Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the login-customizer domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home1/natiopq9/public_html/wp-includes/functions.php on line 6131

Deprecated: Function WP_Dependencies->add_data() was called with an argument that is deprecated since version 6.9.0! IE conditional comments are ignored by all supported browsers. in /home1/natiopq9/public_html/wp-includes/functions.php on line 6131

Deprecated: Function WP_Dependencies->add_data() was called with an argument that is deprecated since version 6.9.0! IE conditional comments are ignored by all supported browsers. in /home1/natiopq9/public_html/wp-includes/functions.php on line 6131
The National Law Forum - Page 456 of 753 - Legal Updates. Legislative Analysis. Litigation News.

Importance of Making Sure Your Corporate Status is Up to Date

On September 8, 2015, the United States Civilian Board of Contract Appeals (CBCA) dismissed a claim for lack of jurisdiction when it determined that a contractor was not in good standing at the time of the filing, and thus it could not file the claim.

Western States Federal Contracting, LLC (Western States) filed a protest seeking damages from the Department of Veterans Affairs (VA). The VA filed a motion to dismiss, asserting that Western States did not have the right to sue because it was not in good standing in its state of incorporation due to unpaid taxes in the amount of $981.

On several occasions, the CBCA ordered Western States to show that it was in good standing and had the right to sue. Although Western States was not in good standing in Delaware, where it was incorporated, Western States first attempted to show it was in good standing in Arizona, where it was conducting business. CBCA rejected this showing and ordered Western States to show it was in good standing in Delaware. Western States was unable to make this showing.

After Western States paid its overdue tax bill, and regained its good standing in Delaware, it argued that its good standing status should be retroactive. The CBCA found that Western States did not have standing to pursue its damages claim because it was not in good standing when it filed its appeal.

In addition to the having the capacity to sue and be sued, here are three other primary reasons why keeping your business in good standing status is good for business.

1. Lenders, Vendors, and Others Might Require a Good Standing Certificate

Lenders sometimes require good-standing status in order to approve new financing. They generally view a loss of good standing status as an increased risk which may increase the cost of financing or even limit the ability to obtain financing. Other businesses might require a Certificate of Good Standing for certain transactions, requests for proposals (RFPs) or contracts. Or, you may need one to sell the business, for real estate closings, or for mergers, acquisitions, or expansions. If a business can’t provide a Certificate of Good Standing, it raises a compliance “red flag” that indicates something’s wrong with the company’s state status.

2. Keeping Your Business Good Standing Often Saves Money in the Long Run

If a business doesn’t maintain its good-standing status, the state likely will make an involuntary adverse status change for the company, labeling it as “delinquent,” “void,” “suspended” or “dissolved,” depending on the state and the compliance problem. The most common reasons for losing good standing include a missed annual report, problems regarding the company’s registered agent-and-office, or unpaid fees or franchise taxes. The cost of fixing these mistakes can add up; preventing these mistakes is not expensive. By simply keeping your LLC or corporation in good standing, you could help:

  • Keep overall operating costs lower—filing on time avoids extra fees and fines from sapping your budget.

  • Prevent a state from administratively dissolving the LLC or corporation (and then having to try for a reinstatement) or worse yet, have to start all over again because your LLC or corporation has been permanently “purged”.

  • Maintain the limited liability protection that an LLC, corporation, or other business entity provides.

  • Preserve your rights to your LLC’s or corporation’s legal name in state records.

  • Keep your business poised for sudden contract opportunities, bids, or deals with other companies that require a Certificate of Good Standing to pursue or seal the deal.

3. Good Standing Helps When You Expand Into Other States

When you form your LLC or corporation, the state generally considers you to be “organizing” a business “entity.” Your business entity (e.g., LLC, corporation) has the right to do business in the state of organization only. If you want to expand and do business in other states, you’ll need to register to transact business in those states, too. Usually, the new state(s) ask for a Certificate of Good Standing from your formation state (or your “domestic” state) before they’ll let you register.

Checking Your Good Standing

Still, it’s not always easy to know which regulations and obligations apply to your corporation or LLC. Compliance can seem complicated or costly at times. Regulations change. And it can be difficult to keep track of the various deadlines your company must meet.  However, compliance can be done easily and inexpensively, relative to the cost of noncompliance.  We recommend that at least annually, you or your legal counsel should confirm that your LLC or corporation is in good standing in its state of formation as well as every state with which you are conducting business.

All states allow steps to be taken for a not-in-good-standing corporation or LLC to restore its standing, and that if good standing is restored, generally it will be as if the corporation or LLC had consistently remained in good standing.

Article By Michelle DiCintio of Odin, Feldman & Pittleman, P.C.

© 2015 Odin, Feldman & Pittleman, P.C.

Arkansas Cities and Counties Provide Local LGBT Nondiscrimination Protections

A new civil rights law affording nondiscrimination protections for most lesbian, gay, bisexual, and transgender residents of Fayetteville, Arkansas, will go into effect on November 7, 2015.

Passed by the City Council and ratified by a popular vote in a Special Election held on September 8, 2015, the Uniform Civil Rights Protection ordinance (Ordinance 5781) prohibits discrimination in employment, housing, and public accommodations, based upon sexual orientation or gender identity. Declaring that “[t]he right of an otherwise qualified person to be free from discrimination because of sexual orientation and gender identity is the same right of every citizen to be free from discrimination because of race, religion, national origin, gender and disability as recognized and protected by the Arkansas Civil Rights Act of 1993,” the Ordinance also protects anyone who opposes any act prohibited by the Ordinance or who participates in such an investigation.

Designed to overcome objections to a similar measure that was repealed in 2014, Ordinance 5781 exempts from its coverage any employer with fewer than nine employees, as well as any church, religious school or day school, and any other religious organization. It also includes an enforcement scheme that is conciliatory, rather than punitive, with civil fines imposed for violations.

Civil Rights Commission

Enforcement will be handled by a newly formed, seven-member Civil Rights Commission appointed by the City Council and comprised of representatives of the business community, owners or managers of rental property, and citizens at large (at least one of whom identifies as LGBT), as well as at least one person with experience in human resources or employment law.

Anyone claiming a violation of the ordinance must present that claim in writing to the Fayetteville City Attorney within 90 days of the alleged violation. The City Attorney must then forward the complaint to the Commission.

Resolution of any complaint will begin with informal and confidential mediation between the parties. If such attempts are unsuccessful, the claim will ultimately go to an evidentiary hearing before the Commission. Anyone found to have violated the Ordinance will be fined up to $100 for the first offense, with subsequent violations carrying the City’s general penalty of fines up to $500 and up to 30 days in jail if fines are not paid. However, there is no criminal classification or penalty associated with the Ordinance or its violation.

Opposition

The Fayetteville Chamber of Commerce, though a leading opponent of the measure repealed in 2014, is in full support of this one. The story may not end there, however.

Opponents of the law filed suit in August 2015, seeking to stop the Special Election and arguing that the measure infringes upon individuals’ and business owners’ freedom of religion, that sexual predators might use the law to prey upon women and children in public restrooms, and that the ballot had a misleading title that did not include any details about LGBT protections, among other things. Injunctive relief was denied, but the lawsuit is pending in Washington County Circuit Court. Further, Arkansas Attorney General Leslie Rutledge released an opinion on September 1, 2015, stating that Ordinance 5781, as well as any similar measure passed by other municipalities, conflicts with Arkansas state law, and therefore, should not survive legal challenge. She relies upon the state’s recently enacted Intrastate Commerce Improvement Act, which bans cities and counties from enacting or enforcing “an ordinance, resolution, rule or policy that creates a protected classification or prohibits discrimination on a basis not contained in state law.”

On the other hand, Fayetteville City Attorney Kit Williams has stated that he will defend the Ordinance. He said the Ordinance incorporates several existing state laws, including the Arkansas Anti-Bullying Act and the Fair Housing Act, which, by their very terms, provide LGBT protections. “The protected classifications are certainly there in state law, and, therefore, this is not a new protected classification,” said Williams. He also has questioned whether the Intrastate Commerce Improvement Act is constitutional under the equal protection clause of the U.S. Constitution’s 14th Amendment.

The new Ordinance is a part of a growing national trend to prevent employers, at the local level, from firing or declining to hire any person because of his or her sexual orientation or gender identity. Similar measures have been enacted by Pulaski County and five other cities in Arkansas: Little Rock, North Little Rock, Hot Springs, Eureka Springs, and Conway.

Article By James R. Mulroy, II & Jennifer C. Kellett of Jackson Lewis P.C.

Jackson Lewis P.C. © 2015

Washington Abuzz as Pope Francis, Xi Jinping Pass Through

This week, two highly anticipated visits have captivated the attention of the nation’s capital and the world. President Obama welcomed both Pope Francis and Chinese President Xi Jinping to Washington, with climate change concerns on top of each agenda. Momentum on the issue will carry into next week as United Nations Secretary General Ban Ki-moon brings together heads of state to discuss climate change on the sidelines of the UN General Assembly in New York.

The Obama administration also announced several funding efforts aimed at bolstering renewable energy technology. On September 16, Vice President Biden announced $102 million in initiatives targeted at scaling solar technology in 24 states. The day prior, the DOE announced that its small business voucher pilot program will launch September 23. The program will provide $20 million to selected national labs which will distribute vouchers and provide guidance to small businesses developing clean energy technologies.

Article By David J. Leiter of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.

©1994-2015 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

Act Now: The Department of Labor may experience a shutdown on 10/1/2015

DOLAlthough Congress continues to discuss the Fiscal Year 2016 budget, if an agreement is not reached or continuing resolution passed, the Department of Labor (DOL) will experience a shut down as of October 1, 2015. Should this happen, both the iCERT and PERM online filing systems will not accept applications and users will no longer have access to the system.  This shutdown will impact immigration cases including: E-3, H-1B, H-2A, H-2B, and PERM applications. In addition, the DOL will not be able to receive or review any filings received by mail. Employers are urged to review their upcoming expiration dates and deadlines to ensure they submit all necessary applications and responses on or before September 30, 2015.

Article By Jennifer Blloshmi of Greenberg Traurig, LLP

©2015 Greenberg Traurig, LLP. All rights reserved.

Pontiff’s Visit to Philadelphia (Part III) – Top Five (5) Last Minute Tips for Landlords/Owners

It’s just a few days away! The papal visit is expected to bring more than 2 million visitors to the Philadelphia area. Our last two articles (here and here) dealt with the positive economic impacts for the region and managing the masses during this event. Here are five (5) tips that should be at the top of the list for landlords and owners of commercial, retail and multi-family properties.philadelphia skyline

Review your Leases. With an event of this magnitude, it is a good time to take a last minute look at your leases to ensure all items are appropriately addressed. For instance, does your lease have certain notice requirements for limiting access to parking areas designated for tenants and their customers? If you plan on sectioning off certain parking areas, did you send notice out in time? Sometimes leases will have a provision that allows you to circumvent certain notice requirements, if actions are done for health and safety reasons.

Consider Beefing Up Your Property Management for the Next Few Days. If you are an owner or landlord for a smaller shopping center or property, you may not have an onsite property manager. Even if you have an on-site manager, they may be assigned to multiple addresses, and this influx of visitors will leave him or her feeling stretched too thin. With more than 2 million people expected to visit the region this weekend, you may want to contact a reputable property management company to ascertain an on-site person or add to your existing property management team. They say “Cleanliness is Next to Godliness.” Ensuring that trash, landscaping and other property management issues are addressed properly and timely can make your property sparkle to the masses.

Consider Alternate Routes to Access Your Property. Considering this enormous occasion, security and police presence will be high to protect the Pope, as well as ensure everyone has an enjoyable experience. If you are a property owner or landlord, you may want to advise your tenants of possible alternate routes to ensure they can cater to the crowds. Further, you probably want your property management team to know about these alternate routes as well to guarantee they can access your property in the event traffic is diverted.

Check Your Insurance Coverage. It’s times like these that remind you to check both your insurance policy coverage, as well as your tenants’. Have you requested evidence of your tenants’ coverage? As Philadelphia’s own Benjamin Franklin said, “An ounce of prevention is worth a pound of cure.” You may want to contact your insurance broker to obtain increased or special coverage.

Always Remember, When in Doubt, Contact Counsel. There are a multitude of issues that can arise when so many people attend a once in a lifetime event like this. The Pope’s visit is a true blessing, highlighting our region. It will be something that we will never forget. Now, more than ever, it is important to discuss your commercial, retail, and other property needs with experienced legal counsel to achieve your goals and resolve any issues.

Restaurants, caterers and vendors will feed the hungry. Retailers will cloth the attendees. And the Pope will provide a spiritual lift to everyone. Make sure that you and your property are well prepared for this fantastic event.

Article By Thomas S. OnderBrian H. Smith & Jerry A. Nelson of Stark & Stark
COPYRIGHT © 2015, STARK & STARK

EU Official Calls for Invalidation of EU–U.S. Safe Harbor Pact

A European Court of Justice (ECJ) advocate general, Yves Bot, has called for the European Union–U.S. Safe Harbor Agreement to be invalidated due to concerns over U.S. surveillance practices (press release here, opinion here). The ECJ has discretion to reject the recommendation, but such opinions are generally followed. A final decision on the issue is expected to be issued late this year or next year.

The issue arises out of the claims of an Austrian law student, Max Schrems, who challenged Facebook’s compliance with EU data privacy laws. (The case is Schrems v. (Irish) Data Protection Commissioner, ECJ C-362/14.) He claims that the Safe Harbor Framework fails to guarantee “adequate” protection of EU citizen data in light of the U.S. National Security Agency’s (NSA) surveillance activities. Although the Irish data protection authority rejected his claim, he appealed and the case was referred to the ECJ.

The European Data Protection Directive prohibits data of EU citizens from being transferred to third countries unless the privacy protections of the third countries are deemed adequate to protect EU citizens’ data. The U.S. and EU signed the Safe Harbor Framework in 2000, which permits companies self-certify to the U.S. Department of Commerce (DOC) annually that they abide by certain privacy principles when transferring data outside the EU. Companies must agree to provide clear data privacy and collection notices and offer opt-out mechanisms for EU consumers.

In 2013, former NSA contractor Edward Snowden began revealing large-scale interception and collection of data about U.S. and foreign citizens from companies and government sources around the globe. The revelations, which continue, have alarmed officials around the world, and already prompted the European Commission to urge more stringent oversight of data security mechanisms. The European Parliament voted in March 2014 to withdraw recognition from the Safe Harbor Framework. Apparently in response to the concern, the Federal Trade Commission (FTC) has taken action against over two dozen companies for failing to maintain Safe Harbor certifications while advertising compliance with the Framework, and in some cases claiming compliance without ever certifying in the first place. For more, see here (FTC urged to investigate companies), here (FTC settles with 13 companies in August 2015), and here (FTC settles with 14 companies in July 2014).

Advocate General Bot does not appear to have been mollified by the U.S. efforts, however. He determined that “the law and practice of the United States allow the large-scale collection of the personal data of citizens of the [EU,] which is transferred under the [S]afe [H]arbor scheme, without those citizens benefiting from effective judicial protection.” He concluded that this amounted to interference in violation of the right to privacy guaranteed under EU law, and that, notwithstanding the European Commission’s approval of the Safe Harbor Framework, EU member states have the authority to take measures to suspend data transfers between their countries and the U.S.

While the legal basis of that opinion may be questioned, and larger political realities regarding the ability to negotiate agreements between the EU and the U.S. are at play, if followed by the ECJ, this opinion would make it extremely difficult for companies to offer websites and services in the EU. This holds true even for many EU companies, including those that may have cloud infrastructures that store or process data in U.S. data centers. It could prompt a new round of negotiations by the U.S. and European Commission to address increased concerns in the EU about surveillance.

Congressional action already underway may help release some tension, with the House Judiciary Committee unanimously approving legislation that would give EU consumers a judicial right of action in the U.S. for violations of their privacy. This legislation was a key requirement of the EU in an agreement in principle that would allow the EU and U.S. to exchange data between law enforcement agencies during criminal and terrorism investigations.

Although the specific outcome of this case will not be known for months, the implications for many businesses are clear: confusion and continued change in the realms of privacy and data security, and uncertainty about the legal rules of the game. Increased fragmentation across the EU may result, with a concomitant need to keep abreast of varying requirements in more countries. Change and lack of harmonization is surely the new normal now.

Article By Sheila A. MillarTracy P. Marshall & Nathan A. Cardon of Keller and Heckman LLP

© 2015 Keller and Heckman LLP

Controlled Burn: Attorney Perspective on Lone Pine Orders

A Lone Pine order is basically a controlled burn, or it accomplishes the same objective at least.  In theory, it is a “fire” used to prevent the growth or blaze of meritless litigation.  Don’t want a nasty, complex lawsuit to grow or blaze out of control?  Hit it with a Lone Pine order early on in hopes of killing that volatile vegetation. Is it fair?  It depends on which side of the courtroom you’re sitting on.  Because it acts essentially as an early motion for summary judgment, generally speaking, plaintiff’s attorneys hate them, defense lawyers love them. Does it work?  A recent opinion from the Colorado Supreme Court suggests a similar response is required. It depends on which courtroom you’re sitting in – federal or state (and if state, which one).

So what is a Lone Pine order?  It’s basically a case management order from the court that requires plaintiffs to produce a certain measure of evidence to support their claims at a very early stage in the litigation.  Typically, the orders require plaintiffs to produce evidence of (1) exposure; (2) damage (a disease or property damage); and (3) causation.  Lone Pine orders are most often used in complex litigation to identify meritless claims and streamline the litigation. They are typically issued under Rule 16 of the Rules of Civil Procedure, which allows courts to adopt special procedures for managing potentially difficult or protracted actions.  Fed. R. Civ. P. 16(c)(2).  This sounds kind of like an ambiguous instruction to The Fixer in the mafia: “We need you to handle this Big Nicky.”  As a defense attorney, if you want to put some heat to a complex case, you ask the judge for a Lone Pine order.  If plaintiff’s counsel cannot put forth sufficient evidence to support the claims, the case is dismissed.  The burn is initiated, the dry, delicate tinder is extinguished and there will be no raging wildfire today.

While defense attorneys will argue the bar is not high ─ in that plaintiff’s counsel should have compiled evidence sufficient to meet the requirements of a Lone Pine order long before filing suit ─ plaintiff’s attorneys see Lone Pine orders as premature summary judgment because it forces them to make a prima facie showing of their claims before they are entitled to a lick of discovery from the defendant.  Even assuming the burden can be met, it still requires plaintiff’s counsel to essentially “show their hand” very early in the litigation without a similar requirement from the defense.  In short, while a Lone Pine order can be an effective case management tool, it is a pretty high bar to set right out of the gate before any discovery has been conducted in the case.  This is likely the reason the Colorado Supreme Court recently struck down the trial court’s use of a Lone Pine order in Strudley v. Antero Resources Corp. No. 13SC576, 2015 WL 1813000 (Colo. Apr. 20, 2015).

In Strudley, the trial court dismissed the plaintiffs’ case following their failure to make a sufficient evidentiary showing under a Lone Pine order.  Plaintiffs appealed and the Colorado Court of Appeals reversed based on its conclusion that Lone Pine orders were not permitted under Colorado law.  The Colorado Supreme Court recently affirmed, finding Colorado’s Rule 16 did not provide a trial court with authority to “fashion its own summary judgment” by filtering and dismissing claims during the early stages of litigation.  This finding was based primarily on a comparison of the state rule and its federal counterpart and Colorado’s decision not to adopt the “special procedures for managing potentially difficult or protected actions” that are included in the federal version of Rule 16.  The court rejected defendant’s arguments that the spirit of the state rule encouraged early dismissal of frivolous claims in explaining a stated goal does not equate to a grant of authority to achieve that goal.

While Strudley was a win for the plaintiff’s side and shows that an overly-aggressive state court Lone Pine order may face scrutiny on appeal, it seems this was an anomaly overall.  Most federal courts and many state courts find the federal version of Rule 16 supports use of a Lone Pine order to identify meritless claims and streamline litigation.  It’s like a controlled burn of their docket.

Article by Annie Dike of IMS ExpertServices
© Copyright 2002-2015 IMS ExpertServices, All Rights Reserved.

Wearables, Wellness and Privacy

Bloomberg BNA recently reported that this fall the Center for Democracy & Technology (CDT) will be issuing a report on Fitbit Inc.’s privacy practices. Avid runners, walkers or those up on the latest gadgets likely know about Fitbit, and its line of wearable fitness devices. Others may know about Fitbit due to the need to measure progress in their employers’ wellness programs, or even whether they qualify for an incentive. When participating in those programs, employees frequently raise questions about the privacy and security of data collected under such programs, a compliance issue for employers. Earlier this month, FitBit reported that its wellness platform is HIPAA compliant.

fitbit, charge HR, wearable technology, fitness tech, exercise, step counter, weight loss deviceFitBit’s Charge HR (the one I use) tracks some interesting data in addition to the number of steps: heart rate, calories burned, sleep activity, and caller ID. This and other data can be synched with a mobile app allowing users to, among other things: create a profile with more information about themselves, to track progress daily and weekly, and to find and communicate with friends also using a similar device.

Pretty cool stuff, and reasons why FitBit is the most popular manufacturer of wearables with nearly 25 percent of the market, as noted by Bloomberg BNA. But, of course, FitBit is not the only player in the market, and the same issues have to considered with the use of wearables regardless of the manufacturer.

According to Bloomberg BNA’s article, one of the concerns raised by CDT about FitBit and other wearables is that the consumer data collected by the devices may not be protected by federal health privacy laws. However, CDT’s deputy director of the Consumer Privacy Project stated to Bloomberg BNA that she has “a real sense that privacy matters” to FitBit. This is a good sign, but the laws that apply to the use of these kinds of devices depend on how they are used.

When it comes to employer-sponsored wellness programs and health plans, a range of laws may apply raising questions about what data can be collected, how it can be used and disclosed, and what security safeguards should be in place. At the federal level, the Health Insurance Portability and Accountability Act (HIPAA), the Americans with Disabilities Act (ADA), and the Genetic Information Nondiscrimination Act (GINA) should be on every employer’s list. State laws, such as California’s Confidentiality of Medical Information Act, also have to be taken into account when using these devices in an employment context.

Recently issued EEOC proposed regulations concerning wellness programs and the ADA address medical information confidentiality. If finalized in their current form, among other safeguards, the regulations would require employers to provide a notice informing employee about:

  • what medical information will be obtained,

  • who will receive the medical information,

  • how the medical information will be used,

  • the restrictions on its disclosure, and

  • the methods that will be used to prevent improper disclosure.

Preparing these notices for programs using wearables will require knowing more about the capabilities of the devices and how data is accessed, managed, disclosed and safeguarded.

But is all information collected from a wearable “medical information”? Probably not. The number of steps a person takes on a given day, in and of itself, seems unlikely to be medical information. However, data such as heart rate and other biometrics might be considered medical information subject to the confidentiality rule. Big data analytics and IoT may begin to play a greater role here, enabling more detailed pictures to be developed about employees and their activities and health through the many devices they use.

Increasingly wellness programs seek to incentivize the household, or at least employees and their spouses. Collecting data from wearables of both employee and spouse may raise issues under GINA which prohibits employers from providing incentives to obtain genetic information from employees. Genetic information includes the manifestation of disease in family members (yes, spouses are considered family members under GINA). The EEOC is currently working on proposed regulations under GINA that we are hoping will provide helpful insight into this and other issues related to GINA.

HIPAA too may apply to wearables and their collection of health-related data when related to the operation of a group health plan. Employers will need to consider the implications of this popular set of privacy and security standards including whether (i) changes are needed in the plan’s Notice of Privacy Practices, (ii) business associate agreements are needed with certain vendors, and (iii) the plan’s risk assessment and policies and procedures adequately address the security of PHI in connection with these devices.

Working through plans for the design and implementation of a typical wellness program certainly must involve privacy and security; moreso for programs that incorporate wearables. FitBits and other devices likely raise employees’ interest and desire to get involved, and can ease administration of the program, such as in regard to tracking achievement of program goals. But they raise additional privacy and security issues in an area where the law continues to develop. So, employers need to consider this carefully with their vendors and counselors, and keep a watchful eye for more regulation likely to be coming.

Until then, I need to get a few more steps in…

Article By Joseph J. Lazzarotti of Jackson Lewis P.C.

Jackson Lewis P.C. © 2015

HIPAA: Disclosing Exam Results to Employers

Physicians and other providers are often paid by employers to conduct drug tests, fitness-for-duty or return-to-work exams, or employment physicals for employees. In such circumstances, the physician may mistakenly assume that they may disclose the test and exam results to the employer without the patient’s authorization, but that is not correct.HIPAA

As with any other protected health information, physicians and other providers generally need the patient’s written, HIPAA-compliant authorization to disclose exam results to the employer. (45 CFR 164.508(a); see also 65 FR 82592 and 82640). However, unlike other treatment situations, a provider may condition the performance of an employee physical or test on the patient’s provision of an authorization, i.e., the provider may refuse to perform the exam unless the patient executes a valid authorization. (45 CFR 164.508(b)(4)(iii); 65 FR 82516 and 82658). In addition, the employer may condition the employee’s continued employment on the provision of the exam results (at least under HIPAA), thereby creating an incentive for the employee to execute the authorization. (65 FR 82592 and 82640). The foregoing rules also apply when the health care provider is the employer, e.g., when a hospital employee receives treatment or tests at the hospital. In those situations, the hospital/employer generally may not access or use the patient/employee’s health information for employment-related purposes without the patient’s written authorization. (67 FR 53191-92).

An employee who receives an unfavorable test or exam result may attempt to block disclosure by revoking their authorization. Although patients are generally entitled to revoke their authorization by submitting a written revocation, HIPAA contains an exception that limits revocation if and to the extent that the provider has taken action in reliance on the authorization. (45 CFR 164.508(b)(5)). That exception should apply when the provider has conditioned and provided the test or exam in reliance on the patient’s authorization.

There are very limited exceptions to the authorization requirement. As in other situations, a provider may disclose protected health information to an appropriate entity if necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public (45 CFR 164.512(j)), or if the disclosure is otherwise required by law. (Id. at 164.512(a)). HIPAA contains a specific exception that allows disclosures to employers if the exam was performed as part of a medical surveillance of the workplace and the employer needs the information to report work-related injuries as required by OSHA, MSHA, or similar state laws. (Id. at 164.512(b)(v)). Finally, HIPAA allows providers to disclose protected health information as authorized by and to the extent necessary to comply with workers compensation laws. (Id. at 164.512(l)).

The bottom line: if you are a physician or other provider who conducts employment physicals, tests, or exams, be sure you obtain the patient’s written, HIPAA-compliant authorization before conducting the exam and/or disclosing test or exam results to the employer.

Article By Kim C. Stanger, Pia Dean & William W. Mercer of Holland & Hart LLP

Copyright Holland & Hart LLP 1995-2015.

Nothing to See in This Story about the Electronic Communications Privacy Act

Check out this story.  In it, we learn this:electronic privacy act

Andrew Ceresney, director of the Division of Enforcement at the Securities and Exchange Commission, [told] the Senate’s Committee on the Judiciary at a hearing on Wednesday morning that the pending Electronic Communications Privacy Act Amendments Act would impede the ability of the SEC and other civil law enforcement agencies to investigate and uncover financial fraud and other unlawful conduct. Ceresney testified that the bill, intended to modernize portions of the Electronic Communications Privacy Act which became law in 1986, would frustrate the SEC’s efforts to gather evidence, including communications such as emails, directly from an Internet services provider.

So.  Let’s talk about what’s really at issue here.  We’re not talking about emails collected from companies with their own domain names and servers.  If a company maintains its own emails for its own purposes, the company is not a “provider of electronic communication service” under the ECPA and those emails are subject to SEC subpoenas just like its other documents.

But take, say, Google and Yahoo, among many others.  They are providers of electronic communication services.  Here’s what 18 U.S.C. § 2703(a) says about them:

A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction. A governmental entity may require the disclosure by a provider of electronic communications services of the contents of a wire or electronic communication that has been in electronic storage in an electronic communications system for more than one hundred and eighty days by the means available under subsection (b) of this section.

In plainer English, the SEC may require Google to disclose the contents of its customer’s emails if the emails have been in storage for 181 days.  For newer emails, the government must have a search warrant, which the SEC can’t get as a civil enforcement authority.

For the SEC, the ECPA typically comes up when it is investigating people who are not using corporate email addresses.  For example, Ponzi schemes and prime bank frauds are often going to be run on hotmail.com, not citigroup.com.  The problem for the SEC is, people running Ponzi schemes tend to have few issues with deleting incriminating emails.  And Google isn’t obligated to keep those deleted emails for any particular time period.  So if some guy defrauds a bunch of people and then quickly deletes the emails explaining how the fraud happened, there’s not a lot the SEC can do about it.  So it is very, very rare when the SEC is successful in using the ECPA to get emails from “providers of electronic communication service.”  And so . . . when Andrew Ceresney tells the Senate Judiciary Committee that amendments to the ECPA could impede civil law enforcement’s ability to uncover financial fraud and other unlawful conduct, he’s sort of right.  I might make the same argument if I were in his shoes.  But he’s also saying something that is almost inconsequential.  If the ECPA is not amended, the SEC will have a very hard time getting a hold of useful gmails.  If the ECPA is amended, it will have a very hard time getting a hold of useful gmails.  Just about every other issue in data privacy and securities enforcement is more significant than this one.

Article By David Smyth of Brooks, Pierce, McLendon, Humphrey & Leonard, LLP

Copyright © 2015, Brooks, Pierce, McLendon, Humphrey & Leonard LLP