Breach Notification Rules under Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule

DrinkerBiddle

This is the fourth in our series of bulletins on the Department of Health and Human Services’ (HHS) HIPAA Omnibus Final Rule. In our bulletins issued on February 28, 2013 and March 18, 2013, available here, we described the major provisions of this rule and explained how the provisions of the rule that strengthen the privacy and security of protected health information (PHI) impact employer sponsored group health plans, which are covered entities under the HIPAA privacy rules. In our bulletin issued on April 4, 2013, available here, we focused on changes that will need to be made to business associate agreements under the Omnibus Final Rule. In this bulletin, we discuss the modifications to the breach notification rules made by the Omnibus Final Rule and provide health plan sponsors with information regarding the actions they must take to meet their breach notification obligations in the event of a breach of unsecured PHI.

Key Considerations for Health Plan Sponsors

  • Health plan sponsors must be able to identify when a breach occurs and when breach notification is required.
  • Health plan sponsors should review their procedures for evaluating potential breaches and should revise those procedures to incorporate the new “risk assessment” required under the Omnibus Final Rule.
  • Health plan sponsors should review their procedures for notifying individuals, HHS, and the media (to the extent required) when a breach of unsecured PHI occurs.
  • Health plan sponsors should make training workforce members about the breach notification rules a priority. Workforce members should be prepared to respond to breaches and potential breaches of unsecured PHI. A breach is treated as discovered by the covered entity on the first day a breach is known, or, by exercising reasonable diligence would have been known, to the covered entity. This standard is met if even one workforce member knows of the breach or would know of it by exercising reasonable diligence, and even if the breach is not immediately reported to the privacy officer. Discovery of the breach starts the clock ticking on the notification obligation and deadlines, which are described below.
  • Health plan sponsors should review each existing business associate agreement to make sure that responsibility for breach notification is allocated between the business associate and the health plan in a manner that is appropriate based on the business associate’s role with respect to PHI and the plan sponsor’s preferences for communicating with employees.

Health plan sponsors will want to review and revise, as necessary, the following to comply with the new rules described below:

Compliance Checklist

 Business Associate Relationships and Agreements 
 Policies and Procedures 
 Security Assessment and Breach Notification Plan 
 Risk Analysis — Security 
 Plan Document and SPD 
 Notice of Privacy Practices 
 Individual Authorization for Use and Disclosure of PHI
 Workforce Training

What is a Breach?

Background

In general terms, a breach is any improper use or disclosure of PHI. While HIPAA requires mitigation of any harmful effects resulting from an improper use or disclosure of PHI, the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 added a notification requirement. HITECH requires covered entities to notify affected individuals, HHS and, in some cases, the media following a breach of unsecured PHI. HITECH defined “breach” as an acquisition, access, use, or disclosure of an individual’s PHI in violation of the HIPAA privacy rules, to the extent that the acquisition, access, use or disclosure compromised the security or privacy of the PHI. The HHS interim final regulations further specified that PHI was compromised if the improper use or disclosure posed a significant risk of financial, reputational, or other harm. The interim final regulations also contained four exceptions to the definition of breach, adding a regulatory exception to the three statutory exceptions.

General Definition of Breach under the Omnibus Final Rule

Under the Omnibus Final Rule, “breach” continues to be defined as an acquisition, access, use, or disclosure of PHI that both violates the HIPAA privacy rules and compromises the security or privacy of the PHI. However, the Omnibus Final Rule modifies the interim final regulations in two important ways:

  • The interim final regulatory exception for an unauthorized acquisition, access, use, or disclosure of PHI contained in a limited data set from which birth dates and zip codes have been removed is eliminated.
  • The risk of harm standard is eliminated and replaced with a presumption that any acquisition, access, use, or disclosure of PHI in violation of the HIPAA privacy rules constitutes a breach. However, a covered entity (such as a health plan) can overcome this presumption if it concludes following a risk assessment that there was a low risk that PHI was compromised (see “Presumption that a Breach Occurred” below).

Statutory Exceptions to “Breach”

HITECH provided three statutory exceptions to the definition of breach that are also set forth in the Omnibus Final Rule. If an improper acquisition, access, use, or disclosure of PHI falls within one of the following three exceptions, there is no breach of PHI:

  • The acquisition, access, or use is unintentional and is made in good faith by a person acting under a covered entity’s (or business associate’s) authority, as long as the person was acting within the scope of his or her authority and the acquisition, access, or use does not result in a further impermissible use or disclosure of the PHI.
  • The disclosure of PHI is inadvertent and is made by a person who is authorized to access PHI at a covered entity (or business associate), as long as the disclosure was made to another person within the same covered entity (or business associate) who is also authorized to access PHI, and there is no further impermissible use or disclosure of the PHI.
  • The disclosure of PHI is to an unauthorized person, but the covered entity (or business associate) has a good faith belief that the unauthorized person would not reasonably have been able to retain the PHI.

The interim final regulations added a fourth exception for impermissible uses or disclosures of PHI involving only PHI in a limited data set, which is PHI from which certain identifiers are removed, provided birth dates and zip codes are also removed. The Omnibus Final Rule eliminates this exception so an impermissible use or disclosure of PHI in a limited data set will be presumed to be a breach of PHI as described below.

Presumption that a Breach Occurred

Under the Omnibus Final Rule, a breach is presumed to have occurred any time there is an acquisition, access, use, or disclosure of PHI that violates the HIPAA privacy rules (subject to the statutory exceptions outlined above).

However, a covered entity may overcome this presumption by performing a risk assessment to demonstrate that there is a low probability that the PHI has been compromised. If the covered entity chooses to conduct a risk assessment, the assessment must take into account at least the following four factors:

  • The nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification.
  • The unauthorized person who used the PHI or to whom the disclosure was made.
  • Whether the PHI was actually acquired or viewed.
  • The extent to which the risk to the PHI has been mitigated.

The covered entity may consider additional factors as appropriate, depending on the facts and circumstances surrounding the improper use or disclosure. After performing its risk assessment, if the covered entity determines that there is a low probability that the PHI has been compromised, there is no breach and notice is not required. If the covered entity cannot reach this conclusion and if no statutory exception applies, then the covered entity must conclude that a breach has occurred.

The Omnibus Final Rule also makes clear that a covered entity may decide not to conduct a risk assessment and may instead treat every impermissible acquisition, access, use, or disclosure of PHI as a breach.

Drinker Biddle Note: Covered entities have the burden of proof to demonstrate either that an impermissible acquisition, access, use, or disclosure of PHI did not constitute a breach, or that all required notifications (as discussed below) were provided. Covered entities should review and update their internal HIPAA privacy and security policies to include procedures for performing risk assessments, as well as procedures for documenting all risk assessments and determinations regarding whether a breach has occurred and whether notification is required.

Providing Breach Notification

Covered entities are required to notify all affected individuals when a breach of unsecured PHI is discovered (unless an exception applies or it is demonstrated through a risk assessment that there is a low probability that the PHI has been or will be compromised). Notification to HHS is also required, but the time limits for providing this notification vary depending on the number of individuals affected by the breach. In addition, covered entities may be required to report the breach to local media outlets. The Omnibus Final Rule describes in detail the specific content that is required to be included in notifications to affected individuals, HHS, and the media.

Drinker Biddle Note: Although the Omnibus Final Rule defines when a “breach” has occurred, notification is required only when the breach involves unsecured PHI. PHI is considered “unsecured” when it has not been rendered unusable, unreadable, or indecipherable to unauthorized persons. HHS has issued extensive guidance on steps that can be taken to render PHI unusable, unreadable, and indecipherable.

Notification to Affected Individuals

Covered entities must notify affected individuals in writing without unreasonable delay, but in no event later than 60 calendar days, after discovery of a breach of unsecured PHI. The notice may be sent by mail or email (if the affected individual has consented to receive notices electronically). The Omnibus Final Rule also provides additional delivery methods that apply when an affected individual is deceased, and when a covered entity does not have up-to-date contact information for an affected individual.

Drinker Biddle Note: Again, a breach is deemed discovered on the first day such breach is known or by exercising reasonable diligence would have been known by any person who is a workforce member or agent of a covered entity or business associate.

Drinker Biddle Note: Please note that 60 days is an outer limit for providing the notice and is not a safe harbor. The operative standard is that the notice must be provided without unreasonable delay. Thus, based on the circumstances, a notice may be unreasonably delayed even though provided within the 60-day period.

Notification to HHS

Covered entities must notify HHS of breaches of unsecured PHI by electronically submitting a breach report form through the HHS website. If a breach of unsecured PHI affects 500 or more individuals, HHS must be notified at the same time that notice is provided to the affected individuals. For breaches of unsecured PHI that affect fewer than 500 individuals, the covered entity may keep a log of all such breaches that occur in a given year and submit a breach report form through the HHS website on annual basis, but not later than 60 days after the end of each calendar year.

Notification to the Media

When there is a breach of unsecured PHI involving more than 500 residents of a state or jurisdiction, a covered entity must notify prominent media outlets serving the state or jurisdiction. This media notification must be provided without unreasonable delay, and in no case later than 60 days after the breach is discovered.

State Law Requirements

Separate breach notification requirements may apply to a covered entity under state law. HIPAA’s breach notification laws preempt “contrary” state laws. “Contrary” in this context generally means that it is impossible to comply with both federal and state laws. As state breach notification laws are not typically contrary to the HIPAA breach notification rules, covered entities may have to comply with both laws.

Drinker Biddle Note: Covered entities should review applicable state breach notification laws and consider to what extent those laws should be incorporated into their HIPAA privacy policies and procedures.

Implications for Business Associate Agreements

If a covered entity’s business associate discovers that a breach of unsecured PHI has occurred, the Omnibus Final Rule requires the business associate to notify the covered entity without unreasonable delay, but in no event later than 60 days following the discovery of the breach. The notice must include, to the extent possible, the identification of each affected individual as well as any other information the covered entity is required to provide in its notice to individuals.

Although a covered entity is ultimately responsible for notifying affected individuals, HHS and the media (as applicable) when a breach of unsecured PHI occurs, the covered entity may want to delegate some or all of the notification responsibilities to its business associate. If a covered entity and its business associate agree that the business associate will be responsible for certain breach notification obligations, the scope of the arrangement should be clearly memorialized in the business associate agreement. In negotiating its business associate agreements, a covered entity should consider provisions such as:

  • Which party determines whether a breach occurred?
  • Who is responsible for sending required notices, and the related cost?
  • Indemnification in the event a business associate incorrectly determines that a breach did not occur, or a business associate otherwise fails to act appropriately.

Drinker Biddle Note: Covered entities that choose to delegate breach notification responsibilities to business associates should pay close attention to how such delegation provisions are drafted to minimize the possibility that the business associate will be considered an “agent” of the covered entity. Under the Omnibus Final Rule, when a business associate acts as an agent of the covered entity, the business associate’s discovery of a breach is imputed to the covered entity, and, therefore, a covered entity could be liable for civil monetary penalties related to the business associate’s act or omission. More information about issues related to drafting business associate agreements can be found in our bulletin issued on April 4, 2013, available here.

Compliance Deadline

Group health plans have until September 23, 2013 to comply with the new requirements of the Omnibus Final Rule. During the period before compliance is required, group health plans are still required to comply with the breach notification requirements of the HITECH Act and the interim final regulations.

Of course, the best course of action is to maintain adequate safeguards to prevent any breach. A recent settlement of HIPAA violations resulting in a $1.7 million payment to HHS is discussed in a separate publication, available here.

Article By:

of

Zappos and It's Effect On "Browswrap" Agreements

Lewis & Roca

Key Takeaways For An Enforceable Terms of Use Agreement

In light of the recent Nevada federal district court decision In re Zappos.com, Inc., ‎Customer Data Security Breach Litigation, companies should review and update their ‎implementation of browsewrap agreements to ensure users are bound to its terms. MDL No. ‎‎2357, 2012 WL 4466660 (D.Nev. Sept. 27, 2012).

A browsewrap agreement refers to the online Terms of Use agreement that binds a web ‎user merely by his continued browsing of the site, even when he is not aware of it. Any ‎somewhat experienced web user is no stranger to the Terms of Use link that leads to the ‎browsewrap agreement. Yet, the users tend to ignore the link’s existence, and rarely think of it ‎as a “contract” with any practical effects. In Zappos, the court questioned the browsewrap ‎agreement’s validity particularly because of this tendency among web users. The court ruled the ‎arbitration clause in Zappos’ browsewrap Terms of Use was unenforceable because the users did ‎not agree to it and Zappos had the right to modify the terms at any time. ‎

Background of the Case

Founded in 1999, Zappos.com is a subsidiary of Amazon.com and one of the nation’s ‎biggest online retailers for footwear and apparel. Currently headquartered in Henderson, ‎Nevada, the company has more than 24 million customer accounts. In mid-January 2012, its ‎computer system experienced a security breach in which hackers attempted to access the ‎company’s customer accounts and personal information.

After Zappos notified its customers about the incident, customers from across the country ‎filed lawsuits against Zappos, seeking relief for damages arising from the breach. The cases were ‎transferred to and consolidated in Nevada. Zappos then sought to enforce the arbitration clause ‎contained in its Terms of Use, which would stay the litigation in federal court and compel the ‎case for arbitration. The court denied Zappos’ motion on two grounds: there was no valid ‎agreement to arbitrate due to the lack of assent by the plaintiffs and the contract was ‎unenforceable because it reserved to Zappos the right to modify the terms at any time and ‎without notice to its users.

Lessons Learned from the Browsewrap

Mutual Assent Must Be Clear 

Arbitration provisions are a matter of contract law, and the traditional elements of a ‎contract must be met even though Zappos’ Terms of Use was presented in electronic, ‎browsewrap form on the website. An essential element of contract formation is mutual assent by ‎the parties to the contract, which the court found was missing in this case as there was no ‎evidence of the plaintiffs’ assent.

The court compared the browsewrap agreement with another popular form of online terms ‎of use agreement, the “clickwrap” agreement. Clickwrap agreements require users to take ‎affirmative actions, such as clicking on an “I Accept” button, to expressly manifest their assent to ‎the terms and conditions.‎

Since Zappos’ browsewrap agreement did not require its users to take similar affirmative ‎action to show their assent to the terms and conditions, there was no direct evidence showing ‎that the plaintiffs consented to or even had actual knowledge of the agreement, including the ‎arbitration clause.‎

Link It Front and Center 

Furthermore, the court found Zappos’ Terms of Use hyperlink was inconspicuous and ‎thus did not provide reasonable notice to its users. The link was a) “buried” in the middle or ‎bottom of each page and became visible when a user scrolls down, b) appeared “in the same size, ‎font, and color as most other non-significant links,” and c) the website did not “direct a user to ‎the Terms of Use when creating an account, logging in to an existing account, or making a ‎purchase.” The court concluded that under ordinary circumstances, users would have no reason ‎to click on the link.‎

Unilateral Right to Modify or Terminate Won’t Work

Another problem with Zappos’ browsewrap agreement was that it was illusory and thus ‎unenforceable. In the agreement, the company “retain[ed] the unilateral, unrestricted right to ‎terminate the arbitration agreement” and had “no obligation to receive consent from, or even ‎notify, the other parties to the contract.” Users would unsuspectingly agree to the changes by ‎continuing to use the site. Under this provision, Zappos could seek to enforce the arbitration ‎clause, as it did here, or not enforce it by modifying the clause without notice to its users when it ‎was no longer in its interest to arbitrate. In either circumstance, the users would still be bound to ‎the agreement.

Implications for Companies

As a result of this decision, companies should carefully reassess the display and content ‎of the online terms of use they adopt to ensure their enforceability. In a narrow sense, the ‎decision means an arbitration clause in a browsewrap agreement similar to Zappos’ may be ‎deemed unenforceable. More broadly, this decision threatens the validity and enforceability of ‎other terms and conditions contained in a browsewrap agreement, which may deprive the ‎company of the agreement’s protection and favorable terms. ‎

Clickwrap agreements seem to provide the solution to Zappos’ problem. The court ‎suggested a clickwrap agreement could obtain a user’s assent to the terms and conditions. A ‎company may implement the clickwrap agreement through account registration or purchase ‎check-out, tailored to the nature of the company’s business and user interaction. The system may ‎require a user to click “I Accept” to secure the user’s assent to be bound by the agreement before ‎he can proceed further on the website. ‎

On the other hand, the court did not conclude that browsewrap agreements are never ‎enforceable. Other courts have held that browsewrap agreements are generally enforceable. ‎Enforceability largely depends on how the company presents the link and terms to the users such ‎that the users would have reasonable notice of the information. Accordingly, a browsewrap ‎agreement may be enforceable if the hyperlink is conspicuously located and displayed. ‎

In addition, companies should communicate and secure a user’s assent to any ‎modification when the user has previously accepted the terms and conditions. The user may ‎consent through another clickwrap agreement showing the modified terms. With a browsewrap ‎agreement, notice of the changes should, at the minimum, be conspicuously displayed on the ‎webpage. ‎

What This Means 

The Zappos decision reflects a change in the public policy on web activities, and users ‎who do not affirmatively agree to the online Terms of Use may no longer be bound. Consumers ‎are increasingly turning to the web for goods and services. In reaction, courts are beginning to ‎look closer into the transactions and resulting issues that occur online. In this process, courts are ‎testing and requiring new standards for these Terms of Use agreements. Companies should be ‎aware of the court’s evolving attitude towards the different types of agreements. You are ‎encouraged to seek legal guidance to properly adapt your implementation of Terms of Use ‎agreements. Failure to update your Terms of Use agreements may leave you exposed to ‎unfavorable terms that the Terms of Use is designed to prevent.‎

Will Obesity Claims Be the Next Wave of Americans with Disabilities Act (ADA) Litigation?

Poyner SpruillIn a new federal lawsuit in the U.S. District Court for the Eastern District of Missouri, Whittaker v. America’s Car-Mart, Inc., the plaintiff is alleging his former employer violated the Americans with Disabilities Act (ADA) when it fired him for being obese.  Plaintiff Joseph Whittaker claims the company, a car dealership chain, fired him from his job as a general manager last November after seven years of employment even though he was able to perform all essential functions of his job, with or without accommodations.  He alleges “severe obesity … is a physical impairment within the meaning of the ADA,” and that the company regarded him as being substantially limited in the major life activity of walking.

The EEOC has also alleged morbid obesity is a disability protected under the ADA.  In a 2011 lawsuit filed on behalf of Ronald Katz, II against BAE Systems Tactical Vehicle Systems, LP (BAE Systems), the EEOC alleged the company regarded Mr. Katz as disabled because of his size and terminated Katz because he weighed over 600 lbs.  The suit alleged Mr. Katz was able to perform the essential functions of his job and had received good performance reviews.  The case was settled after BAE Systems agreed to pay $55,000 to Mr. Katz, provide him six months of outplacement services, and train its managers and human resources professionals on the ADA.  In a press release announcing the settlement, the EEOC said, “the law protects morbidly obese employees and applicants from being subjected to discrimination because of their obesity.”

Similarly, in 2010, the EEOC sued Resources for Human Development, Inc. (RHD) in the U.S. District Court for the Eastern District of Louisiana, for firing an employee because of her obesity in violation of the ADA. According to the suit, RHD fired Harrison in September of 2007 because of her severe obesity.  The EEOC alleged that, as a result of her obesity, RHD perceived Harrison as being substantially limited in a number of major life activities, including walking.  Ms. Harrison died of complications related to her morbid obesity before the case could proceed.

RHD moved for summary judgment, arguing obesity is not an impairment.  The court, having reviewed the EEOC’s Interpretive Guidance on obesity, ruled severe obesity (body weight more than 100% over normal) is an impairment.  The court held that if a plaintiff is severely obese, there is no requirement that the obesity be caused by some underlying physiological impairment to qualify as a disability under the ADA.  The parties settled the case before trial for $125,000, which was paid to Ms. Harrison’s estate.

In June 2013, the American Medical Association (AMA) declared that obesity is a disease.  Although the AMA’s decision does not, by itself, create any new legal claims for obese employees or applicants under the ADA, potential plaintiffs are likely to cite the new definition in support of ADA claims they bring.  In light of these recent developments, obesity related ADA claims will likely become more common.

Article By:

 of

Centers for Medicare and Medicaid Services (CMS) Issues Revised Process for Making National Coverage Determinations

vonBriesen

Yesterday, the U.S. Department of Health and Human Services Centers for Medicare and Medicaid Services (CMS) published its revised process for external requests and internal reviews for new national coverage determinations (NCDs) or for reconsideration of existing NCDs.  Today’s guidance supersedes CMS’s previous process issued in 2003.

Prior to formally requesting an NCD or reconsideration, CMS encourages requesters to contact CMS staff in the Coverage and Analysis Group (CAG).  The CAG staff may identify additional needed information and supporting documentation.  The requester may also find that a formal request is not needed.  For example, CAG staff could determine that coverage of the item or service is already available or that the item or service falls outside the scope of an NCD.

If the requester decides to move forward with requesting an NCD review, the requester must provide the following, which would constitute a “complete, formal request”:

  1. A final letter of request that is clearly identified as “A Formal Request for A National Coverage Determination.”
  2. A full and complete description of the item or service in the request.
  3. The scientific evidence supporting the clinical indications for the item or service, including the proposed use of the item or service, the target Medicare population, the medical indication(s) for which the item or service can be used, and whether the item or service is used by health care providers or beneficiaries.
  4. The Medicare Part A or B benefit category or categories in which the item or service falls.
  5. Additional information if the item or service is currently under FDA review.

Once CMS receives the complete formal request, it will add the request to its tracking sheet on the CMS website and permits public comments on the request.  CMS will also initiate a formal evidence review and will generally issue a proposed decision within six months of opening the NCD review.  CMS will accept public comments for 30 days after issuing the proposed decision.  CMS will then issue a final NCD within 60 days of the end of the public comment period.  These timeframes could be extended, however, if CMS commissions a third party technology assessment, convenes the Medicare Evidence Development and Coverage Advisory Committee, or requests a clinical trial.

Today’s guidance also provides the process for requesting reconsideration of an NCD.  The reconsideration must be in writing and clearly identified.  The requester must also provide documentation meeting one of the following:

  1. Additional scientific evidence not considered at the most recent review and a “sound premise” that the evidence may change the NCD decision.
  2. Arguments that CMS’s conclusion materially misinterpreted the existing evidence at the time the NCD was decided.

CMS will generally accept or reject an external NCD reconsideration request within 60 days of receiving the request.

In certain circumstances, CMS may internally initiate review of an NCD.  CMS will also periodically review NCDs that have not been reviewed in the past 10 years.  CMS will publish a list of NCDs proposed for removal and rationale for removal and provide a 30 day public comment period.  CMS anticipates that this process will reduce the timeframe for removal or amendment of an NCD.  Currently, removal or amendment takes 9 to 12 months.

For more information, please see the guidance at this link.

Article By:

 of

Imperfect Fit: Abercrombie Store Threatens Location In Tailored-Clothing Mecca Savile Row

Womble Carlyle

We’ve all heard the various means of describing the inappropriate place for an otherwise benign thing, rendering the otherwise benign thing a hazard or a liability or just plain offensive.  In 1855, the author Robert De Valcourt referred to, “An awkward man in society is like a bull in a china shop, always doing mischief.”  Robert De Valcourt, The Illustrated Manners Book: A Manual of Good Behavior and Polite Accomplishments (1855).  In 1926, Justice Sutherland opined, “A nuisance may be merely a right thing in the wrong place — like a pig in the parlor instead of the barnyard.”  Village of Euclid v. Ambler Realty Co.272 U.S. 365 (1926).

Village of Euclid, of course, upheld the constitutionality of the zoning concept, a replacement of single purposes ordinances and private litigation for land use management.  See David Owens, Land Use Law In North Carolina (2d ed. 2011).

bull china shop retail real estate land use

“Late Ming dynasty, kaolin and pottery stone foundation, cobalt firing enamelling with Arabic lettering.  If only I could find a well-tailored suit and some skinny jeans to go with this vase.” 

Well, the “pig” or the “bull” in one particular instance is anticipated to be an Abercrombie and Fitch children’s store in the heart of London.

The “china shop” or the “parlor”?  Well, that may be Savile Row, legendary collection of fine British tailors and suitmaker to the rich and famous.  Consider this quote from Mark Henderson, chairman of “heritage tailor Gieves & Hawkes”, reported by CNBC about objection to the Abercrombie store:

“Opening a kids store on Savile Row is a somewhat bizarre thing to do. It’s a fairly narrow street, it’s got its own atmosphere to it.  It’s just fundamentally a mistake from Abercrombie – they don’t get everything right.”

We don’t purport to know the land use laws in London, we’ll leave that to the Ealing Common Land Use Barrister blog, but it’s always interesting to see just how common and universal land use issues can be.

It’s also interesting to see how different motives underpin all land use issues.  For example, one might assume the “hubub” over the Abercrombie store is a degradation of the historical nature of the narrow street, as Mr. Henderson alludes.  Well, maybe the distaste is different for another, even another from a seemingly similar perspective.  Consider this worry about “higher rents”, from John Hitchcock of “bespoke tailor Anderson & Sheppard” (man, I love the British):

“One or two of the tailors are concerned it might put the rents up, and it will do, I suppose.  There’s only so much rent we can pay. Our costs are already high as we make every suit by hand – unlike the big chains which don’t make their products on the premises.”

The Lesson of the Day

Land use decisions are nuanced legally but they are also very nuanced politically.  In this one space, one street within one small universe of British tailors, we have two very distinct motives for refusing the Abercrombie store.  Yes, both are opposed to the store, but each is opposed for a different reason, which means a political salve must address, at least, two distinct concerns.

One must fully and fairly understand the forces against which one is working, before success is at hand.  I think Sun Tzu, the Zhou Dynasty Land Use Litigator, said that.

Article By:

 of

Mexico: U.S. Natural Gas Savior?

Bracewell & Giuliani Logo

Much has been made of the exponential growth in natural gas supply within the continental United States due to the horizontal drilling and fracking techniques employed in recent years. The resulting natural gas glut has reversed the conventional wisdom that America would be a net importer of natural gas for most of the 21st century with the expectation now being that America, despite being by far the world’s largest consumer of hydrocarbons, will be a significant exporter of natural gas overseas in the coming years and decades. This development has resulted in a flurry of proposed liquefied natural gas (“LNG”) terminals that hope to export natural gas in order to take advantage of the large spreads between prices in America and those in Europe and Asia. Those price spreads exist because a worldwide market for natural gas doesn’t exist, as opposed to oil where the relatively short-lived Brent-WTI price differential has evaporated in recent months.

However, these export terminals cannot export gas to foreign countries lacking a free trade agreement with the U.S. without permits from the U.S. Department of Energy and the Federal Energy Regulatory Commission (“FERC”). The queue for approval is long with only three facilities (including most recently the Lake Charles LNG Project in Lake Charles, Louisiana) receiving approval from the Department of Energy and only one of those (the Sabine Pass project in Cameron Parish, Louisiana) receiving approval from FERC. Given the long construction lead times for these projects and political pressure from environmentalists and buyers of natural gas who want prices to remain low, it won’t be until 2016 when any significant volumes of LNG are exported from the continental United States. Rival producers such as Qatar, Australia and Indonesia are rapidly signing contracts with Japan, Korea and China to satisfy the long-term needs of those countries as America continues to delay the development of its LNG infrastructure.

Meanwhile, the historically low natural gas prices created by the production glut are forcing energy companies to find a profitable market for their natural gas in the short to medium term. They appear to have found one in America’s backyard: Mexico. Constructing pipelines to straddle the U.S.-Mexico border entail less regulatory complexities and attract less political attention than LNG exports. With the existing U.S.-Mexico natural gas pipelines almost at capacity, energy companies cannot build border pipelines fast enough, with several new pipeline projects coming online, including Kinder Morgan’s El Paso Natural Gas Co. export pipeline near El Paso, Texas, with a capacity of 0.37 billion cubic feet per day. According to the U.S. Energy Information Administration all of the in-progress pipeline projects on the U.S.-Mexico border could result in a doubling of American natural gas exports to Mexico by the end of 2014.

This new export market should continue to support U.S. shale development in the near-term and medium-term future, especially in Texas, despite low natural gas prices and continued supply growth. Longer term prospects for U.S. natural gas exports to Mexico are also bright as well. Even though Mexico has large hydrocarbon reserves itself, the 1938 nationalization of its oil industry and the subsequent decades of underinvestment have seen Mexican hydrocarbon production steadily decline in the last decade. The Mexican constitution effectively prohibits private investment in hydrocarbon production and the Mexican public firmly believes in public ownership of hydrocarbons. There is widespread agreement among many Mexican politicians that private capital, especially from U.S. energy companies with the expertise to tap offshore and shale hydrocarbons, is needed to reverse the production decline, but whether public opposition can be overcome remains in doubt. Mexican President Enrique Peña Nieto is pushing constitutional reforms to attract foreign capital, but even if those pass Mexico is years away from converting any private capital into increased production. If those reforms do not pass, Mexico will be forced to continue to look to U.S. natural gas producers to provide it with its growing energy needs.

So while a regulatory bottleneck is endangering America’s ability to be a long-term overseas exporter of natural gas, Mexico, with its growing economy and inability to tap its own reserves, seems poised to play an outsized role in a continued expansion of American natural gas production. LNG exports might be the wave of the future, but natural gas exports to Mexico are the here and now.

 of

Health Care Reform Update – Week of August 5th, 2013

Mintz Logo

Leading the News

Office of Personnel Management Addresses Premiums for Congressional Staffers On August 1st, the U.S. Office of Personnel Management (OPM) announced it will release proposed regulations within the next week to allow the federal government to contribute to the health care premiums of members of Congress and their staffs. Earlier in the week, President Obama said he was working with Congress to address the issue, which had prompted concerns about a brain drain from Capitol Hill. Senator Tom Coburn (R-OK) said he intended to place a hold on Katherine Archuleta, the nominee to be the chief at OPM, until the issue was resolved.

House Energy and Commerce Committee Unanimously Approves SGR Bill On July 31st, by a unanimous 51-0 vote, the House Energy and Commerce passed legislation that would repeal the sustainable growth rate (SGR) Medicare physician payment method and shift payment to quality-based measures.

Implementation of the Affordable Care Act

On July 29th, CMS issued a release that indicates the ACA and its gradual closure of the donut hole coverage gap has saved 6.6 million Americans over $7 million, an average savings of $1,061 per beneficiary.

On July 29th, the White House issued a blog post noting nationwide health care costs grew just 1.1% from May 2012 – May 2013. The 1.1% growth is the slowest in 50 years.

On July 30th, House Republicans released a playbook for the August recess that encourages members to hold “emergency town halls” in response to ACA implementation.August 5, 2013

On July 30th, the CMS released an application that allows organizations to become “Champions for Coverage” under the ACA.

On July 30th, CMS released an application for community health centers and other health providers that want to become certified application counselor organizations and help people searching for insurance coverage on the ACA exchanges.

On July 30th, the Congressional Budget Office (CBO) and the Joint Committee on Taxation (JTC) issued an estimate that the employer mandate delay of the ACA will cost about $12 billion.

On July 31st, HHS issued a request for information from stakeholders regarding section 1557 of the ACA, which prohibits discrimination based on race, color, national origin, sex, age, or disability in health care programs.

On July 31st, the Kaiser Family Foundation (KFF) released a report and interactive map on how insurance coverage would be expanded as a result of the ACA.

On July 31st, House Speaker John Boehner (R-OH) said he is still unsure if House Republicans will use the threat of a government shutdown in an effort to defund the ACA.

On July 30th, EHealthInsurance reached a deal to sell its products on the ACA insurance exchanges. EHealth CEO Gary Lauer says his company’s involvement on the exchanges will lead to increased enrollment and improved competition in the insurance marketplace.

On August 1st, California announced six insurers that will offer coverage on the state’s Small Business Health Options Program (SHOP). A summary of the Covered California plan indicates the premium prices and coverage options for hypothetical business operations.

On August 1st, 38 Republican Senators sent a letter to White House Counsel Kathryn Ruemmler with a request for information on the government agencies involved in ACA implementation.

On August 1st, the House Ways and Means Committee held a hearing on the role of the IRS in ACA implementation. Gary Cohen of the CMS Center for Consumer Information and Insurance Oversight (CCIIO) and Daniel Werfel of the IRS testified before the committee.

On August 1st, the House Energy and Commerce Committee conducted a hearing with CMS Administrator Marilyn Tavenner to discuss the current state of ACA implementation.

On August 2nd, the House voted, 232-185, to prohibit the IRS from being involved in enforcement of the ACA. The vote was the 40th time the House has attempted to repeal components of the ACA.

Other HHS and Federal Regulatory InitiativesAugust 5, 2013

On July 30th, the Department of Justice (DOJ) announced Wyeth Pharmaceuticals agreed to pay over $490 million to resolve criminal and liability issues arising from the company’s unlawful marketing of Rapamune, a drug only approved by the Food and Drug Administration (FDA) for kidney transplants.

On July 31st, CMS issued final payment rules to increase payments to skilled nursing facilities by 1.3%, at a cost of $470 million, and increase payments to inpatient rehabilitation facilities by 2.3%, a $170 million cost.

On August 1st, the FDA released 2014 user fee rates for biosimilars, brand name prescription drugs, generic prescription drugs, and medical devices.

On August 2nd, the FDA issued a rule addressing ‘gluten-free’ food labeling. The rule states foods that claim to be gluten-free but contain more than 20 parts per million of gluten will be considered misbranded products.

On August 2nd, CMS released a final rule relating to payments for acute care and long-term care hospitals in 2014. The rule increases payment to the nation’s 3,400 acute care hospitals by $1.2billion. Payment to 440 long-term care facilities is set to increase $72 million.

Other Congressional and State Initiatives

On July 31st, Rep. Daniel Lipinski (D-IL) introduced legislation to require hospitals to publicly disclose the prices charged for the most common medical procedures.

On August 1st, Democratic Senators sent a letter to President Obama urging the White House to establish set targets for Medicare and Medicaid cost savings.

On August 1st, Senators Mark Warner (D-VA) and Johnny Isakson (R-GA) introduced The Care Planning Act of 2013, a bill to improve palliative care and provide seriously ill patients with greater control of their own care.

On August 2nd, Michigan and Illinois announced a partnership to share Medicaid information systems, a plan expected to save millions of dollars for both states.

On August 2nd, Senators Mike Crapo (R-ID), Ben Cardin (D-MD), and Angus King (I-ME) introduced a bill, S. 1422, to require the CBO to more completely address the cost-savings of preventive healthcare.

Other Health Care News

On July 29th, doctors from the National Cancer Institute published a report suggesting the word ‘cancer’ is overused. The report argues the overuse of the term leads to unnecessary and potentially harmful treatment in many patients.August 5, 2013

On July 29th, Gallup released a poll indicating Americans have exercised less each month in 2013 than during the same months in 2012. About half of Americans say they exercise at least 30 minutes three or more days each week.

On August 2nd, the Institute of Medicine released a report on the efforts needed to tackle obesity in the United States.

Hearings and Mark-Ups Scheduled

The Senate and the House of Representatives are in recess until the week of September 9th.

David Shirbroun also contributed to this article.

Article By:
of

Prospects for Comprehensive Immigration Reform: The House of Representatives Kicks the Can Down the August Recess Road

GT Law

The U.S. House of Representatives left town last week for the long August recess without passing one immigration-related bill. House Republicans made it quite clear that the Senate- passed S. 744, The Border Security, Economic Opportunity, and Immigration Modernization Act, would never be taken up by the House.

To date, the House has five immigration bills reported out of either the Judiciary or Homeland Security Committee. The Comprehensive Immigration Reform bill that the House Gang of 8 (now 7) has been working on for the past 18-plus months has not be introduced and the common wisdom is that it will not be the vehicle that will be used in the House.

None of the five bills have been brought to the floor for a vote. When the House returns in September, there is a feeling that the bills might be brought up in the following order:

  1. The Border Security Results Act (H.R. 1417) was introduced on April 9, 2013 by House Homeland Security Chairman Michael McCaul and approved by the House Homeland Security Committee on May 20, 2013 by voice vote. H.R. 1417 requires results verified by metrics to end The Department of Homeland Security’s ad hoc border approach and to help secure our nation’s porous borders.
  2. The Strengthen and Fortify Enforcement Act (H.R. 2278), also know as The SAFE Act, was approved by the House Judiciary Committee on June 18, 2013. The SAFE Act seeks to improve the interior enforcement of our immigration laws by preventing the Executive Branch from unilaterally halting federal enforcement efforts. To this end, the bill grants states and localities the authority to enforce federal immigration laws.
  3. The Legal Workforce Act (H.R. 1772) was introduced on April 26, 2013 by Rep. Lamar Smith and approved by the House Judiciary Committee on June 26, 2013. This bill discourages illegal immigration by ensuring that jobs are made available only to those who are authorized to work in the U.S. Specifically, the bill requires employers to check the work eligibility of all future hires though the E-verify system.
  4. The Supplying Knowledge Based Immigrants and Lifting Levels or STEM Visas Act (H.R. 2131), also known as The SKILLS Visa Act, was introduced by Rep. Darrell Issa on May 23, 2013. The SKILLS Visa Act changes the legal immigration system for higher-skilled immigration and improves programs that make the U.S. economy more competitive. The SKILLS Visa Act was approved by the House Judiciary Committee on June 27, 2013.
  5. On April 26, 2013, House Judiciary Committee Chairman Bob Goodlatte introduced the Agricultural Guestworker Act (H.R. 1773), also known as The AG Act. The Committee approved this bill on June 19, 2013 in a voice vote (20-16). This bill attempts to provide farmers with a new guest worker program to ease access to a lawful, agricultural workforce that employers may call upon when sufficient American labor cannot be found.

The members of the Republican leadership in the House have not been clear about the timing strategy for a potential conference with the Senate. It is not very likely, however, that a conference will occur until the end of 2013, if at all.

Article By:

 of

Picture This: The National Labor Relations Board’s Division of Advice Wants to Sue Employer for Issuing Social Media Policy with Photo/Video Ban

Michael Best Logohe National Labor Relations Board’s Division of Advice (the Division) recently recommended that the Board issue a complaint against Giant Foods for implementing its social media policy without first bargaining with two unions, and for maintaining a social media policy that included unlawful provisions. Although the Division analyzed several social media policy provisions, its criticism of two provisions in particular—a ban on using photo and video of company premises, and restrictions on employees’ use of company logos and trademarks—makes it very difficult for employers to protect their brands while at the same time complying with federal labor laws.

Giant Foods’ social media policy forbade employees from using company logos, trademarks, or graphics without prior approval from the company. The policy also prohibited employees from using photographs or video of the “Company’s premises, processes, operations, or products” without prior approval as well.

The Division concluded that these provisions were unlawful under the National Labor Relations Act (NLRA) and that the National Labor Relations Board (the Board) should issue a complaint against Giant Foods for implementing them. As employers are becoming keenly aware, the NLRA safeguards employees’ right to engage in protected concerted activity. Such activity includes group discussions and some comments by individual employees that relate to their wages, hours, and other terms conditions of employment.

The Division concluded that banning employees from using company logos or trademarks was unlawful because: (1) employees should be allowed to use logos and trademarks in online communications, including electronic leaflets or pictures of picket signs with the employer’s logo; and (2) those labor-related interests did not raise the concerns that intellectual property laws were passed to protect, such as a business’ interest in guarding its trademarks from being used by competitors selling inferior products.

Additionally the Division concluded that restricting employees from using photo and video of company premises unlawfully prevented them from sharing information about participation in protected concerted activities, such as snapping a picture of a picket line.

Unfortunately, the Board’s expansive view will likely hamper companies’ ability to prevent damage to their brand and reputation.  Not allowing employers to ban the taking of videos and photos on their premises, or restricting the use of company logos/trademarks could lead to public relations nightmares such as the one Subway Foods recently endured after it was revealed that an employee posted a graphic picture on Instagram of his genitalia on a sub, with the tag line “I will be your sandwich artist today.”

Given the prevalence of cell phones with photo and video capabilities, and the ease of uploading photos and videos to the internet, a company that cannot control its employees’ use of those devices on their premises will be one bad employee decision away from public embarrassment.

What else can be gleaned from the Giant Foods Advice Memorandum? That the Board’s General Counsel will continue to prod employers to eliminate blanket bans on certain kinds of employee conduct from their social media policies and replace those bans with provisions that include specific examples of what employee conduct the policy prohibits. The Board and its General Counsel have previously found social media policies that restricted employee use of confidential information and complaints about an employer’s labor practices as unlawful; Giant Foods makes clear that the agency is also scrutinizing other kinds of policy provisions that potentially could infringe on an employee’s right to engage in protected concerted activities.

Accordingly, employers should review their policies with counsel so that they can tailor them to restrict employee conduct that will damage the company and its brand, but not be “reasonably” read to restrict employees’ rights to engage in protected concerted activities.

It’s Official: Top Union Lawyer To Be National Labor Relations Board (NLRB) General Counsel

Barnes & Thornburg

And you thought Lafe Solomon was anti-employer? Buckle your seat belts folks because the employer community is in for a rough ride.

The White House has confirmed Board member Richard Griffin has been nominated to be the new General Counsel for the NLRB.  Before joining the Board as a “recess” appointee, Griffin served as General Counsel for the International Union of Operating Engineers. Griffin has served on the board of directors for the AFL-CIO Lawyers Coordinating Committee and has held various legal jobs with the IUOE. Griffin holds a B.A. from Yale University and a J.D. from Northeastern University School of Law. With Griffin’s nomination, the President also withdrew the nomination of Lafe Solomon Jr. to be General Counsel.  Solomon had been named Acting General Counsel on June 21, 2010.  His nomination for that job went to the U.S. Senate on January 5, 2011 and again in May of this year, but the nomination was never voted upon.

As we previously reported here and here, Griffin’s nomination for the GC job comes on the heels of the deal crafted in the Senate to allow the President’s nominations for the Board to come to the floor for an up or down vote.  Republicans insisted that the President withdraw the nomination of Griffin and Sharon Block.  He agreed and replaced their nominations with those of Kent Hirozawa and Nancy Schiffer, both reportedly hand-picked by AFL-CIO President Richard Trumka. With the recent confirmation of all five of the nominations, the Board is at its full five-member complement for the first time in more than a decade.  However, with a solid 3 member pro-Union majority and Griffin in the General Counsel’s slot, it will be full speed ahead on President Obama’s pro-Union agenda.

Article By:

 of