Biden Archives - The National Law Forum

President Biden Announces Groundbreaking Restrictions on Access to Americans’ Sensitive Personal Data by Countries of Concern

The EO and forthcoming regulations will impact the use of genomic data, biometric data, personal health care data, geolocation data, financial data and some other types of personally identifiable information. The administration is taking this extraordinary step in response to the national security risks posed by access to US persons’ sensitive data by countries of concern – data that could then be used to surveil, scam, blackmail and support counterintelligence efforts, or could be exploited by artificial intelligence (AI) or be used to further develop AI. The EO, however, does not call for restrictive personal data localization and aims to balance national security concerns against the free flow of commercial data and the open internet, consistent with protection of security, privacy and human rights.

The EO tasks the US Department of Justice (DOJ) to develop rules that will address these risks and provide an opportunity for businesses and other stakeholders, including labor and human rights organizations, to provide critical input to agency officials as they draft these regulations. The EO and forthcoming regulations will not screen individual transactions. Instead, they will establish general rules regarding specific categories of data, transactions and covered persons, and will prohibit and regulate certain high-risk categories of restricted data transactions. It is contemplated to include a licensing and advisory opinion regime. DOJ expects companies to develop and implement compliance procedures in response to the EO and subsequent implementing of rules. The adequacy of such compliance programs will be considered as part of any enforcement action – action that could include civil and criminal penalties. Companies should consider action today to evaluate risk, engage in the rulemaking process and set up compliance programs around their processing of sensitive data.

Companies across industries collect and store more sensitive consumer and user data today than ever before; data that is often obtained by data brokers and other third parties. Concerns have grown around perceived foreign adversaries and other bad actors using this highly sensitive data to track and identify US persons as potential targets for espionage or blackmail, including through the training and use of AI. The increasing availability and use of sensitive personal information digitally, in concert with increased access to high-performance computing and big data analytics, has raised additional concerns around the ability of adversaries to threaten individual privacy, as well as economic and national security. These concerns have only increased as governments around the world face the privacy challenges posed by increasingly powerful AI platforms.

The EO takes significant new steps to address these concerns by expanding the role of DOJ, led by the National Security Division, in regulating the use of legal mechanisms, including data brokerage, vendor and employment contracts and investment agreements, to obtain and exploit American data. The EO does not immediately establish new rules or requirements for protection of this data. It instead directs DOJ, in consultation with other agencies, to develop regulations – but these restrictions will not enter into effect until DOJ issues a final rule.

Broadly, the EO, among other things:

Directs DOJ to issue regulations to protect sensitive US data from exploitation due to large scale transfer to countries of concern, or certain related covered persons and to issue regulations to establish greater protection of sensitive government-related data
Directs DOJ and the Department of Homeland Security (DHS) to develop security standards to prevent commercial access to US sensitive personal data by countries of concern
Directs federal agencies to safeguard American health data from access by countries of concern through federal grants, contracts and awards

Also on February 28, DOJ issued an Advance Notice of Proposed Rulemaking (ANPRM), providing a critical first opportunity for stakeholders to understand how DOJ is initially contemplating this new national security regime and soliciting public comment on the draft framework.

According to a DOJ fact sheet, the ANPRM:

Preliminarily defines “countries of concern” to include China and Russia, among others
Focuses on six enumerated categories of sensitive personal data: (1) covered personal identifiers, (2) geolocation and related sensor data, (3) biometric identifiers, (4) human genomic data, (5) personal health data and (6) personal financial data
Establishes a bulk volume threshold for the regulation of general data transactions in the enumerated categories but will also regulate transactions in US government-related data regardless of the volume of a given transaction
Proposes a broad prohibition on two specific categories of data transactions between US persons and covered countries or persons – data brokerage transactions and genomic data transactions.
Contemplates restrictions on certain vendor agreements for goods and services, including cloud service agreements; employment agreements; and investment agreements. These cybersecurity requirements would be developed by DHS’s Cybersecurity and Infrastructure Agency and would focus on security requirements that would prevent access by countries of concern.

The ANPRM also proposes general and specific licensing processes that will give DOJ considerable flexibilities for certain categories of transactions and more narrow exceptions for specific transactions upon application by the parties involved. DOJ’s licensing decisions would be made in collaboration with DHS, the Department of State and the Department of Commerce. Companies and individuals contemplating data transactions will also be able to request advisory opinions from DOJ on the applicability of these regulations to specific transactions.

A White House fact sheet announcing these actions emphasized that they will be undertaken in a manner that does not hinder the “trusted free flow of data” that underlies US consumer, trade, economic and scientific relations with other countries. A DOJ fact sheet echoed this commitment to minimizing economic impacts by seeking to develop a program that is “carefully calibrated” and in line with “longstanding commitments to cross-border data flows.” As part of that effort, the ANPRM contemplates exemptions for four broad categories of data: (1) data incidental to financial services, payment processing and regulatory compliance; (2) ancillary business operations within multinational US companies, such as payroll or human resources; (3) activities of the US government and its contractors, employees and grantees; and (4) transactions otherwise required or authorized by federal law or international agreements.

Notably, Congress continues to debate a comprehensive Federal framework for data protection. In 2022, Congress stalled on the consideration of the American Data Privacy and Protection Act, a bipartisan bill introduced by House energy and commerce leadership. Subsequent efforts to move comprehensive data privacy legislation in Congress have seen little momentum but may gain new urgency in response to the EO.

The EO lays the foundation for what will become significant new restrictions on how companies gather, store and use sensitive personal data. Notably, the ANPRM also represents recognition by the White House and agency officials that they need input from business and other stakeholders to guide the draft regulations. Impacted companies must prepare to engage in the comment process and to develop clear compliance programs so they are ready when the final restrictions are implemented.

Kate Kim Tuma contributed to this article

Biden Executive Order Calls for HHS to Establish Health Care-Specific Artificial Intelligence Programs and Policies

On October 30, 2023, the Biden Administration released and signed an Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (Executive Order) that articulates White House priorities and policies related to the use and development of artificial intelligence (AI) across different sectors, including health care.

The Biden Administration acknowledged the various competing interests related to AI, including weighing significant technological innovation against unintended societal consequences. Our Mintz and ML Strategies colleagues broadly covered the Executive Order in this week’s issue of AI: The Washington Report. Some sections of the Executive Order are sector-agnostic but will be especially relevant in health care, such as the requirement that agencies use available policy and technical tools, including privacy-enhancing technologies (PETs) where appropriate, to protect privacy and to combat the improper collection and use of individuals’ data.

The Biden Administration only recently announced the Executive Order, but the discussion of regulating AI in health care is certainly not novel. For example, the U.S. Food and Drug Administration (FDA) has already incorporated artificial intelligence and machine learning-based medical device software into its medical device and software regulatory regime. The Office of the National Coordinator for Health Information Technology (ONC) also included AI and machine learning proposals under the HTI-1 Proposed Rule, including proposals to increase algorithmic transparency and allow users of clinical decision support (CDS) to determine if predictive Decision Support Interventions (DSIs) are fair, appropriate, valid, effective, and safe.

We will focus this post on the Executive Order health care-specific directives for the U.S. Department of Health and Human Services (HHS) and other relevant agencies.

HHS AI Task Force and Quality Assurance

To address how AI should be used safely and effectively in health care, the Executive Order requires HHS, in consultation with the Secretary of Defense and the Secretary of Veterans Affairs, to establish an “HHS AI Task Force” by January 28, 2024. Once created, the HHS AI Task Force has 365 days to develop a regulatory action plan for predictive and generative AI-enabled technologies in health care that includes:

use of AI in health care delivery and financing and the need for human oversight where necessary and appropriate;
long-term safety and real-world performance monitoring of AI-enabled technologies;
integration of equity principles in AI-enabled technologies, including monitoring for model discrimination and bias;
assurance that safety, privacy, and security standards are baked into the software development lifecycle;
prioritization of transparency and making model documentation available to users to ensure AI is used safely;
collaboration with state, local, Tribal, and territorial health and human services agencies to communicate successful AI use cases and best practices; and
use of AI to make workplaces more efficient and reduce administrative burdens where possible.

HHS also has until March 28, 2024 to take the following steps:

consult with other relevant agencies to determine whether AI-enabled technologies in health care “maintain appropriate levels of quality”;
develop (along with other agencies) AI assurance policies to evaluate the performance of AI-enabled health care tools and assess AI-enabled health care-technology algorithmic system performance against real-world data; and
consult with other relevant agencies to reconcile the uses of AI in health care against federal non-discrimination and privacy laws, including providing technical assistance to and communicating potential consequences of noncompliance to health care providers and payers.

AI Safety Program and Drug Development

The Executive Order also directs HHS, in consultation with the Secretary of Defense and the Secretary of Veterans Affairs, to organize and implement an AI Safety Program by September 30, 2024. In partnership with federally listed Patient Safety Organizations, the AI Safety Program will be tasked with creating a common framework that organizations can use to monitor and track clinical errors resulting from AI used in health care settings. The program will also create a central tracking repository to track complaints from patients and caregivers who report discrimination and bias related to the use of AI.

Additionally, by September 30, 2024, HHS must develop a strategy to regulate the use of AI or AI-enabled tools in the various phases of the drug development process, including determining opportunities for future regulation, rulemaking, guidance, and use of additional statutory authority.

HHS Grant and Award Programs and AI Tech Sprint

The Executive Order also directs HHS to use existing grant and award programs to support ethical AI development by health care technology developers by:

leveraging existing HHS programs to work with private sector actors to develop AI-enabled tools that can create personalized patient immune-response profiles safely and securely;
allocating 2024 Leading Edge Acceleration Projects (LEAP) in Health Information Technology funding for the development of AI tools for clinical care, real-world-evidence programs, population health, public health, and related research; and
accelerating grants awarded through the National Institutes of Health Artificial Intelligence/Machine Learning Consortium to Advance Health Equity and Researcher Diversity (AIM-AHEAD) program and demonstrating successful AIM-AHEAD activities in underserved communities.

The Secretary of Veterans Affairs must also host two 3-month nationwide AI Tech Sprint competitions by September 30, 2024, with the goal of further developing AI systems to improve the quality of health care for veterans.

Key Takeaways

The Executive Order will spark the cross-agency development of a variety of AI-focused working groups, programs, and policies, including possible rulemaking and regulation, across the health care sector in the coming months. While the law has not yet caught up with the technology, the Executive Order provides helpful insight into the areas that will be topics of new legislation and regulation, such as drug development, as well as what may be the new enforcement priorities under existing law such as non-discrimination and data privacy and security. Health care technology developers and users will want to review their current policies and practices in light of the Biden Administration’s priorities to determine possible areas of improvement in the short term in connection with developing, implementing, and using AI.

Additionally, the National Institute of Standards and Technology (NIST) released the voluntary AI Risk Management Framework in January 2023 that, among other things, organizations can use to analyze and manage risks, impacts, and harms while responsibly designing, developing, deploying, and using AI systems over time. The Executive Order calls for NIST to develop a companion resource to the AI Risk Management Framework for generative AI. In preparation for the new AI programs and possible associated rulemaking from HHS, organizations in health care will want to familiarize themselves with the NIST AI Risk Management Framework and its generative AI companion as well as the AI Bill of Rights published by the Biden Administration in October 2022 to better understand what the federal government sees as characteristics of trustworthy AI systems.

Madison Castle contributed to this article.

Administration Continues Overhaul of Endangered Species Act Regulations

On June 22, 2023, the U.S. Fish and Wildlife Service (“FWS”) and the National Marine Fisheries Service (“NMFS”) (collectively, the “Services”) published three proposed rules that would significantly revise their regulations implementing several sections of the Endangered Species Act (“ESA”). Primarily, the Services’ proposals focus on amending or reversing several components of the ESA regulations promulgated in 2019 by the prior Administration, including the implementation of Section 4 (listing of species as threatened or endangered and the designation of critical habitat), Section 7 (consultation procedures); and Section 4(d) (application of the “take” prohibitions to threatened species). In addition, and beyond the scope of the 2019 final rules, the Services are proposing revisions to the Section 7 regulations regarding the scope and application of reasonable and prudent measures (“RPM”) and to the Section 4(d) regulations to include certain exceptions for federally recognized Tribes. Comments on the three proposed rules are due by August 21, 2023.

Background

The species and habitat protected under the ESA extend to all aspects of our communities, lands, and waters. There are almost 2,400 species listed as threatened or endangered pursuant to ESA Section 4. Critical habitat for one or more species has been designated in all regions of the U.S. and its territories. Through the Section 7 consultation process and “take” prohibitions under Sections 9 and 4(d), the ESA imposes species and habitat protection measures on the use and management of private, federal, and state lands and waters and, consequently, on governmental and private activities.

These proposed rules reflect the Biden Administration’s continuing efforts to reform and revise the Services’ approach to ESA implementation that was adopted by the prior Administration. Pursuant to President Biden’s Executive Order 13990, the Services reviewed certain agency actions for consistency with the new Administration’s policy objectives. As part of that review, the Services identified five final rules related to ESA implementation that should be reconsidered. Previously, in 2022, the Services rescinded two of those final rules—the regulatory definition of “habitat” for the purpose of designating critical habitat and the regulatory procedures for excluding areas from critical habitat designations. While these proposed rules reflect the consummation of that initial effort, the Services are currently contemplating additional revisions to other ESA regulations and policies.

Proposed Revisions to the Regulations for Listing Species and Designating Critical Habitat

Section 4 of the ESA dictates how the Services list species as threatened or endangered, delist or reclassify species, and designate areas as critical habitat. The proposed rule would make several targeted revisions to these procedures. Notable changes would include:

Evaluation of the “foreseeable future” for threatened species: The proposed rule would revise the applicable regulatory framework to state that “[t]he term foreseeable future extends as far into the future as the Services can reasonably rely on information about threats to the species and the species’ responses to those threats.” The Services note that this revision is intended to reflect that absolute certainty about utilized information is not necessary, just a reasonable degree of confidence in the prediction. The Services are also considering whether to rescind the framework for interpreting and implementing the “foreseeable future” in its entirety.
Designation of unoccupied critical habitat: The proposed rule would revise the two-step process for determining when unoccupied areas may be designated as critical habitat. proposed rule addresses how specific areas that are unoccupied critical habitats are designated. In part, the Services would remove the requirement that they “will only consider” unoccupied areas to be essential when a designation limited to occupied critical habitat would be inadequate for the conservation of the species. The Services also would remove the provision that an unoccupied area is considered essential when there is reasonable certainty both that the area will contribute to the conservation of the species and that it contains one or more physical or biological features essential to the conservation of the species.
Not prudent determinations for critical habitat designation: The proposed rule would remove the justification for making a not prudent determination when threats to a species’ habitat are from causes that cannot be addressed through management actions in a Section 7 consultation. The Services note that this is intended to address the misperception that a designation of critical habitat could be declined for species impacted by climate change.
Factors for delisting species: The proposed rule would restore language that delisting is appropriate when the species “is recovered.” The Services would also clarify that the delisting analysis is not limited to the same specific factors or threats that led to the listing of the species.
Economic impacts in classification process: The proposed rule would restore the regulatory condition that a species listing determination is to be made “without reference to possible economic or other impacts of such determination.”

Proposed Revisions to the Consultation Regulations

The ESA Section 7 consultation requirement applies to discretionary federal agency actions—including federal permits, licenses and authorizations, management of federal lands, and other federal programs. Federal actions that are likely to adversely affect a listed species or designated critical habitat must undergo a formal consultation review and issuance of a biological opinion evaluating whether the action is likely to jeopardize the continued existence of a species or result in the destruction or adverse modification of critical habitat. The biological opinion also evaluates the extent to which “take” of a listed species may occur as a result of the action and quantifies the level of incidental take that is authorized. The proposed rule would make the following notable changes to the applicable regulations:

Expanded scope of reasonable and prudent measures: The proposed rule would revise and expand the scope of RPMs that could be included as part of an incidental take statement in a biological opinion. In a change from their prior interpretation, and in addition to measures that avoid or minimize impacts of take, the Services would have discretion to include measures as an RPM that offset any remaining impacts of incidental take that cannot be avoided (e.g., for certain impacts, offsetting measures could include restoring or protecting suitable habitat). The Services also would allow RPMs, and their implementing terms and conditions, to occur inside or outside of the action area. Any offsetting measures would be subject to the requirement that RPMs may only involve “minor changes” to the action, must be commensurate with the scale of the impact, and must be within the authority and discretion of the action agency or applicant to carry out.
Revised definition of “effects of the action”: In an effort to clarify that the consequences to listed species or critical habitat that are included within effects of the action relate to both the proposed action and activities that are caused by the proposed action, the proposed rule would add a phrase to the definition to note that it includes “the consequences of other activities that are caused by the proposed action but that are not part of the action.” In addition, the proposed rule would remove provisions at 50 C.F.R. § 402.17, added in 2019, which provide the factors used to determine whether an activity or a consequence is “reasonably certain to occur.”
Revised definition of “environmental baseline”: The proposed rule would revise the definition in an effort to more clearly address the question of a federal agency’s discretion over its own activities and facilities when determining what is included within the environmental baseline. The Services note that it is the federal action agency’s discretion to modify the activity or facility that is the determining factor when deciding which impacts of an action agency’s activity or facility should be included in the environmental baseline, as opposed to the effects of the action. The Services also would remove the term “ongoing” from the definition in an effort to clarify that any continuation of a past and present discretionary practice or operation would be in the environmental baseline.
Clarification of obligation to reinitiate consultation: The proposed rule would remove the phrase “or by the Service” to clarify that it is the federal agency, and not the Services, that has the obligation to request reinitiating of consultation when one or more of the triggering criteria have been met (and discretionary involvement or control over the action is retained).

Proposed Reinstatement of Blanket Protections for FWS Species Listed as Threatened

Pursuant to the ESA, threatened and endangered species are treated differently with respect to what are often called the “take” prohibitions of the Act. In part, ESA Section 9(a)(1) prohibits the unauthorized take—which is defined as an act “to harass, harm, pursue, hunt, shoot, wound, kill, trap, capture, or collect”—of an endangered species. In contrast, under Section 4(d) of the ESA, the Secretary may issue a regulation applying any prohibition set forth in Section 9(a)(1) to a threatened species. Historically, FWS applied a “blanket 4(d) rule” that automatically extended all ESA Section 9(a)(1) prohibitions to a threatened species unless a species-specific rule was otherwise adopted. In 2019, FWS revised its approach to align with NMFS’s long-standing practice, which only applies the ESA prohibitions to threatened species on a species-specific basis. The proposed rule would make the following notable changes to FWS’s approach under Section 4(d):

Reinstate blanket 4(d) rule: The proposed rule would reinstate the general application of the “blanket 4(d) rule” to newly listed threatened species. As before, FWS would retain the option to promulgate species-specific rules that revise the scope or application of the prohibitions that would apply to threatened species.
New exceptions for Tribes: The proposed rule proposed rule would extend to federally recognized Tribes the ability currently afforded to FWS and other federal and state agencies to aid, salvage, or dispose of threatened species. FWS is also considering an additional revision that would extend exceptions to the prohibitions to certain individuals from a federally recognized Tribe’s natural resource agency for take associated with conservation activities pursuant to an approved cooperative agreement that covers the threatened species.

For more environmental legal news, click here to visit the National Law Review.

Biden Administration Revitalizes and Advances the Federal Government’s Commitment to Environmental Justice

On April 21, 2023, the eve of Earth Day, President Biden continued his Administration’s spotlight on environmental justice issues by signing Executive Order 14096, entitled “Revitalizing Our Nation’s Commitment to Environmental Justice for All.”

This Executive Order prioritizes and expands environmental justice concepts first introduced in President Clinton’s 1994 Executive Order 12898. The 1994 Order directed federal agencies to develop environmental justice strategies to address the disproportionately high and adverse human health or environmental effects of federal programs on minority and low-income populations.

One of President Biden’s early actions [covered here], Executive Order 14008, introduced the whole-of-government approach for all executive branch agencies to address climate change, environmental justice, and civil rights. It created the White House Environmental Justice Interagency Council, comprising of 15 federal agencies, including the United States Environmental Protection Agency (“EPA”) and the Department of Justice. Biden’s new Executive Order expands the whole-of-government approach by: (1) adding more agencies to the Environmental Justice Interagency Council and (2) establishing a new White House Office of Environmental Justice within the White House Council on Environmental Quality (“CEQ”). The new Office of Environmental Justice will be led by a Federal Chief Environmental Justice Officer and will coordinate the implementation of environmental justice policies across the federal government.

This new Executive Order emphasizes action over aspiration by directing federal agencies to “address and prevent disproportionate and adverse environmental health and impacts on communities.” It charges federal agencies with assessing their environmental justice efforts and developing, implementing, and periodically updating an environmental justice strategic plan. These new Environmental Justice Strategic Plans and Assessments are to be submitted to the CEQ and made public regularly, including through an Environmental Justice Scorecard, a new government-wide assessment of each federal agency’s efforts to advance environmental justice.

Specifically, defining “environmental justice” is one strategy to make concrete what federal agency efforts will address. Under the Executive Order, “environmental justice” means “the just treatment and meaningful involvement of all people, regardless of income, race, color, national origin, Tribal affiliation, or disability, in agency decision-making and other Federal activities that affect human health and the environment so that people: (i) are fully protected from disproportionate and adverse human health and environmental effects (including risks) and hazards, including those related to climate change, the cumulative impacts of environmental and other burdens, and the legacy of racism or other structural or systemic barriers; and (ii) have equitable access to a healthy, sustainable, and resilient environment in which to live, play, work, learn, grow, worship, and engage in cultural and subsistence practices.” This definition adds “Tribal affiliation” and “disability” to the protected categories and expands the scope of effects, risks, and hazards to be protected against. The Fact Sheet accompanying the Executive Order explains that the definition’s use of the phrase “disproportionate and adverse” is a simpler, modernized equivalent of the phrase “disproportionately high and adverse” originally used in Executive Order 12898. Whether this change in language from “disproportionately high” to “disproportionate” will affect agency decision-making is something to watch for in the future.

As part of the government-wide mission to achieve environmental justice, the Executive Order explicitly directs each agency to address and prevent the cumulative impacts of pollution and other burdens like climate change, including carrying out environmental reviews under the National Environmental Policy Act (“NEPA”), by:

Analyzing direct, indirect, and cumulative effects of federal actions on communities with environmental justice concerns;
Considering the best available science and information on any disparate health effects (including risks) arising from exposure to pollution and other environmental hazards, such as information related to the race, national origin, socioeconomic status, age, disability, and sex of the individuals exposed; and,
Providing opportunities for early and meaningful involvement in the environmental review process by communities with environmental justice concerns potentially affected by a proposed action, including when establishing or revising agency procedures under NEPA.
The Executive Order also emphasizes transparency by directing agencies to ensure that the public, including members of communities with environmental justice concerns, has adequate access to information on federal activities. These activities include planning, regulatory actions, implementation, permitting, compliance, and enforcement related to human health or the environment when required under the Freedom of Information Act, the Clean Air Act, the Clean Water Act, the Emergency Planning and Community Right-to-Know Act, and any other environmental statutes with public information provisions.

CEQ is expected to issue interim guidance by the end of the year and more long-term guidance by the end of 2024 as to implementing the Executive Order’s directives. It is too early to know whether any directives will go through rulemaking under the Administrative Procedure Act. But with a presidential election looming and ongoing budget negotiations between the White House and Congress that propose modest cuts to NEPA as part of permitting reform, CEQ’s efforts may be limited to guidance for now.

For more environmental legal, news, visit the National Law Review here.

Permitting Reform Package Passes as Part of Debt Ceiling Deal

The past year’s long wrangling between Republicans, Democrats, and the White House on permitting reform finally made progress this month when Congress enacted significant reforms to the National Environmental Policy Act (“NEPA”) as part of the legislation to increase the debt ceiling. Prior to this legislation, the core statutory framework of NEPA had remained relatively unchanged for 50 years. Building from Rep. Garrett Graves’ (R-LA., 6th Dist.) “Building United States Infrastructure through Limited Delays and Efficient Reviews” (“BUILDER”) Act of 2023, the permitting reform title of the Fiscal Responsibility Act of 2023 (“FRA” or “legislation”) tackles four key areas:

(1) reforming NEPA to make the federal environmental review process simpler and quicker;

(2) directing a study of the existing capacity of our transmission grid to reliably transfer electric energy between distinct regions and subsequent recommendations to improve interregional transfer capabilities within the grid;

(3) streamlining permitting for energy storage projects; and

(4) congressional ratification of the Mountain Valley Pipeline.

Several of the reforms to NEPA codify changes to the Council on Environmental Quality (“CEQ”) NEPA implementing regulations made during the Trump Administration.

While these provisions are intended to yield significant benefits for projects requiring federal approvals or funding, the actual impact will depend substantially on how the reforms are implemented, and there remains considerable interest in other aspects of permitting and siting reform making further legislative action likely.

Key NEPA Reforms

The FRA includes numerous changes to NEPA. We have highlighted several key changes here.

Narrowing the Scope of “Major Federal Action”

The term “major Federal action” is the trigger for requiring environmental review under NEPA – federal actions that qualify as a “major Federal action” must be considered under NEPA. The new legislation narrows the definition of what constitutes a “major Federal action” by limiting the term to actions that the lead agency deems are “subject to substantial Federal control and responsibility.” The legislation does not define this phrase, leaving substantial room for agency interpretation. Building on this general concept, the amendments codify the regulatory definition of a “major Federal action,” with modifications. As now defined, certain federal actions will be excluded from the scope of a major federal action, including:

non-federal actions (i.e., private or state actions) “with no or minimal Federal funding”;
non-federal actions (i.e., private or state actions) “with no or minimal Federal involvement where a Federal agency cannot control the outcome of the project”;
funding assistance consisting exclusively of general revenue sharing funds, where the federal agency does not have “compliance or enforcement responsibility” over the use of those funds;
“loans, loan guarantees, or other forms of financial assistance where a Federal agency does not exercise sufficient control and responsibility over the subsequent use of such financial assistance or the effect of the action”;
Small Business Act business loan guarantees under section 7(a) or (b) of the Small Business Act or title V of the Small Business Investment Act of 1958;
federal agency activities or decisions with effects located entirely outside of the jurisdiction of the United States; and
non-discretionary activities or decisions that are made in accordance with the agency’s statutory authority.

The meaning and application of these exclusions to specific actions will be subject to interpretation and likely litigation going forward. For example, what constitutes minimal funding—a threshold dollar amount or a percentage of the federal funding contribution in relation to overall project cost—is not clearly identified under the revisions. Resolution of this question will be critical to determining what actions are subject to NEPA review going forward. Given the recent dramatic increase in federal funding opportunities from the Inflation Reduction Act and Infrastructure Investment and Jobs Act, determining what actions are subject to NEPA review based on the level of federal funds involved is likely to become a more frequent and important question.

Scope of Review

When an agency action constitutes a “major Federal action,” the FRA also focuses and limits the scope of the NEPA review in two key ways.

First, the legislation modifies the statute’s existing, broad language requiring that “major Federal actions” significantly affecting the quality of the human environment include a detailed statement on the “environmental impact of the proposed action.” The revised language statutorily limits environmental review of environmental effects to those that are “reasonably foreseeable.” This change follows from a provision of the Trump Administration’s 2020 NEPA rule—later removed by the Biden Administration—which sought to eliminate long-used concepts of direct, indirect, and cumulative effects and instead focus on effects that are reasonably foreseeable and that have “a reasonably close causal relationship to” the proposed action or alternatives. Although the new statutory language does not go as far as the Trump Administration’s rule, which required a “close causal relationship,” it does follow the trend in case law to only require evaluation of reasonably foreseeable impacts. What project-specific impacts are “reasonably foreseeable” is still likely to be the subject of litigation.

Second, the FRA also makes changes regarding the alternatives analysis, often considered the heart of NEPA review. The legislation clarifies that agencies are to consider a “reasonable range” of alternatives to the proposed agency action, and that such alternatives must both be “technically and economically feasible” and “meet the purpose and need of the proposal.” This seems to codify long-standing guidance from CEQ contained in its 40 Most Asked Questions Concerning CEQ’s NEPA Regulations. In addition, it directs that, in assessing the no action alternative, agencies must include an analysis of any negative environmental impacts of not implementing the proposed action. Whether an agency has met its obligations under NEPA to consider “alternatives to the proposed action” is a frequent source of controversy and litigation, particularly for the authorization of large infrastructure and energy projects.

These changes should both help focus environmental reviews and reduce costs and delays associated with challenges to agencies’ alternative analyses and emphasize the importance of properly defining the “purpose and need” of a proposed action.

Data Standards and Requirements

The FRA includes several provisions related to data. First, it clarifies that in making a determination on the appropriate level of review (Environmental Impact Statement (“EIS”), Environmental Assessment (“EA”), or categorical exclusion), the lead agency can make use of any reliable data source—and that “new scientific or technical research [is not required] unless the new scientific or technical research is essential to a reasoned choice among alternatives, and the overall costs and time frame of obtaining it are not unreasonable.” It is unclear whether this will be applied beyond the determination of what level of review is required. This change has the potential to limit delays due to agencies undertaking or requesting additional studies from project proponents. What is deemed “essential” and what costs and timeframe are “not unreasonable,” however, remain undefined.

Second, the legislation requires that the action agency “ensure the professional integrity, including scientific integrity, of the discussion and analysis in an environmental document.” The practical implications and scope of this scientific integrity mandate are unclear—and is likely to be a subject of agency guidance and, potentially, future litigation.

Efficiency Measures

The FRA further codifies several less controversial changes from the Trump Administration 2020 NEPA rule, which the recent Biden rulemaking had left in place. These changes include expressly recognizing and establishing regulations for EAs. Additionally, these changes include setting page limits for EISs—150 pages generally and 300 pages for agency actions “of extraordinary complexity”—and EAs—75 pages—excluding citations and appendices. Additionally, the changes codify the regulatory presumptive deadlines for completion of NEPA reviews—two years for EISs and one year for EAs. The legislation goes beyond existing regulations by creating the right to judicial review when an agency fails to meet a deadline. Under the new legislation, if an agency misses the deadline, the delayed project’s sponsor may seek a court order requiring the agency to act as soon as practicable, which is not to exceed 90 days from the date on which the order was issued unless the court determines that additional time is needed to comply with applicable law.

Further, the legislation clarifies the role of the NEPA lead agency, specifying that the lead agency must develop a schedule, in cooperation with each cooperating agency, the applicant, and other appropriate entities, for the completion of the environmental review and any permit or authorization required to carry out the proposed agency action. This mirrors provisions previously adopted as part of Title 41 of the Fixing America’s Surface Transportation Act (“FAST-41”) in 2015, which has demonstrated success in requiring coordination and improving the permitting and authorization processes for certain large infrastructure projects. Although the FRA expressly contemplates extensions to the schedule, just having a schedule in place can be a helpful tool in the timely completion of NEPA reviews.

In addition, the legislation authorizes project applicants to hire independent consultants to prepare EISs and EAs, subject to the independent review of the lead agency. This provision can provide project applicants with a path to minimize delays caused by a lack of staff and resources at federal agencies.

Programmatic Reviews and Categorical Exclusions

The FRA also codifies the current agency practice of preparing and relying on programmatic environmental documents to streamline the review process for subsequent actions that implement the evaluated program. The legislation provides that programmatic review can be relied on for five years without additional review, and after five years if the agency reevaluates the analysis. Although this change promotes further use of programmatic reviews, the five-year period presumption and reevaluation process could present challenges in certain cases given the extensive resources and time required to undertake a programmatic review and tiered reviews.

The FRA also seeks to facilitate the use of categorical exclusions in the NEPA process by authorizing agencies to adopt a categorical exclusion established by another agency. The legislation lays out a process for consulting with the agency that established the exclusion to determine whether adoption is appropriate, notifying the public of the plan to use the categorical exclusion, and documenting adoption of the categorical exclusion. Though dependent upon agencies taking advantage of this new flexibility, this could have the effect of enabling some types of projects to forgo detailed environmental review.

Other Provisions

In addition to the NEPA reforms, the FRA includes several other important permitting provisions. The legislation seeks to streamline and accelerate permitting for “energy storage” projects by adding energy storage to the list of “covered projects” under FAST-41.

Additionally, the legislation provides a clear path for the completion of the much-delayed Mountain Valley Pipeline project. The legislation finds the timely completion of the project is in the national interest, and congressionally approves and ratifies the various federal authorizations required for the project. Further, the legislation bars judicial review of federal agency actions with respect to the project.

Finally, the legislation requires the North American Electric Reliability Corporation (“NERC,” the entity responsible for setting reliability standards for the nation’s electric grid) to undertake a study within a year and a half on whether more transfer capacity is needed between existing transmission planning regions—including recommendations on measures to increase the amount of energy that can be reliably moved between the studied regions. The Federal Energy Regulatory Commission will thereafter have a year to seek and consider public comments on the study and file a report with Congress detailing any recommendations for statutory changes. This study provision was in lieu of a larger set of transmission-related actions that are of key interest to Democratic lawmakers that will be the subject of future legislative efforts.

Implications

Although the provisions in FRA are not a silver bullet to solve every NEPA woe experienced by project applicants, it is a significant step in the right direction. The codification of key concepts within the NEPA statute itself (rather than regulation, guidance, or case law) will have a durable, long-lasting impact on implementation of environmental reviews because it limits the regulation issuance/withdrawal cycle that we have witnessed with the recent administration changes.

Looking forward, we can expect a rulemaking by CEQ to align the existing regulations with the revised statutory language, as well as additional rulemakings by other agencies to harmonize their NEPA implementing regulations with the revised law. For the last year, we have awaited the Phase 2 NEPA rulemaking from CEQ, as explained in our previous alert. With this new legislation, it seems likely that CEQ will pause and further revise its proposed regulations to capture these new reforms before issuing additional regulations. We can also expect future guidance—and eventual litigation—on several ambiguous provisions in the new legislation as agencies begin to implement them.

While the intention behind the legislation is to speed and ease what has become a very lengthy, expensive, and perilous environmental review process—far exceeding the original intent of NEPA—whether these goals are achieved will depend on whether federal agencies embrace them or look for ways to interpret the reforms to continue “business as usual.”

For example, to meet the new timelines, it is possible that federal agencies will require applicants to provide all documentation needed for the environmental review before starting the clock. This approach would have the effect of undermining the statutory timeframes as well as the efficacy of the public engagement process. Similarly, while the legislation seeks to curtail the extent of the analysis through page limits, it is foreseeable that relatively short EISs and EAs could be weighed down with thousands of pages of analysis contained in the appendices.

It also remains to be seen how courts will interpret these reforms. The “hard look” standard developed by courts to evaluate the adequacy of environmental review documents may have the effect of ballooning the analyses again despite Congress’ intent to streamline the process.

Finally, while these reforms are substantial, Congress continues to discuss and debate additional reforms to address unresolved federal siting and permitting concerns—particularly with respect to energy infrastructure projects. Notably absent from the legislation was transmission permitting reform language of interest to Democratic lawmakers as well as provisions to support oil and gas leasing on federal lands and to facilitate the siting and permitting of mining projects to boost domestic supplies of critical minerals essential for existing and developing clean energy technologies.

For more environmental legal news, click here to visit the National Law Review.

Biden Administration Initiates Ocean Justice Strategy

On June 8, 2023, the White House Council on Environmental Quality (CEQ) and Office of Science and Technology Policy (OSTP), on behalf of the Ocean Policy Committee (OPC), announced the development of a new “Ocean Justice Strategy.” This federal government-wide initiative marks the latest in a long series of Biden administration efforts to promote environmental justice (EJ). The first step is a request for public input through July 24, 2023.

Overview

- Per CEQ, the Ocean Justice Strategy aims to identify barriers and opportunities to incorporate environmental justice principles into the federal government’s ocean-related activities. It will encompass all recent Biden administration Executive Orders and policies relating to environmental justice, including the Ocean Climate Action Plan. The Strategy will serve as a guide to the federal government’s objectives for guiding “ocean justice” activities. It will propose “equitable and just practices to advance safety, health, and prosperity for communities residing near the ocean, the coasts, and the Great Lakes.”
- The OPC, a Congressionally-created office dedicated to developing federal ocean policy, will draft the Ocean Justice Strategy with input from stakeholders, including Tribes, state and local governments, the private sector, and the public.
- The Biden Administration previewed its support for ocean justice last year when it announced a commitment to extending environmental justice efforts to coastal and marine contexts. NOAA Fisheries followed suit by releasing its first-ever Equity and Environmental Justice Strategy, which puts equity and environmental justice at the forefront of their effort to steward the nation’s ocean resources and habitats.
- The Strategy and its underlying EJ-based principles could lead to future policy changes, including for industries such as offshore energy, real estate, shipping, ports, and fisheries. This new effort is somewhat unique among EJ initiatives in that it targets activities that inherently occur along the nation’s coasts or far away from communities. The Strategy could emerge in a variety of directions, from identifying favored or disfavored ocean-based activities to layering additional processes for certain types of proposed projects.

Request for Public Input

OPC seeks public input on the following topics to develop the Ocean Justice Policy:

- Definitions (namely, what is “ocean justice”)
- Barriers to ocean justice
- Opportunities for ocean justice
- Research and knowledge gaps
- Tools and practices (e.g., how to use existing tools such as CEJST, EJScreen, and EnviroAtla, in addition to developing new tools)
- Partnerships and collaboration with external stakeholders
- Any additional considerations

In addition to these comments, OPC will consider comments submitted in response to its previous request for information on the Ocean Climate Action Plan to inform the development of the Ocean Justice Strategy.

For more Environmental Legal News, visit the National Law Review.

Biden Administration Sets New Course on ESG Investing in Retirement Plans

In late 2022, the Department of Labor finalized a new rule titled “Prudence in Selecting Plan Investments and Exercising Shareholder Rights,” largely reversing Trump-era guidance that had strictly limited the ability of plan fiduciaries to consider “environmental, social, and governance” (ESG) factors in selecting retirement plan investments and generally discouraged the exercise of proxy voting. In short, the new rule allows a fiduciary to consider ESG factors in selecting investment options, provided that the selection serves the financial interests of the plan and its participants over an appropriate time horizon, and encourages fiduciaries to engage in proxy voting.

The final rule moves away from 2020 Trump-era rulemaking by allowing more leeway for fiduciaries to consider ESG factors in selecting investment options. Specifically, the rule states that a “fiduciary’s duty of prudence must be based on factors that the fiduciary reasonably determines are relevant to a risk and return analysis and that such factors may include the economic effects of climate change and other ESG considerations on the particular investment or investment course of action.” The rule makes clear, however, that there is no requirement to affirmatively consider ESG factors, effectively limiting its scope and effect and putting the onus on fiduciaries to determine whether they want to incorporate ESG factors into their assessments of competing investments.

Overview

Similar to the Trump-era guidance, there is no definition of “ESG” or an “ESG”-style fund. Debate continues over what kinds of funds can be considered ESG investments, especially in light of the fact that some companies in industries traditionally thought to be inconsistent with ESG conscious investing are now trying to attract ESG investors (e.g. industrials, energy).

Fiduciaries are not required to consider ESG factors in selecting investment options. However, the consideration of such factors is not a presumed violation of a fiduciary’s duty of loyalty or prudence. Unlike the prior rule, which suggested that consideration of ESG factors could only be considered if all other pecuniary factors between competing investments were equal (the “tiebreaker” approach), the new rule allows a fiduciary to consider potential financial benefits of ESG investing in all circumstances.

Plan fiduciaries may take into account participant preferences in constructing a fund lineup. Therefore, if participants express a desire for ESG investment options, then it may be reasonable for plan fiduciaries to add ESG funds or to consider ESG factors in crafting the fund lineup.

ESG-centric funds may be used as qualified default investments (QDIAs) within retirement plans, reversing the prior outright prohibition on use of such funds as QDIAs.

In some situations, fiduciaries may be required to exercise shareholder rights when required to protect participant interests. It is unclear whether the exercise of such rights is only limited to situations that have an economic impact on the plan, or applies to additional situations. The clarification suggests that the exercise of proxy voting is not disfavored as an inefficient use of fiduciaries’ time and resources, as the prior iteration of the rule suggested.

Effective Date and Challenges to the Regulation

The new rule became effective in January 2023, except for delayed applicability of proxy voting provisions. However, twenty five state attorneys general have joined a lawsuit in federal court in Texas that seeks to overturn the regulation. The court is in the Fifth Circuit, which historically has been hostile to past Department of Labor regulations (including Obama-era fiduciary rules overturned in 2018, though the ESG rule is less far-reaching than the fiduciary rule and may survive a challenge even in the Fifth Circuit). Congressional Republicans have also introduced a Congressional Review Act (CRA) review proposal to repeal the regulation that has gained the support of Joe Manchin (D-WV). Although CRA actions are not subject to Senate filibuster rules, they are subject to presidential veto, which President Biden is sure to do if the repeal reaches his desk.

Action Steps

Employers should assume that the ESG rules will remain in effect and engage with plan fiduciaries, advisors, and employees and determine the extent to which ESG considerations should (or should not) enter into fiduciary deliberations when considering plan investment alternatives. Some investment advisors have already begun to include separate ESG scorecards for mutual funds and other investments in their regular plan investment reviews. Fiduciaries should also consider whether and how the approach that is ultimately taken should be reflected in the plan’s investment policy statement. Plans that delegate full control over investments to an independent fiduciary (an ERISA 3(38) advisor) should engage with their advisor to determine whether and the extent to which ESG considerations will be part of that fiduciary’s process, and whether that is consistent with the desires of the plan fiduciaries and participants.

Article By Alex H. Glaser and Timothy Brechtel of Jones Walker LLP

For more labor and employment legal news, click here to visit the National Law Review.

Feds Announce More Aggressive Enforcement of Poor Performing Nursing Homes

In February of 2022, during his State of the Union Address, President Biden announced an action plan to improve the safety and quality of care in the nation’s nursing homes.[i] On October 21, 2022, Centers for Medicare and Medicaid Services (CMS) announced new requirements to help with oversight of facilities selected to the Special Focus Facilities (SFF) Program.[ii]

The SFF Program was created to help and oversee the poorest performing nursing homes in the country and improve nursing homes that have a history of noncompliance. The goal is to improve safety and quality of care. The facilities selected for the SFF Program must be inspected no less than once every six months and if severe enforcement is needed, it is at the discretion of the state surveyors. The main objective for the SFF Program is for facilities to show exponential improvement, graduate from the program, and then maintain compliance and better quality of care and safety.

The new CMS requirements, outlined below, are aimed at facilities that continuously fail to improve and remain in the SFF Program for a prolonged period of time. Health and Human Services Secretary Xavier Becerra stated, “Let us be clear: we are cracking down on enforcement of our nation’s poorest-performing nursing homes. As President Biden directed, we are increasing scrutiny and taking aggressive action to ensure everyone living in nursing homes gets the high-quality care they deserve. We are demanding better because our seniors deserve better.”

CMS announced the following revisions to the SFF Program:

Effective immediately, CMS will use escalating penalties for violations for deficiencies cited at the same level in subsequent surveys. This can include possible discretionary termination from Medicare and/or Medicaid funding for facilities that are cited with immediate jeopardy deficiencies on any two surveys while participating the in the SFF Program.
CMS will consider facilities’ efforts to improve when considering discretionary termination from Medicare and/or Medicaid programs.
CMS will impose more severe escalating enforcement remedies for SFF Program facilities for noncompliance and no effort to improve performance.
Increased requirements that nursing homes in the SFF Program must meet to graduate from the SFF Program.
For three years after graduation from the SFF Program, CMS will ensure nursing homes consistently maintain compliance with safety requirements by continuing to closely monitor these facilities.
CMS is offering more support resources to facilities selected for the SFF Program.

Additionally, the Biden administration released a fact sheet with the steps they are taking to in improve the quality of nursing homes. [iii] Some of the steps mentioned include more resources to support union jobs in nursing home care, establishing minimum staffing requirements, incentivizing quality performance through Medicare and Medicaid funding, and enhanced efforts to prevent fraud and abuse.

Article By Thomas W. Hess, Kelly A. Leahy, Sydney N. Pahren, and Bryan L. Cockroft of Dinsmore & Shohl LLP

For more health law and managed care legal news, click here to visit the National Law Review.

EPA Launches Their New Office: What Does the Office of Environmental Justice and External Civil Rights Mean for Companies and ESG in the United States?

On September 24, 2022, the Environmental Protection Agency (EPA) announced the creation of a new national office dedicated to advancing environmental justice (EJ) and civil rights. Known as the Office of Environmental Justice and External Civil Rights, the creation of the new office delivers on a noteworthy campaign promise of President Joe Biden, who committed to elevating these issues during his presidency and ensuring justice and equality for overburdened, underserved communities.

“From day one, President Biden and EPA have been committed to delivering progress on environmental justice and civil rights and ensuring that underserved and overburdened communities are at the forefront of our work,” said EPA Administrator Michael S. Regan. “With the launch of a new national program office, we are embedding environmental justice and civil rights into the DNA of EPA and ensuring that people who’ve struggled to have their concerns addressed see action to solve the problems they’ve been facing for generations.”

“Since the beginning of the Biden Administration, its appointees have consistently stressed the idea of environmental justice,” said Jacob Hupart, Member at Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. “Specifically, in this context, the invocation of environmental justice has focused on the principle that addressing the various environmental issues confronting society—including the challenge of climate change—must also take into consideration that underserved communities frequently are disproportionately impacted by environmental issues, and so these communities should receive particular attention. That the Biden Administration is establishing an EPA office dedicated specifically to this issue is congruent with their prior rhetoric and action (such as the appointment of Michael Regan as the EPA Administrator), and emphasizes this aspect of their environmental program.

What is the Intent and Significance of the EPA’s New Office?

With more than 200 EPA staff members across ten regions dedicated to the project, the office will put substantial resources into environmental justice efforts across the United States. This includes, but is not limited to, working with state, local, and Tribal partners to understand their EJ needs, disbursing grants and technical assistance, cooperating with other EPA offices to incorporate EJ initiatives in all areas, and ensuring funding recipients are complying with relevant civil rights laws.

This new focus by the EPA is extremely meaningful not only for environmental justice in the US, but for the direction of major regulatory and administrative bodies. “The EPA and the White House have enunciated policy, established guidance, and issued Executive Orders, but these tools do not have enforceable legal requirements,” explained Richard Glaze, environmental litigator and Partner at Barnes & Thornburg LLP. “Combining the existing Office of Environmental Justice with the External Civil Rights Compliance Office to form the Office of Environmental Justice and Civil Rights sends a signal that the EPA is willing to use enforcement tools with teeth to advance the administration’s Environmental Justice goals.”

Stacey Halliday, environmental lawyer and Principal at Beveridge & Diamond PC, noted how this is a substantial shift from the status quo. “In the past two years, we’ve seen momentum in fits and spurts from a variety of executive branch agencies following the January 27 issuance of EO 14008– including notable action from CEQ, DOE, DOJ, DOT and EPA,” she says. “However, this most recent action by EPA is only likely to accelerate this momentum and have impacts that will extend beyond the Biden Administration. We can expect to see more alignment between EPA program offices […] and a ‘from-the-top’ imperative to incorporate EJ in overall agency decision-making. This is a big change from past practice when EJ and civil rights enforcement were separately housed within other program offices and lacked this level of authority and agency-wide reach.”

“The Department of Justice is fully on board with the EPA in this effort,” added Mr. Glaze. “It recognizes that “Environmental justice and Title VI are both rooted in the same basic principle that no person should bear an unfair share of harm on account of their race, color or national origin” and warns that Title VI of the Civil Rights Act is a powerful for the coordination of Title VI and Environmental Justice.”

What Does the New EPA Office Mean for Companies?

The EPA’s new office comes at a time when companies are turning their focus to the upcoming recession, reminding them that climate and social justice must remain a top priority even as companies prepare for economic instability. This should send a message to corporations who have already been facing mounting pressure to incorporate climate justice considerations into their missions and operations. By creating a political culture of increased environmental and social scrutiny, the Biden administration is slowly changing “ESG” from a greenwashing buzzword to a corporate obligation.

“Companies seeking to gain the benefit of competitive federal funding,” said Ms. Halliday, “especially following the flush of resources coming from the IIJA and IRA – are more frequently asked to provide a detailed accounting of how they will assess and address EJ impacts, as well as how projects may contribute to the Justice 40 Initiative (directing 40% of benefits from federal climate investments to disadvantaged communities).”

“Although the ultimate impact of this new office is uncertain, as the actual initiatives and enforcement actions brought will have to be assessed and evaluated, at minimum, the creation of this office indicates that policy and enforcement actions centered around environmental justice are more likely to appear over the coming months and years,” added Mr. Hupart. “It should also be noted, however, that other environmental actions undertaken by the Biden Administration—such as the mandatory climate disclosures proposed by the SEC, which would be applicable to all public companies—are more likely to be an immediate focus for corporate America rather than potential EPA enforcement actions focused on specific instances implicating environmental justice concerns.”

What Does the New EPA Office Mean for ESG Considerations?

The environmental, social, and governance movement (ESG) has been undeniably energized by the EPA’s new office, particularly at a time when ESG movements are under scrutiny. If Biden’s plan to make environmental justice a more common business priority succeeds, centering sustainability issues will no longer be enough for firms to differentiate themselves to investors. Corporations targeting ethically-minded shareholders will need to develop more detailed, creative ESG approaches.

“Environmental justice combines elements of the “E” and the “S” of ESG and companies that have embraced ESG are well-advised to consider whether their operations implicate environmental justice and, if they do, give these issues the attention they deserve,” said Mr. Glaze. “Combined with the recent SEC climate disclosure rule, these ESG issues that companies have considered ‘optional’ will now have more force behind them [and companies] can no longer ignore them.”

“Even before the creation of this office, the renewed federal and state prioritization of EJ has had an impact on corporate behavior – driven broadly by federal guidance and tools, new state permitting requirements, targeted environmental enforcement, and investor demand,” said Ms. Halliday. “In the last year or so, we have seen an increase in shareholder proposals related to climate disclosures, racial equity audits and environmental justice audits, with investors seeking to understand how company activities impact disadvantaged communities and implications for long-term value for the company.”

Article By Chandler Ford, Crissonna Tennison, Shelby Garrett, and Casey Karthaus of The National Law Review / The National Law Forum LLC

For more environmental law legal news, click here to visit the National Law Review.

Biden Administration Seeks to Clarify Patient Privacy Protections Post-Dobbs, Though Questions Remain

On July 8, two weeks following the Supreme Court’s ruling in Dobbs v. Jackson that invalidated the constitutional right to abortion, President Biden signed Executive Order 14076 (E.O.). The E.O. directed federal agencies to take various actions to protect access to reproductive health care services,^[1] including directing the Secretary of the U.S. Department of Health and Human Services (HHS) to “consider actions” to strengthen the protection of sensitive healthcare information, including data on reproductive healthcare services like abortion, by issuing new guidance under the Health Insurance and Accountability Act of 1996 (HIPAA).^[2]

The directive bolstered efforts already underway by the Biden Administration. A week before the E.O. was signed, HHS Secretary Xavier Becerra directed the HHS Office for Civil Rights (OCR) to take steps to ensure privacy protections for patients who receive, and providers who furnish, reproductive health care services, including abortions.^[3]The following day, OCR issued two guidance documents to carry out this order, which are described below.

Although the guidance issued by OCR clarifies the privacy protections as they exist under current law post-Dobbs, it does not offer patients or providers new or strengthened privacy rights. Indeed, the guidance illustrates the limitations of HIPAA regarding protection of health information of individuals related to abortion services.

A. HHS Actions to Safeguard PHI Post-Dobbs

Following Secretary Becerra’s press announcement, OCR issued two new guidance documents outlining (1) when the HIPAA Privacy Rule may prevent the unconsented disclosure of reproductive health-related information; and (2) best practices for consumers to protect sensitive health information collected by personal cell phones, tablets, and apps.

(1) HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care

In the “Guidance to Protect Patient Privacy in Wake of Supreme Court Decision on Roe,”^[4] OCR addresses three existing exceptions in the HIPAA Privacy Rule to the disclosure of PHI without an individual’s authorization and provides examples of how those exceptions may be applied post-Dobbs.

The three exceptions discussed in the OCR guidance are the exceptions for disclosures required by law,^[5] for purposes of law enforcement,^[6] or to avert a serious threat to health or safety.^[7]

While the OCR guidance reiterates that the Privacy Rule permits, “but does not require” disclosure of PHI in each of these exceptions,^[8]this offers limited protection that relies on the choice of providers whether to disclose or not disclose the information. Although these exceptions are highlighted as “protections,” they expressly permit the disclosure of protected health information. Further, while true that the HIPAA Privacy Rule itself may not compel disclosure (but merely permits disclosure), the guidance fails to mention that in many situations in which these exceptions apply, the provider will have other legal authority (such as state law) mandating the disclosure and thus, a refusal to disclose the PHI may be unlawful based on a law other than HIPAA.

Two of the exceptions discussed in the guidance – the required by law exception and the law enforcement exception – both only apply in the first place when valid legal authority is requiring disclosure. In these situations, the fact that HIPAA does not compel disclosure is of no relevance. Certainly, when there is not valid legal authority requiring disclosure of PHI, then HIPAA prohibits disclosure, as noted as in the OCR guidance. However, in states with restrictive abortion laws, the state legal authorities are likely to be designed to require disclosure – which HIPAA does not prevent.

For instance, if a health care provider receives a valid subpoena from a Texas court that is ordering the disclosure of PHI as part of a case against an individual suspected of aiding and abetting an abortion, in violation of Texas’ S.B. 8, then that provider could be held in contempt of court for failing to comply with the subpoena, despite the fact that HIPAA does not compel disclosure.^[9] For more examples on when a covered entity may be required to disclose PHI, please see EBG’s prior blog: The Pendulum Swings Both Ways: State Responses to Protect Reproductive Health Data, Post-Roe.^[10]

Notably, the OCR guidance does provide a new interpretation of the application of the exception for disclosures to avert a serious threat to health or safety. Under this exception, covered entities may disclose PHI, consistent with applicable law and standards of ethical conduct, if the covered entity, in good faith, believes the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. OCR states that it would be inconsistent with professional standards of ethical conduct to make such a disclosure of PHI to law enforcement or others regarding an individual’s interest, intent, or prior experience with reproductive health care. Thus, in the guidance, OCR takes the position that if a patient in a state where abortion is prohibited informs a health care provider of the patient’s intent to seek an abortion that would be legal in another state, this would not fall into the exception for disclosures to avert a serious threat to health or safety. Covered entities should be aware of OCR’s position and understand that presumably OCR would view any such disclosure as a HIPAA violation.

(2) Protecting the Privacy and Security of Individuals’ Health Information When Using Personal Cell Phones or Tablets

OCR also issued guidance on how individuals can best protect their PHI on their own personal devices. HIPAA does not generally protect the privacy or security of health information when it is accessed through or stored on personal cell phones or tablets. Rather, HIPAA only applies when PHI is created, received, maintained, or transmitted by covered entities and business associates. As a result, it is not unlawful under HIPAA for information collected by devices or apps – including data pertaining to reproductive healthcare – to be disclosed without consumer’s knowledge.^[11]

In an effort to clarify HIPAA’s limitation to protect such information, OCR issued guidance to protect consumer sensitive information stored in personal devices and apps.^[12] This includes step-by-step guidance on how to control data collection on their location, and how to securely dispose old devices.^[13]

Further, some states have taken steps to fill the legal gaps to varying degrees of success. For example, California’s Confidentiality of Medical Information Act (“CMIA”) extends to “any business that offers software or hardware to consumers, including a mobile application or other related device that is designed to maintain medical information.”^[14] As applied, a direct-to-consumer period tracker app provided by a technology company, for example, would fall under the CMIA’s data privacy protections, but not under HIPAA. Regardless, gaps remain as the CMIA does not protect against a Texas prosecutor subpoenaing information from the direct-to-consumer app. Conversely, Connecticut’s new reproductive health privacy law,^[15] does prevent a Connecticut covered entity from disclosing reproductive health information based on a subpoena, but Connecticut’s law does not apply to non-covered entities, such as a period tracker app. Therefore, even the U.S.’s most protective state privacy laws do not fill in all of the privacy gaps.

Alongside OCR’s guidance, the Federal Trade Commission (FTC) published a blog post warning companies with access to confidential consumer information to consider FTC’s enforcement powers under Section 5 of the FTC Act, as well as the Safeguards Rule, the Health Breach Notification Rule, and the Children’s Online Privacy Protection Rule.^[16] Consistent with OCR’s guidance, the FTC’s blog post reiterates the Biden Administration’s goal of protecting reproductive health data post-Dobbs, but does not go so far as to create new privacy protections relative to current law.

B. Despite the Biden Administration’s Guidance, Questions Remain Regarding the Future of Reproductive Health Privacy Protections Post-Dobbs

Through E.O. 14076, Secretary Becerra’s press conference, OCR’s guidance, and the FTC’s blog, the Biden Administration is signaling that it intends to use the full force of its authorities – including those vested by HIPAA – to protect patient privacy in the wake of Roe.

However, it remains unclear how this messaging will translate to affirmative executive actions, and how successful such executive actions would be. How far is the executive branch willing to push reproductive rights? Would more aggressive executive actions be upheld by a Supreme Court that just struck down decades of precedent permitting access to abortion? Will the Biden Administration’s executive actions persist if the administration changes in the next Presidential election?

Attorneys at Epstein Becker & Green are well-positioned to assist covered entities, business associates, and other companies holding sensitive reproductive health data understand how to navigate HIPAA’s exemptions and interactions with emerging guidance, regulations, and statutes at both the state and Federal levels.

Ada Peters, a 2022 Summer Associate (not admitted to the practice of law) in the firm’s Washington, DC office and Jack Ferdman, a 2022 Summer Associate (not admitted to the practice of law) in the firm’s Boston office, contributed to the preparation of this post.

[1] 87 Fed. Reg. 42053 (Jul. 8, 2022), https://bit.ly/3b4N4rp.

[2] Id.

[3] HHS, Remarks by Secretary Xavier Becerra at the Press Conference in Response to President Biden’s Directive following Overturning of Roe v. Wade (June 28, 2022), https://bit.ly/3zzGYsf.

[4] HHS, Guidance to Protect Patient Privacy in Wake of Supreme Court Decision on Roe (June 29, 2022), https://bit.ly/3PE2rWK.

[5] 45 CFR 164.512(a)(1)

[6] 45 CFR 164.512(f)(1)

[7] 45 CFR 164.512(j)

[8] Id.

[9] See Texas S.B. 8; e.g., Fed. R. Civ. Pro. R.37 (outlining available sanctions associated with the failure to make disclosures or to cooperate in discovery in Federal courts), https://bit.ly/3BjX4I2.

[10] EBG Health Law Advisor, The Pendulum Swings Both Ways: State Responses to Protect Reproductive Health Data, Post-Roe (June 17, 2022), https://bit.ly/3oPDegl.

[11] A 2019 Kaiser Family Foundation survey concluded that almost one third of female respondents used a smartphone app to monitor their menstrual cycles and other reproductive health data. Kaiser Family Foundation, Health Apps and Information Survey (Sept. 2019), https://bit.ly/3PC9Gyt.

[12] HHS, Protecting the Privacy and Security of Your Health Information When Using Your Personal Cell Phone1 or Tablet (last visited Jul. 26, 2022), https://bit.ly/3S2MNWs.

[13] Id.

[14] Cal. Civ. Code § 56.10, Effective Jan. 1, 2022, https://bit.ly/3J5iDxM.

[15] 2022 Conn. Legis. Serv. P.A. 22-19 § 2 (S.B. 5414), Effective July 1, 2022, https://bit.ly/3zwn95c.

[16] FTC, Location, Health, and Other Sensitive Information: FTC Committed To Fully Enforcing the Law Against Illegal Use and Sharing of Highly Sensitive Data (July 11, 2022), https://bit.ly/3BjrzNV.

Article By Alaap B. Shah, Allen R. Killworth, Marylana Saadeh Helou, and Devon Minnick of Epstein Becker & Green, P.C.

For more privacy-related legal news, click here to visit the National Law Review.

Tag: Biden

President Biden Announces Groundbreaking Restrictions on Access to Americans’ Sensitive Personal Data by Countries of Concern

Like this:

Biden Executive Order Calls for HHS to Establish Health Care-Specific Artificial Intelligence Programs and Policies

Like this: