WOTUS rule.

The decision came in the form of three separate opinions, as each judge had a different view of the law on this complex issue. Two judges concluded that the appellate court has jurisdiction over the legal challenges to the WOTUS rule; the third judge concluded that the appellate court lacks jurisdiction over these cases.

It is speculated that the split decision makes it very likely that the state and industry petitioners will seek en banc review of the ruling, meaning that it would go to rehearing before the entire Sixth Circuit for additional review. Challengers will need to petition the court within 45 days to request rehearing.

The decision, which does not answer the legality of the WOTUS rule, but rather which court has authority to review it, means that stay of the WOTUS rule issued last year by the Sixth Circuit will continue in effect until further rulings.

The decision could also be appealed, potentially to the U.S. Supreme Court.

Article By Aaron M. Phelps of Varnum LLP

© 2016 Varnum LLP

Burrito Bowls, Guacamole, &. . .Tweets? NLRB Judge Finds Social Media Policy Unlawful

There’s more bad news this week for restaurant chain Chipotle Mexican Grill, but this time it has nothing to do with the food.

Last year, we heard about an NLRB decision upholding an administrative law judge’s (ALJ) finding that the restaurant had committed an unfair labor practice. According to the decision, Chipotle had allegedly threatened and interrogated employees who engaged in discussions about their pay. The employee at issue in the case had worked at a Chipotle restaurant in St. Louis, Missouri. He was also a union member who participated in strikes and was involved with the “Show Me 15” campaign for a higher minimum wage.

That decision is currently pending appeal, and Chipotle has suffered another NLRB loss this week. An ALJ ruled against the restaurant and found an unfair labor practice charge for what the judge described as the company’s unlawful social media code of conduct. The case involves a Chipotle employee in Havertown, Pennsylvania, named James Kennedy. By way of background, Chipotle employs a national social media strategist who is responsible for reviewing employees’ social media posts to determine whether any of them violate the company’s social media policy.

In early 2015, some of Kennedy’s tweets were reviewed by the strategist, including one where Kennedy had replied to a few customers’ tweets. For example, in response to a customer who tweeted “Free chipotle is the best thanks,” Kennedy tweeted “nothing is free, only cheap #labor. Crew members only make $8.50hr how much is that steak bowl really?” Then, replying to a tweet posted by another customer about guacamole, Kennedy wrote “it’s extra not like #Qdoba, enjoy the extra $2.

Chipotle’s social media strategist emailed the regional manager, forwarded the tweets, and told the manager to ask Kennedy to delete the tweets and to review the company’s social media policy with him. Kennedy was subsequently terminated following a dispute with management over an unrelated issue.

The ALJ evaluated whether Chipotle maintained an unlawful social media policy based on the following provisions:

  • If you aren’t careful and don’t use your head, your online activity can also damage Chipotle or spread incomplete, confidential, or inaccurate information.
  • You may not make disparaging, false, misleading, harassing or discriminatory statements about or relating to Chipotle, our employees, suppliers, customers, competition, or investors.

Generally a violation of the act based on an unlawful work rule is dependent upon a showing of one of the following: “(1) employees would reasonably construe the language to prohibit Section 7 activity; (2) the rule was promulgated in response to union activity; or (3) the rule has been applied to restrict the exercise of Section 7 rights.” Lutheran Heritage Village-Livonia, 343 NLRB 646, 646–647 (2004). The ALJ found that the company’s social media policy failed on the first and third prongs.

Picking apart the provision, the ALJ relied on other Board decisions which found rules prohibiting “derogatory” statements to be unlawful. The ALJ also took issue with the prohibition on “false” statements, saying, “[M]ore than a false or misleading statement by the employee is required; it must be shown that the employee had a malicious motive.” The ALJ also found no relief based on the policy’s disclaimer which said “This code does not restrict any activity that is protected or restricted by the National Labor Relations Act, whistleblower laws, or any other privacy rights.”

Although the employee was not ultimately terminated for posting the tweets, employers can still get in trouble with the NLRB where social media policies are concerned. Considering NLRB decisions regarding work rules and handbook policies apply regardless of whether the employees are unionized. We’ll follow this case as it makes its way to the full Board.

Article By Jackie S. Gessner of Barnes & Thornburg LLP

© 2016 BARNES & THORNBURG LLP

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by