Revise Health Plan HIPAA Records Access Rules & Procedures To Use Newly Flexibility On Charging, Responding To Third Party PHI Requests

January 28, 2020

Health plans and their health plan records providers and other business associates should review and update their existing policies and practices concerning providing and charging individuals for access to protected health information in response to modifications in the Department of Health & Human Service (“HHS”) Office of Civil Rights (“OCR”) rules implementing the Health Insurance Portability & Accountability Act (“HIPAA”) requirements regarding patient’s rights to access their protected health information (“PHI”) from health plans, health care providers, health care clearinghouses (“”Covered Entities”) and their business associates (“HIPAA entities”) to comply with a January 23, 2020 court order (the “Coix Order”) in Coix Health, LLC v. Azar, et al, No 18 –CV-0040 (D>D.C. January 23, 2020).  Utilizing the flexibility resulting from the Coix Order could help reduce health plan costs of compliance with the HIPAA right of access rule by allowing the health plan and its records providers more freedom to determine the charges and format for delivering PHI in response to records requests received from other insurers, lawyers and other third parties.

Coix Order  Invalidates Pieces of OCR HIPAA Rules On PHI Record  Rules

The new flexibility is the result of the Coix Order entered by a Federal District Court in response to a lawsuit brought by Coix Health, LLC (“”Coix”).  Coix brought the lawsuit challenging the “Patient Rate” restrictions on the amounts that HIPAA entities can charge for providing records containing PHI the “third party directive” requirements in the rules implementing HIPAA’s right of access requirements under 45 C.F.R. §164.524 as adopted by OCR as part of its final rule entitled “Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information Technology for Economic and Clinical Health Act, and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules.”  (The “2013 Omnibus Rule”) on January 25, 2013.   In particular, the 2013 Omnibus Rule includes a “Patient Rate” rule that limits the charges that Covered Entities can make for delivering PHI requested by patients and third parties to prevent patient access to PHI from being thwarted by excessive fees.  As part of the Patient Rate rule, OCR restricted what Covered Entities and their records providers can charge to provide copies of protected health information.  The Patient Rate rule restricts charges that can be imposed to provide protected health information, restricts the methods for calculating these charges and limits the type and amount of labor costs that can be included when calculating the Patient Rate. The Patient Rate rule in the 201 Omnibus Rule also requires that Covered Entities and their records companies provide the requested PHI directly to the patient or to a third party designed by the patient and in the format requested by the patient regardless of the format in which the Covered Entity or its medical provider maintains the PHI within its record.

When originally implemented, the medical records industry generally understood that the Patient Rate limitations applied only to requests for PHI made by the patient for use by the patient.  Before 2016, however, Covered Entities and their medical records providers generally understood that this Patient Rate rule did not apply to or limit fees that Covered Entities or their medical records providers could charge commercial entities or other third parties like insurance companies and law firms to fill requests for PHI.  That understanding changed, in 2016, however, when HHS issued guidance that stated that the Patient Rate applies even to requests to deliver PHI to third parties.

A specialized medical-records provider that contracts with healthcare suppliers nationwide to maintain, retrieve, and produce individuals’ PHI, Cox handles tens of millions of requests for records containing PHI annually including demands by healthcare providers for treatment purposes, patients asking for their own PHI, and third parties, such as life insurance companies and law firms, seeking a patient’s PHI for commercial or legal reasons.  According to Cox, OCR’s interpretation of the Patient Rate rule as applicable to third party requests as well as direct patient requests cost it and other medical records companies millions of dollars in revenue. Accordingly, Coix filed the Coix Health, LLC v. Azar, et al lawsuit challenging OCR’s 2016 application of the Patient Rate to third party requests as violating the procedural and substantive protections of the Administrative Procedure Act (“APA”). In addition to this challenge to the scope of the Patient Rate, Coix also contested OCR pronouncements in the 2016 guidance document on (1) the types of labor costs that are recoverable under the Patient Rate; and (2) the three alternative methods identified for calculating the Patient Rate as violating the APA’s procedural and substantive provisions. Finally, Coix also challenged the requirement in the Patient Rate rule that records companies to send PHI to third parties regardless of the format in which the PHI is contained and in the format specified by the patient. According to Coix, Congress required only that certain types of electronic health records be delivered to third parties, not all records regardless of their format, as HHS’s regulations now command.

In its January 23, 2020 ruling on HHS’s motion to dismiss and the parties’ cross-motions for summary judgment, the D.C. District Court agreed with OCR that OCR’s rule requiring the use of one of three methods for calculating the Patient Rate was unreviewable as a final agency action and dismissed Coix’ challenge to that requirement. Concerning Coax’s other challenges, the Court sided with Coix.  It ruled that:

  • OCR’s 2013 rule compelling delivery of PHI to third parties regardless of the records’ format is arbitrary and capricious insofar as it goes beyond the statutory requirements set by Congress;
  • OCR’s broadening of the Patient 3 Rate in 2016 is a legislative rule that the agency failed to subject to notice and comment in violation of the APA; and
  • OCR’s 2016 explanation concerning what labor costs can be recovered under the Patient Rate is an interpretative rule that OCR was not required to subject to notice and comment.

Accordingly, District Court in the Coix Order declares unlawful and vacates (1) the 2016 Patient Rate expansion and (2) the 2013 mandate broadening PHI delivery to third parties regardless of format within the individual right of access” set forth in the provisions of 45 C.F.R. §164.524 of the 2013 Omnibus Rule insofar as it expands the HITECH Act’s third-party directive beyond requests for a copy of an electronic health record with respect to protected health information of an individual in an electronic format.” Additionally, the federal court ordered that the fee limitation set forth at 45 C.F.R. § 164.524(c)(4) only apply to an individual’s request for access to their own records, and does not apply to an individual’s request to transmit records to a third party.

As a result of the Coix Order, Covered Entities and their medical records providers still must calculate the Patient Rate in accordance with one of the three allowed methodologies when providing a patient with records containing PHI in response to a patient request.  However, Covered Entities and their medical records provider now may exercise greater flexibility when determining the format and charges when responding to requests from third parties other than the patient for records containing PHI.  Before doing so, however, most Covered Entities and business associates will want to update their HIPAA policies and procedures to reflect the new practices consistent with the new HIPAA and other relevant requirements.  Updating the policies first is important because the 2013 Omnibus Rule states Covered Entities violate HIPAA by failing to follow their own HIPAA privacy and security policies when those practices are more restrictive than those mandated by OCR’s 2013 Omnibus Rule.  Consequently however, Covered Entities and their medical records companies desiring to exercise this newly available flexibility should revise their existing policies and procedures to authorize their exercise of this new flexibility consistent with the Coix Order and associated OCR guidance.

OCR Plans To Comply With Coix Order In Applying Patient Record Rule

In an “Important Notice Regarding Individuals’ Right of Access to Health Records” released January 28, 2020, OCR announced that that it will comply with the Coix Order vacating the “third-party directive” within the individual right of access “insofar as it expands the HITECH Act’s third-party directive beyond requests for a copy of an electronic health record with respect to [protected health information] of an individual  . . . in an electronic format.” Additionally, OCR stated that the fee limitation set forth at 45 C.F.R. § 164.524(c)(4) will apply only to an individual’s request for access to their own records, and not apply to an individual’s request to transmit records to a third party.   However, OCR also added that the right of individuals to access their own records and the fee limitations that apply when exercising this right are undisturbed and remain in effect.  OCR will continue to enforce the right of access provisions in 45 C.F.R. § 164.524 that are not restricted by the court order.

More Information

We hope this update is helpful. For more information about the Coix Order or other health or other employee benefits, human resources, or health care developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.  As a part of this work, she has continuously and extensively worked with domestic and international health plans, their sponsors, fiduciaries, administrators, and insurers; managed care and insurance organizations; hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EMR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns.  This  involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve  sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology,  data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care;  internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement;  and other strategic and operational concerns.

Author of leading works on HIPAA and a multitude of other health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law constantly and often rapidly evolves, subsequent developments that could impact the currency and completeness of this discussion are likely. The author and Solutions Law Press, Inc. disclaim, and have no responsibility to provide any update or otherwise notify anyone of any  fact or law specific nuance, change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2020 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

Comments Off on Revise Health Plan HIPAA Records Access Rules & Procedures To Use Newly Flexibility On Charging, Responding To Third Party PHI Requests | 21st Century Cures Act, Academic Medicine, Association Health Plan, Corporate Compliance, Data Breach, Data Security, health benefit, health Care, health insurance, health insurance marketplace, Health IT, health plan, Health Plans, HIPAA, Protected Health Information | Permalink
Posted by Cynthia Marcotte Stamer

2/28 New Comment Deadline For NLRB Proposal To Exclude College Work Study Student Workers From NLRA Coverage

January 28, 2020

February 28, 2020 is the new deadline for employers to comment on a National Labor Relations Board (“NLRB”) proposal to exempt undergraduate and graduate students performing services for financial compensation in connection with their studies from the NLRB’s definition of “employee” for purposes of the National Labor Relations Act (NLRA) and other collective bargaining and union organizing and representation laws under the NLRB’s jurisdiction.

The original notice of proposed rulemaking published here on September 23, 2019 would exempt ”every student performing teaching, research and any services for compensation, at a private college or university in connection with his or her studies from treatment as an “employee” for purposes of Section 2(3) of the NLRA. The extended deadline unofficially announced by the NLRB on January 28, 2020 is the NLRB’s second extension of the comment deadline. The official announcement from the NLRB of its extension of the comment submission window for responses to initial comments to Friday, February 28, 2020 is expected to be published in the Federal Register the week of February 3, 2020. The NLRB previously extended the comment deadline on October 17, 2019.  That first extended comment deadline expired in December, 2019.

The NLRB says this proposed rulemaking t exempt students from employees covered by the NLRA “is intended to bring stability to an area of federal labor law in which the NLRB, through adjudication, has reversed its approach three times since 2000.  The NLRB has stated this proposed standard on the exclusion of students from the NLRA definition of employee is consistent with the purposes and policies of the NLRA, which contemplates jurisdiction over economic relationships, not those that are primarily educational in nature.

The proposed regulation to exclude students from NLRA coverage is one of several regulatory projects that the now Trump-appointee dominated NLRB has undertaken in the past year in its effort to undue a host of pro-labor changes to NLRB policy changes initiated and enforced during the Obama Administration when President Obama appointees dominated the NLRB and its policies.  Another example of these regulatory efforts include the NLRB’s current efforts to reverse a change in interpretation and enforcement of the “joint employer” rules of the NLRA and Fair Labor Standards Act that substantially expanded the imputation of liability for collective bargaining and other labor-management and wage and hour law violations by treating companies as joint employers that received the benefit of work performed even when the recipient company did not control the details of the work or the nominal employer.  Aside from submitting any relevant feedback to the student rule, business leaders and organizations generally will want to carefully monitor developments to update their policies and practices as well as to provide appropriate input on these and other developments.

For More Information

We hope this update is helpful. For more information about this or other labor and employment developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates and join discussions about these and other human resources, health and other employee benefit and patient empowerment concerns by participating and contributing to the discussions in our Solutions Law Press HR & Benefits Update Compliance Update Group and registering for updates on our Solutions Law Press Website.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of management focused employment, employee benefit and insurance, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors;   domestic and international public and private health care, education and other community service and care organizations; managed care organizations; insurers, third-party administrative services organizations and other payer organizations;  and other private and government organizations and their management leaders.  As part of this work, she has worked extensively on employee benefit communication and other employee benefit plan legislative and regulatory policy, design, compliance and enforcement including testifying to the EBSA Advisory Council on Employee Welfare and Pension Benefit Plans in  on the effectiveness of employee benefit plan disclosures during 2017 hearings on on reducing the burdens and increasing the effectiveness of ERISA mandated disclosures.

Throughout her 30 plus year career, Ms. Stamer has continuously worked with these and other management clients to design, implement, document, administer and defend hiring, performance management, compensation, promotion, demotion, discipline, reduction in force and other workforce, employee benefit, insurance and risk management, health and safety, and other programs, products and solutions, and practices; establish and administer compliance and risk management policies; manage labor-management relations, comply with requirements, investigate and respond to government, accreditation and quality organizations, regulatory and contractual audits, private litigation and other federal and state reviews, investigations and enforcement actions; evaluate and influence legislative and regulatory reforms and other regulatory and public policy advocacy; prepare and present training and discipline;  handle workforce and related change management associated with mergers, acquisitions, reductions in force, re-engineering, and other change management; and a host of other workforce related concerns. Ms. Stamer’s experience in these matters includes supporting these organizations and their leaders on both a real-time, “on demand” basis with crisis preparedness, intervention and response as well as consulting and representing clients on ongoing compliance and risk management; plan and program design; vendor and employee credentialing, selection, contracting, performance management and other dealings; strategic planning; policy, program, product and services development and innovation; mergers, acquisitions, bankruptcy and other crisis and change management; management, and other opportunities and challenges arising in the course of workforce and other operations management to improve performance while managing workforce, compensation and benefits and other legal and operational liability and performance.

A Fellow in the American College of Employee Benefit Counsel and Past Chair of both the ABA Managed Care & Insurance Interest Group and it’s RPTE Employee Benefits and Other  Compensation Group, Ms. Stamer also has leading edge experience in health benefit, health care, health, financial and other plan, program and process design, administration, documentation, contracting, risk management, compliance and related process and systems development, policy and operations; training; legislative and regulatory affairs, and other legal and operational concerns.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer has been extensively involved in U.S. federal, state and local health care and other legislative and regulatory reform impacting these concerns throughout her career. Her public policy and regulatory affairs experience encompasses advising and representing domestic and multinational private sector health, insurance, employee benefit, employer, staffing and other outsourced service providers, and other clients in dealings with Congress, state legislatures, and federal, state and local regulators and government entities, as well as providing advice and input to U.S. and foreign government leaders on these and other policy concerns.

Author of leading works on a multitude of labor and employment, compensation and benefits, internal controls and compliance, and risk management matters and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.  We also invite you to join the discussion of these and other human resources, health and other employee benefit and patient empowerment concerns by participating and contributing to the discussions in our Health Plan Compliance Group or COPE: Coalition On Patient Empowerment Groupon LinkedIn or Project COPE: Coalition on Patient Empowerment Facebook Page.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission and its content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion.otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication or the topic of this article, please contact the author directly. All other rights reserved.

Comments Off on 2/28 New Comment Deadline For NLRB Proposal To Exclude College Work Study Student Workers From NLRA Coverage | Education, Educational Privacy, employee, Employee Benefits, Employer, Employers, ERISA, Labor Management Relations, NLRA, Reporting & Disclosure, Retirement Plans, Uncategorized, Unfair Labor Practice, Union, Union certification, Union elections, Worker Classification | Tagged: , , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

Don’t Get Stuck Paying Another Employer’s Overtime Or Other Backpay

January 13, 2020

No business wants to get hit with a bill or judgement for unpaid overtime or other wages and penalties under the Fair Labor Standards Act (“FLSA”). It’s even worse when the order to pay is for back pay another business owed but didn’t pay. New FLSA joint employer regulations released today update the rules about when your business could get stuck paying another business’ backpay. That’s why all U.S. employers should re-evaluate their potential minimum wage, overtime, recordkeeping and other Fair Labor Standards Acts (“FLSA”) liability exposure from work performed by workers employed by subcontractors or contractors, staffing, leasing, manpower and workforce and other separate business entities in light of the new Final Rule: Joint Employer Status under the Fair Labor Standards Act (“Final Rule”) on determining joint employer status under the FLSA released by the Department of Labor Wage and Hour Division (“Labor Department”).  The Labor Department released a copy of the Final Rule to the public today today (January 13, 2020) in anticipation of its scheduled official publication in the Federal Register on January 16, 2019.

Joint Employer Liability Long Standing FLSA Risk

Many businesses and their management are unaware that if their business meets the definition of a “joint employer” for purposes of the FLSA, their businesses could be required to pay unpaid wages and penalties another business owes for failing to pay minimum wage or overtime or other FLSA violations. even though their business never directly employed those workers.  This is because the FLSA also makes business that are “joint employers” as defined for purposes of the FLSA  jointly and severally liable with the direct employer for proper payment of wages and other compliance with the FLSA.  The FLSA requires covered employers to pay their employees at least the federal minimum wage for every hour worked and overtime for every hour worked over 40 in a workweek. To be liable for paying minimum wage or overtime, an individual or entity must be an “employer,” which the FLSA defines in Section 3(d) to include “any person acting directly or indirectly in the interest of an employer in relation to an employee[.]” Under the FLSA, an employee may have—in addition to his or her employer—one or more joint employers. A joint employer is any additional “person” (i.e., an individual or entity) who is jointly and severally liable with the employer for the employee’s wages under the applicable Labor Department regulations.

While both the Labor Department and private litigants have used the joint employer rules and precedent to nail businesses for other employer’s wage and hour liability frequently for the past sixty plus years, Obama Administration changes in the Labor Department’s interpretation and enforcement of the joint employer rule have significantly broadened the scope of relationships found to constitute joint employment to include a broad range of subcontractor and other business relationships not historically recognized as triggering joint employer liability.  Historically, joint employer determinations were reached by applying highly subjective, fact specific analysis heavily reliant upon decades of court decisions which required some evidence that the alleged joint employer possessed or exercised some control over the employees to support the finding of joint employment.   Under these historical tests, mere benefit from work performed by individuals employed by another employer did not establish a presumption, much less proof of joint employment.

During the Obama Administration, however, the Department of Labor both stepped up its efforts to identify and enforce these joint employer provisions and concurrently without formally issuing new regulations adopted interpretive and enforcement guidelines for finding joint employer status that that significantly broadened the employment relationships that the Labor Department treated as joint employers in a manner that presumed the existence of a joint employment relationship whenever the alleged joint employer benefitted from the performance of work even when the facts showed little or any evidence that the alleged joint employer possessed or exercised any control over the employee or the details of his work.  As a consequences, construction and other businesses uses contractors, health care organizations, and a host of other entities were surprised to be nailed with wage and hour liabilities arising from work performed by subcontractors, contractors, and other businesses including overtime liability attributable to work performed for the benefit of other customers of the employer.

Final Joint Employer Rule Changes Rules Effective March 16, 2020

Prompted by the Trump Administration’s broader effort to roll back these and other Obama Era pro-labor rulemaking and enforcement, the new Final Rule seeks to restore and reaffirm the requirement of evidence of the possession of authority or exercise of some traditional employer control by the alleged joint employer.  Scheduled to take effect on March 16, 2020, the new Final Rule will continue to recognize two potential scenarios where an employee may have one or more joint employers based on a highly subjective analysis of the factual realities of an alleged joint employer with another business or businesses under two scenarios:

  • The employee has an employer who suffers, permits, or otherwise employs the employee to work, but another individual or entity simultaneously benefits from that work (“Scenario One”); versus
  • One employer employs an employee for one set of hours in a workweek, and another employer employs the same employee for a separate set of hours in the same workweek (“Scenario Two”).

The Final Rule modifies and clarifies the Labor Department’s historical joint employer rule as it relates to the determination of joint employment status in Scenario One situations but leaves substantially unchanged its existing rules on joint employer determinations in Scenario Two situations.

Finally, the Final Rule provides several examples of how the Department’s joint employer guidance should be applied in various factual circumstances

Final Rule Modifications To Existing Rules On Joint Employment in Scenario One Situations

Under the Final Rule in a Scenario One situation under which an employee performs work for the employer that simultaneously benefits another individual or entity, the Final Rule adopts a four-factor balancing test to determine whether the potential joint employer is directly or indirectly controlling the employee, assessing whether the potential joint employer:

  • hires or fires the employee;
  • supervises and controls the employee’s work schedule or conditions of employment to a substantial degree;
  • determines the employee’s rate and method of payment; and
  • maintains the employee’s employment records.

Businesses should keep in mind that proof of the exercise of exercise direct control over these details of employment of an employee is not required for a finding of joint employment. Indirect exercise of control is sufficient.  Examples of indirect exercise of control recognized in the Final Regulations as supporting joint employer liability include control over an employee through mandatory directions to another employer that directly control the employee. However, indirect control does not include the direct employer’s voluntary decision to accommodate the potential joint employer’s request, recommendation, or suggestion. Similarly, acts that incidentally impact the employee do not indicate joint employer status. For example, a restaurant could request lower fees from its cleaning contractor, which, if agreed to, could impact the wages of the cleaning contractor’s employees. However, this request would not constitute an exercise of indirect control over the employee’s rate of payment.

Like under the prior rules and standards, whether a person is a joint employer under the new standards established in the Final Rule will continue to depend upon all the facts in a particular case, and the appropriate weight to give each factor will vary depending on the circumstances. Moreover, all of these factors need not be present for joint employment to exist.  However, the Final Rule states the potential joint employer’s maintenance of the employee’s employment records alone will not lead to a finding of joint employer status.  For purposes of its provisions, the Final Rule defines the “employment records” referred to in the fourth factor to mean only those records, such as payroll records, that reflect, relate to, or otherwise record information pertaining to the hiring or firing, supervision and control of the work schedules or conditions of employment, or determining the rate and method of payment of the employee.

Additionally, the Final Rule also notes that additional factors may also be relevant in determining whether another person is a joint employer in this situation, but only when they show whether the potential joint employer is exercising significant control over the terms and conditions of the employee’s work.

The Final Rule also identifies factors that are not relevant to the determination of FLSA joint employer status. For example, the Final Rule specifies that whether the employee is economically dependent on the potential joint employer, including factors traditionally used to establish whether a particular worker is a bona fide independent contractor (e.g., the worker’s opportunity for profit or loss, their investment in equipment and materials, etc.), are not relevant to determine joint employer liability. Economic dependence was an evidentiary factor promoted as evidence of joint employment in several Obama Administration era enforcement actions.

The Final Rule also identifies certain other factors that do not make joint employer status more or less likely under the Act which had been relied upon by the Labor Department under the Obama Administration era interpretation of the FLSA, including:

  • operating as a franchisor or entering into a brand and supply agreement, or using a similar business model;
  • the potential joint employer’s contractual agreements with the employer requiring the employer to comply with its legal obligations or to meet certain standards to protect the health or safety of its employees or the public;
  • the potential joint employer’s contractual agreements with the employer requiring quality control standards to ensure the consistent quality of the work product, brand, or business reputation; and
  • the potential joint employer’s practice of providing the employer with a sample employee handbook, or other forms, allowing the employer to operate a business on its premises (including “store within a store” arrangements), offering an association health plan or association retirement plan to the employer or participating in such a plan with the employer, jointly participating in an apprenticeship program with the employer, or any other similar business practice.

Additionally, the Final Rule makes clear that a finding of joint employer status in Scenario One situations must be based on an actual exercise of control by the alleged joint employer.  In this respect, the Final Rule provides that although an individual or entity’s power, ability, or reserved contractual right to exercise control relating to one or more of the factors may be relevant in determining whether they are an FLSA joint employer, such power, ability, or reserved contractual rights are not in themselves sufficient to establish FLSA joint employer status without some actual exercise of control.

Final Rule Retains Existing Rules On Joint Employment In Scenario Two Situations

The Final Rule did not make any substantive changes to the standard for determining joint employer liability in Scenario Two situations. If the employers are acting independently of each other and are disassociated with respect to the employment of the employee, the Final Rule continues to provide that each employer may disregard all work performed by the employee for the other employer in determining its liability under the FLSA. However, if the factual realities show that the employers are sufficiently associated with respect to the employment of the employee, the Final Rule continues to state that the two businesses are joint employers and must aggregate the hours worked for each for purposes of determining if they are in compliance.

For purposes of the Scenario Two analysis, the Final Rule provides that employers generally will be sufficiently associated if there is an arrangement between them to share the employee’s services, the employer is acting directly or indirectly in the interest of the other employer in relation to the employee, or they share control of the employee, directly or indirectly, by reason of the fact that one employer controls, is controlled by, or is under common control with the other employer.  Employers using manpower, staffing, employee leasing or other shared or part time workforces should keep in mind that a finding that their business is a joint employer with the supplier of the workers can result in liability for their business associated both for hours of work performed for the benefit of their business as well as any work the employee worked for another client of the supplier business.  As these shared workforces often perform work for several competitors, ironically this often means that a joint employer often ends up payment overtime liability attributable to unpaid overtime or other wages performed for a competitor business or businesses that also are clients of the same partial workforce supplier.

Businesses Should Act To Assess & Mitigate Joint Employer & Other FLSA Liability

The Labor Departments that its adoption of the revisions to the joint employer rule made by the Final Rule will add greater certainty regarding what business practices may result in joint employer status: and promote greater uniformity among court decisions by providing a clearer interpretation of FLSA joint employer status.  While the clarifications may help businesses to better predict certain relationships and arrangements that carry a higher risk of joint employer liability exposure, businesses must keep in mind that joint employer determinations under the Final Rule will continue to turn on highly subjective analysis of facts and circumstances that existing precedent suggests often finds the requisite evidence to find a joint employer relationship in many circumstances surprising to many business owners even taking into account the modifications made by the Final Rule,  For this reason, virtually all businesses generally will want to critically evaluate their existing and prospective relationships for potential joint employer liability under the FLSA in light of the Final Regulations.

Businesses should look to the guidance in the new Final Rule initially to evaluate whether their existing or prospective relationships meet, or could be restructured to meet all of the requisites to avoid or reduce the risk of findings of joint employer status.  When possible, businesses should seek to structure their contractual relationships and business dealings with other businesses to fit as closely as possible with those arrangements that the new Final Regulations identify as not constituting joint employer relationships in form and operation.  When engaging in these efforts, businesses need to look beyond their contractual agreements to examine the factual realities of their relationships with other businesses realistically based upon a clear understanding of the historical precedent to avoid mischaracterizing their relationships and their associated risks.  For added protection, businesses also should consider seeking contractual representations of compliance, coupled with requirements that other businesses whose employment practices could create joint employment risk provide records and other documentation needed to verify compliance and defend against potential joint employer liability claims.

Concurrently, businesses looking at FLSA joint employer liability risk management also should keep in mind that the new Final Rule only addresses joint employer determinations under the FLSA.  This Final Rule does not address “joint employer” status or other characterizations of relationships under other federal employment laws, such as the National Labor Relations Act (NLRA), the Employee Retirement Income Security Act of 1974 (ERISA), the Migrant and Seasonal Agricultural Worker Protection Act, Title VII of the Civil Rights Act, state labor, tax, unemployment, workers’ compensation or other laws, which often apply different standards for finding joint employment or other imputed liability of businesses other than the direct or nominal employer.  While different rules apply for those laws, government agencies and private litigants also increasingly successfully assert joint employer or other theories to impute liability to businesses that are not the nominal employer of workers protected by these laws.  To effectively plan for a control their broader joint employer risk, most businesses benefit from looking at their exposure holistically taking into account the potential characterization and liabilities under all of these rules concurrently.

Before beginning these assessments, businesses and their leaders are encouraged to engage an attorney experienced in FLSA and other joint employer and other worker classification laws in light of the legally sensitive evidence and discussions inherently involved in this process.  Conducting this analysis within the scope of attorney-client privilege helps protector limit the discoverability of sensitive discussions and work product in the event of a Labor Department investigation or litigation.

For More Information

We hope this update is helpful. For more information about this or other labor and employment developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Law and Labor and Employment Law and Health Care; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services, construction, manufacturing, staffing and workforce and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. As a part of this work, she has continuously and extensively worked with domestic and international employer and other management, employee benefit and other clients to assess, manage and defend joint employer and other worker classifications and practices under the FLSA and other federal and state laws including both advising and and assisting employers to minimize joint employer and other FLSA liability and defending a multitude of employers against joint employer and other FLSA and other worker classification liability. She also has been heavily involved in advocating for the Trump Administration’s restoration of more historical principles for determining and enforcing joint employer liability over the past several years.

Author of hundreds of highly regarded books, articles and other publications, Ms. Stamer also is widely recognized for her scholarship, coaching, legislative and regulatory advocacy, leadership and mentorship on wage and hour, worker classification and a diverse range of other labor and employment, employee benefits, health and safety, education, performance management, privacy and data security, leadership and governance, and other management concerns within the American Bar Association (ABA), the International Information Security Association, the Southwest Benefits Association, and a variety of other international, national and local professional, business and civic organizations including highly regarded works on worker reclassification and joint employment liability under the FLSA and other laws published by the Bureau of National Affairs and others.  Examples of these involvements include her service as the ABA Intellectual Property Law Section Law Practice Management Committee; the ABA International Section Life Sciences and Health Committee Vice Chair-Policy; a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former JCEB Council Representative and Marketing Chair; Past Chair of the ABA RPTE Employee Benefits and Other Compensation Group and Vice Chair of its Law Practice Management Committee; Past Chair of the ABA Managed Care & Insurance Interest Group; former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Southwest Benefits Association Board member; past Texas Association of Business State Board Member, BACPAC Committee Meeting, Regional and Dallas Chapter Chair; past Dallas Bar Association Employee Benefits Committee Executive Committee; former SHRM Region IV Chair and National Consultants Forum Board Member; for WEB Network of Benefit Professionals National Board Member and Dallas Chapter Chair; former Dallas World Affairs Council Board Member; founding Board Member, past President and Patient Empowerment and Health Care Heroes founder for the Alliance for Health Care Excellence; former Gulf States TEGE Council Exempt Organizations Coordinator and Board member; past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc. disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2020 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

Comments Off on Don’t Get Stuck Paying Another Employer’s Overtime Or Other Backpay | board of directors, Brokers, Construction, Corporate Compliance, employee, Employee Benefits, Employee Handbook, Employer, Employers, Employment, Employment Agreement, Employment Policies, enforcement, FLSA, Hiring, Hospitality, HR, Human Resources, Job, Labor Management Relations, Management, Managment, NLRA, Salaried, Union elections | Tagged: , , , , | Permalink
Posted by Cynthia Marcotte Stamer

2019 OCR Enforcement Shows Getting Defensibly HIPAA Compliant Necessary In 2020!

January 1, 2020

The $65,000 payment and corrective action plan commitments West Georgia Ambulance, Inc. (“West Georgia”) is making to settle Department of Health & Human Services Office for Civil Rights (“OCR”) charges it recurrently violated the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule and other 2019 HIPAA enforcement sends a clear warning to other HIPAA-covered health plans, health care providers, health care clearighouses and their business associates (“covered entities”) to maintain and be prepared to defend their own HIPAA compliance.

The Western Georgia Resolution Agreement and Corrective Action Plan (“Resolution Agreement”) OCR announced on December 30, 2019 resolves charges resulting from an OCR investigation initiated in response to a HIPAA breach report the Georgia based ambulance company filed in 2013 in which the company, which provides emergency and non-emergency ambulance services in Carroll County, Georgia,  disclosed the loss of an unencrypted laptop containing the protected health information (PHI) of 500 individuals. The breach occurred when an unencrypted laptop fell off the back bumper of an ambulance. The laptop was not recovered.  West Georgia reported that exactly 500 individuals were affected by the breach.

In the course of its investigation of the breach report, OCR’s investigation uncovered long-standing noncompliance with the HIPAA Rules, including failures to conduct a risk analysis, provide a security awareness and training program, and implement HIPAA Security Rule policies and procedures. Specifically, the Resolution Agreement states that West Georgia:

  • Did not conduct an accurate and thorough risk analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of all of its ePHI. See 45 C.F.R. § 164.308(a)(1)(ii)(A);
  • Failed to have a HIPAA security training program, and failed to provide security training to its employees. See 45 C.F.R. § 164.308(a)(5);
  • Failed to implement Security Rule policies or procedures. See 45 C.F.R. § 164.316; and
  • Despite OCR’s investigation and technical assistance, “did not take meaningful steps to address their systemic failures.”

To resolve its exposure to the substantially higher civil monetary penalties that OCR could impose for violations of this nature, West Georgia agreed to pay a $65,000 resolution payment to OCR and implement and comply with a corrective action plan that in addition to requiring West Georgia to correct the compliance deficiencies, also subjects West Georgia to two years of OCR monitoring and oversight.

The Resolution Agreement and corrective action plan carry a number of important messages for other health care providers and other Covered Entities.  First, the OCR enforcement action against West Georgia coming at the end of yet another heavy HIPAA enforcement year by OCR reminds Covered Entities that OCR is serious about HIPAA enforcement on the heels of its 2018 HIPAA record setting collection of $28.7 million in civil monetary penalties and resolution payments including the single largest individual HIPAA settlement in history of $16 million with Anthem, Inc. See OCR Concludes 2018 with All-Time Record Year for HIPAA Enforcement.  While not topping this record, OCR during 2019 now has collected civil monetary penalties and resolution payments totaling more than $15 million from HIPAA Covered Entities and their business associates including:

Second, the Resolution Agreement and various other smaller settlements during the year show HIPAA compliance and enforcement is a concern for smaller provideres and other covered entities, not juswt the huge ones.  While the $65,000 settlement payment required by the Resolution Agreement is substantially smaller than the amounts of the civil monetary penalties and many of resolution payments OCR collected in its other 2019 enforcement actions, the West Georgia and other 2019 enforcement actions demonstrate the teeth behind the warning in the OCR Press Release announcing the West Georgia Resolution Agreement from OCR Director Roger Severino that“All providers, large and small, need to take their HIPAA obligations seriously.”  With OCR promises to keep up its vigorous investigation and enforcement of the HIPAA requirements, every Covered Entity and business associate should take the necessary steps to verify and maintain their HIPAA compliance and to be prepared to defend their compliance under the Privacy, Security, Breach Notification and HIPAA access and other individual rights mandates of HIPAA.

Third, OCR’s statement in the Resolution Agreement about the failure by West Georgia to meaningfully act to correct compliance deficiencies and cooperate in other corrective action during the period following the breach report highlights the importance for covered entities involved in a breach or other dealings with OCR on a potential compliance concern to behave appropriately to  express and exhibit the necessary concern OCR expects regarding the compliance issue to position themselves to request and receive the clemency OCR is empowered under HIPAA to extend when deciding the sanctions for any noncompliance.

Of course meeting the requirements of HIPAA is not the only concern that covered entities should consider as they review and tightened their HIPAA and other privacy and data security procedures.  Health care providers and other covered entities also should keep in mind their other obligations to protect patient and other confidential information under other federal laws, the requirements of which also are ever-evolving.  For instance, on January 1, 2020 Texas providers like other Texas businesses will become subject to a shortened deadline for providing notice of data breaches under a new law enacted by the Texas Legislature in its last session.  Arrangements should be designed to fulfill all of these requirements as well as any ethical or contractual.

Covered entities also should keep in mind that violations of HIPAA can have implications well beyond HIPAA.ramifications beyond HIPAA itself.  For instance, heath care providers can face disqualification from federal program participation, licensing and ethics discipline and other professional consequences.  Health plans and their fiduciaries also may face Department of Labor and other fiduciary claims, while insurers can face licensing and other regulatory consequences. The Labor Department followed up on previous warnings that health plan fiduciaries duties include a fiduciary duty to protect health plan data by adding HIPAA compliance to certain health plan audits. Insurers, third of art administrators and others also can face duties and liabilities under state insurance and data privacy laws from regulator or private litigant actions.

For More Information

We hope this update is helpful. For more information about this or other labor and employment developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Scribe for the ABA JCEB Annual Agency Meeting with the Department of Health & Human Services Office of Civil Rights, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer has extensive legal, operational, and public policy experience advising and representing health care, health care and other entities about HIPAA and other privacy, data security, confidentiality and other matters.

Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services, public and private primary, secondary, and other educational institutions, and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.  As a part of this work, she has recurrently worked extensively with public school districts and public and private primary and secondary schools, colleges and universities, academic medical, and other educational institutions, insured and self-insured health plans; domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EMR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, employers; and federal and state legislative, regulatory, investigatory and enforcement bodies and agencies on health care, education, and other data privacy, security, use, protection and disclosure; disability and other educational rights; workforce, and a host of other risk management and compliance concerns.

Ms. Stamer is most widely recognized for her decades-long leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns.  This  involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve  sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology,  data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care;  internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement;  and other strategic and operational concerns.

Author of leading works on HIPAA and a multitude of other health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc. disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

Comments Off on 2019 OCR Enforcement Shows Getting Defensibly HIPAA Compliant Necessary In 2020! | Claims Administration, Corporate Compliance, Disease Management, employee, Employee Benefits, Employer, Employers, Employment, EMR, ERISA, Fiduciary Responsibility, health benefit, Health Benefits, health Care, health insurance, Health IT, health plan, Health Plans, HIPAA, Identity Theft, insurance fraud, insurers, Internal Controls, Internal Investigations, Internet, Managed Care, Mental Health Parity, Physician, Plan Admistrator, PPO, prescription drugs, Privacy, Professional Liability, Protected Health Information, Provider, provider contracting, Risk Management, Security, Technology, tpa | Permalink
Posted by Cynthia Marcotte Stamer