UHG/Change Health Breach Highlights Health Plan Cyber-Related Duties

October 25, 2024

The sweeping threat risk ransomware attacks present for health plans, their fiduciaries, business associate and other service providers, employer and other plan sponsors and their participants and beneficiaries is driven home by the disclosure of United Health Group (“UHG”) subsidiary Change Health to the Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) that it now has sent approximately 100 million individuals individual breach notifications that the February 21, 2024, Blackcat 1234 ransomware attack Change Health experienced impacted their electronic personal health information (“ePHI”). With health plans particularly exposed to the rising epidemic of ransomware threats, health plans, their fiduciaries, employer and other health plan sponsors and service providers face growing imperatives to tighten up both their compliance and risk management against these cyber threats.

Health Plans, Their Fiduciaries, Sponsors and Service Providers Face Health Plan Related Cybersecurity Responsibilities & Risks

The UHG Change Health breach and its evolving fallout provides a timely reminder to health plans and insurers, their fiduciaries, plan sponsors, vendors and leaders to ensure their own timely and prudent steps both to respond to fallout from the UHG breach as well as to prevent, prepare for and respond to other future cyber threats direct threats to their own data and systems as well as indirect threats arising from ransomware, malware and other cyber events affecting business associates and other service providers, the plan sponsor, health care providers and other third party systems and data interfacing with their own systems and data.

Health plans and their business associate service providers face detailed responsibilities to prevent access, use, disclosure or destruction of electronic (“ePHI”) and other personally identifiable information (“PHI”) except as allowed by the Health Insurance Portability and Accountability Act (“HIPAA”) and to notify individuals of breaches of their ePHI in accordance with HIPAA’s breach notification rules. As part of these rules, HIPAA also restricts the circumstances that health plans legally can allow employers or their representatives to access or use health plan PHI without a HIPAA-compliant authorization from the applicable individual. The months-long delay in Change Health’s ability to identify the individuals whose ePHI was impacted by the February 21, 2024, breach demonstrates the challenges that ransomware and other malware attacks to their own or their party systems can create for health plans, their fiduciaries and business associates in fulfilling these obligations as well as carrying out other critical plan functions. Aside from dealing with the immediate demands created by the breach, the Change Health breach and other similar events are the type of events that prompt an obligation under the HIPAA Security Rule for health plans and other HIPAA-covered entities to review and update their documented HIPAA Security Risk analyses and resulting safeguards for protecting the destruction, loss of use, unauthorized use or disclosure and other HIPAA required safeguards against future ransomware or other threats. Health plans and their fiduciaries should consult with experienced legal counsel about recommended processes for conducting and documenting this updated analysis.

Beyond these HIPAA mandates, the disruptions to health plan data and operations experienced by many health plans as a result of the UHG/Change Health breach also puts health plan on notice of the potential need for health plans, their fiduciaries and service providers to conduct a documented, prudent analysis of their health plan security, backup and recovery, and other systems to both protect ePHI and other sensitive health plan data and systems from unauthorized destruction, access, and disclosure that could disrupt health plan operations, allow use or disclosure of plan information other than for the exclusive benefit of the health plan, its participants and beneficiaries or both under fiduciary responsibility rules of the Employee Retirement Income Security Act (“ERISA”).

In weighing their fiduciary responsibility to safeguard the health plan, its data and systems against ransomware, malware and other cybersecurity threats, health plans and their fiduciaries should keep in mind that the Department of Labor Employee Benefit Security Administration (“EBSA”) interprets the prudence, exclusive benefit and other ERISA fiduciary responsibility requirements as applying to PHI, financial, and other health plan data and systems. As part of these discretion, or control (“fiduciaries”) generally should take documented steps to ensure their ability to defend the prudence of their efforts to protect health plan data and systems including:

  • To prevent disruptions to health plan systems and data from malware or other malicious or other events experienced by their health plan and its sponsors, service providers, and other third parties interfacing with health plan systems that could disrupt health plan enrollment, claims and appeals or other operations as well as against access, use or disclosure except as legally allowed for the exclusive benefit of the health plan participants and beneficiaries and in accordance with HIPAA;
  • To implement and administer appropriate contractual, audit, oversight, notification, cyber liability and other coverage and indemnification and other arrangements with business associates and other third parties whose interactions with the health plan create threats to the integrity and security of health plan systems and operations;
  • To plan and implement appropriate insurance, indemnity and other arrangement to pay for prudent investigations and other responses necessary to a known or suspected threat or breach impacting its health plan administration, data and systems;
  • To plan and implement appropriate monitoring, notification, investigation, response and recovery arrangements to position the health plan to resume and continue timely administration of health plan enrollment, claims, appeals and other operations in the event the health plan or its service providers are impacted by a cybersecurity or other event that impacts health plan data or administrative systems;
  • To ensure timely monitoring, notification and response to cyber and other threats to its systems and data to protect the health plan and its participants and beneficiaries from damages arising from cybersecurity and other threats to its systems and data;
  • To communicate prudently with participants, beneficiaries and others regarding cybersecurity and other events impacting the security of data and systems; and
  • To act prudently to ensure adequate monitoring and response to cybersecurity and other threats to health plan data and systems to prevent and mitigate disruptions to health plan data and systems that could disrupt the orderly and timely administration of their health plan.

Change Health/UHG Breach Highlights Health Plan Cyber Threats & Exposures

The sweeping disruptions to health plan and other operations arising from the UHG/Change Health ransomware attack graphically illustrate how malware and other cyber incidents can trigger catastrophic disruptions in health plan and other health industry operations whether experienced directly by the health plan or from the indirect effects of a cybersecurity event experienced by a third-party interfacing with the health plan.

Health plans are particularly at risk from ransomware, malware and other hacking threats. OCR breach reports confirm ransomware and hacking present the largest cyber-threats for health plans and health care providers. While most OCR HIPAA resolution agreements have involved health care providers, the largest HIPAA breaches and resulting HIPAA resolution payments to date have involved health insurers and their health plans.

Ransomware, hacking and other cyber risks present significant and growing threats to health plans and health care providers. Over the past five years, there has been a 256% increase in large breaches reported to OCR involving hacking and a 264% increase in ransomware. In 2023, hacking accounted for 79% of the large breaches reported to OCR. The large breaches reported in 2023 affected over 134 million individuals, a 141% increase from 2022.

The UHG breach demonstrates ransomware and other breaches can have sweeping liability and operational disruptions that extend beyond the original victim and include but are rarely limited to HIPAA penalties.

In response to the growing threat revealed by this data, OCR increasingly has urged health plans and other covered entities to protect their data and systems against ransomware and other cyberattacks. Choice Health/UHG attack occurred just days after OCR announced the second of two HIPAA resolution agreements since October as well as published a series of other guidance warning covered entities and their business associates to guard against ransomware and other cybersecurity threats as part of their HIPAA obligations prompted by concern over exploding threats.

Historically, most health plans, their sponsors, fiduciaries, and business associates assumed they could rely upon their insurers or other service providers to handle breaches experienced by that vendor impacting their health plans or members. However, OCR HIPAA and EBSA ERISA guidance reflects that health plans and plan fiduciaries need to take prompt documented actions before, during and after an insurer or other plan administrative services provider experiences a cybersecurity incident.

While UHG struggles to recover and defend its actions before Congress, regulators, customers, plan members and patients, providers and others, health plans, their sponsors, fiduciaries, and vendor business associates need to ensure their ability to demonstrate and defend the adequacy of their own breach protections, response, and other compliance.

HIPAA Security & Breach Notification Responsibilities

While most health plans, their sponsors, fiduciaries and vendors expect Change Health and other UHG entities know UHG bears breach notification and other HIPAA responsibilities and to incur liabilities under HIPAA and other federal and state data privacy and cybersecurity laws, many health plan fiduciaries, sponsors, insurers, and administrative or other service providers don’t understand their own responsibilities to prevent and respond to the UHG and other cyber events potentially impacting their health plans under HIPAA. 

Guidance published by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) on March 13, 2023, alerts health plans and health insurers, their fiduciaries and plan sponsors, health care providers, health care clearinghouses, and their business associates (covered entities) against overlooking their own potential HIPAA responsibilities arising from the February 21 Choice Health attack or other similar events.

HIPAA requires covered entities and their business associates to protect the privacy and security of protected health information, to have and enforce HIPAA-compliant business associate agreements, to conduct timely documented risk assessments in response to known or foreseeable security threats, and to provide notice of a breach to OCR, affected individuals and for breaches affecting more than 500 individuals. This responsibility includes both protecting protected health information from unauthorized use or disclosure, as well as to prevent it from improper destruction or unavailability such as can result from a ransomware attack or other disaster.

Under the HIPAA Security Rule, covered entities must conduct documented risk assessments to evaluate and monitor their electronic personal health information (EPHI) and associated systems for potential breaches and other threats that expose EPHA to unauthorized use, access, disclosure, destruction or other compromise.

To fulfill this requirement, the Security Rule requires covered entities and business associates to conduct documented risk assessments impacting their EPHI and to update these risk assessments in response to internal or external events impacting the adequacy of their risk assessments or security safeguards.

While the responsibility of covered entities and business associates to protect EPHI against unauthorized use, access and disclosure from cybercriminals and others receives the most attention, the Security Rule also includes often less discussed responsibility to protect EPHI and related operating systems against destruction or other disruptions from a wide range of threats including ransomware attacks. 

OCR guidance makes clear that OCR views safeguarding EPHI against ransomware and other cybersecurity threats as encompassed in this duty.  As part of these efforts, OCR and other cybersecurity agencies have recommended among other things that covered entities and business associates:

  • Routinely take inventory of assets and data to identify authorized and unauthorized devices and software;
  • Prioritize remediation of known exploited vulnerabilities’
  • Enable and enforce multifactor authentication with strong passwords;
  • Close unused ports and remove applications not deemed necessary for day-to-day operations.

 See e.g., #StopRansomware: ALPHV Blackcat | CISA.

Furthermore, when a breach of results in an unauthorized use, access, disclosure or destruction of EPHI, the HIPAA Breach Notification Rule requires covered entities and their business associates to provide timely notification of the breach to subjects of the breached EPHI and OCR, and if the breach affects more than 500 subjects, to the media.  Concurrently, the HIPAA Security Rule requires health plans and other covered entities to evaluate through documented risk assessments and take appropriate timely action to update their EPHI security as necessary to respond to breaches, potential breaches and other evolving threats to their EPHI and related systems. 

On March 13, 2024, the Office of Civil Rights (OCR) released a “Dear Colleague letter” that warns the February 21, 2024 CH/UHG data breach is likely to trigger HIPAA obligations and investigations for Choice Health and UHG as well as other HIPAA-covered health plans, heath care providers, heath care clearinghouses and business associates.  While stating the investigation currently focuses on Change Healthcare and UHC, for instance, the Dear Colleague Letter warns that OCR anticipates that its response to the February 21, 2024 CH/UHG Attack eventually also will include “secondary” investigations of other health plans, health care providers, health care clearinghouses and business associates “tied to or impacted by this attack.”

In light of these anticipated secondary investigations, OCR’s Dear Colleague letter warns health plans, health care providers, health care clearinghouses, business associates to ensure they timely and properly handle their own potential HIPAA responsibilities arising from the CH/UHG Attack.  The Dear Colleague letter expressly alerts health plans, health care providers and other covered entities and business associates “that have partnered with Change Healthcare and UHG” in anticipation of OCR’s expected secondary investigations to ensure that their own ability to demonstrate their organization meet all required HIPAA responsibilities including that:

  • All required “business associate agreements are in place;
  • All required breach notifications are provided to HHS, affected persons and in the event of a large breach affecting more than 500 individuals, to the media; and
  • All security and other HIPAA responsibilities are met.

The Dear Colleague Letter also directed covered entities and their business associates to the following previously released OCR resources for assistance in understanding their responsibilities for guarding EPHI against ransomware and other cybersecurity threats:

  • The OCR HIPAA Security Rule Guidance Material webpage;
  • OCR Video on How the HIPAA Security Rule Protects Against Cyberattacks;
  • OCR Webinar on HIPAA Security Rule Risk Analysis Requirement;
  • HHS Security Risk Assessment Tool;
  • Factsheet: Ransomware and HIPAA; and
  • Healthcare and Public Health (HPH) Cybersecurity Performance Goals.

Standing alone, the Dear Colleague Letter makes clear that all covered entities partnered with or impacted by disruptions from the CH/UHG attack need to take documented steps to reevaluate and tighten the adequacy of their existing security safeguards as well as their processes for monitoring and responding to evolving ransomware and other cybersecurity threats in anticipation of becoming the target of potential “secondary” OCR investigations arising from the CH/UHG Attack.

While the Dear Colleague Letter specifically references covered entities and business associates “partnered” with Choice Health, OCR’s previously issued guidance warning all covered entities and their business associates to safeguard their EPHI against ransomware and other cybersecurity threats, strongly suggest that all covered entities and business associates should consider the advisability of reevaluating the adequacy of their own EPHI safeguards in light of the heightened ransomware and other cyber threat illustrated by the CH/UHG Attack.  Consequently, all covered entities and business associates partnered with or impacted by the CH/UHG Attack or its resulting distributions specifically, as well as covered entities and business associates generally should work with experienced legal counsel to conduct documented risk assessments of their systems, exposures, responsibilities and risks taking into account these developments as soon as possible in anticipation of complaint or audit driven investigations arising from the Choice Health and other malware events and threats.

Health Plan Data Security & Breach Related ERISA Duties

In addition to any applicable HIPAA responsibilities, fiduciaries and sponsors of employer or union sponsored health plans subject to the Employee Retirement Income Security Act (ERISA) also should consider whether the CH/UHG Attack or the heightened ransomware and other cyber security threats any additional actions are prudently necessary to protect the health plan data, assets or operations.

ERISA generally requires individuals or entities named as fiduciaries or otherwise possessing functional discretionary authority or responsibility or authority over a plan or its assets (fiduciaries) to act prudently to protect and administer the plan and its assets.  Department of Labor Employee Benefit Security Administration (EBSA) guidance published in April, 2021 first officially confirmed its interpretation of ERISA’s duty of prudence as including a duty to utilize prudent cybersecurity safeguards.  Since EBSA published this cybersecurity guidance EBSA also has also added cybersecurity inquiries to its plan fiduciary audits. As a result, in addition to complying with HIPAA, ERISA-covered health plan fiduciaries and sponsors also should be prepared to demonstrate plan fiduciaries acted prudently to comply with HIPAA as well as the following actions to safeguard health and other employee benefit plan data and systems against cybersecurity threats:

  • Tips for Hiring a Service Provider: Helps plan sponsors and fiduciaries prudently select a service provider with strong cybersecurity practices and monitor their activities, as ERISA requires.
  • Cybersecurity Program Best Practices: Assists plan fiduciaries and record-keepers in their responsibilities to manage cybersecurity risks.
  • Online Security Tips: Offers plan participants and beneficiaries who check their retirement accounts online basic rules to reduce the risk of fraud and loss.

In light of this OCR and EBSA guidance, health plan sponsors, fiduciaries and vendors and other HIPAA covered entities and business associates are urged to take documented steps to audit and strengthen as needed their safeguards against hacking and other cybersecurity threats including:

  • In the case of any health plan or health plan vendor, taking well documented steps to assess and tighten as necessary their health plan systems and data security to meet or exceed the recommendation outlined in the EBSA cybersecurity guidance or otherwise necessary to prudently guard their plans and plan data and systems against cybersecurity threats.
  • Reviewing and monitoring on a documented, ongoing basis the adequacy and susceptibilities of existing practices, policies, safeguards of their own organizations, as well as their business associates and their vendors within the scope of attorney-client privilege taking into consideration data available from OCR, data regarding known or potential susceptibilities within their own operations as well as in the media, and other developments to determine if additional steps are necessary or advisable.
  • Updating policies, privacy and other notices, practices, procedures, training and other practices as needed to promote compliance and defensibility.
  • Renegotiating and enhancing service provider agreements to detail the specific compliance, audit, oversight and reporting rights, workforce and vendor credentialing and access control, indemnification, insurance, cooperation and other rights and responsibilities of all entities and individuals that use, access or disclose, or provide systems, software or other services or tools that could impact on security; to clarify the respective rights, procedures and responsibilities of each party in regards to compliance audits, investigation, breach reporting, and mitigation; and other relevant matters.
  • Verifying and tightening technological and other tracking, documentation and safeguards and controls to the use, access and disclosure of protected health information and systems.
  • Conducting well-documented training as necessary to ensure that members of the workforce of each covered entity and business associate understand and are prepared to comply with the expanded requirements of HIPAA, understand their responsibilities and appropriate procedures for reporting and investigating potential breaches or other compliance concerns, and understand as well as are prepared to follow appropriate procedures for reporting and responding to suspected
    violations or other indicia of potential security concerns.
  • Tracking and reviewing on a systemized, well-documented basis actual and near miss security threats to evaluate, document decision-making and make timely adjustments to policies, practices, training, safeguards and other compliance components as necessary to identify and resolve risks.
  • Establishing and providing well-documented monitoring of compliance that includes board level oversight and reporting at least quarterly and sooner in response to potential threat indicators.
  • Establishing and providing well-documented timely investigation and redress of reported
    violations or other compliance concerns.
  • Establishing contingency plans for responding in the event of a breach. 
  • Establishing a well-documented process for monitoring and updating policies, practices and other efforts in response to changes in risks, practices and requirements.
  • Preparing and maintaining a well-documented record of compliance, risk, investigation and other security activities.
  • Pursuing other appropriate strategies to enhance the covered entity’s ability to demonstrate its compliance commitment both on paper and in operation.

Because susceptibilities in systems, software and other vendors of business associates, covered entities and their business associates should use care to assess and manage business associate and other vendor associated risks and compliance as well as tighten business associate and other service agreements to promote the improved cooperation, coordination, management and oversight required to comply with the new breach notification and other HIPAA requirements by specifically mapping out these details.

Furthermore, while the preemption provisions of ERISA generally insulate health plans and their sponsors from responsibility or liability for complying with state insurance, data security, breach notification or other state law cybersecurity and cyber breach and breach notification laws and rules, health insurers and other health plan service providers generally remain subject to these state law requirements.  Consequently, health insurers, administrative service providers and other health plan vendors also should act promptly to evaluate and ensure their fulfillment of all applicable cybersecurity and data breach mandates under relevant state law.

Leaders of covered entities or their business associates also are cautioned that while HIPAA itself does not generally create any private right of action for victims of breach under HIPAA, breaches may create substantial liability for their organizations or increasingly, organizational leaders under state data privacy and breach, negligence or other statutory or common laws.  In addition, physicians and other licensed parties may face professional discipline or other professional liability for breaches violating statutory or ethical standards.  Meanwhile, the Securities and Exchange Commission has indicated that it plans to pursue enforcement against leaders of public health care or other companies that fail to use appropriate care to ensure their organizations comply with privacy and data security obligations and the Employee Benefit Security Administration recently has issued guidance recognizing prudent data security practices as part of the fiduciary obligations of health plans and their fiduciaries.

Health plans and other covered entities are reminded that appropriate strategic planning and use of attorney-client privilege and other evidentiary tools can critically impact the defensibility of pre-breach, breach investigation and post-breach investigation and decision-making. Because HIPAA, EBSA and other rules typically require prompt investigation and response to known or suspected hacking or other cybersecurity threats, health plans and other covered entities or business associates should seek the assistance of experienced legal counsel to advise and assist in these activities to understand the potential availability and proper use of these and other evidentiary rules as part of the compliance planning process as well as to prepare for appropriate use in the event of a known or suspected incident to avoid unintentional compromise of these protections.

ERISA & Other Risks From Untimely Timely Acceptance & Processing of Health Plan Eligibility & Benefit Provisions

Since Change Health shut down its tools and systems CH/UHG Attack has created and continues to cause nationwide disruptions in the ability of pharmacy, physician and other health care providers to submit, and health plans and insurers to receive and process a wide range of health care billing, claims and other transactions because of the widespread integration and use of Choice Health tools in systems health care providers and payers use for the submission, receipt, and processing of health care provider eligibility, billing and other health benefits.  

Along with the liabilities and headaches that the ransomware attack and resulting disruptions create for Choice Healthcare and UHG, delays and other disruptions in the handling of health benefit eligibility, claims processing, notifications and payment by health plans and their administrative services providers arising from can create a host of additional liability headaches health plans, health insurers, their fiduciaries and administrative services providers in addition to those arising directly from the HIPAA and other cybersecurity breach itself.

For ERISA-covered health plans, ERISA generally holds health plans and their fiduciaries accountable for the prudent, timely administration of health plan eligibility, claims and other administrative functions in accordance with the terms of the plan and within the applicable time frames and other requirements of ERISA’s reasonable claims procedure and adverse benefit determination rules.  Health plans and their ERISA plan administrators generally must receive and process claims transactions required by the adverse claim determination regulations and provide participants or beneficiaries with detailed written notifications for any claims not processed and paid within the relevant 72-hour, 15-day or 30-day time period specified by the adverse claim determination rules.  Noncompliance with these requirements both undermines the defensibility of the health plan’s denial of coverage and subjects the plan administrator to liability for EBSA penalties and/or discretionary awards of penalties plus attorneys’ fees and other costs of enforcement to plan participants or beneficiaries for failures to deliver timely notification of the denial.  To the extent that EBSA or a court determines that the failure to timely and appropriately process and pay benefits resulted from a lack of prudence or other breach of ERISA fiduciary duties, fiduciaries are at risk for incurring personal liability for actual damages to the plan or its participants plus attorneys’ fees and other costs of enforcement; EBSA penalties for engaging in a breach of fiduciary duty under ERISA section 502(l); or both.

Beyond these ERISA-related risks, delays in processing and payment of health care provider claims also create potential additional liability for health insurers, health plans and their administrators to the extent the disruptions prevent the timely payment and processing of health benefit claims in violation of health care provider rights under managed care or other provider contracts, prompt pay and surprise billing or other provider legal rights.  Unlike member claims assigned to providers, ERISA generally does not preempt these nonderivative provider rights and claims or the additional state law damages, penalties or other remedies arising under state law against health insurers, health plans and plan administrators found to violate these rules. Consequently, delays in payments to providers also could substantially increase the costs and liabilities that health insurers, health plans, their fiduciaries, administrators, and employers and other sponsors obligated under the plan terms or vendor contracts to pay these costs.

In light of these and other potential risks, health insurers and health plans, their employer, union and other sponsors, fiduciaries, administrative services providers and other vendors should act quickly to investigate and ensure proper management of the fallout from the CH/UHG Attack and the heightened ransomware and other cybersecurity threats it represents.

Along with working with qualified legal counsel to address the potential HIPAA, ERISA and other responsibilities the health plan or insurer, its fiduciaries, service providers and sponsor bear from the CH/UHG Attack and other cyber risks, most parties also will want to evaluate obligations to notify cybersecurity and other liability insurers, seek indemnification from Choice Healthcare, UHG or other potentially culpable parties and evaluate other sensitive data and strategies for mitigation of their health plan and their own resulting liabilities, costs and other consequences.

For Additional Information

We hope this update is helpful. Solutions Law Press, Inc. invites you to receive future updates by registering on  here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you need have questions or need assistance with this or other cybersecurity, health, benefit, payroll, investment or other data, systems or other privacy or security related risk management, compliance, enforcement or management concerns, to inquire about arranging for compliance audit or training, or need legal representation on other matters,  contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

About the Author 

Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health and other benefit, health care and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Ms. Stamer is widely recognized and sought out for her knowledge and experience on health, employee benefits and other privacy and security. Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.

A Fellow in the American College of Employee Benefit Counsel, Scribe for the Co-Chair of the American Bar Association (“ABA”) JCEB Annual Agency Meeting with HHS-OCR, ABA International Section Life Sciences and Health Committee and Vice-Chair and Chair Elect of its International Employment Law Committee, Chair of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group Chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee and author of a multitude of highly-regarded publications on HIPAA and other cybersecurity, privacy, technology, employee benefits and health care publications, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here, such as:

OCR’s warning and referencing of these resources strongly signals that OCR will hold health plans and business associates targeted for OCR investigation after experiencing or being impacted by a breach to demonstrate their fulfillment of these and other requirements. Accordingly, given OCR’s Letter and the continued heightened ransomware and other cyber security risk, health plans and other covered entities and business associates, their fiduciaries, sponsors, and vendors whether or not partnered with or impacted by the Choice Health/UHG should work with experienced legal counsel to conduct documented risk assessments of their systems, exposures, responsibilities and risks taking into account these developments as soon as possible in anticipation of complaint or audit driven investigations due to he UHG/Choice Health and other ransomware, malware and cybersecurity events and threats.

Based on existing OCR guidance, Choice Health/UHG and other known and evolving ransomware and other cyber attacks almost certainly warrant the need for those partnered or impacted by the breach to conduct documented, evaluations of the need to provide breach notification, as well as updated risk assessments. Moreover, given the widespread and continuing exposure to ransom and other cyber security risks referenced in the OCR and other reports, even those covered entities not partnered or impacted also need to conduct updated risk assessments based on the notifications of emerging risks, highlighted by that breach.

Along with updating risk assessments and resulting safeguards, covered entities, and business associates also clearly should ensure that they have and are enforcing up-to-date, business associate agreements, privacy practices and policies, and cyber threat monitoring, defense and response.impacted health plans, their employer and other sponsors, fiduciaries and business associates also should ask legal counsel about the availability of and notification and other requirements to qualify for indemnity or liability insurance coverage of breach-related claims and other options to mitigate or recover liabilities and costs arising from these and other breaches.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management, or public policy developments, please get in touch with the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author 

R Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here, such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on UHG/Change Health Breach Highlights Health Plan Cyber-Related Duties | Corporate Compliance | Permalink
Posted by Cynthia Marcotte Stamer

Teva Pharmaceuticals’ $450M Settlement Penalty Shows Risks Of Participating In Pharma Anti-Kickback and Price Fixing Schemes

October 11, 2024

Subscribe to continue reading

Subscribe to get access to the rest of this post and other subscriber-only content.

Comments Off on Teva Pharmaceuticals’ $450M Settlement Penalty Shows Risks Of Participating In Pharma Anti-Kickback and Price Fixing Schemes | Corporate Compliance | Tagged: , , , , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

PBM Lawsuit Against FTC Signals Growing Battle To Rein In PBMs

September 17, 2024

Employers, health plan sponsors and fiduciaries, health care providers and individuals concerned about prescription drug prices and access should carefully follow the rapidly accelerating battle between the Federal Trade Commission (“FTC”) and pharmacy benefit managers (“PBMs”), which threatens to reshape how pharmaceutical products are priced and sold to health plans and consumers.

At the center of the complex pharmaceutical distribution chain that delivers prescription medicines from manufacturers to patients, PBMs generally are vertically integrated organizations that simultaneously serve and regulate health plans and pharmacists and play other roles in the drug supply chain.

This vertical integration allows these six PBMs to wield enormous power and influence over health plans’ and patients’ access to drugs and the prices they pay, as well as pharmacies’ access to prescription drugs and the price and other terms under which pharmacies qualify for health plan coverage or payment for these medications.

PBMs also exert substantial influence over independent pharmacies by imposing contractual terms imposed by PBMs as a condition of accessing medications, covering the pharmacies under health plans contracted with the PBMs, or both.

Mergers and consolidations within the PBM, pharmacy and health benefit industries that brought ownership of the largest PBMs under common ownership with large insurers and retail pharmacies they purport to both manage and work has increased the already significant power of PBMs to use their integration to control these and other aspects of prescription drug availability, access, distribution, and pricing/ Consequently, the sixth largest PMBs -Caremark Rx, LLC; Express Scripts, Inc.; OptumRx, Inc.; Humana Pharmacy Solutions, Inc.; Prime Therapeutics LLC; and MedImpact Healthcare Systems, Inc. – now collectively negotiate and enforce access, coverage, pricing and other key terms and conditions governing the availability, access to, and cost of prescription drugs for hundreds of millions of Americans.

With the consolidation of ownership of large PBMs, payers and pharmacies further tightening these PBMs’ control over prescription drug distribution, pricing, and coverage and prescription drug costs continuing to rise, PBMs and their practices increasingly face scrutiny, challenges and calls for reform by employers and other plan sponsors, health care providers, independent pharmacies, the FTC and other regulators, Congress, state legislatures and regulators, consumers, and others. See Report on Pharmacy Benefit Managers: The Powerful Middlemen Inflating Drug Costs and Squeezing Main Street Pharmacies.

FTC July 2024 Interim Report On 6th Largest PBMS

In response to these and other growing concerns about consolidation, lack of transparency and other potential abuses about the PBM industry and prescription drug costs, the FTC began investigating the PBM industry in 2022.  In July 2024, the FTC released its Report on Pharmacy Benefit Managers: The Powerful Middlemen Inflating Drug Costs and Squeezing Main Street Pharmacies (the “FTC Report”) that reports the FTC’s interim findings from its ongoing study of the six largest PBMs – Caremark Rx, LLC; Express Scripts, Inc.; OptumRx, Inc.; Humana Pharmacy Solutions, Inc.; Prime Therapeutics LLC; and MedImpact Healthcare Systems, Inc. use their vertical integration and concentration to inflate drug costs, squeeze Main Street pharmacies and engage in other practices harmful to patients and independent pharmacies.

The FTC Report shares interim findings based on the FTC staff’s review of more than 1,200 public comments to identify predominant areas of concern, initial submissions of internal documents and data from PBM respondents and their affiliates, interviews of various industry experts and participants and review of other public data and information.  The FTC Report also discloses that certain PBMS have yet to produce the data and documents required in response to FTC orders issued more than two years ago. While stating its study continues and promising that the FTC will continue efforts to force the PBMs to produce the evidence demanded in the orders, the FTC Report also promises to share regular updates about its progress and findings.

While the investigation continues, the FTC Report shares the FTC’s interim findings that:

  • The market for pharmacy benefit management services has become highly concentrated, and the largest PBMs are now also vertically integrated with the nation’s largest health insurers and specialty and retail pharmacies;
  • As a result of this high degree of consolidation and vertical integration, the leading PBMs can now exercise significant power over Americans’ access to drugs and the prices they pay;
  • Vertically integrated PBMs may have the ability and incentive to prefer their own affiliated businesses, which in turn can disadvantage unaffiliated pharmacies and increase prescription drug costs;
  • Evidence suggests that increased concentration may give the leading PBMs the leverage to enter into complex and opaque contractual relationships that may disadvantage smaller, unaffiliated pharmacies and the patients they serve;
  • PBMs and brand drug manufacturers sometimes negotiate prescription drug rebates that are expressly conditioned on limiting access to potentially lower cost generic alternatives in exchange for higher rebates from the manufactures in a manner that may cut off patient access to lower-cost medicines and warrant further scrutiny by the Commission, policymakers, and industry stakeholders.

The FTC Report also shares the FTC’s concern that the six largest PBMs improperly use their integration and market control over 95 percent of all prescriptions filled in the United States:

  • To profit at the expense of patients and independent pharmacists;
  • To hike the cost of and overcharge for drugs
  • To squeeze independent pharmacies that many Americans—especially those in rural communities—depend on for essential care;
  • To wield enormous power over patients’ ability to access and afford their prescription drugs, allowing PBMs to significantly influence what drugs are available and at what price; and
  • To impose unfair, arbitrary, and harmful contractual terms that can impact independent pharmacies’ ability to stay in business and serve their communities.

The FTC Report concludes that PBMs’ have an “outsized influence” that comes not only from the expansion of their traditional, middlemen administrative services in processing patients’ pharmacy prescription claims but also from decades of consolidation and vertical integration across the healthcare delivery system where “the largest PBMs have come under common ownership with the largest, most dominant health insurers … [that] operate some of the largest retail, mail order, and specialty pharmacies in the country, which compete with local independent pharmacies. Given these relationships, PBMs and their affiliated entities may have the incentive and ability to engage in steering a growing share of prescription revenues to their own pharmacies through specialty drug classification, self-preferential pricing, and pharmacy contracting procedures to target and control the business operations of pharmacies. While the FTC Report principally focuses on the impact of these changing market dynamics on the operation and vitality of the nation’s pharmacies, the FTC Report also states that initial evidence about PBM and brand pharmaceutical rebating practices “urgently warrant further scrutiny and potential regulation.”

The FTC Report concludes that these interim findings underscore the importance and urgency of scrutinizing the role and influence of PBMs in the nation’s healthcare system, particularly as federal and state governments are the largest purchasers of healthcare.

Express Scripts Sues FTC Demanding Retraction Of FTC Report

Not surprisingly, the PBMs subject to the FTC Report generally have protested the reported findings. On September 17, 2024, CIGNA-owned Express Scripts sued the FTC, demanding the FTC retraction of the FTC Report. In the Express Scripts, Inc. v. FTC complaint, Express Scripts characterizes the FTC Report as “unfair, biased, erroneous, and defamatory.” In the Complaint, Express Scripts alleges:

“According to the Commission’s press release announcing the Report, the Report stems from special orders issued under Section 6(b) of the FTC Act to six PBMs, including Express Scripts, demanding data and information about the PBM industry. But the Report is not an analysis of the data and information produced by the PBMs. Instead, it is seventy-four pages of unsupported innuendo leveled against Express Scripts and other PBMs under a false and defamatory headline and accompanied by a false and defamatory press release. The Commission disregarded the millions of documents and terabytes of data produced and relied instead on unverified comments from the very companies that PBMs negotiate against in order to help lower drug costs. Not surprisingly, those entities are incentivized to point the finger at PBMs for allegedly driving drug costs up, when it is PBMs who are, in fact, bringing drug costs down.”

Charging that the FTC Report “followed prejudice and politics, not evidence or sound economics, and wrongly concluded that PBMs inflate drug costs and harm independent pharmacies” and harmed Express Scripts’ business and reputation by the FTC’s “unlawful, unconstitutional, and arbitrary and capricious conduct and defamatory statements,” the Complaint alleges that the FTC Report “gets nearly everything wrong” as a result of FTC Chair Khan’s and the FTC’s bias against PBMs and failure to consider the evidence before them. For example, the Complaint asserts:

“It falsely accuses Express Scripts and other PBMs of “controlling” access to drugs and drug pricing when it is manufacturers who set drug prices and plan sponsors who decide which drugs to cover for their members.

It attacks Express Scripts for disadvantaging independent pharmacies when the evidence produced shows that on average independent pharmacies not affiliated with PBMs receive higher reimbursements than unaffiliated chain pharmacies, independent pharmacies are profitable, and the number of prescriptions filled at independent pharmacies is increasing.

It falsely claims that Express Scripts is “profiting by inflating drug costs,” including by taking rebates from drug manufacturers in return for putting high cost drugs on formularies when, in truth, the bulk of rebates and fees received by PBMs get passed through to plan sponsors and lower the net cost of drugs to plan sponsors and members. Moreover, Express Scripts prefers drugs with the lowest net cost to its plan sponsors on its largest standard formularies.

It makes the broad-brush claim that the PBMs failed to comply with the Commission’s 2022 6(b) orders, which demanded extensive data and information for production—without identifying who the supposed offenders are—even while Express Scripts had long ago complied with the Commission’s requests, which

the Commission knew and verbally acknowledged before and after issuing its Report. It falsely states that PBMs, including Express Scripts, “profit at the expense of patients by inflating drug costs” when the evidence shows that PBMs compete for the business of plan sponsors by offering lower costs for covered drugs than their competitors. PBMs have low and declining operating margins and any PBM that sought to inflate the cost of covered drugs would quickly lose its clients.

Due to these alleged false conclusions, the Complaint charges that the FTC Report violates federal and state law several times over, including in at least the following ways:

  • By exhibiting bias against PBMs and prejudgment of the facts, the Report violates Express Scripts’ right to due process under the Fifth Amendment to the U.S. Constitution.
  • It contains (i) assertions that will predictably be and have been interpreted as conclusions adverse to all PBMs and (ii) false statements unsupported by the record that demonstrate the Commission’s failure to consider the available contrary evidence and render its decision arbitrary and capricious.
  • It is not in the public interest and therefore exceeds the Commission’s statutory authority under Section 6(f) of the FTC Act.
  • It is unlawful because Commissioners exercise executive authority while enjoying statutory removal protections in violation of Article II of the U.S. Constitution.
  • And the Commission’s claim both in the Report and the accompanying press release that PBMs, including Express Scripts, are “inflating drug costs” and “profit by inflating drug costs at the expense of patients,” is false and defamatory.

Claiming that Express Scripts has suffered and continues to financial, business and reputational harm by the FTC Report’s allegedly false statements about its business practices and the insinuation that Express Scripts’ successful efforts to fight for lower prices for plan including being sued in multiple lawsuits invoking the FTC Report as evidentiary support for plaintiffs’ claims and faces multiple demands for information from state regulators and federal legislative committees. Contending these harms “have only just begun and will only be compounded over time,” Express Scripts asks the District Court:

  • To vacate and require the FTC to set aside the FTC Report;
  • Make the FTC correct the false statements it has made about PBMs; and
  • Require the recusal of FTC Chair Khan from further FTC proceedings regarding Express Scripts in light of her evident bias against PBMs, including Express Scripts.

Regardless of how the Express Scripts lawsuit plays out, employers and other health plan sponsors, fiduciaries, third party administrators, insurers, pharmacies, health care providers and individual Americans can expect to see continued challenges and attempts to reform PBMs to address perceived abuses. The direction and specifics of those challenges and changes remain unclear. Since political pressure is likely to significantly influence the ultimate outcome of any reforms, concerned individuals and organizations should carefully monitor and provide input.

Meanwhile, employer and other health plan sponsors and fiduciaries should also anticipate that the FTC Report and similar Congressional and other studies and investigations may increasingly fuel and provide evidence to support participants’ and beneficiaries’ questions and challenges to PBM features and practices within their health plans.

More Information

We hope this update is helpful. For more information about the  or other health or other employee benefits, human resources, or health care developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for her more than 35 years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications including leading edge work on PBM, pharmacy and pharmaceutical and other health care, managed care, insurance, and insured and self-insured contracting, design, administration and regulation.

Author of numerous highly regarded works on PBM and other health plan contracting and design,  Immediate Past Chair of the ABA International Section Life Sciences Committee and the Tort Trial and Insurance Practice Section Medicine and Law Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and past Group Chair and current Welfare Benefit Committee Co-Chair of the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns. 

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services, data and technology and many other other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.  As a part of this work, she has continuously and extensively worked with domestic and international health plans, their sponsors, fiduciaries, administrators, and insurers; managed care and insurance organizations; third party administrators and other health benefit service providers; hospitals, health care systems and other health care providers, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EMR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

She also has extensive experience helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve  sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology,  data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care;  internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement;  and other strategic and operational concerns.

Author of publications on “Transparent PBM Contracting,” “ACOs, Direct Contracting: Legal & Practical Challenges For Employers, Providers & TPAs,” “The Medicare Advantage Contracting Manual,” “Third Party Administrator (TPA) Contracting Principles and Strategies and a multitude of other highly regarded publications and presentations,  Stamer is widely recognized for her thought leadership on PBM and other managed care and health plan contracting and design, and a multitude of other health care, health plan and other health industry matters.  In addition, Ms. Stamer contributes her time and leadership to numerous policy, professional, civil and other organizations including service as the, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general information and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstance at the particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law constantly and often rapidly evolves, subsequent developments that could impact the currency and completeness of this discussion are likely. The author and Solutions Law Press, Inc. disclaim and have no responsibility to provide any update or otherwise notify anyone of any  fact or law specific nuance, change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

Comments Off on PBM Lawsuit Against FTC Signals Growing Battle To Rein In PBMs | Corporate Compliance | Tagged: , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

10/28 Deadline To Use Updated USCIS Forms

August 28, 2024

Check your U.S. Citizenship and Immigration Service (“USCIS”) forms and documentation. Following up on form updates previous announced earlier this year, USCIS released updated versions of following USCIS forms on August 28, 2024:

Individuals and businesses using these or other USCIS forms should ensure that they are using the most current form. Except for the Form I-914, which must be used beginning August 28, 2024, USCIS will allow use of either the August 28, 2024 updated form or its predecessor form until October 28, 2024. Beginning October 28, 2024, use of the August 28, 2024 edition becomes mandatory.

Employers and other users of USCIS forms are reminded that USCIS has issued other form updates earlier this year that impact employment and other immigration documentation. business and individuals affected by USCIS documentation should confirm that all of their forms are up-to-date.

If you have questions about the proper USICS forms or documents to use or other workforce, compensation, employee benefits, or related concerns, contact the author.

About the Author 

Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of employment, employee benefits and other workforce, immigration, health care, insurance and financial services, technology and other performance, compliance, risk management and mitigation, incident and other investigations, regulatory and government affairs, and other strategic, operational, regulatory and legal and consulting management work for government contractors and other public and private businesses; managed care and other health and life science, insurance, technology, and other performance and data dependent organizations,

A Fellow in the American College of Employee Benefit Counsel, Immediate Past Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee, Co-Chair of its International Employment Law Committee, and its Health Care Liaison; Immediate Past Chair of the ABA TIPS Section Medicine & Law Committee; Past Chair of the ABA Managed Care & Insurance Interest Group; Former Chair of the ABA RPTE Employee Benefits & Other Compensation Group and Chair or Co-Chair of its Welfare Benefit Committee for more than 10 years , and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership with healthcare and life sciences, employment and employee benefits, managed care and insurance, data and technology and other related industries and organizations. Known for her skill combined use of her extensive legal and operational knowledge to help these and other clients develop, operationalize and defend employment, employee benefits, compensation and other staffing and workforce; data, systems and other technology; heath benefit and other healthcare and life science, managed care and insurance; employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational actions and practices. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.

As part of this work, she regularly conducts, compliance and risk management, audits, investigations, and training on Form I-9 and other foreign worker, wage and hour, affirmative action and other federal and states Civil Rights, and other employment, employee benefits, regulatory, and other practices.

Author of a multitude of highly regarded publications, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending USCIS, EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination, Federal Sentencing Guidelines and other compliance, investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here

IMPORTANT NOTICE

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on 10/28 Deadline To Use Updated USCIS Forms | citizenship, Corporate Compliance, E-Verify, employee, Employer, Employers, national origin | Permalink
Posted by Cynthia Marcotte Stamer

Tighter FTC Breach Notification Rules Now Effective Non-HIPAA Covered Handlers Of Health Information While HIPAA Covered Entities Face Continuing Duties Under HIPAA

August 8, 2024

Health and fitness mobile application developers and other businesses that collect or handle electronic or other health care information that are not subject to the by the Health Insurance Portability and Accountability Act (“HIPAA”) should evaluate their responsibility to comply with the personal health record (“PHR”) breach notification requirements of the recently amended Federal Trade Commission (“FTC”) Health Breach Notification Final Rule (the “HBN Rule”) and if subject to the HBN, ensure their compliance taking into account amendments to the HBN Rule that took effect on July 29, 2024. 

The HIPAA Breach Notification Rule imposes specific requirements on health care providers, health plans, health care clearinghouses and their business associates (“HIPAA Entities”) to protect individually identifiable health information (“PHI”) against improper use, access, disclosure or destruction and to provide breach notification to individuals, the Department of Health and Human Services Office of Civil Rights (“OCR”) and the media if a breach of unsecured electronic protected information happens.

To provide for notifications of breaches of electronically identifiable health information not covered by HIPAA, the HBN Rule generally requires each vendor of PHRs covered by its rules (“PHR Vendors”) and related entity that discovers a breach of security of unsecured personally identifiable health information (“UPHI”) in a PHR it maintains or provides to notify:

  • Each individual who is a citizen or resident of the United States whose unsecured UPHI was acquired by an unauthorized person as a result of the security breach
  • The Federal Trade Commission; and
  • If the breach involved UPHI of 500 or more residents of such State or jurisdiction is, or is reasonably believed to have been, acquired during such breach, prominent media outlets serving a State or jurisdiction,

Applicability To HBN Rule

Amendments to the HBN Rule that took effect on July 29, 2024, clarify that the HBN Rule breach notification requirements apply more broadly than many parties dealing with PHR and PHR technologies previously understood as well as other requirements of the HBN Rule.  The FTC revised several definitions in the HBN Rule to clarify that it applies health apps and similar technologies not covered by HIPAA by modifying the definition of “PHR identifiable health information” and adding two new definitions for “covered health care provider” and “health care services or supplies.” It also revised the definition of “PHR related entity” to make clear that 1) the HBN Rule covers entities that offer products and services through the online services, including mobile applications, of vendors of personal health records and 2) only entities that access or send UPHR to a personal health record — rather than entities that access or send any information to a personal health record — qualify as PHR related entities;

These changes clarify that the HBN breach notification requirements generally apply to p Providers and developers of websites, mobile applications, or internet-connected devices that provide mechanisms to track diseases, health conditions, diagnoses or diagnostic testing, treatment, medications, vital signs, symptoms, bodily functions, fitness, fertility, sexual health, sleep, mental health, genetic information, or diet, or that provides other health-related services or tools and other similar technologies that provide healthcare services and supplies, and related technologies not covered.

Other Changes & Clarifications To HBN Rule

  • Breach Of Security: The Final Rule clarifies that a “breach of security” includes an unauthorized acquisition of identifiable health information that occurs as a result of a data security breach or an unauthorized disclosure;
  • Clarifying Multiple Sources Of PHR Identifiable Health Information: The FTC clarified what it means for a personal health record to draw PHR identifiable health information from multiple sources;
  • Electronic Notification: The FT expanded the allowable use of email and other electronic means of providing clear and effective notice to consumers of a breach;
  • Expanding Required Consumer Notice Content:  The amendments to the HBN Rule expand the required content that notifications of breaches must include. For example, the notice would be required to include the name or identity (or, where providing the full name or identity would pose a risk to individuals or the entity providing notice, a description) of any third parties that acquired unsecured PHR identifiable health information as a result of a breach of security;
  • Changing Notification Timing: The amendment to the HBN Rule changes the deadline for providing breach notification to the FTC under the rule. For breaches involving 500 or more individuals, covered entities must notify the FTC at the same time they send notices to affected individuals, which must occur without unreasonable delay and in no case later than 60 calendar days after the discovery of a breach of security; and
  • Improving readability: The amendments to the HBN Rule also include changes to improve the rule’s readability and promote compliance.

HIPAA-Covered Breaches

HIPAA Entities are reminded that in addition to its broadly applicable Privacy, Security and Breach Notification Rules, OCR also has promulgated specific guidance about mobile application and related technology. This mobile application guidance, among other things, include risk analysis, configuration to reduce risks, and workforce training on appropriate use when HIPAA Entities use mobile application technologies.

Additionally OCR also has adopted specific requirements on the Use of Online Tracking Technologies by HIPAA Entities to collect and analyze information about how users interact with regulated entities’ websites or mobile applications. While the U.S. District Court for the Northern District of Texas ruled Am. Hosp. Ass’n v. Becerra, — F. Supp. 3d —-, No. 4:23-cv-1110, 2024 WL 3075865 (N.D. Tex. June 20, 2024) ruled unlawful and invalidated the portion of this rule that provides that HIPAA obligations are triggered in “circumstances where an online technology connects (1) an individual’s IP address with (2) a visit to a[n] [unauthenticated public webpage] addressing specific health conditions or healthcare providers.” the remainder of that rule remains effective. HIPAA-Entities should ensure compliance with both of these rules as well as all other applicable HIPAA Breach and other rules.

To aid in this process, OCR has published various tools and resources on building privacy and security protections into mobile application technologies including the following:

  • Mobile Health Apps Interactive Tool – The Federal Trade Commission (FTC), in conjunction with OCR, the HHS Office of National Coordinator for Health Information Technology (ONC), and the Food and Drug Administration (FDA), have updated the popular Mobile Health Apps Interactive Tool. This tool is designed to help developers of health-related mobile apps, including HIPAA-regulated entities, understand what federal laws and regulations might apply to them. The guidance tool asks developers a series of questions about the nature of their app, including about its function, the data it collects, and the services it provides to users. Based on a developer’s answers to those questions, the guidance tool points the app developer toward detailed information about certain federal laws that might apply. These include the FTC Act, the FTC’s Health Breach Notification Rule, the Health Insurance Portability and Accountability Act (HIPAA) Rules, and the Federal Food, Drug and Cosmetics Act (FD&C Act), Children’s Online Privacy Protection Rule (COPPA), and 21st Century Cures Act and ONC Information Blocking Regulations.
  • Health App Use Scenarios & HIPAA – PDF – This guidance details various use scenarios for mHealth applications, and explains when an app developer may be acting as a business associate under the HIPAA Rules.
  • Access Right, Apps, and APIs – View frequently asked questions about how the HIPAA Rules apply to covered entities and their business associates with respect to the right of access, apps, and application programming interface (APIs).
  • Health Information Technology – View frequently asked questions on HIPAA and health IT.
  • Guidance on HIPAA & Cloud Computing – OCR developed guidance to assist HIPAA covered entities and business associates, including cloud services providers (CSPs), in understanding how they can use cloud computing technologies while complying with their HIPAA obligations.

These resources can be helpful for both HIPAA-Entities to comply with HIPAA and non-HIPAA covered entities to comply and manage risks under the HBR Rule.

In the face of these and other Federal and state law rules, all parties dealing with electronic health information should confirm their status under the FTC and OCR Rules and take documented steps to verify, monitor and maintain their compliance with breach notification and other requirements.

About the Author 

Scribe responsible for planning and leading the American Bar Association Joint Committee on Employee Benefits Annual Agency Meeting with HHS-OCR for more than a decade and author of many highly regarded publications on HIPAA and other privacy and data security, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of HIPAA and other cybersecurity, workforce, technology and other compliance, risk management and mitigation, incident and other investigations, regulatory and government affairs, and other strategic, operational, regulatory and legal and consulting management work for government contractors and other public and private businesses; managed care and other health and life science, insurance, technology, and other performance and data dependent organizations,

A Fellow in the American College of Employee Benefit Counsel, Immediate Past Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee, Co-Chair of its International Employment Law Committee, and its Health Care Liaison; Immediate Past Chair of the ABA TIPS Section Medicine & Law Committee; Past Chair of the ABA Managed Care & Insurance Interest Group; Former Chair of the ABA RPTE Employee Benefits & Other Compensation Group and Chair or Co-Chair of its Welfare Benefit Committee for more than 10 years , and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership with healthcare and life sciences, employment and employee benefits, managed care and insurance, data and technology and other related industries and organizations. Known for her skill combined use of her extensive legal and operational knowledge to help these and other clients develop, operationalize and defend employment, employee benefits, compensation and other staffing and workforce; data, systems and other technology; heath benefit and other healthcare and life science, managed care and insurance; employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational actions and practices. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here

IMPORTANT NOTICE

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on Tighter FTC Breach Notification Rules Now Effective Non-HIPAA Covered Handlers Of Health Information While HIPAA Covered Entities Face Continuing Duties Under HIPAA | Corporate Compliance | Permalink
Posted by Cynthia Marcotte Stamer

Large Penalties Warn Health Plans & Other HIPAA-Entities Ensure Timely Response To HIPAA & Record Requests & Other Record & Information Disclosure Rules

August 5, 2024

The more than $560,000 in civil monetary penalties (“CMPs”) collected since March by the Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) from three HIPAA-covered entities for failing to respond to medical record requests within 30 days as required by the Health Insurance Portability & Accountability Act (“HIPAA”) right of access rule (“Access Rule”) shows patients, their personal representatives and health care providers, health plans, health care clearinghouses (“Covered Entities”) the seriousness of OCR’s commitment to enforcement of the Access Rule.

On August 2, 2024, OCR announced emergency medical provider American Medical Response (“AMR”) paid a $115,200 civil monetary penalty (“AMR CMP”) for waiting 370 days before delivering medical records requested by a patient’s personal representative.  OCR’s AMR CMP announcement follows its April 1, 2024 announcement Hackensack Meridian Health, West Caldwell Care Center (“Hackensack Meridian Health”) paid a $100,000 CMP (“HMH CMP”) for waiting 161 days to provide medical records requested by a patient’s personal representative and March 29, 2024 announcement of its agreement to accept payment of $35,000 in satisfaction the previously assessed $250,000 CMP against Phoenix Healthcare LLC d/b/a Green County Care Center (“Phoenix”) for Access Rule violations.  With these three actions, OCR collected $565,000 in CMPs for Access Rule violations since March 29, 2024, and has announced a total of 49 high-dollar Access Rule CMP or settlement collections since announcing its Access Rule enforcement initiative in 2019.

OCR’s pursuit of CMPs in excess of $100,000 against each of these three entities for failing to respond to a single request for patient records makes clear OCR’s readiness to investigate and pursue big dollar penalties against Covered Entities for even a single failure to deliver documents to a requesting patient or personal representative. With these HIPAA penalties in addition to the up to the $190 per day per request Labor Department administrative penalty, and discretionary award up to $100 per day plus attorneys’ fee and court cost courts can award suing participants or beneficiaries wrongfully denied timely access to plan information or documents under the Employee Retirement Income Security Act (“ERISA”) health plans, their plan administrators, insurers and fiduciaries should take care to ensure their health plans and their administrators and vendors timely respond to all medical record and otehr requests.

HIPAA Right Of Access Rule

HIPAA’s Privacy Rule right of access (“Access Rule”) is part of the national standards that HIPAA Privacy, Security, and Breach Notification Rules (“Privacy Rule”) require that Covered Entities and their business associates meet for protecting to protect individuals’ protected health information (“PHI”), limit uses and disclosures of PHI, and give individuals the right to timely access and to obtain a copy of their PHI records and certain other rights.  Like other Privacy Rule violations, Access Rule violations can subject a Covered Entity or business associate to expensive HIPAA civil monetary penalties (“CMPs”).

The Access Rule codified in 45 C.F.R. 164.524 generally requires that a Covered Entity to respond to a request from an individual or its personal representative to access or for a copy of protected health information (“PHI”) in any records set of a Covered Entity or its business associate within 30 days of receipt of the individual’s request.  OCR Access Rule guidance makes clear OCR views this deadline as the maximum allowed period

The Covered Entity can respond to a right of access request by granting or denying the request in whole or in part, or if it is unable to provide the records within 30 days for a legitimate reason, the Access Rule allows the Covered Entity a one-time 30-day extension of the response timeframe by sending the requestor a written statement of the reasons for the delay and the date within the extended response deadline by which the Covered Entity will complete its action on the request. 45 C.F.R. § 164.524(b)(2).

The Access Rule also contains specific guidance governing the calculation of the allowable fee, if any, the Covered Entity can charge for providing the PHI to a reasonable cost-based fee calculated following the Access Rule.  It also sets forth other requirements about the manner and format in which the Covered Entity must deliver the PHI.

OCR is responsible for implementing the Privacy Rules and enforcing non-criminal violations of its requirements.  When OCR finds violations of the Access Rule or other HIPAA violations, HIPAA as amended by the HITECH Act,1 generally authorizes OCR to impose and collect a CMP determined based on the following penalty schedule, with adjustments for inflation:

  • A minimum of $100 for each violation where the Covered Entity or business associate did not know and, by exercising reasonable diligence, would not have known that it violated the HIPAA provision, provided the total amount of CMPs imposed on the Covered Entity or business associate for all violations of an identical requirement or prohibition during a calendar year may not exceed $25,000.
  • A minimum of $1,000 for each violation due to reasonable cause and not to willful neglect, except that the total amount imposed on the Covered Entity or business associate for all violations of an identical requirement or prohibition during a calendar year may not exceed $100,000.
  • A minimum of $10,000 for each violation due to willful neglect and corrected within 30 days, except that the total amount imposed on the covered entity or business associate for all violations of an identical requirement or prohibition during a calendar year may not exceed $250,000.
  • A minimum of $50,000 for each violation due to willful neglect and uncorrected within 30 days, except that the total amount imposed on the covered entity or business associate for all violations of an identical requirement or prohibition during a calendar year may not exceed $1,500,000.

As required by law, OCR has adjusted the CMP ranges for each penalty tier for inflation.3 The adjusted amounts apply only to CMPs whose violations occurred after November 2, 2015.

$115,200 AMR CMP

According to the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) August 1, 2024 announcement of the AMR CMP, AMR paid OCR the $115,200 AMR CMP after OCR assessed the CMP in a Notice of Final Determination that AMR violated the Access Rule.

The Notice of Final Determination arose from an OCR investigation of a complaint made by an attorney (“the Patient’s Attorney”) on behalf of a patient transported by AMR alleging that AMR failed to provide a patient with timely access to its medical records after many failed attempts by the patient to obtain the records.

According to the Proposed Notice of Determination, the Patient’s Attorney sent AMR a fax on the patient’s behalf on October 31. 2018 asking for copies of a patient’s medical records including, “all billing records pertaining to treatment rendered for 9/15/2015 injury date; Patient Balance Verification; all medical records pertaining to treatment rendered for 9/15/2015 injury date” in electronic format to the patient’s attorney (“access request”). The access request was in writing, signed by the Patient’s Attorney, that clearly identified the Patient’s Attorney and where to send the copy of the Patient’s Attorney’s PHI. The Patient’s Attorney received a fax transmission report reflecting that AMR received her request on October 31, 2018. Although AMR uses an electronic health record (EHR) for its medical records and maintains the Patient’s Attorney’s requested PHI in its HER, it did not respond to this request by November 30, 2018, the date 30 days from receipt.

On November 8, 2018, the Patient’s Attorney also mailed a copy of her October 31, 2018, access request to AMR’s Seattle, Washington office via certified mail and received confirmation of delivery on November 13, 2018 from the United States Postal Service. The Patient’s Attorney also subsequently sent two follow-up requests for the PHI records on January 24, 2019.

Although AMR’s electronic medical record confirmed AMR received these requests, AMR did not respond to the Patient’s Attorney’s request until March 1, 2019, 121 days after the initial request, when AMR sent the Patient’s Attorney an invoice requiring payment of an access fee before AMR would provide the requested records to Complainant.

On March 18, 2019, the Patient’s Attorney then sent AMR another follow-up letter that reiterated the Patient’s Attorney’s multiple access requests and advised AMR that if AMR did not send the PHI to the Patient’s Attorney electronically within seven days the Patient’s Attorney would file a complaint with OCR.  Since AMR failed to deliver the requested records in electronic format within the specified period, the Patient’s Attorney filed a complaint with OCR on July 29, 2019, alleging that AMR violated the Access Rule by failing to provide a copy of the patient’s PHI in response to the Patient’s Attorney’s multiple access requests.

OCR’s October, 2019 investigation found AMR repeatedly failed to timely respond to the patient’s access request even though AMR had procedures in place for processing individuals’ written access requests.

In response to OCR’s investigation, AMR sent the requested records to the Patient’s Attorney on November 5, 2019, 370 days after the Patient’s Attorney’s initial request.

In response to OCR’s investigation, AMR also amended its internal procedures to streamline and better track access requests. OCR notified AMR of the results of OCR’s investigation on August 3, 2021, and offered AMR an opportunity to resolve the matter informally.  Rather than accepting this offer, however, AMR responded to OCR through counsel on August 9, 2021, asking OCR to “reconsider its position” without providing a counteroffer or otherwise engaging in negotiations with OCR. While OCR did not disclose the terms of its proposed offer of resolution, acceptance of this offer presumably would have allowed AMR to resolve the charges for an amount less than the $115,200 CMP ultimately imposed.

OCR then sent an April 15, 2022 Letter of Opportunity (LOO) to AMR, which informed AMR that OCR’s investigation indicated that AMR violated HIPAA’s Access Rule and providing AMR with an opportunity to submit written evidence of mitigating factors and affirmative defenses to this violation as well as evidence to support a waiver of a CMP for violating the Access Rule.  OCR determined AMR’s May 16, 2022 response to the LOO did not support any affirmative defense to the charges or grounds for waiver of the CMP but weighed AMR’s LOO response alleging mitigating factors in determining the amount of the CMP.

Based on these factual findings, OCR sent AMER a Notice of Proposed Determination that announced OCR’s intent to impose the $155,200 AMR CMP for its violation of the Access Rule by failing to provide timely access to the Patient’s Attorney after receiving her lawful requests.

Finding the Reasonable Cause penalty tier applicable for purposes of determining the CMP for  AMR’s Access Rule violation from December 1, 2018, to February 28, 2019, OCR calculated the AMR CMP as follows: $39,680 CMP Calendar Year 2018 (31 days from 12/1/18-12/31/18 at $1,280 per day); plus           $75.520 CMP Calendar Year 2019 (59 days from 1/1/19 to 2//19, at $1,280 per day) = $115,200 Total CMP

While AMR argued that OCR should exercise its discretion and choose not to apply any CMPs because of “multiple mitigating factors, OCR determined AMR’s arguments factually inaccurate and not meriting change of the CMP assessment from the reasonable cause level. Accordingly, OCR refused to reduce the original $115,200 based on alleged mitigating factors. 

After AMR did not challenge the determinations of OCR in the Notice of Proposed Determination within the allowed period, OCR issued the Final Notice of Determination imposing the $115,200 AMR CMP and AMR paid that amount.

Since as early as 2016, OCR has made Access Rule enforcement a priority.  Along with its assessment of the AMR CMP, OCR’s commitment to continued Access Rule enforcement is demonstrated by the 48 other previously announced Access Rule enforcement actions through July 31, 2024. 

$100,000 Hackensack Meridian Health CMP

Before it collected the AMR CMP, on April 1, 2024, OCR already had announced its collection of a $100,000 CMP from a New Jersey skilled nursing facility for violating the Access Rule in April.

Essex Residential Care, LLC, doing business as Hackensack Meridian Health, West Caldwell Care Center (“HMH”) is a skilled nursing facility that provides long-term care and rehabilitation services.

In May 2020, OCR received a complaint alleging that HMH failed to provide a personal representative with access to his mother’s medical records even after HMH received sufficient documentation that the patient’s son who requested the records as his mother’s personal representative.

OCR found that HMH failed to respond timely to a HIPAA right of access request. In September 2023, OCR issued a Notice of Proposed Determination (“HMHPD”) seeking to impose the $100,000 civil money penalty. When HMH waived its right to a hearing and did not contest OCR’s findings, OCR finalized the Notice of Final  Determination imposing the $100,000 CMP.

The OCR investigation found that when Peter Lindsay originally requested copies of the medical records of his mother, Lois Lindsey (“mother”) from WCCC in an April 19, 2020 email, WCCC responded with an April 22, 2020 e-mail denial that requested Mr. Lindsay provide WCCC a copy of a power of attorney, medical proxy or similar document executed by the mother establishing that he was his mother’s personal representative. However, when WCCC still failed to deliver the requested medical records after Mr. Lindsey sent a copy of his mother’s power of attorney via May 23, 2020 e-mail, Mr. Lindsey complained to OCR.

After OCR notified WCCC on October 15, 2020, its investigation of the complaint, WCCC acknowledged that it failed to respond to the complainant’s request for his mother’s medical records within 30 days of receiving the complainant’s written request for the records but still did not deliver the records until December 1, 2020, 161 days after the complainant’s request.

By letter dated March 25, 2022, OCR informed WCCC its investigation found that WCCC failed to provide timely access to protected health information and offered WCCC an opportunity to settle this matter informally.  Although OCR’s letter encouraged WCCC to contact OCR no later than ten days after receipt of the letter, OCR received no response until WCCC responded via e-mail through its attorney on April 29, 2022, that WCCC disagreed with OCR’s proposed resolution, OCR received an email correspondence from the WCCC’s attorney stating WCCC’s disagreement with OCR’s proposed resolution.  OCR then responded by issuing a May 16, 2022 Letter of Opportunity (LOO) informing WCCC that OCR found preliminary indications of non-compliance and providing WCCC with an opportunity to submit written evidence of mitigating factors, affirmative defenses, or waiver factors for OCR’s consideration in determining the CMP amount.

In the June 15, 2022 response to the LOO sent by WCCC’s attorney, WCCC acknowledged receipt of both the April 19, 2020, medical record request and the power of attorney emailed on April 23, 2020.  WCCC also admitted that instead of providing Mr. Lindsay with the requested medical record, WCCC instead sent a copy of the mother’s medical records to another facility to which Ms. Lindsay was transferred. WCCC’s attorney admitted WCCC should have handled the request differently but indicated at the time of the original request, both Mr. Lindsey and his mother were parties to ongoing litigation with WCCC over non-payment for care, that WCCC also was struggling with the COVID-19 pandemic, that Mr. Lindsey filed his complaint with OCR exactly 30 days after his e-mailed request before WCCC’s response to the initial request was due and asserted several affirmative defenses it claimed excused WCCC’s failure to provide the medical documents. 

Based on the above findings of fact, OCR calculated the WCCC CMP at the reasonable cause not corrected tier for WCCC’s failure to provide the requested medical records from June 23, 2020, to December 1, 2020.

WCCC also asserted various affirmative defenses and a right of waiver to avoid or mitigate the amount of the WCCC CMP, all of which OCR found unpersuasive.

  • Regarding WCCC’s assertion that HIPAA barred imposition of a CMP in this case, as a matter of law, under the HIPAA affirmative defense for a violation not due to willful neglect and timely corrected, OCR determined that the affirmative defense did not apply as WCCC did not timely correct the violation.  
  • OCR also rejected WCCC’s assertion that imposition of a CMP under these circumstances would be arbitrary and capricious and violate the Administrative Procedure Act (the Patient’s AttorneyA). 
  • OCR likewise found rejected WCCC’s claim that OCR should waive any possible CMP because assessment of the CMP would be excessive as WCCC only failed to timely respond to a single request for records access, submitted amidine the midst of litigation with the requesting party during the COVID-19 pandemic and WCCC’s personnel mistakenly believed that an appropriate, timely response to the complainant’s medical record request had been made through the transfer of the patient to another facility.

After WCCC waived its right to challenge these OCR determinations in an administrative hearing, OCR issued the Notice of Final Determination on January 12, 2024, which OCR publicly announced  on April 1, 2024.

Phoenix CMP Settlement

OCR’s WCCC CMP announcement came only three days after OCR announced a settlement with Phoenix under which OCR accepted and collected $35,000.00 (“Settlement Amount”) from Phoenix in full satisfaction of a $250,000 CMP under a March 30, 2021 Notice of Final Determination issued against Phoenix for willful violation of the Access Rule. 

The Phoenix CMP and resulting settlement arose from OCR’s investigation of a right of access complaint filed against the Oklahoma multi-facility nursing care organization by a patient’s daughter in April 2019 that Phoenix would not provide the daughter, who serves as a personal representative, with a copy of her mother’s medical records. After Phoenix eventually sent the requested records 323 days after the request on January 30, 2020 and only after OCR attempts to get the records through technical assistance and other efforts, OCR notified Phoenix of its intention to impose a $250,000 civil money penalty (“Phoenix CMP”) against Phoenix for willful violation of the Access Rule along with violations of HIPAA’s business associate requirements. 

Rather than accede to OCR’s proposed imposition of the $250,000 Phoenix CMP, however, Phoenix chose to challenge the proposed Phoenix CMP to an administrative law judge (“ALJ”) in the Civil Remedies Division of the Departmental Appeals Board (“DAB”) of HHS. In Decision No. CR6232, the ALJ on February 16, 2023, upheld the Access Rule violations cited by OCR and OCR’s determinations that Phoenix acted with willful neglect in committing the violations, but reduced the Phoenix CMP amount from the $250,000 proposed by OCR to $75,000.

Despite the ALJ’s reduction of the Phoenix CMP, Phoenix then unsuccessfully challenged the ALJ’s determinations. On August 4, 2023, the HHS Departmental Appeals Board upheld the ALJ’s decision to uphold OCR’s determinations that Phoenix acted with willful neglect in violating the Access Rule and imposition of the reduced $75,000 CMP.

When Phoenix threatened to appeal this determination in federal court and presented evidence of “financial hardship, however, OCR agreed “as a compromise based on the unique facts and circumstances of this matter,” to accept in full satisfaction of the $75,000 CMP assessed due and owing by Phoenix under ALJ Decision affirmed by DAB Decision No. 3105 and DAB Decisions  No. CR6232 in return for Phoenix’s payment of the $35,000 Settlement Amount and Phoenix’s agreement not to further challenge OCR’s assessment and to revise its HIPAA Policies and Procedures to address the Access Rule and business associate agreement requirements, training, and other compliance.

Right Of Access Enforcement Takeaways

OCR’s pursuit of CMPs for Access Rule violations against AMR, WCCC and Phoenix, along with the 46 Access Rule settlements announced by OCR before the Phoenix Settlement makes clear OCR takes seriously and stands prepared to assess substantial CMPs against Covered Entities that violate the Access Rule.  

Like the 46 Access Rule settlements OCR previously announced, the circumstances surrounding the assessment of the AMR CMP and other Access Right Enforcement actions contain several important lessons for Covered Entities and business associates including:

  • Ensuring Covered Entities appropriately track and timely respond to access requests is critical;
  • Failing to provide timely response to even a single access request can trigger a significant CMP;
  • The existence or expectation of a lawsuit or other dispute with the patient or patient’s personal representative does not justify delay or refusal timely to provide requested medical records within 30 days;
  • While Covered Entities and business associates have a duty to verify a family member, attorney or other party requesting medical records on behalf of a patient is the personal representative, a Covered Entity is responsible for verifying this and delivering the requested medical records promptly following receipt of a request;
  • If a Covered Entity or business associate intends to charge to provide requested medical records in response to an access request, ensure that the proposed charge is calculated following the Access Rule, notification is delivered within 30 days of the original request and deliver the medical records promptly after the payment is received;
  • Providing requested medical records to another health care provider or other party does not excuse or substitute for providing the medical records to the requesting patient or personal representative;
  • A Covered Entity that fails to meet the 30-day deadline for responding to an access request should fix the problem promptly by delivering the documents as soon as possible and taking documented corrective action to prevent future noncompliance;
  • A Covered Entity or business associate that already has not responded within 30 days of receipt of an access request should not withhold delivery of the requested PHI pending the requestor’s payment of the minimal allowed charge that it could have imposed had it timely responded to the access request within 30 days; and
  • Consider carefully before declining an offer from OCR to settle through informal resolution.

Covered Entities and business associates also should keep in mind other potentially applicable legal or ethical requirements to provide medical records.  For instance, the Employee Retirement Income Security Act (“ERISA”), state insurance rules and other federal or state laws also may require health plans and their insurers, administrators and others with timely access to medical or other records that also are protected heath information under HIPAA.  Under Section 502 (c) of ERISA, for instance, health plan administrators that fail to provide requested documents and information can become liable for Labor Department penalties of up to $190 per day not to exceed $1,906 per request, discretionary court awards of penalties of up to $100 per day plus attorneys’ fee and court cost to participants or beneficiaries wrongfully denied timely access or both. Covered Entities and business associates should ensure that all applicable deadlines are met and that any charges imposed satisfy all applicable requirements.

Covered Entities and business associates also should keep in mind that the Access Rule is only one of several areas of HIPAA enforcement prioritized by OCR that can trigger costly CMPs. Since HIPAA took effect in April 2003 through April 2024, OCR has:

  • Received and resolved 99 percent of the more than 358,975 HIPAA complaints and the more than 1,188 OCR-initiated compliance reviews;
  • Required changes in privacy practices and corrective actions in more than 30,839 cases investigated;
  • Settled or imposed a civil money penalty in 145 cases resulting in a total dollar amount of $142,663,772.00; and
  • OCR referred 2,197 to the Department of Justice (DOJ) for criminal investigation of cases involving the knowing disclosure or obtaining of protected health information in violation of HIPAA.

The compliance issues most often alleged in complaints cumulatively, in order of frequency through April, 2024 have remained consistent across the 20 years since HIPAA became effective.  They include cumulative in order of frequency:

  • Impermissible uses and disclosures of protected health information;
  • Lack of safeguards of protected health information;
  • Lack of patient access to their protected health information;
  • Lack of administrative safeguards of electronic protected health information; and
  • Use or disclosure of more than the minimum necessary protected health information.

While health care providers are the type of Covered Entity most often subjected to enforcement, OCR data confirms OCR investigations and enforcement has impacted all types of Covered Entities and business associates.  According to this data, the categories of Covered Entities OCR investigations have found to have committed violations are, in order of frequency:

  • General Hospitals;
  • Private Practices and Physicians;
  • Pharmacies;
  • Outpatient Facilities; and
  • Group Health Plans.

Additionally, while Group Health Plans as a group have the fewest compliance violations to date, OCR enforcement data confirms OCR’s investigation and enforcement of Access Rule violations against Group Health Plans, as well as that Group Health Plans and their business associates historically account for violations of the HIPAA security rules for the protection of electronic health information affecting millions of Americans. With OCR’s even further heightening its prioritization of HIPAA’s security rule oversight and enforcement in response to massive breaches of electronic protected health information systems and data that triggered widespread disruptions of care and payment systems reported by UnitedHealthcare Group’s Change Health, Ascension Health, and others, and recent OCR guidance requiring to update their Notices of Privacy Practices, all Covered Entities and their business associates should ensure seize the opportunity to re-verify the defensibility of their organization’s Access Rule, Security Rule and other HIPAA compliance.

For Additional Information

We hope this update is helpful. Solutions Law Press, Inc. invites you to receive future updates by registering on  here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy

If you need have questions or need assistance with this or other cybersecurity, health, benefit, payroll, investment or other data, systems or other privacy or security related risk management, compliance, enforcement or management concerns, to inquire about arranging for compliance audit or training, or need legal representation on other matters,  contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

About the Author 

Scribe responsible for planning and leading the American Bar Association Joint Committee on Employee Benefits Annual Agency Meeting with HHS-OCR for more than a decade and author of many highly regarded publications on HIPAA and other privacy and data security, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of HIPAA and other cybersecurity, workforce, technology and other compliance, risk management and mitigation, incident and other investigations, regulatory and government affairs, and other strategic, operational, regulatory and legal and consulting management work for government contractors and other public and private businesses; managed care and other health and life science, insurance, technology, and other performance and data dependent organizations,

A Fellow in the American College of Employee Benefit Counsel, Immediate Past Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee, Co-Chair of its International Employment Law Committee, and its Health Care Liaison; Immediate Past Chair of the ABA TIPS Section Medicine & Law Committee; Past Chair of the ABA Managed Care & Insurance Interest Group; Former Chair of the ABA RPTE Employee Benefits & Other Compensation Group and Chair or Co-Chair of its Welfare Benefit Committee for more than 10 years , and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership with healthcare and life sciences, employment and employee benefits, managed care and insurance, data and technology and other related industries and organizations. Known for her skill combined use of her extensive legal and operational knowledge to help these and other clients develop, operationalize and defend employment, employee benefits, compensation and other staffing and workforce; data, systems and other technology; heath benefit and other healthcare and life science, managed care and insurance; employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational actions and practices. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here

IMPORTANT NOTICE

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on Large Penalties Warn Health Plans & Other HIPAA-Entities Ensure Timely Response To HIPAA & Record Requests & Other Record & Information Disclosure Rules | Corporate Compliance | Permalink
Posted by Cynthia Marcotte Stamer

Beryl-Related Texas Court Deadline Relief Announced

July 15, 2024

The Supreme Court of Texas has issued an emergency order authorizing the modification of deadlines in certain justice courts affected by Hurricane Beryl.

The order states that upon request by local judicial leaders and pursuant to Section 22.0035(b) of the Texas Government Code, justice courts in Fort Bend, Galveston, Harris, Matagorda, and Montgomery counties that have been prevented from complying with a deadline in a civil case because the court’s normal operations have been disrupted by the disaster may:

  • Consider the disaster as good cause under Texas Rule of Civil Procedure 500.5 for extending a time period in the Texas Rules of Civil Procedure or local rules, including appeal and new trial deadlines, until July 26, 2024; and
  • Postpone statutory deadlines until July 26, 2024, if the court finds that the postponement is necessary to facilitate the orderly resumption of the court’s normal operations.

Read the complete order here.

For More Information

We hope this update is helpful. For more information or help about these or other health or other legal, management, or public policy developments, please get in touch with the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author 

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of cybersecurity, workforce, technology and other compliance, risk management and mitigation, incident and other investigations, regulatory and government affairs, and other strategic, operational, regulatory and legal and consulting management work for insurance, financial services, employee benefits, managed care and other health and life science, technology, government entities and contractors and other public and private businesses. As part of this work, she has extensively worked, spoken and published on the defensible design, use and management of artificial intelligence and other systems and processes throughout her career.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership with healthcare and life sciences, employment and employee benefits, managed care and insurance, data and technology and other related industries and organizations. Known for her skill combined use of her extensive legal and operational knowledge to help these and other clients develop, operationalize and defend employment, employee benefits, compensation and other staffing and workforce; data, systems and other technology; heath benefit and other healthcare and life science, managed care and insurance; employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational actions and practices. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here

IMPORTANT NOTICE

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on Beryl-Related Texas Court Deadline Relief Announced | Corporate Compliance | Permalink
Posted by Cynthia Marcotte Stamer

FINRA Warns Brokers, Financial Advisors To Manage Compliance Risks Of AI

July 1, 2024

Brokers, financial advisors and others in the financial industry subject to regulation by the Financial Industry Regulatory Authority (“FINRA”) to document their careful selection and management of any machine learning, deep learning, neural networks, large language model (“LLM”) and other natural language processing (“NLP”), and other generative artificial intelligence tools (“Gen AI”) in their businesses with all relevant FINRA, securities and other laws and regulations.

Gen AI Tool Use Benefits & Risks

As FINRA’s 2024 Annual Regulatory Oversight Report notes, brokers, financial advisors and their organization increasingly are using Gen AI and other similar tools for a wide range of marketing and other operational purposes.

Gen AI technology presents both promising opportunities for investors and member firms and some attendant risks.3 Among other things, properly used Gen AI tools may:

  • Analyze and synthesize vast sets of financial and market data, summarize large and complex documents, and power educational resources that may help investors at all experience levels understand and navigate markets more effectively;
  • Allow an associated person to, for example, easily locate and query a member firm’s policies and procedures or forms, to generate summaries derived from the member firm’s research reports, or to obtain issuer-specific information by drawing on SEC filings and earnings call transcripts.
  • Allow member firms to leverage Gen AI tools to aid in surveillance by, for example, generating reports with summaries for the member firm’s (human) compliance personnel of potential evidence of malfeasance, such as market abuse or insider trading.
  •  

Along with these potentially promising benefits, Gen AI also can create added concerns about accuracy, privacy, bias, intellectual property,         possible exploitation by threat actors, and other risks.

FINRA Warning To Monitor Regulatory Compliance When Using Gen AI Tools

FINRA Regulatory Notice 24-09 published June 27, 2024, warns FINRA members to use care to ensure continued compliance with FINRA and other securities laws and rules when using Gen AI or other similar technologies in their businesses.   

The Notice reminds members that FINRA and other securities laws continue to apply when member firms use Gen AI or similar technologies in their business, just as they apply when member firms use any other technology or tool.4  The Notice notes, for example, that FINRA Rule 3110 requires that a member firm have a reasonably designed supervisory system tailored to its business. If a firm is using Gen AI tools as part of its supervisory system—for the review of electronic correspondence, for instance—the Notice states its policies and procedures should address technology governance, including model risk management, data privacy and integrity, reliability, and accuracy of the AI model.  

Where applicable, the Notice states the FINRA rules apply whether member firms are directly developing Gen AI tools for their proprietary use or when leveraging the technology of a third party, including through embedded features in existing third-party products.

The applicability and implications of FINRA’s rules as applied to the use of Gen AI use depend on how a member firm deploys the AI technology. The Notice warns that depending how a member firm uses Gen AI, Gen AI use could implicate virtually every area of a member firm’s regulatory obligations.6  The Notice warns that as with any technology or tool, a member firm should evaluate Gen AI tools before deploying them to ensure that the member firm will continue to comply with existing FINRA rules applicable to the business when using those tools.

FINRA already has provided some guidance about the use of Gen AI tools by members.  Before publishing the Notice, for example, FINRA already had released guidance discussing the specific application of the content standards of FINRA Rule 2210 (Communications with the Public).  In that guidance, FINRA stated that Rule 2210 applies whether member firms’ communications are generated by a human or technology tool.5 

Beyond the Rule 2210 guidance, the Notice also highlights other FINRA resources that FINRA encourages members to use to help shape and manage their organizations’ Gen AI use in their operations.  These include including:

SEC AI Regulation & Scrutiny

FINRA-regulated individuals and organizations also are reminded that the Security and Exchange Commission (“SEC”) also increasingly is focusing on AI and other data and technology related risks. In recent years, Chairman Gary Gensler and other SEC officials have identified a number of areas of potential securities market threats from the use of AI including tools and practices exposing the market and investors to fraudulent practices and deception; AI bias; and conflicts of interest or intensify existing financial vulnerabilities.

For instance, the SEC has scrutinized broker-dealer and investment advisor digital engagement practices and investment advisors use of technology to develop and provide investment advice for several years. See e.g,. SEC Release No. 34-92766; IA-5833; File No. S7-10-21, The SEC noted that investment advisory
clients may face risks when artificial intelligence models use poor quality, inaccurate or biased data that
produce outputs that are or lead to poor or biased advice whether incorporated unintentionally through use of data sets that include irrelevant or outdated information, including information that exists due to historical practices or outcomes, or through the selection by human personnel of the data or types of data to be incorporated into a particular algorithm. Accordingly, the SEC asked for input on how advisers account for, identify, evaluate and mitigate biases and disparities that raise investor protection issues.

In response to some of these concerns, the SEC Investor Advisory Committee (“IAC”) has proposed the Establishment of an Ethical Artificial Intelligence Framework For Investment Advisors in which the IAC proposed, among other things recommended that the SEC:

  • Increase and enhance SEC staffing and AI expertise;
  • Request and use data, comments and observations from the Division of Examinations in its inspections of advisers using artificial intelligence to draft best practices on the ethical use of artificial intelligence;
  • Consider frameworks developed by regulatory authorities around the world, such as The Monetary Authority of Singapore and organizations such as the CFA Institute to expand and enhance its 2017 Guidance regarding robo-advisers for purposes of developing and providing recommendations on the use of AI by investment advisors and broker-dealers

See IAC letter to SEC Chairman Gary Gensler (April 6, 2023).

In response to growing concerns that broker-dealers might use certain predictive analytics and similar technologies to optimize for, predict, guide, forecast, or direct investment-related behaviors or outcomes in a manner that puts their own interests ahead of investors’, in July 2023 the SEC published a Proposed Rule that if adopted generally would require a firm to evaluate and determine whether its use of certain technologies in investor interactions involves a conflict of interest that results in the firm’s interests being placed ahead of investors’ interests. The proposed rule would require firms to eliminate, or neutralize the effect of, any such conflicts, but firms would be permitted to employ tools that they believe would address these risks and that are specific to the particular technology they use, consistent with the proposal. The proposed rules would require firms to adopt written policies and procedures reasonably designed to achieve compliance with the proposed rules and to make and keep books and records related to these requirements. See also, Fact Sheet.

Managing AI Compliance Risks & Opportunities

All members and their organizations should ensure that they have audit and maintain an inventory of all Gen AI, PDA and other similar tools and conduct documented assessments to confirm the use of these tools does not adversely impact their continued compliance with relevant FINRA and other security rules before its deployment taking into account this and all other relevant FINRA rules and guidance. Because many third-party tools and services may include or incorporate Gen AI tools, FINRA regulated parties should require third party vendors to disclose or establish other processes for reliably determining when third party provided tools or services include or may impact the FINRA regulated party’s compliance and steps for monitoring and managing these impacts.

Moreover, all members using AI will need to establish documented processes and procedures for monitoring the continued appropriateness of the use of these and other Gen AI, PDA and other tools in light of emerging experience and guidance.

Since FINRA and the SEC also have indicated that additional enforcement, guidance or both are likely to emerge, these processes should include a reliable process for monitoring FINRA guidance for updates and timely responding to these developments.

Members and other interested parties with questions and concerns about emerging uses of AI may wish to consider sharing input with FINRA. the SEC and other relevant agencies. In this respect, the FINRA Notice invites members and other interested parties to engage and communicate with FINRA about potential supervisory and compliance implications of evolving Gen AI and other related technology uses as they evolve.  Among other things, the Notice:

  • Invites members and other interested parties to follow FINRA’s process for interpretive requests7 to seek interpretive guidance from FINRA to the extent member firms find ambiguity in the application of FINRA rules based on their specific use of Gen AI or other technology
  • Encourages member firms to have ongoing discussions with their Risk Monitoring Analyst as AI-related issues or other changes in their business arise.8
  • Encourages members to share feedback with FINRA on how its rules might be modernized in light of the use of Gen AI tools or other emerging technologies, consistent with investor protection and market integrity. FINRA will continue engaging with its members, regulators, policymakers and other interested parties on the use of Gen AI, LLMs and other emerging technology. Any parties interested in discussing these matters further with FINRA are welcome to contact our Office of General Counsel for policy and rules-related discussion, and REMA/Office of Financial Innovation for all other Gen AI engagement.

In the face of the Notice and other FINRA guidance on the use of AI in their operations, brokers, financial advisors and other FINRA related parties should use care in selecting, deploying, monitoring and managing any Gen AI or other tools in their businesses. In light of FINRA’s warning about the importance of pre-use compliance evaluation, brokers and financial advisors and their organizations should adopt written policies governing the use of Gen AI and other tools. These policies should prohibit pre-use compliance evaluation and approval before any Gen AI tools are deployed or used within their operations. regardless of whether developed and deployed in house or incorporated into third-party provided tools or services.

FINRA and SEC regulated parties also should monitor and take appropriate steps to guard their organizations and sensitive data, systems and operations against ransomware, cybersecurity and other threats created or enhanced by their own or third parties’ use of Gen AI or other technologies in light of the requirements of the Fair and Accurate Credit Transactions Act, federal and state electronic crimes and cybersecurity statutes, the SEC’s recently adopted cybersecurity rule, and other federal and state laws as well as the demonstrated market and operational risks associated with breaches.

FINRA regulated parties also should take steps to monitor enforcement, audit, and other regulatory and experiential developments potentially impacting on their past or continued use of Gen AI or other similar tools.

Of course, FINRA isn’t the only regulatory agency warning users about AI compliance risks. The Equal Employment Opportunity Commission (“EEOC”) is one of a growing number of other agencies that also have sounded warnings about compliance risks associated with the use of AI technologies. See, e.g. The Americans with Disabilities Act and the Use of Software, Algorithms, and Artificial Intelligence to Assess Job Applicants and Employees (May 12, 2024). FINRA and SEC regulated parties also should be cognizant of their direct compliance obligation and those of their customers and business partners under these and other laws.

For Additional Information

We hope this update is helpful. Solutions Law Press, Inc. invites you to receive future updates by registering on  here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy

If you need have questions or need assistance with this or other cybersecurity, health, benefit, payroll, investment or other data, systems or other privacy or security related risk management, compliance, enforcement or management concerns, to inquire about arranging for compliance audit or training, or need legal representation on other matters, contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452-8297

About the Author 

Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of cybersecurity, workforce, technology and other compliance, risk management and mitigation, incident and other investigations, regulatory and government affairs, and other strategic, operational, regulatory and legal and consulting management work for insurance, financial services, employee benefits, managed care and other health and life science, technology, government entities and contractors and other public and private businesses. As part of this work, she has extensively worked, spoken and published on the defensible design, use and management of artificial intelligence and other systems and processes throughout her career.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership with healthcare and life sciences, employment and employee benefits, managed care and insurance, data and technology and other related industries and organizations. Known for her skill combined use of her extensive legal and operational knowledge to help these and other clients develop, operationalize and defend employment, employee benefits, compensation and other staffing and workforce; data, systems and other technology; heath benefit and other healthcare and life science, managed care and insurance; employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational actions and practices. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here

IMPORTANT NOTICE

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on FINRA Warns Brokers, Financial Advisors To Manage Compliance Risks Of AI | Corporate Compliance | Tagged: , , , , , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

OSHAs Restructuring Regional Operations

May 8, 2024

Texas and other Southern states can expect increased revitalized Occupational Health & Safety Act enforcement under a Department of Labor restructuring of the Occupational Safety and Health Administration (“OSHA”) regional operations.

The changes announced May 8 include the creation of a new OSHA regional office in Birmingham, Alabama, overseeing agency operations in the state, and those in Arkansas, Kentucky, Louisiana, Mississippi and Tennessee as well as the Florida Panhandle. The Birmingham Region will address the area’s growing worker population and the hazardous work done by people employed in food processing, construction, heavy manufacturing and chemical processing.

OSHA is also planning to merge Regions 9 and 10 into a new San Francisco Region to improve operations and reduce operating costs. 

As part of the changes, the agency will also rename its regions to associate them by geography, rather than its current practice of assigning numbers to regions.

The area OSHA calls Region 4 will be renamed the Atlanta Region with jurisdiction over Florida, excluding the Panhandle; Georgia, North Carolina and South Carolina.

The current Region 6 will be renamed the Dallas Region and have jurisdiction over workplace safety issues in New Mexico, Oklahoma and Texas. 

The composition of OSHA’s other regions will remain the same.

When completed the agency will rename its regions as follows:

  • Region 1 to the Boston Region
  • Region 2 to the New York City Region
  • Region 3 to the Philadelphia Region
  • Region 4 to the Atlanta Region
  • Region 5 to the Chicago Region
  • Region 6 to the Dallas Region
  • Region 7 to the Kansas City Region
  • Region 8 to the Colorado Region
  • Region 9 and 10 merged into the San Francisco Region, and
  • The new Birmingham Region.

OSHA says the changes that reflect demographic and industrial changes since the passage of the OSH Act will allow OSHA to better respond to the needs of all workers, including those historically underserved, provide a stronger enforcement presence in the South and more consolidated state oversight and whistleblower presence in the West.

For Additional Information

We hope this update is helpful. Solutions Law Press, Inc. invites you to receive future updates by registering on  here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy

If you need have questions or need assistance with this or other cybersecurity, health, benefit, payroll, investment or other data, systems or other privacy or security related risk management, compliance, enforcement or management concerns, to inquire about arranging for compliance audit or training, or need legal representation on other matters,  contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

About the Author 

Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of cybersecurity, workforce, technology and other compliance, risk management and mitigation, incident and other investigations,regulatory and government affairs, and other strategic, operational, regulatory and legal and consulting management work for government contractors and other public and private businesses; managed care and other health and life science, insurance, technology, and other performance and data dependent organizations,

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership with healthcare and life sciences, employment and employee benefits, managed care and insurance, data and technology and other related industries and organizations. Known for her skill combined use of her extensive legal and operational knowledge to help these and other clients develop, operationalize and defend employment, employee benefits, compensation and other staffing and workforce; data, systems and other technology; heath benefit and other healthcare and life science, managed care and insurance; employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational actions and practices. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here

IMPORTANT NOTICE

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on OSHAs Restructuring Regional Operations | Corporate Compliance, OSHA | Permalink
Posted by Cynthia Marcotte Stamer

$2.7 Million FCA Cyber Liability Settlement Shows New Tool In Government’s Strategy To Fight Cyber Insecurity By Holding Businesses & Leaders Accountable

May 4, 2024

The $2.7 million settlement government contractor Insight Global LLC, (“Insight”) is paying to settle a Justice Department (“DOJ”) False Claims Act civil suit for lax cybersecurity shows government contractors now must add possible False Claims Act prosecution to the already substantial and ever-widening potential consequences all organizations and leaders when their organizations experience a cyber incident.

Supplementing the strength and reach of existing cybersecurity laws by using the False Claims Act, federal securities, employee benefit fiduciary responsibility. and other laws as tools to pressure organizations and their leaders to strengthen their cybersecurity compliance and defenses is a key component of the National Cybersecurity Strategy the Administration announced in March, 2023 to battling the ongoing pandemic of cyber incidents. As National Cybersecurity Strategy states, “Continued disruptions of critical infrastructure and thefts of personal data make clear that market forces alone have not been enough to drive broad adoption of best practices in cybersecurity and resilience. … We must hold the stewards of our data accountable for the protection of personal data; drive the development of more secure connected devices; and reshape laws that govern liability for data losses and harm caused by cybersecurity errors, software vulnerabilities, and other risks created by software and digital technologies.

The National Cyber Security Strategy goes on to warn, “We will use Federal purchasing power and grant-making to incentivize security.”

With holding businesses and their leaders accountable a key component of the Federal government’s National Cybersecurity Strategy, government contractors specifically and all businesses and their leaders generally should heed the use of the DOJ’s use of the False Claims Act as another tool in its expanding arsenal for holding businesses experiencing cyber breaches accountable as proof of their own growing imperative to manage their own cyber security and liability in response to exploding strains of cyber threats and liabilities.

Government Contractor False Claims Act Cyber Risk

DOJ’s adoption of the False Claims Act as a tool for imposing liability against government contractors experiencing a cyber breach is part of a broader effort to persuade organizations and their leaders to tighten their cyber security defenses and responses by ratcheting up the liability and other consequences organizations and their leaders face when their organizations experience a cyber incident. The False Claims Act imposes treble damages and penalties on those who knowingly and falsely claim money from the United States or knowingly fail to pay money owed to the United States.

A Civil Cyber-Fraud Initiative announced by DOJ on October 6, 2021 adds potential False Claims Act civil lawsuits by DOJ or private whistleblowers to the already significant and expanding consequences government contractors and grant holders can face for failing to fulfill requirements to properly secure protected health information or other sensitive data as required in their government contracts.

According to DOJ’s May 1, 2024 announcement, Insight will pay $2.7 million to resolve DOJ False Claims Act charges for failing to have adequate cybersecurity measures to protect health information obtained during COVID-19 contact tracing under the new of the Settlement shows DOJ is following through on its promise.

$2.7 Million Insight FCA Cyber Settlement

The $2.7 million Settlement settles a whistleblower lawsuit, United States ex rel. Seilkop v. Insight Global LLC, No. 1:21-cv-1335 (M.D. Pa.). Filed under the whistleblower provisions of the False Claims Act that permit private parties to sue on behalf of the government when they believe that defendants submitted false claims for government funds and to receive a share of any recovery, DOJ intervened in the suit. Whistleblower, Terralyn Williams Seilkop, a former Insight Global staff member who worked on the contact tracing at issue, will receive a $499,500 share of the $2.7 million settlement amount.

The lawsuit alleged the Pennsylvania Department of Health hired Insight to provide staffing for COVID-19 contact tracing and paid Insight using federal funds from the U.S. Centers for Disease Control and Prevention. Although keeping personal health information of contact tracing subjects confidential and secure was part on its contractual duties, Insight failed to secure the protected health information. Instead, DOJ claimed, for example, Insight transmitted certain personal health information and/or personally identifiable information of contact tracing subjects in the body of unencrypted emails, stored and transmitted the information using Google files not password protected, making them potentially accessible to the public via internet links and allowed staff to use shared passwords to access that information.

DOJ additionally alleged that from November 2020 through January 2021, Insight managers received complaints from Insight staff that protected health information was unsecure and potentially accessible to the public, but failed to start remediating the issue until April 2021 after deficiencies came to light.

When Insight eventually began remediating these cybersecurity breaches and deficiencies in 2021, the announcement states Insight cooperated with the DOJ investigation of the cause and scope of the incident. It also took steps to remedy cybersecurity deficiencies by strengthening internal controls and procedures, adding more data-security resources and issuing a public notice regarding the scope of the potential exposure and offering free credit monitoring and identity protection services to those affected. FOJ also reports Insight also cooperated with the United States’ investigation.

DOJ’s Insight settlement announcement warns other government contractors of DOJ’s “continuing commitment to ensure that government contractors fulfill their cybersecurity obligations.” Its announcement quotes Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division as stating, “The Justice Department will hold accountable those contractors who knowingly fail to satisfy cybersecurity requirements.”

Meanwhile, Special Agent in Charge Maureen R. Dixon of the Department of Health and Human Services Office of Inspector General (HHS-OIG) is quoted as stating “Contractors for the government who do not follow procedures to safeguard individuals’ personal health information will be held accountable.”

Cyber Risk Implications For Government Contractor & Other Organizations

Potential False Claims Act liability under the DOJ False Claims Act Civil Cyber-Fraud Initiative add additional liability risks for government contractors to already substantial and growing federal and state regulatory, contractual, and civil and criminal liabilities and other consequences that cyber breaches and other cybersecurity weaknesses create for business and other organizations, their health plans and their leaders. Examples of these other exposures that lax privacy, data security, data breach and other cybersecurity practice may create include:

  • Business operating losses from resulting operational disruptions and damages to customer, business partner, shareholder and public trust;
  • Federal Sentencing Guidelines organizational criminal liability arising from violations of electronic crime and other federal criminal data privacy and security laws;
  • Federal Trade Commission Act and state unfair business practices liability for deceiving customers about privacy practices;
  • Security and Exchange Commission (“SEC”) criminal and civil actions and shareholder lawsuits under the Security and Exchange Act;
  • Health Insurance Portability & Accountability Act civil monetary penalty and criminal exposures for health plans, health care providers, health care clearinghouses and their business associates;
  • Employee Benefit Security Act fiduciary liability for health fiduciaries;
  • Liability for violation of Fair and Accurate Transaction Act, Internal Revenue Code, or other federal privacy or confidentiality laws;
  • damages and other penalties and judgments arising under state identity theft, data security, privacy and other state statutory, contractual and tort laws; and
  • More.

These and other constantly emerging exposures show the imperative for government contractors and all other organizations and their leaders to ensure their organizations take adequate, well-documented efforts to protect their systems and data and fulfill all otherwise applicable cybersecurity rules.

With new cyber attacks and strains of cyber liability, emerging constantly, organizations, and their leaders increasingly must change the way they think about and address their own cyber security and other technology, budgets and management. The escalation of cyber incidents and risks necessitates that organizations and their leaders to treat cybersecurity as critical components of their operational and business plans and priorities.

Amid the pandemic of constantly evolving cyber threats, even the most diligent efforts to secure systems and data cannot guarantee the prevention of a breach or other cyber incident. Given this challenge, organizations and their leaders must focus both on taking meaningful steps to adequately secure their systems and data against a cyber breach or incident as well as position their organizations and leaders to defend their actions and mitigate exposures through appropriate strategic planning, documented oversight and risk assessment, monitoring and response of threats and safeguards; preparation and timely response to cyber events using attorney-client privilege and other evidentiary tools to promote the defensibility of pre-breach, breach investigation and post-breach investigation and decision-making.

As the availability of funding can radically impact the effectiveness of these and other risk mitigation efforts when a cyber incident occurs, these preparations also should incorporate insurance and other arrangements to provide for breach investigation funding and response.

For Additional Information

We hope this update is helpful. Solutions Law Press, Inc. invites you to receive future updates by registering on  here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy

If you need have questions or need assistance with this or other cybersecurity, health, benefit, payroll, investment or other data, systems or other privacy or security related risk management, compliance, enforcement or management concerns, to inquire about arranging for compliance audit or training, or need legal representation on other matters,  contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

About the Author 

Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of cybersecurity, workforce, technology and other compliance, risk management and mitigation, incident and other investigations,regulatory and government affairs, and other strategic, operational, regulatory and legal and consulting management work for government contractors and other public and private businesses; managed care and other health and life science, insurance, technology, and other performance and data dependent organizations,

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership with healthcare and life sciences, employment and employee benefits, managed care and insurance, data and technology and other related industries and organizations. Known for her skill combined use of her extensive legal and operational knowledge to help these and other clients develop, operationalize and defend employment, employee benefits, compensation and other staffing and workforce; data, systems and other technology; heath benefit and other healthcare and life science, managed care and insurance; employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational actions and practices. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here

IMPORTANT NOTICE

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on $2.7 Million FCA Cyber Liability Settlement Shows New Tool In Government’s Strategy To Fight Cyber Insecurity By Holding Businesses & Leaders Accountable | Antitrust, Attorney-Client Privilege, Banking, board of directors, Brokers, Civil Monetary Penalties, Claims, compliance, Corporate Compliance, corporate governance, Cybercrime, Cybersecurity, Data Breach, Data Security, Department of Defense, DFAR, Disaster, Educational Privacy, Emergency, Employee Benefits, Employer, Employers, Employment, Employment Policies, enforcement, ERISA, false claims act, FTC, Government Accountability, Government Contractors, government employer, group health plan, health benefit, Health Benefits, health Care, Health Care Fraud, health plan, Health Plans, HIPAA, HR, Human Resources, Identity Theft, Insurance, insurers, Internal Controls, Internal Investigations, Managed Care, OFCCP, Personal Health Records, Personal Health Recordss, Physician, Plan Admistrator, Protected Health Information, Provider, self insured health plan, Technology, third party administrators, tpa, Whistleblower | Tagged: , , , , , , , , , , , , , , , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

Agencies Change Surprise Billing IDR Resubmission Procedures Effective 5/1/24

May 1, 2024

The Departments of Health and Human Services, Labor, and the Treasury (collectively, the Departments) today announced changes to the required process for resubmitting Independent Dispute Resolution (“IDR”) disputes originally improperly batched or bundled in the Federal IDR portal.

According to the Departments’ May 1 announcement, resubmission requests for disputes originally improperly batched or bundled will come directly from the Federal IDR portal instead of from the certified IDR entity, and initiating parties now will have a unique web form they can access via a link in their resubmission email notification to complete the resubmission process.

Starting on May 1, 2024, certified IDR entities will notify parties through an email from the Federal IDR portal that a dispute is eligible for resubmission due to improper batching or bundling from auto-reply-federalidrquestions@cms.hhs.gov. If the recipient initiated the dispute, the resubmission email notification will contain a unique link to a new form called the Notice of IDR Initiation – Resubmission web form and instructions on the next steps. If the recipient did not initiate the original dispute, the email notification will be informational and will not have a link.

Initiating parties have four business days from the date of the resubmission email notification to resubmit a dispute. The resubmission link will no longer work after the four business day window has passed.

If a certified IDR entity notified the party that a dispute submitted was eligible for resubmission due to improper batching or bundling before May 1, 2024, the Departments state the recipient should resubmit the dispute as instructed in the email from its certified IDR entity through the Notice of IDR Initiation web form by May 6, 2024. For information on how to resubmit these disputes, refer to the Notice of Initiation Web Form Job Aid.

The Departments state the Notice of IDR Initiation web form will accept resubmitted disputes through May 6, 2024. After May 6, 2024, the Notice of IDR Initiation web form will no longer accept resubmitted disputes, and all resubmissions must be submitted via the Notice of IDR Initiation – Resubmission web form, as described in the paragraph below.

The following resources provide additional information and instructions on how to complete and submit the new Notice of IDR Initiation – Resubmission web form, following

Health care providers and health plans using the new IDR processes should update their processes immediately to avoid forfeiting surprise billing rights. Recipients of e-mails purportedly from the portal are cautioned to include and follow appropriate procedures to guard against malware or other cyber threats.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management, or public policy developments, please get in touch with the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author 

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health, employee benefits, insurance, hospitality, retail, construction and other industry management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair and Chair Elect of its International Employment Law Committee, Chair of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer has decades of experience advising employers, investigating and helping employers to defend wage and hour, worker classification, discrimination and other labor and employment, employee benefits and other compliance.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Her experience includes extensive involvement advising clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination; EBSA, IRS, and PBGC employee benefit; WHD, CAS, Davis-Bacon and other federal and state wage and hour and other compensation; OSHA and other investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides health care, human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here, such as:

ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on Agencies Change Surprise Billing IDR Resubmission Procedures Effective 5/1/24 | Claims Administration, Corporate Compliance, ERISA, Fiduciary Responsibility, health benefit, Health Benefits, health Care, health care transparency, health insurance, health insurance marketplace, health plan, Health Plans, Human Resources, Managed Care, Protected Health Information, provider contracting, Surprise Billing | Permalink
Posted by Cynthia Marcotte Stamer

New WHD Rule To Raise FLSA Salary Threshold 7/1/24 and 1/1/25

April 30, 2024

Employers of salaried workers earning less than $58,656 should begin preparing either to increase the compensation or reclassify and pay those workers as hourly and entitled to overtime to comply with a final rule that will twice raise the salary thresholds required to exempt a salaried bona fide executive, administrative or professional employee from federal overtime pay requirements between July 1, 2024 and January 1, 2025.

Effective July 1, 2024, the final rule adopted April 23, 2024 will increase the salary threshold from the equivalent of an annual salary of $43,888 from the current required salary threshold of $35,568. Thereafter, the final rule further raises the salary threshold to the annual salary equivalent of $58,656 on January 1, 2025.

The July 1, 2024 salary threshold increase is based on the methodology adopted during the Trump administration in the 2019 overtime rule update. Beginning January 1, 2025, the final rule adopts a new methodology, resulting in the additional increase. In addition, the final rule will adjust the threshold for highly compensated employees. Starting July 1, 2027, salary thresholds will update every three years, by applying up-to-date wage data to determine new salary levels.

The impending changes will require employers currently employing salaried workers with annual salaries below the threshold either to increase their salaries above the threshold or to reclassify and compensate them as non-exempt employees, subject to the minimum wage and overtime requirements of the Fair Labor Standards Act (“FLSA”).

When considering whether to raise salaries or reclassify, an employer should begin by reevaluating whether its salaried employees continues to meet the job duty tests to qualify for salaried status. The review of fulfillment of the job duties test should encompass both workers directly employed as employees on the employers payroll and any workers secured through contingent, workforce, employee leasing, staffing, manpower, consultant, independent contractor, or other similar service arrangements where the potential exists for reclassification of the worker as a employee of the employer or the employer as a joint employer of the employee taking into account, the more aggressive characterization enforcement positions of the Biden Administration.

Employer should conduct this review on all salaried employees, not just those whose current salary is below the upcoming increased minimum level. Reevaluation of the defensibility of all salaried workers classification is recommended because many employers mistakenly misclassify workers as salaried rather than hourly due to an overly optimistic misunderstanding of the duties requirements for a worker to qualify as salaried. The risk of misclassification is heightened under the current administrations enforcement policies. Employers who make this mistake already, or at risk for wage an hour liability for record-keeping and overtime violations for these misclassified workers. Raising the salary of a misclassified worker will only make matters worse by increasing the overtime liability that the employer will be required to pay for failure to pay overtime after the increased takes effect.

An employer should work within the scope of attorney-client privilege to conduct this analysis and implement any necessary reclassification of currently salaried workers to hourly and other steps advisable to mitigate and resolve liabilities relating to employees currently classified as salaried identified as at risk of misclassification.

Once an employer verifies that the salaried worker continues to meet the job duties test to qualify for salary status, the employer next should consider whether to reclassify or increase the salary of any salaried employees currently earning less than the increased minimum salary.

For salaried employees whose job duties make their job classification questionable, employers should work with counsel to evaluate whether restructuring of jobs could make the classification more defensible, eliminate, or reduce required overtime, or otherwise mitigate the effective reclassification or maximize the ability to defend the salary classification.

Next, an employer should analyze the economics taking into account historical and projected overtime hours of work for employees currently earning less than the minimum salary whose job duties defensively satisfy the salaried job duties test. This evaluation should compare the employer’s projected costs to employ the employee:

  • At an increased salary above the new minimum; versus
  • As an hourly employee taking into account projected overtime.

Under certain circumstances, it also may be possible to utilize rules to treat the employee as salaried, non-exempt. Employers also should consider the likely perceptual impact of the reclassification on effected workers. Many times workers view classification as salaried as a status, symbol. Particularly where workers do not work a lot of overtime, reclassification from salary to hourly status may be perceived as a status demotion by some workers. Experienced legal counsel may offer various options to assist in mitigating costs and other impacts of reclassification. Morale issues relating to the reclassification or other aspects of the workplace could create a heightened risk of scrutiny of the employers or past work classification and overtime pay requirements. As reclassifications also could result in unintended discriminatory practices, employer should work with counsel to review and document the defensibility of any job restructuring or reassignments under applicable employment discrimination laws. The employer’s planning process should anticipate these risks and utilize appropriate risk management procedures.

For employees to be reclassified from salary to hourly, employers also also must implement appropriate recordkeeping to meet the FLSA recordkeeping requirements.

Beyond complying with the applicable requirements of the FLSA, impacted employers also will want to reevaluate their budgeting, pricing, and other financial assumptions and practices in preparation of the implications of these increases.

Businesses using contract or other outsourced labor arrangements also will want to ensure that their suppliers are appropriately classifying and paying workers in response to this new adjustment. Biden Administration rules for classifying workers as employers and joint employers make it easier for recipients of these types of services to be held accountable for noncompliance with their suppliers.

Analysis generally should be conducted within the scope of attorney client privilege because of the possibility that sensitive information about worker classification or misclassification other evidence may be uncovered and discussed.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management, or public policy developments, please get in touch with the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author 

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health, employee benefits, insurance, hospitality, retail, construction and other industry management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair and Chair Elect of its International Employment Law Committee, Chair of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer has decades of experience advising employers, investigating and helping employers to defend wage and hour, worker classification, discrimination and other labor and employment, employee benefits and other compliance.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Her experience includes extensive involvement advising clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination; EBSA, IRS, and PBGC employee benefit; WHD, CAS, Davis-Bacon and other federal and state wage and hour and other compensation; OSHA and other investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here, such as:

ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on New WHD Rule To Raise FLSA Salary Threshold 7/1/24 and 1/1/25 | Corporate Compliance | Tagged: , , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

Liberty Energy $265,000 EEOC Discrimination Settlement Warns Other Employers

April 30, 2024

The $265,000 Liberty Energy, Inc. doing business as Liberty Oilfield Services, LLC, will pay to settle a race and national origin discrimination lawsuit brought on behalf of three mechanics by the U.S. Equal Employment Opportunity Commission (EEOC) warns other employers to manage these risks.

The EEOC lawsuit alleged a Black field mechanic and two Hispanic co-workers at Liberty Energy’s Odessa, Texas location were subjected to a hostile environment and referred to with slurs such as the N-word, “beaner,” “wetback” and other derogatory terms.

The employees alleged that they made reports to supervisors, management, and human resources about the discriminatory treatment, but no effective corrective or remedial action was taken by the oil field services company.

Instead, the EEOC’s suit charged that after making his report, the Black mechanic was forced by management to perform undesirable work tasks and was isolated by his peers. With no meaningful action by company management to change the workplace atmosphere and the discriminatory assignments that followed his complaint, he was ultimately left no alternative but to resign.

The EEOC charged this conduct violated Title VII of the Civil Rights Act of 1964, which prohibits discrimination based on race and national origin.

Under the two-year consent decree resolving the suit, in addition to paying $265,000 to the employees, Liberty Energy will adopt and distribute a policy for all human resources and management personnel to effectively respond to reports to discrimination; post a notice in the workplace informing employees of the settlement; adopt and develop a 1-800 hotline for reporting acts of discrimination and/or harassment; and provide specialized training to employees on the federal laws that prohibit employment discrimination, including Title VII.

The suit and settlement demonstrate the need for employers to use care to prevent and manage race, national origin and other employment harassment and discrimination risks. In addition to adopting policies prohibiting discrimination and harassment, employers should conduct training, communicate and post procedures to report suspected violations, conduct carefully documented investigations and resulting discipline or other actions demonstrating their enforcement of the policies. Additionally employers need to take steps to monitor, prevent and redress harassment or other retaliation against workers for complaining or acting as witnesses for investigations. With recently released retaliation guidance, employers also should consider consulting counsel for a review of their existing processes in light of the new rules.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management, or public policy developments, please get in touch with the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author 

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health, employee benefits, insurance, hospitality, retail, construction and other industry management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair and Chair Elect of its International Employment Law Committee, Chair of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer has decades of experience advising employers, investigating and helping employers to defend discrimination and other labor and employment, employee benefits and other compliance. 

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Her experience includes extensive involvement advising clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination; EBSA, IRS, and PBGC employee benefit; WHD, CAS, Davis-Bacon and other federal and state wage and hour and other compensation; OSHA and other investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here, such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on Liberty Energy $265,000 EEOC Discrimination Settlement Warns Other Employers | Corporate Compliance | Tagged: , , , , , , , , , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

SCOTUS Makes Defending Job Reassignments Harder

April 18, 2024

Employers should carefully scrutinize job reassignments for possible sex or other prohibited bias in light of the Supreme Court’s April 17th ruling holding job detriment suffered from a discriminatory reassignment need need not be significant to be actionable.

The Supreme Court’s Muldrow v. City of St. Louis decision resulted from a Title VII lawsuit brought by Sergeant Latonya Clayborn Muldrow, a police officer against the St. Louis Police Department, challenging her reassignment as sexually discriminatory.

Muldrow alleged that she was transferred from her position in the Intelligence Division to a uniformed job in another department because of her gender. Despite maintaining her rank and pay, Muldrow’s responsibilities, perks, and schedule were significantly altered. She filed a Title VII suit against the City of St. Louis, claiming that the transfer constituted sex discrimination with respect to her employment terms and conditions.

Muldrow appealed to the Supreme Court after both the District Court and the Eighth Circuit held that since the transfer did not result in a reduction to her title, salary, or benefits and only caused minor changes in working conditions, Muldrow’s lawsuit could not proceed. Those courts ruled Muldrow had to show that the transfer caused her a “materially significant disadvantage.”

The Supreme Court disagreed. It ruled that an employee challenging a job transfer under Title VII only needed to show some injury respecting her employment terms or conditions, not that the harm was significant.

The ruling that proof of significant job detriment is not required for a reassigned employee to prove a job assignment discriminatory allows reassigned employee’s significantly more latitude to challenge reassignments as discriminatory. Consequently, employers considering reassignments of employees should carefully scrutinize the proposed changes holistically for any potential detriment that affected employees might use to demonstrate discriminatory job detriment. Additionally, employers also should carefully identify and document valid business, discipline or other defensible justifications for planned job reassignment before taking action to make the job reassignment. Due to the potentially sensitive nature of reviews and discussions regarding this analysis, employers generally will want to conduct this analysis with the guidance of a qualified attorney and within the scope of attorney-client privilege.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management, or public policy developments, please get in touch with the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author 

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health, employ benefits, insurance, hospitality, retail, construction and other industry management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer has decades of experience advising and defending employers on wage and hour and other labor and employment laws. 

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Her experience includes extensive involvement advising clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination; EBSA, IRS, and PBGC employee benefit; WHD, CAS, Davis-Bacon and other federal and state wage and hour and other compensation; OSHA and other investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here, such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on SCOTUS Makes Defending Job Reassignments Harder | ADA, Affirmative Action, Age Discrimination, Attorney-Client Privilege, citizenship, Civil Rights, compensation, Corporate Compliance, Disability, Discrimination, Diversity, EEOC, employee, Employer, Employers, Employment, Employment Discrimination, Employment Policies, HR, Human Resources, LBGT, national origin, Race Discrimination, RAISE Act, religious accommodation, Religous Discrimination, Sex Discrimination, sexual harassnrnt, Transgender | Tagged: , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

UHG Projects Timeline For Restarting Services Following 2/21 Ransomware Attack.

March 25, 2024

UnitedHealthcare Group (UHG) plans to resume certain key health benefit and payment function this week that it turned off in response to a February 21, 2024 cyberattack.

Health plans, their fiduciaries, health plan sponsors and insurers, and their administrative and other service providers may find these updates helpful to plan and communicate with plan members, providers and others as part of their efforts to fulfill their own Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, the claims, notice and fiduciary responsibilities under the Employee Retirement Income Security Act of 1974 (ERISA), state contract, prompt pay and other duties to health care providers or other responsibilities in response to disruptions created by UHG’s Blackcat1234 ransomware attack subsidiary Change Healthcare.

UHG Attack

On February 21, 2024, a ransomware attack executed by the Blackcat1234 ransomware group took control of and shut down the payment, revenue cycle management and related tools and systems of UHG Subsidiary Change Healthcare. Well-known for stealing sensitive data and demanding ransom for not publishing it, and other public and private cybersecurity monitoring and tracking organizations have warned heath care and other system operators to guard against Blackcat1234 and related ransomware attack risks since at least 2022.  See, e.g., #StopRansomware: ALPHV Blackcat | CISA.

The Choice Health shutdown resulting from the Blackcat1234 ransomware attack has created widespread disruptions to key care authorization, billing and other pharmacy, provider and other plan and provider transactions within health care and health benefit systems nationwide due to the widespread use of the Choice Health tools. 

Due to the widespread use of the Change Healthcare tools and systems as a financial clearinghouse for connecting pharmacy benefit managers, health care providers, and other key plays and health plans throughout the health care and health benefits industry, the attack has and continues to disrupt key billing, care-authorization, payment and other transactions between health care payers and pharmacies, physicians and other health care providers and health care payers and their partners across the health care industry.  

The resulting shutdown and disruption to electronic payment and medical claims systems incorporating the compromised Change Healthcare tools create various legal and operational headaches for many health plans and other health care payers by preventing or obstructing the submission and processing of health care claims and other transactions between health care providers and health plans. 

While UHG works to remediate and restore the operability and security of the Choice Health tools and systems, health plans, and insurers, their fiduciaries, plan sponsors, and fiduciaries should take timely and prudent steps in response to the breach and resulting disruptions to mitigate the exposure of their health plans, and themselves under HIPAA and ERISA. See Manage Health Plan HIPAA, ERISA & Other Exposures From Change Healthcare Ransomware Attack.

Timeline

In its Product Restoration Timeline posted on a UHG website, UhG projects the following timeline for restoration of the following systems:

Week of 3/25
  • Eligibility Processing: Processes real-time transactions
  • Clearance: Benefits verification and authorization determination
  • MedRX: Pharmacy electronic claims for medical
  • Reimbursement Manager: Claim pricing
  • Coverage Insight: Coverage discovery
Week of 4/1
  • Clinical Exchange: Provider workflow enabling electronic prescribing, ordering and resulting integrated into EHR’s
  • Payer Connectivity Services  (PCS): EDI validation and editing
  • Hosted Payer Services  (HPS): Payer hosting service for eligibility responses to providers
  • Acuity / Pulse: Acuity provides revenue cycle analytics for users of Clearance and Assurance; Pulse provides RCM KPI benchmarks for institutional claims utilizing Assurance client data
Week of 4/8
  • Risk Manager: Supports clients in managing value-based payment contracts.
  • Health QX: Retrospective episode-base payment models

No Guarantees

The UHG website warns these dates are projections based on available information. Products will go through a phased reconnection process, including launch, testing and scaled reconnection. The timeline may change as UHG learns more.

Unlisted Services

The Timeline currently does not list all products and services. The UHG website states that the absence of a product from the schedule does not mean that product is more than three weeks away from resumption. Rather, it means that UHG does not yet have line of sight to the week that it expects to restore it. UHG plans to provide updated information as those timelines become clear.

For specific product updates, UHG invites interested persons to subscribe to the products of interest here.

Restoration Webinars

UHG also has shared the following series of webinary providing more information about its restoration efforts:

For Additional Information

We hope this update is helpful. Solutions Law Press, Inc. invites you to receive future updates by registering on  here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy

If you need have questions or need assistance with this or other cybersecurity, health, benefit, payroll, investment or other data, systems or other privacy or security related risk management, compliance, enforcement or management concerns, to inquire about arranging for compliance audit or training, or need legal representation on other matters,  contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

About the Author 

Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of employee benefit, managed care and other health and insurance industry, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here.

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on UHG Projects Timeline For Restarting Services Following 2/21 Ransomware Attack. | Academic Medicine, Association Health Plan, Brokers, Claims, Claims Administration, Corporate Compliance, Cybercrime, Cybersecurity, Data Breach, Data Security, employee, Employee Benefits, Employer, Employers, ERISA, Fiduciary Responsibility, health benefit, Health Benefits, health Care, health care transparency, health insurance, Health IT, health plan, Health Plans, HIPAA, HR, Human Resources, Identity Theft, Insurance, Internal Controls, Internal Investigations, Internal Revenue Code, Managed Care, Medical Billing, Physician, Plan Admistrator, PPO, Provider, provider contracting, Reporting & Disclosure | Permalink
Posted by Cynthia Marcotte Stamer

OCR Guidance Reminds Health Plans To Ensure Online Tracking HIPAA Compliance

March 19, 2024

Health care providers, heath plans, health care clearinghouses and their business associates (covered entities) should verify that any online tracking technology used in their or their business partner websites or mobile applications comply with the Department of Health and Human Services, Office of Civil Rights (OCR) updated guidance on “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates” published March 18, 2024.

The Guidance reminds covered entities that the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules (HIPAA Rules) apply to their use of online tracking technologies like Google Analytics or Meta Pixel, collect and analyze information about how users are interacting with a regulated entity’s website or mobile application.

The HIPAA Rules apply when the information that regulated entities collect through tracking technologies or disclose to tracking technology vendors includes electronic protected health information (ePHI).

OCR’s information bulletin reminds covered entities that they can only use online tracking technologies provided that the entities comply with their obligations under the HIPAA Rules. Regulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of ePHI to tracking technology vendors or any other violations of the HIPAA Rules.

OCR’s Bulletin provides a general overview of how the HIPAA Rules apply to covered entities use of tracking technologies. It also updates to the Bulletin include:

  • Additional examples of when visits to an unauthenticated webpage may or may not involve the disclosure of ePHI.
  • Additional tips for complying with the HIPAA Rules when using online tracking technologies.
  • Guidance about OCR’s enforcement priorities in investigations involving regulated entities’ use of online tracking technologies.

Covered entities need to understand that online tracking technologies commonly are included in Website, mobile application, and other Internet based tools. These tools frequently include online tracking even if not specifically requested by the covered entity. 

Covered entities should conduct a documented inventory of all website, mobile app, and other Internet, based tools that they or their business associates use, which includes an assessment of whether those tools include online tracking, or other technologies, covered by the guidance. For any online tools using tracking capability, cupboard entities, must ensure that the tool is designed and administered to comply with the HIPAA requirements. Overed entities also should adopt a process for regularly reevaluating and monitoring compliance with this and other HIPAA security requirements in their Internet based in other electronic applications that collect, use, store, access, or disclose electronic, protected health information.

Along with specifically evaluating the existence and compliance of any online tracking technologies, covered entities, also should reevaluate and reconfirm the adequacy of their electronic security overall. The HIPAA Rules require healthcare providers and other covered entities to regularly conduct documented risk assessments to verify the adequacy of their security safeguards, and to make updates to guard against emerging threats based on these recurrent assessments. The importance of compliance with this ongoing recurrent risk assessment obligation is repeatedly reinforced in each HIPAA settlement announced by OCR. See, e.g., OCR Nails Second HIPAA Covered For Allowing Ransomware Breach.

Covered entities should ensure that they and their business associates maintain compliance with these other HIPAA obligations.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management, or public policy developments, please get in touch with the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author 

Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here, such as:

Comments Off on OCR Guidance Reminds Health Plans To Ensure Online Tracking HIPAA Compliance | Corporate Compliance | Permalink
Posted by Cynthia Marcotte Stamer

California Fast Food Minimum Wage Jumps To $20/Hour 4/1

March 19, 2024

The minimum wage applicable to California food restaurants increases to $20 per hour on April 1, 2024. This amount is higher than the generally applicable One of several States with minimum wage rates higher than the Federal minimum wage of $7.25 per hour, California minimum wage, which rose $16.00 per hour (or the higher locally mandated rate) for all employers on January 1, 2024. Employers should confirm their practices and budget forecasts are updated to comply with these and other federal, state or local wage and hour law changes.

Under California Assembly Bill AB 1228, beginning April 1, 2024:

  • The minimum wage for covered “fast food restaurant employees” increases to $20/hour; and
  • Employers covered by the fast-food minimum wage must post the supplemental fast food minimum wage notice in English, Spanish and Simplified Chinese.

Because AB 1228 did not increase the allowed tip credits for fast food employers, fast food employers still may only claim the tip credit amounts otherwise allowed by the statewide minimum wage.

Employers can be subject to minimum wage requirements under Federal, state and local laws. The current Federal minimum wage is $7.25 per hour. California is among several States with minimum wage rates set above the federal minimum wage of $7.25 per hour. The U.S. Department of Labor Wage & Hour Division State Minimum Wage Law Table provides a list of currently applicable State minimum wage rates. The generally applicable minimum wage in California is $16 per hour. California and some other states also allow cities and counties to enact higher minimum wage rates for employees working within their local jurisdiction. See e.g., UC Berkeley List. California and some other States also mandate employers to credit certain break or other times as hours worked not required to be counted under the federal minimum wage rules. Employers must count all hours of work and pay a minimum hourly wage for nonexempt employees that meets or exceeds all of these applicable requirements.

A slew of recent U.S. Department of Labor Wage and Hour Division (WHD) high dollar recoveries alert restaurant and other hospitality industry employers to clean up their Fair Labor Standards Act (FLSA) wage and hour, H-2B and other workforce compliance. These and other public and private federal and state enforcement actions show the high cost employers face for violating these and other wage laws.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management, or public policy developments, please get in touch with the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author 

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health, employ benefits, insurance, hospitality, retail, construction and other industry management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer has decades of experience advising and defending employers on wage and hour and other labor and employment laws.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Her experience includes extensive involvement advising clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination; EBSA, IRS, and PBGC employee benefit; WHD, CAS, Davis-Bacon and other federal and state wage and hour and other compensation; OSHA and other investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here, such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on California Fast Food Minimum Wage Jumps To $20/Hour 4/1 | Child Labor, compensation, compliance, Corporate Compliance, Employer, Employers, Employment, Employment Policies, Fair Labor Standards Act, Workforce | Permalink
Posted by Cynthia Marcotte Stamer

Manage Health Plan HIPAA, ERISA & Other Exposures From Change Healthcare Ransomware Attack

March 17, 2024

What Health Plans, Their Fiduciaries, Vendors & Sponsors Should Be Doing Now

Health plans, their fiduciaries, health plan sponsors and insurers, and their administrative and other service providers should move quickly to understand and act to mitigate the exposures likely to arise under the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, the claims, notice and fiduciary responsibilities under the Employee Retirement Income Security Act of 1974 (ERISA), state contract, prompt pay and other duties to health care providers or other responsibilities in response to disruptions created by the Blackcat1234 ransomware attack (CH/UHG Attack) experienced by UnitedHealthcare Group (UHG) subsidiary Change Healthcare.

Change Healthcare Ransomware Attack

On February 21, 2024, a ransomware attack executed by the Blackcat1234 ransomware group took control of and shut down the payment, revenue cycle management and related tools and systems of UHG Subsidiary Change Healthcare. Well-known for stealing sensitive data and demanding ransom for not publishing it, and other public and private cybersecurity monitoring and tracking organizations have warned heath care and other system operators to guard against Blackcat1234 and related ransomware attack risks since at least 2022.  See, e.g., #StopRansomware: ALPHV Blackcat | CISA.

The Change Health shutdown resulting from the Blackcat1234 ransomware attack has created widespread disruptions to key care authorization, billing and other pharmacy, provider and other plan and provider transactions within health care and health benefit systems nationwide due to the widespread use of the Change Health tools. 

Due to the widespread use of the Change Healthcare tools and systems as a financial clearinghouse for connecting pharmacy benefit managers, health care providers, and other key plays and health plans throughout the health care and health benefits industry, the attack has and continues to disrupt key billing, care-authorization, payment and other transactions between health plans, health care payers and pharmacies, physicians and other health care providers and health care payers and their partners across the health care industry.  

As UHG has worked to recover from the Change Health attack, the resulting shutdown and disruption to electronic payment and medical claims systems incorporating the compromised Change Healthcare tools create various legal and operational headaches for many health plans and other health care payers by preventing or obstructing the submission and processing of health care claims and other transactions between health care providers and health plans.  While UHG works to remediate and restore the operability and security of the Choice Health tools and systems, health plans, and insurers, their fiduciaries, plan sponsors, and fiduciaries should take timely and prudent steps in response to the breach and resulting disruptions to mitigate the exposure of their health plans, and themselves under HIPAA and ERISA.

HIPAA Security & Breach Notification Responsibilities

While most health care providers and health plans expect Change Health and other UHG entities to face potential data breach and breach notification responsibilities and liabilities under HIPAA and other federal and state data privacy and cybersecurity laws, many health plan fiduciaries, sponsors, insurers, and administrative or other service providers have given limited consideration to how the February 21, 2024, cyber event impacted their HIPAA responsibilities and exposures.  Guidance published by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) on March 13, 2023, alerts health plans and health insurers, their fiduciaries and plan sponsors, health care providers, health care clearinghouses, and their business associates (covered entities) against overlooking their own potential HIPAA responsibilities arising from the February 21 Choice Health attack or other similar events.

HIPAA requires covered entities and their business associates to protect the privacy and security of protected health information, to have and enforce HIPAA-compliant business associate agreements, to conduct timely documented risk assessments in response to known or foreseeable security threats, and to provide notice of a breach to OCR, affected individuals and for breaches affecting more than 500 individuals. 

Under the HIPAA Security Rule, covered entities must conduct documented risk assessments to evaluate and monitor their electronic personal health information (EPHI) and associated systems for potential breaches and other threats that expose EPHA to unauthorized use, access, disclosure, destruction or other compromise.

To fulfill this requirement, the Security Rule requires covered entities and business associates to conduct documented risk assessments impacting their EPHI and to update these risk assessments in response to internal or external events impacting the adequacy of their risk assessments or security safeguards.

While the responsibility of covered entities and business associates to protect EPHI against unauthorized use, access and disclosure from cybercriminals and others receives the most attention, the Security Rule also includes often less discussed responsibility to protect EPHI and related operating systems against destruction or other disruptions from a wide range of threats including ransomware attacks. 

OCR guidance makes clear that OCR views safeguarding EPHI against ransomware and other cybersecurity threats as encompassed in this duty.  As part of these efforts, OCR and other cybersecurity agencies have recommended among other things that covered entities and business associates:

  • Routinely take inventory of assets and data to identify authorized and unauthorized devices and software;
  • Prioritize remediation of known exploited vulnerabilities’
  • Enable and enforce multifactor authentication with strong passwords;
  • Close unused ports and remove applications not deemed necessary for day-to-day operations.

 See e.g., #StopRansomware: ALPHV Blackcat | CISA.

Furthermore, when a breach of results in an unauthorized use, access, disclosure or destruction of EPHI, the HIPAA Breach Notification Rule requires covered entities and their business associates to provide timely notification of the breach to subjects of the breached EPHI and OCR, and if the breach affects more than 500 subjects, to the media.  Concurrently, the HIPAA Security Rule requires health plans and other covered entities to evaluate through documented risk assessments and take appropriate timely action to update their EPHI security as necessary to respond to breaches, potential breaches and other evolving threats to their EPHI and related systems. 

On March 13, 2024, the Office of Civil Rights (OCR) released a  “Dear Colleague letter” that warns the February 21, 2024 CH/UHG data breach is likely to trigger HIPAA obligations and investigations for Choice Health and UHG as well as other HIPAA-covered health plans, heath care providers, heath care clearinghouses and business associates.  While stating the investigation currently focuses on Change Healthcare and UHC, for instance, the Dear Colleague Letter warns that OCR anticipates that its response to the February 21, 2024 CH/UHG Attack eventually also will include “secondary” investigations of other health plans, health care providers, health care clearinghouses and business associates “tied to or impacted by this attack.”

In light of these anticipated secondary investigations, OCR’s Dear Colleague letter warns health plans, health care providers, health care clearinghouses, business associates to ensure they timely and properly handle their own potential HIPAA responsibilities arising from the CH/UHG Attack.  The Dear Colleague letter expressly alerts health plans, health care providers and other covered entities and business associates “that have partnered with Change Healthcare and UHG” in anticipation of OCR’s expected secondary investigations to ensure that their own ability to demonstrate their organization meet all required HIPAA responsibilities including that:

  • All required “business associate agreements are in place;
  • All required breach notifications are provided to HHS, affected persons and in the event of a large breach affecting more than 500 individuals, to the media; and
  • All security and other HIPAA responsibilities are met.

The Dear Colleague Letter also directed covered entities and their business associates to the following previously released OCR resources for assistance in understanding their responsibilities for guarding EPHI against ransomware and other cybersecurity threats:

  • The OCR HIPAA Security Rule Guidance Material webpage;
  • OCR Video on How the HIPAA Security Rule Protects Against Cyberattacks;
  • OCR Webinar on HIPAA Security Rule Risk Analysis Requirement;
  • HHS Security Risk Assessment Tool;
  • Factsheet: Ransomware and HIPAA; and
  • Healthcare and Public Health (HPH) Cybersecurity Performance Goals.

Standing alone, the Dear Colleague Letter makes clear that all covered entities partnered with or impacted by disruptions from the CH/UHG attack need to take documented steps to reevaluate and tighten the adequacy of their existing security safeguards as well as their processes for monitoring and responding to evolving ransomware and other cybersecurity threats in anticipation of becoming the target of potential “secondary” OCR investigations arising from the CH/UHG Attack.

While the Dear Colleague Letter specifically references covered entities and business associates “partnered” with Choice Health, OCR’s previously issued guidance warning all covered entities and their business associates to safeguard their EPHI against ransomware and other cybersecurity threats, strongly suggest that all covered entities and business associates should consider the advisability of reevaluating the adequacy of their own EPHI safeguards in light of the heightened ransomware and other cyber threat illustrated by the CH/UHG Attack.  Consequently, all covered entities and business associates partnered with or impacted by the CH/UHG Attack or its resulting distributions specifically, as well as covered entities and business associates generally should work with experienced legal counsel to conduct documented risk assessments of their systems, exposures, responsibilities and risks taking into account these developments as soon as possible in anticipation of complaint or audit driven investigations arising from the Choice Health and other malware events and threats.

ERISA-Covered Health Plan Data Security & Breach Related Fiduciary Duties

In addition to any applicable HIPAA responsibilities, fiduciaries and sponsors of employer or union sponsored health plans subject to the Employee Retirement Income Security Act (ERISA) also should consider whether the CH/UHG Attack or the heightened ransomware and other cyber security threats any additional actions are prudently necessary to protect the health plan data, assets or operations.

ERISA generally requires individuals or entities named as fiduciaries or otherwise possessing functional discretionary authority or responsibility or authority over a plan or its assets (fiduciaries) to act prudently to protect and administer the plan and its assets.  Department of Labor Employee Benefit Security Administration (EBSA) guidance published in April, 2021 first officially confirmed its interpretation of ERISA’s duty of prudence as including a duty to utilize prudent cybersecurity safeguards.  Since EBSA published this cybersecurity guidance EBSA also has also added cybersecurity inquiries to its plan fiduciary audits. As a result, in addition to complying with HIPAA, ERISA-covered health plan fiduciaries and sponsors also should be prepared to demonstrate plan fiduciaries acted prudently to comply with HIPAA as well as the following actions to safeguard health and other employee benefit plan data and systems against cybersecurity threats:

  • Tips for Hiring a Service Provider: Helps plan sponsors and fiduciaries prudently select a service provider with strong cybersecurity practices and monitor their activities, as ERISA requires.
  • Cybersecurity Program Best Practices: Assists plan fiduciaries and record-keepers in their responsibilities to manage cybersecurity risks.
  • Online Security Tips: Offers plan participants and beneficiaries who check their retirement accounts online basic rules to reduce the risk of fraud and loss.

In light of this OCR and EBSA guidance, health plan sponsors, fiduciaries and vendors and other HIPAA covered entities and business associates are urged to take documented steps to audit and strengthen as needed their safeguards against hacking and other cybersecurity threats including:

  • In the case of any health plan or health plan vendor, taking well documented steps to assess and tighten as necessary their health plan systems and data security to meet or exceed the recommendation outlined in the EBSA cybersecurity guidance or otherwise necessary to prudently guard their plans and plan data and systems against cybersecurity threats.
  • Reviewing and monitoring on a documented, ongoing basis the adequacy and susceptibilities of existing practices, policies, safeguards of their own organizations, as well as their business associates and their vendors within the scope of attorney-client privilege taking into consideration data available from OCR, data regarding known or potential susceptibilities within their own operations as well as in the media, and other developments to determine if additional steps are necessary or advisable.
  • Updating policies, privacy and other notices, practices, procedures, training and other practices as needed to promote compliance and defensibility.
  • Renegotiating and enhancing service provider agreements to detail the specific compliance, audit, oversight and reporting rights, workforce and vendor credentialing and access control, indemnification, insurance, cooperation and other rights and responsibilities of all entities and individuals that use, access or disclose, or provide systems, software or other services or tools that could impact on security; to clarify the respective rights, procedures and responsibilities of each party in regards to compliance audits, investigation, breach reporting, and mitigation; and other relevant matters.
  • Verifying and tightening technological and other tracking, documentation and safeguards and controls to the use, access and disclosure of protected health information and systems.
  • Conducting well-documented training as necessary to ensure that members of the workforce of each covered entity and business associate understand and are prepared to comply with the expanded requirements of HIPAA, understand their responsibilities and appropriate procedures for reporting and investigating potential breaches or other compliance concerns, and understand as well as are prepared to follow appropriate procedures for reporting and responding to suspected
    violations or other indicia of potential security concerns.
  • Tracking and reviewing on a systemized, well-documented basis actual and near miss security threats to evaluate, document decision-making and make timely adjustments to policies, practices, training, safeguards and other compliance components as necessary to identify and resolve risks.
  • Establishing and providing well-documented monitoring of compliance that includes board level oversight and reporting at least quarterly and sooner in response to potential threat indicators.
  • Establishing and providing well-documented timely investigation and redress of reported
    violations or other compliance concerns.
  • Establishing contingency plans for responding in the event of a breach. 
  • Establishing a well-documented process for monitoring and updating policies, practices and other efforts in response to changes in risks, practices and requirements.
  • Preparing and maintaining a well-documented record of compliance, risk, investigation and other security activities.
  • Pursuing other appropriate strategies to enhance the covered entity’s ability to demonstrate its compliance commitment both on paper and in operation.

Because susceptibilities in systems, software and other vendors of business associates, covered entities and their business associates should use care to assess and manage business associate and other vendor associated risks and compliance as well as tighten business associate and other service agreements to promote the improved cooperation, coordination, management and oversight required to comply with the new breach notification and other HIPAA requirements by specifically mapping out these details.

Furthermore, while the preemption provisions of ERISA generally insulate health plans and their sponsors from responsibility or liability for complying with state insurance, data security, breach notification or other state law cybersecurity and cyber breach and breach notification laws and rules, health insurers and other health plan service providers generally remain subject to these state law requirements.  Consequently, health insurers, administrative service providers and other health plan vendors also should act promptly to evaluate and ensure their fulfillment of all applicable cybersecurity and data breach mandates under relevant state law.

Leaders of covered entities or their business associates also are cautioned that while HIPAA itself does not generally create any private right of action for victims of breach under HIPAA, breaches may create substantial liability for their organizations or increasingly, organizational leaders under state data privacy and breach, negligence or other statutory or common laws.  In addition, physicians and other licensed parties may face professional discipline or other professional liability for breaches violating statutory or ethical standards.  Meanwhile, the Securities and Exchange Commission has indicated that it plans to pursue enforcement against leaders of public health care or other companies that fail to use appropriate care to ensure their organizations comply with privacy and data security obligations and the Employee Benefit Security Administration recently has issued guidance recognizing prudent data security practices as part of the fiduciary obligations of health plans and their fiduciaries.

Finally, health plans and other covered entities are reminded that appropriate strategic planning and use of attorney-client privilege and other evidentiary tools can critically impact the defensibility of pre-breach, breach investigation and post-breach investigation and decision-making. Because HIPAA, EBSA and other rules typically require prompt investigation and response to known or suspected hacking or other cybersecurity threats, health plans and other covered entities or business associates should seek the assistance of experienced legal counsel to advise and assist in these activities to understand the potential availability and proper use of these and other evidentiary rules as part of the compliance planning process as well as to prepare for appropriate use in the event of a known or suspected incident to avoid unintentional compromise of these protections.

ERISA & Other Risks From Untimely Timely Acceptance & Processing of Health Plan Eligibility & Benefit Provisions

Since Change Health shut down its tools and systems CH/UHG Attack has created and continues to cause nationwide disruptions in the ability of pharmacy, physician and other health care providers to submit, and health plans and insurers to receive and process a wide range of health care billing, claims and other transactions because of the widespread integration and use of Choice Health tools in systems health care providers and payers use for the submission, receipt, and processing of health care provider eligibility, billing and other health benefits. 

Along with the liabilities and headaches that the ransomware attack and resulting disruptions create for Choice Healthcare and UHG, delays and other disruptions in the handling of health benefit eligibility, claims processing, notifications and payment by health plans and their administrative services providers arising from can create a host of additional liability headaches health plans, health insurers, their fiduciaries and administrative services providers in addition to those arising directly from the HIPAA and other cybersecurity breach itself.

For ERISA-covered health plans, ERISA generally holds health plans and their fiduciaries accountable for the prudent, timely administration of health plan eligibility, claims and other administrative functions in accordance with the terms of the plan and within the applicable time frames and other requirements of ERISA’s reasonable claims procedure and adverse benefit determination rules.  Health plans and their ERISA plan administrators generally must receive and process claims transactions required by the adverse claim determination regulations and provide participants or beneficiaries with detailed written notifications for any claims not processed and paid within the relevant 72-hour, 15-day or 30-day time period specified by the adverse claim determination rules.  Noncompliance with these requirements both undermines the defensibility of the health plan’s denial of coverage and subjects the plan administrator to liability for EBSA penalties and/or discretionary awards of penalties plus attorneys’ fees and other costs of enforcement to plan participants or beneficiaries for failures to deliver timely notification of the denial.  To the extent that EBSA or a court determines that the failure to timely and appropriately process and pay benefits resulted from a lack of prudence or other breach of ERISA fiduciary duties, fiduciaries are at risk for incurring personal liability for actual damages to the plan or its participants plus attorneys’ fees and other costs of enforcement; EBSA penalties for engaging in a breach of fiduciary duty under ERISA section 502(l); or both.

Beyond these ERISA-related risks, delays in processing and payment of health care provider claims also create potential additional liability for health insurers, health plans and their administrators to the extent the disruptions prevent the timely payment and processing of health benefit claims in violation of health care provider rights under managed care or other provider contracts, prompt pay and surprise billing or other provider legal rights.  Unlike member claims assigned to providers, ERISA generally does not preempt these nonderivative provider rights and claims or the additional state law damages, penalties or other remedies arising under state law against health insurers, health plans and plan administrators found to violate these rules. Consequently, delays in payments to providers also could substantially increase the costs and liabilities that health insurers, health plans, their fiduciaries, administrators, and employers and other sponsors obligated under the plan terms or vendor contracts to pay these costs.

In light of these and other potential risks, health insurers and health plans, their employer, union and other sponsors, fiduciaries, administrative services providers and other vendors should act quickly to investigate and ensure proper management of the fallout from the CH/UHG Attack and the heightened ransomware and other cybersecurity threats it represents.

Along with working with qualified legal counsel to address the potential HIPAA, ERISA and other responsibilities the health plan or insurer, its fiduciaries, service providers and sponsor bear from the CH/UHG Attack and other cyber risks, most parties also will want to evaluate obligations to notify cybersecurity and other liability insurers, seek indemnification from Choice Healthcare, UHG or other potentially culpable parties and evaluate other sensitive data and strategies for mitigation of their health plan and their own resulting liabilities, costs and other consequences.

For Additional Information

We hope this update is helpful. Solutions Law Press, Inc. invites you to receive future updates by registering on  here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you need have questions or need assistance with this or other cybersecurity, health, benefit, payroll, investment or other data, systems or other privacy or security related risk management, compliance, enforcement or management concerns, to inquire about arranging for compliance audit or training, or need legal representation on other matters,  contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

About the Author 

Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here, such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on Manage Health Plan HIPAA, ERISA & Other Exposures From Change Healthcare Ransomware Attack | Association Health Plan, Corporate Compliance, group health plan, health Care, Health Care Sharing Ministries, health insurance, health plan, Health Plans, HIPAA, Public Policy, self insured health plan, tpa | Tagged: , , , , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

Wage & Hour Takes Aim At Restaurant & Other Hospitality Employers

February 8, 2024

A slew of recent U.S. Department of Labor Wage and Hour Division (WHD) high dollar recoveries alert restaurant and other hospitality industry employers to clean up their Fair Labor Standards Act (FLSA) wage and hour, H-2B and other workforce compliance.

Popeyes Franchise- $212,000

On February 7, 2024, the Labor Department announced its recovery of $212,000 in Baxley and penalties from California Popeyes franchisee 14th St. Chicken Corp. for violations of federal child labor and wage and hour laws. The WHD says this is the third time that the it has cited the franchisee for violations of the Fair Labor Standards Act

The latest WHD investigation found the Popeyes fast-food chain franchiseedetermined the employer violated the FlSA by shortchanged workers by failing to pay overtime earnings for hours worked over 40 in a workweek.

Additionally, the investigation revealed the franchisee violated child labor rules by hiring children as young as 13-years-old and minors who worked later and longer than permitted by child labor laws at the employer’s three Oakland, Tracy and Newark locations.

Prior violations involved the Oakland and Tracy restaurants in 2003 and 2022, respectively.

For these violations, WHD

  • Recovered $39,826 in unpaid overtime wages and $39,826 in damages for 15 employees;
  • Imposed $121,104 in civil money penalties for child labor violations;
  • Imposed $12,104 in civil money penalties for overtime violations.

In fiscal year 2023, the Wage and Hour Division found child labor violations in more than 950 investigations, resulting in more than $8 million in penalties assessed to employers. on the recoveries.

The announcement warns the Labor Department plans to continue prioritizing child labor law investigations and enforcement quoting Wage and Hour Division Assistant District Director Alberto Raymond as saying:

The U.S. Department of Labor is determined to fight child labor violations in all sectors, including the fast-food industry.”

Sails Restaurant LLC – $184,139

On February 7, 2024, the Labor Department announced its recovery of has recovered $184,139 in back wages and liquidated damages for 56 seasonal guest workers and U.S. workers of a Naples restaurant after finding multiple violations of federal nonimmigrant work program regulations and federal minimum wage and overtime regulations.

The federal H-2B visa program permits U.S. employers to temporarily hire nonimmigrants to perform nonagricultural labor or services. However, the employment must be for a limited, specific period of time, such as a one-time occurrence, seasonal, peak load or intermittent need and the employment must comply with all the conditions for hiring applicable to that program.

The WHD says it’s investigation of Sails Restaurant LLC (Sails) found multiple violations of requirements of the H-2B worker visa program including:

  • Misrepresenting job requirements despite having previously used and knowing the requirements by willfully misrepresenting access to high-paid server positions with unlimited earnings potential when instead no such job existed; promotional positions out of reach for many; and shifting a dining room attendant to another job as a construction laborer;
  • Imposing special experience requirements for H-2B workers to qualify for jobs;
  • Failing to list all qualifications in the job order;
  • Not giving proper notices related to job termination, denying H-2B workers U.S. work status rights;
  • Improperly classifing jobs or excluded job tasks on work orders;
  • Failing to provide job orders or notify workers of their rights; and
  • Not reimbursing visa expenses for H-2B workers, despite being aware of the requirement.

WHD also found Sails violated the Fair Labor Standards Act (FLSA) by illegally keeping the tips of some H-2B and U.S. workers, failing to pay one worker their last paycheck and paying an incorrect overtime rate to tipped employees.

For these violations, WHD required Sales to pay the wrongfully denied wages and assessed $53,536 in civil money penalties.

Wage and Hour Division District Director Nicolas Ratmiroff warned, “Hospitality and food industry employers must understand that regardless of whether the employer is taking a tip credit, employers are prohibited from keeping employee tips or requiring that an employee give their tips to the employer, a supervisor, or manager.

$359,000 Retaliation Judgment

Along with complying with FLSA, child and migrant labor and other rules, employers also are cautioned to avoid retaliation against workers in violation of federal employment laws by first ever federal court order to jointly impose liability against an employer for violation of the FLSA and the Occupational Safety and Health Act (OSH Act).

In a December 15, 2023 judgment, a federal court ordered a Milford sports bar and its owner to pay employees a total of $359,485 in back pay, emotional distress damages, withheld compensation and punitive damages for violating the anti-retaliation provisions of the FLSA and The OSH Act.

The retaliation judgment resulted from a Labor Department lawsuit filed against Milford Sports Bars LLC, doing business as Champions Grill and Bar, and its owner, Loren Drotos, who is also known as Mark Roberts, Mark Drotos and Mark Lawrence.

The suit filed in the U.S. District Court for the District of Connecticut in February, 2022 alleged that in January 2022, the employers threatened an employee who asked the employer to pay him compensation earned then unlawfully terminated employees who participated in an inspection by the Occupational Safety and Health Administration.

The Labor Department also alleged that, after firing employees within days of exercising these federally protected rights, the employers sought to further chill employees from engaging in protected activities and cooperating with federal investigators by sending a message to employees that they should not talk to the Labor Department.

The District Court accepted the Labor Department’s partment’s allegations as true and issued an order granting $6,770 in back pay, $2,715 in withheld wages, $125,000 in emotional distress damages and $225,000 in punitive damages to the affected employees. The court order also prohibits the employers from future violations of the anti-retaliation provisions of the FLSA and OSH Act.

According to Regional Solicitor of Labor Maia Fisher, “The court’s award of $225,000 in punitive damages and over $359,000 in damages overall sends a clear message that the U.S. Department of Labor will not tolerate such behavior.”

Restaurant & Other Hospitality Employers Should Strengthen Compliance & Risk Management

Following on the heels of other similar enforcement actions, these Labor Department actions send a clear signal that restaurant and other hospitality employees should ensure their ability to defend their compliance with the FLSA, H-2B and other foreign labor, OSHA, anti retaliation and other laws enforced by the Labor Department.

The award against Ole Jose Grill & Cantina warns other restaurant and food services employers to use card to properly classify, track hours of work and pay all required wages and overtime.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management, or public policy developments, please get in touch with the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here, such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on Wage & Hour Takes Aim At Restaurant & Other Hospitality Employers | Corporate Compliance | Tagged: , , , , , , , , , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

Prepare Defenses Against Rising Religious Discrimination Exposures

February 6, 2024

A newly announced religious discrimination settlement reminds employers of the advisability of reviewing and strengthening the defensibility of their grooming, dress code, scheduling and time off and other employment policies, practices and other procedures for applying, granting or denying religious exceptions, and other employment practices to defend against potential discrimination exposures in light of rising religious sensitivities, the Supreme Court’s 2023 ruling in Groff v. DeJoy, 143 S. Ct. 2279 (2023) and emerging Equal Employment Opportunity Commission (EEOC) guidance and enforcement.

Religious Discrimination & Accommodation Under Civil Rights Act

Title VII of the Civil Rights Act of 1964 prohibits discrimination based on religion and requires employers to reasonably accommodate an employee’s religious observance or practice, unless an accommodation would impose an undue hardship. The Civil Rights Act prohibits discrimination in any aspect of employment, including hiring, firing, pay, job assignments, promotions, layoff, training, fringe benefits, and any other term or condition of employment. It also prohibits:

  • Forcing an employee to participate (or not participate) in a religious activity as a condition of employment;
  • Subjecting an applicant or employee to offensive remarks about a person’s religious beliefs or practice or other harassment that creates a hostile or offensive work environment or results in an adverse employment decision or other job detriment or certain other types of harassment, whether by the victim’s supervisor, a supervisor in another area, a co-worker, or someone who is not an employee of the employer, such as a client or customer;
  • Workplace or job segregation based on religion including religious garb and grooming practices;
  • Failing to reasonably accommodate an employee’s religious beliefs or practices, unless doing so would cause a burden that is substantial in the overall context of the employer’s business taking into account all relevant factors, including the particular accommodation at issue and its practical impact in light of the nature, size, and operating cost of the employer; and
  • Retaliating against an employee or applicant based on good faith exercise of his right to be free from religious discrimination or cooperation in investigations or other protected activities.

The duty to provide religious accommodation applies not only to schedule changes or leave for religious observances, but also to such things as dress or grooming practices that an employee follows as part of the employee’s religious reasons such as wearing particular head coverings or other religious dress or hairstyles or facial hair. It also includes an employee’s observance of a religious prohibition against wearing certain garments such as pants or miniskirts. 

Under the Civil Rights Act, the obligation to provide religious accommodation generally applies unless the employer demonstrate that the accommodation of the employee’s religious beliefs or practices would cause undue hardship to the employer. The burden of proving an undue hardship rests on the employer, who must show that the accommodation burden is substantial in the overall context of an employer’s business, taking into account all relevant factors in the case at hand, including the particular accommodation at issue and its practical impact in light of the nature, size and operating cost of the employer. 

The Supreme Court’s 2023 decision in Groff v. DeJoy confirms employers seeking to defend their denial of a request for religious accommodation must be prepared to prove granting the religious accommodation request would impose a significant burden on the employer, holding the defense of undue hardship requires proof a burden that is “substantial in the overall context of an employer’s business” “taking into account all relevant factors in the case at hand, including the particular accommodations at issue and their practical impact in light of the nature, size and operating cost of an employer.” Mere proof a a “de minimis cost” will not suffice. See also EEOC Notice Concerning the Undue Hardship Standard in Title VII Religious Accommodation Cases.

Blackwell Security Services Religious Discrimination Litigation Settlement

The settlement with Blackwell Security Services, Inc. (Blackwell) recently announced by the EEOC highlights the challenge employers should anticipate facing in defending a denial of an employee or applicant request for exception from a dress code, grooming or other employer policy for religious reasons. 

On January 31, 2024, the EEOC announced Blackwell will pay $70,000 and provide other relief to settle the EEOC’s religious discrimination lawsuit that charged Blackwell wrongfully refused to accommodate a Muslim employee’s religious practice of wearing a beard in observance of his religious beliefs.

According to the EEOC, shortly after Blackwell hired the employee, a Blackwell supervisor told the employee that company policy required all employees be clean-shaven. When the employee requested an exemption from the policy to accommodate his religious practice, Blackwell told him to shave his beard or face termination even though the EEOC determined accommodating his religious practice would impose no cost or operational burden on the business. To avoid losing his job, the employee complied and shaved his beard, causing him significant distress.

Under the consent decree resolving the EEOC lawsuit, Blackwell will pay $70,000 in compensation to the now-former employee. Blackwell will also provide training to relevant management employees on federal laws prohibiting religious discrimination and will report any additional complaints of religious discrimination to the EEOC for the decree’s duration.

Employee Religious Discrimination Risks Rising

The EEOC charge and lawsuit against Blackwell is one of a deluge of religious discrimination charges filed with the EEOC in recent years. In fact, EEOC enforcement data shows that religious discrimination charges received by the EEOC soared from 2,111 in 2021 to 13,814 in 2022 while over the same period settlements rose from 146 in 2021 to 730 in 2022.

Religion-Based Charges (Charges filed with EEOC) FY 2013 – FY 2022
 FY 2013FY 2014FY 2015FY 2016FY 2017FY 2018FY 2019FY 2020FY 2021FY 2022*
Receipts3,7213,5493,5023,8253,4362,8592,7252,4042,11113,814
Resolutions3,8653,5753,7363,8273,9973,6533,0012,5702,0807,453
Settlements331268275266233151171144146730
Reasonable Cause1681161391211192821231035960
Monetary Benefits (Millions)**$11.2$8.7$10.8$10.1$11.2%$9.2$9.9$6.1$9.5$12.8
The chart represents the total number of charges filed and resolved under Title VII alleging religion-based discrimination as compiled by the Office of Enterprise Data and Analytics from data compiled from the EEOC’s Integrated Mission System.  This does not include charges filed with state or local Fair Employment Practices Agencies.  *EEOC notes, “In FY 2022, there was a significant increase in vaccine-related charges filed on the basis of religion. As a result, FY 2022 data may vary compared to previous years.”  ** Does not include monetary benefits obtained through litigation. See https://www.eeoc.gov/data/religion-based-charges-charges-filed-eeoc-fy-1997-fy-2022.

A number of factors have fueled the sharp rise in religious accommodation and other religious discrimination risks. Along with the Supreme Court’s affirmation of the high burden of proof employer must meet to justify refusing to grant religious accommodations to employees in Groff v. DeJoy, a series of religious accommodation guidance issued by the EEOC during and following the COVID-19 pandemic health care emergency and demands for religious accommodation exemptions to COVID-19 mask and vaccination mandates heightened awareness and the volume of religious discrimination claims filed with the EEOC.  See, e.g., What You Should Know About COVID-19 and the ADA, the Rehabilitation Act, and Other EEO Laws. Unsurprisingly, charges from these COVID-19 related and other religious accommodation claims brought since the COVID-19 pandemic health care emergency has and continues to fuel litigation, settlements and judgements. See, e.g., Children’s Hospital Pays $45K To Resolve COVID Vaccine Religious Discrimination Suit.

The already heightened awareness fueled during the COVID-19 health care emergency has been further heightened by EEOC and other governmental guidance and outreach in response to rising potential religious and national origin discrimination concerns arising from the Israeli/Palestinian conflict and various other international events. See e.g., Resolution of the U.S. Equal Employment Opportunity Commission Condemning Violence, Harassment, and Bias Against Jewish Persons in the United States; What to Do If You Face Antisemitism at Work; Anti-Arab, Anti-Middle Eastern, Anti-Muslim, and Antisemitic Discrimination are Illegal; Religious Garb and Grooming in the Workplace: Rights and Responsibilities; Fact Sheet on Religious Garb and Grooming in the Workplace: Rights and ResponsibilitiesEmployment Discrimination Based on Religion, Ethnicity, or Country of Origin; Q&A for Employees: Responsibilities Concerning the Employment of Individuals Who Are, or Are Perceived to Be, Muslim or Middle Eastern; Q&A for Employers: Responsibilities Concerning the Employment of Individuals Who Are, or Are Perceived to Be, Muslim or Middle Eastern.

With these and other events continuing to escalate sensitivities and awareness of federal laws against religious discrimination, health care and other organizations should act to strengthen their ability to recognize and respond defensibly to religious accommodation and other religious discrimination risks whether arising from patients and other customers, employees or others.

Act To Mitigate Religious Discrimination Risks

In the face of the prioritization that the Biden Administration generally and OCR specifically is placing on religious and national origin in connection with the current Israeli-Palestinian hostilities, all covered facilities should brace for heightened oversight and enforcement by OCR the EEOC and other federal agencies, as well as private litigants. These organizations also should guard against retaliation liability, which can result even where the discrimination claim fails.

As a starting point, health care and other organizations should begin by reviewing their existing complaint history, policies, practices, training, reporting and investigation practices within the scope of attorney-client privilege and revise these policies as needed to strengthen their defensibility.

In connection with this review, health care and other organizations should ensure that their policies, procedures and notices clearly prohibit religious discrimination as well as communicate procedures for persons that believe their religious beliefs merit accommodation or otherwise believe they are subject to religious harassment or other discrimination to communicate their request to a representative of the organization appropriately trained to receive, evaluate and respond to the accommodation request defensibly. Most organizations will want to arrange for qualified legal counsel to be readily available to assist the responsible party with these activities. 

Organizations should consider adopting carefully crafted and documented internal procedures for receiving, investigating and responding to religious accommodation request in a manner that promotes their organization’s ability to demonstrate each request is assessed in accordance with the law free from the inappropriate application of assumptions or stereotypes about what constitutes a religious belief or practice or what type of accommodation is appropriate. Organizations should train managers and supervisors to grant religious accommodation requests whenever possible and to refer any questions about the appropriateness or response to any religious accommodation request to the designated responsible party.

When faced with a request for a religious accommodation which the organization believes cannot be implemented without undue hardship, most organizations will want to seek the advice of legal counsel while exploring opportunities to allow the requested or an alternative accommodation on a temporary basis pending further exploration of the requested more permanent accommodation. Appropriate communication and documentation processes also are important. In addition, all organizations will want to ensure that their organization takes appropriate steps to prevent and defend against potential retaliation claims.

Due to the legal and political sensitivity of the practices and analysis involved, employers and others involved in the review of these policies and practices or their application when handling religious accommodation requests or other events raising the potential for religious, national origin, race or related concerns, employers also should consider involving experienced legal counsel about the circumstances, as well as to take advantage of the availability of attorney-client privilege and other evidentiary rules to help mitigate exposures and enhance the defensibility of their actions.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair of its International Employment Law Committee, Chair of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on employment, heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services, retail, manufacturing, hospitality, and other organizations of all types and their technology, data, and other service providers and advisors domestically and internationally with employment, employee benefit, compensation, worker classification, contracting, data privacy and security, Federal Sentencing Guideline and other governance and internal control and other rules specifically relating to workforce management, as well as industry and business specific internal controls and other performance management required to manage regulatory, contractual and operational compliance and risk management. Her experience includes decades of involvement advising and representing employers, educational organizations, health care organizations, and other businesses on Civil Rights Act and other federal, state and local discrimination laws.

Author of a thousands of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer, her legal, business and governmental relations consulting, training, public speaking or other services, experience and involvements , see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here, such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on Prepare Defenses Against Rising Religious Discrimination Exposures | Corporate Compliance, Discrimination, EEOC, EEOC, Employers, religious accommodation, Religious Organization, Religous Discrimination | Tagged: , , , , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

Restaurant Pays $167K In Back Wages & Damages For Overtime Violation

February 1, 2024

West Virginia based Ole Jose Grill & Cantina LLC, paid $167,000 in back pay and penalties to 17 tipped employees after the U.S. Department of Labor Wage and Hour Division found the employer improperly calculated their overtime under the Fair Labor Standards Act (FLSA).

FLSA & Food Service

The minimum wage, overtime, and record keeping requirements of the FLSA generally apply to all non exempt restaurant employees with some special rules.

The FLSA requires most restaurants to pay covered non-exempt workers a federal minimum wage of not less than $7.25 per hour. (State law may impose a higher minimum wage.)

An employer may take credit for food which is provided at cost. However, the employer cannot take credit for discounts given employees on food prices.

Tips received by tipped employees may be considered as part of wages, as long as the employer pays the employee not less than $2.13 an hour in direct wages and ensures that the amount of tips received is enough to meet the remainder of the minimum wage. Furthermore:

  • Only employees who customarily and regularly receive more than $30 a month in tips qualify for treatment as tipped employees;
  • The employer must inform the tipped employee of the provisions of FLSA section 3(m) in advance if the employer elects to use the tip credit; and
  • Employees must retain all of their tips, except to the extent that they participate in a valid tip pooling or sharing arrangement.

Additionally, restaurants must pay overtime at a rate of at least one and one-half times the employee’s regular rate of pay for each hour worked in excess of 40 hours per week.

In determining the regular rate for a tipped employee, all components of the employee’s wages must be considered including cash, board, lodging, facilities, and the tip credit.

Furthermore, deductions made from wages for items such as cash shortages, required uniforms, or customer walk-outs are illegal if the deduction reduces the employee’s wages below the minimum wage or cuts into overtime pay. Deductions made for items other than board, lodging, or other recognized facilities normally cannot be made in an overtime workweek.

Ole Jose Grill & Cantina’s Violations

A Wage and Hour Division investigation found Ole Jose Grill & Cantina violated the overtime requirements of the FLSA by paying tipped employees time and one-half their cash wage for hours over 40 in a workweek instead of time and one-half the applicable minimum wage. Additionally, the investigation found Ole Jose Grill & Cantina misclassified one tipped employee as an independent contractor, paid kitchen staff a flat rate for all hours worked with no overtime premium paid and failed to keep hours worked records for the back of house kitchen employees.

For these violations, the Wage and Hour Division ordered the employer to pay a total of $83,632 in backpay and $83,632 in penalties to 17 workers.

The award against Ole Jose Grill & Cantina warns other restaurant and food services employers to use card to properly classify, track hours of work and pay all required wages and overtime.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management, or public policy developments, please get in touch with the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Laws Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here, such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on Restaurant Pays $167K In Back Wages & Damages For Overtime Violation | Corporate Compliance | Tagged: , , , , , , , , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

ICE Updates Forms I-942 and I-881

January 23, 2024

U.S. Citizenship and Immigration Services (ICE) recently updated the following form(s):

Starting March 25, 2023, ICE will only accept the 12/20/23 editions of these Forms. Until then, it also will accept the 12/02/21 and 02/13/19 editions. Look for the edition date at the bottom of the page on the form and instructions.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management, or public policy developments, please get in touch with the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Authorities

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here, such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on ICE Updates Forms I-942 and I-881 | Corporate Compliance | Tagged: , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

ABA RPTE Section Group Hosts 1/19 Health Plan Claim Denials Update Zoom Call

January 16, 2024

Attorney Cynthia Marcotte Stamer and Allison Moody are scheduled to present a “Health Plan Claim Denials Update” for the American Bar Association Real Property Probate and Trust Section Employee Benefits and Executive Compensation Group on Friday, January 19, 2024 from 11:30 AM – 12:30 PM Central Time. Group members and other interested persons are invited to join this complimentary Zoom call.

About The Health Plan Claim Denials Update[1]

Employee Retirement Income Security Act (“ERISA”)-covered group health and disability plan participants and beneficiaries increasingly successfully overcome health plan benefit denials and receive ERISA § 502(c) awards based on federal court’s rulings plan fiduciaries or administrators failed to fulfill the Employee Benefit Security Administration (“EBSA”) adverse benefit determination regulations.  

During the “Health Plan Claims Denials Update, attorneys Cynthia Marcotte Stamer and Allison Moody will share an update on the precedent driving this emerging trend, how the new No Surprises Act rules interface with ERISA adverse benefit determination regulations, and discuss implications and best practices for health plan fiduciaries, administrators, and their advisors should consider to strengthen the defensibility of their plans’ adverse benefit determinations and mitigate risks in light of this trend to the American Bar Association Real Property Probate and Trust Section Employee Benefits and Executive Compensation Group monthly membership Zoom call on Friday, January 19, 2024. 

Participation in this and other RPTE Section Employee Benefit and Other Compensation Group calls is complimentary.  Members and other interested persons can join the call using the following Zoom credentials:

Zoom Meeting Link https://americanbar.zoom.us/j/91796395033?pwd=R1hEZlZCQjR4RitvODRlYVFCTmIwZz09

Meeting ID: 917 9639 5033

Passcode: 071394

One tap mobile: +13126266799,,91796395033# US (Chicago)

About the Presenters

Allison Moody.  Allison Moody is a highly experienced legal consultant, licensed to practice law, specializing in advising on complex health and welfare benefit laws.  With a deep understanding of the legal and regulatory landscape, Allison provides expert guidance to employers, brokers, and members in various states, ensuring their compliance with ever-evolving requirements.  Allison has built a reputation for helping organizations navigate the intricacies of employee benefits laws and delivering practical and effective solutions.  She also negotiates contracts, provides legal review of proposed legislation, regulations, and bulletins, and assists with audits and investigations.

Allison previously served as Vice President and General Counsel of a third-party administrator.  In her position there, she advised organizations on legal and business issues and finding ways to minimize risk. She also represented the company in various administrative and legal proceedings and hired and managed Outside Counsel in matters involving litigation or arbitration.

Allison has served in leadership roles in many benefits organizations over her career, including the Society of Professional Benefit Administrators (SPBA), Texas Professional Benefit Administrators (TPBA), RPTE Employee Benefits and Executive Compensation Committee, and the National Association of Health Insurance Professionals (NAHIP).  She is also a member of the ABA Tort and Insurance Practice Section, where she serves on the Medicine and Law and Life, Health and Disability, and Cybersecurity Committees.  In her spare time, she volunteers for Brother Bills Helping Hand and enjoys her French bulldogs.

Allison received her Juris Doctorate degree from Tulane Law School and graduated Magna Cum Laude in Communications/Political Science from Texas Tech. 

Cynthia Marcotte Stamer.  Cynthia Marcotte Stamer is a Fellow in the American College of Employee Benefits Counsel and Board Certified in Labor and Employment law by the Texas Board of Legal Specialization, recognized for her decades of prolific legal and operational work, legislative and regulatory advocacy, scholarship, and thought leadership on insured and self-insured managed care and other health care, disability and other employee benefit, insurance, health care and workforce programs, practices, and policies as a “Top Rated Lawyer,” and “LEGAL LEADER™” in Health Care Law and Labor and Employment Law; “Best Lawyer” in “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “HealthCare” and “Business and Commercial Law.”

For 35-plus years, “Cindy” has guided and represented self-insured and insured health and managed care, disability, and other employee benefit plans; employers; plan sponsors; fiduciaries’ administrative services, technology, and other vendors; insurers; brokers and consultants; health care providers;; governments; and others on the design, administration, and defense of claims and appeals and other plan provisions, practices, systems and technologies; the prevention, evaluation, mitigation, and defense of fiduciary, participant and beneficiary, health care provider, government and other claims, disputes, and other enforcement actions arising out of the operation of these programs; contracting, technology and product development; fiduciary responsibility, market conduct and other operating standards; health care fraud; privacy and data security; innovation and change management;  government relations and investigations; and a diverse range of other employee benefits, insurance, employment, compensation, and health care operations, risk management, and compliance concerns.

Cindy also contributes her knowledge and leadership as the American Bar Association (“ABA”) RPTE Employee Benefits and Executive Compensation Group Chair and current Welfare Committee Co-Chair; current ABA Joint Committee on Employee Benefits (“JCEB”) HHS Agency Meeting Scribe and former JCEB Council Representative and Marketing Committee Chair; current ABA TIPS Section Medicine and Law Committee Chair, Employment Committee Diversity Vice Chair, and former Employee Benefits Committee Vice Chair; current ABA International Section International Life Sciences and Health Committee Chair and International Employment Committee Vice Chair; former ABA Health Law Section Managed Care & Insurance Group Chair; former SHRM National Consultant’s Board and Regional Chair; former board member, Programs Committee Chair and Treasurer of the Southwest Benefits Association; founding Board Member and Past President of the Alliance for Health Care Excellence and founder of its Health Care Heroes and Patient Empowerment Programs; past National Board Member and Dallas Chapter President of Web Network of Benefit Professionals; former Texas Association of Business BACPAC Chair, Board Member, Regional Chair, Dallas Chapter Chair and Health Care Task Force Leader; and in many other professional and civic leadership roles.

A continuous learner, prolific author, and popular public speaker, Cindy also has authored hundreds of highly regarded publications on employee benefits and other workforce, health care, managed care, privacy and data security, technology, and other related compliance, risk management, and public policy concerns.  Her thought leadership on these and other concerns often is quoted in the professional and public media and sought out by legislative, regulatory, and industry leaders.

About The Employee Plans and Executive Compensation Group

The January 19, 2024 Zoom call is part of a monthly series of membership calls hosted over Zoom by the Employee Benefits and Executive Compensation Group as a free member benefit.  The Employee Plans & Executive Compensation Group is comprised of 249 attorneys with an interest in or focus on employee benefits, ERISA and executive compensation issues. The Group includes six substantive committees: Fiduciary Responsibility, Administration, and Litigation; Welfare Benefit Plans; Plan Transactions and Terminations; Qualified Plans; Non-Qualified Deferred Compensation; and IRAs and Plan Distributions.  Membership in the Group and the American Bar Association is open to attorney and other interested individuals

[1] The purpose of this discussion is to enable individuals to share and exchange their personal views on topics and issues of importance to the legal profession. All comments that appear are solely those of the individual, and do not reflect ABA positions or policy. The ABA endorses no comments made herein.

Comments Off on ABA RPTE Section Group Hosts 1/19 Health Plan Claim Denials Update Zoom Call | Association Health Plan, Claims, Claims Administration, Corporate Compliance, EBSA, employee, Employee Benefits, Employer, Employers, ERISA, fiduciary duty, Fiduciary Responsibility, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health plan, Health Plans, Insurance, insurers, Internal Revenue Code, Managed Care, Medical Billing, MEWA, Patient Empowerment, Patient Protection & Affordable Care Act, Reporting & Disclosure, self insured health plan, Surprise Billing, third party administrators | Permalink
Posted by Cynthia Marcotte Stamer

$160K HIPAA Penalty Warns Health Plans & Other Covered Entities Deliver Timely Protected Health Information Access

January 8, 2024

Health plans, health care providers and health care clearinghouses (“Covered Entities”) treat the Department of Health and Human Service Office of Civil Right (“OCR”) announcement of its 46th enforcement action under the Health Insurance Portability & Accountability Act (“HIPAA”) Right of Access Rule as a warning to confirm their own organization’s timely delivery of records and other compliance with the Rule.  Coupled with OCR’s Right of Access Rule settlement agreement with United Health Insurance Group last August, the latest settlement agreement sends a strong message to health plans and other Covered Entities about the risks of failing to deliver protected health information as required by the Right of Access Rule. 

HIPAA Right of Access Rule

The HIPAA Right of Access Rule guarantees individuals the right to access a broad array of health information about themselves maintained by or for health plans and other Covered Entities. Under the Right of Access Rule, Covered Entities generally must provide individuals or their personal representatives copies or other acceptable access to the individual’s protected health information in a Covered Entity’s “designated record set” for a reasonable cost as soon as possible and within 30 days of receiving a request for a reasonable cost. However, the Right of Access Rule does not grant any right for an individual to access protected health information that is not part of a designated record set because the information is not used to make decisions about individuals.

The request for protected health information triggering the duty for a Covered Entity to provide access to the protected health information may come from the individual who is the subject of the protected health information or from the “personal representative” of that individual.  When considering a request for protected health information from an individual other than the subject of the protected health information, health plans and other Covered Entities also must use care to verify that the requesting party, in fact, qualifies as the individual’s “personal representative” as defined for purposes of HIPAA. 

Once a health plan or other Covered Entity receives a request protected health information from the individual or his personal representative, the Right of Access Rule requires the Covered Entity to provide access to all requested protected health information within any “designated record set” within 30 days unless the requested information falls within one of two exceptions to the Rule. 

For this purpose, a “designated record set” generally is defined at 45 CFR 164.501 as any item, collection, or grouping of information that includes protected health information that is maintained, collected, used, or disseminated by or for a Covered Entity that comprises the:

  • Medical records and billing records about individuals maintained by or for a covered health care provider;
  • Enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or
  • Other records that are used, in whole or in part, by or for the covered entity to make decisions about individuals. This last category includes records that are used to make decisions about any individuals, whether or not the records have been used to make a decision about the particular individual requesting access.

However, the Right of Access Rule only requires the delivery of protected health information that is part of a designated record set.  It does not require health plans or other Covered Entities to provide protected health information that the Covered Entity does not use to make decisions about the individual, since this information is not considered part of a designated record set.  Examples of such records of protected health information might include protected health information in certain quality assessment or improvement records, patient safety activity records, or business planning, development, and management records the Covered Entity uses for business decisions more generally rather than to make decisions about the subject individual. Before refusing to provide information not part of a designated record set, however, the health plan or other Covered Entity does not also use or possess that information for making decisions about the subject individual or that disclosure is not otherwise required under another law. For example, even if the Right of Access Rule does not require disclosure of protected health information because it is not considered part of a designated record set, a health plan still be required to disclose the record if required by the adverse benefit determination rules of the Patient Protection and Affordable Care Act (“ACA”), claims and appeals rules of the Employee Retirement Income Security Act or other applicable law, regulation or another law.    

Even where the information falls within the definition of a designated record set, however, HIPAA expressly excludes two categories of information from the Right of Access right:

  • Psychotherapy notes, which are the personal notes of a mental health care provider documenting or analyzing the contents of a counseling session maintained separately from the rest of the patient’s medical record as described in 45 CFR 164.524(a)(1)(i) and 164.501.
  • Information complied in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding described under 45 CFR 164.524(a)(1)(ii).

However, it is critical that Covered Entities not overestimate the reach of either of these two exceptions. The exception only applies to the narrow range of records meeting the requirements of the exception.  The underlying protected health information from the individual’s medical or payment records or other records used to generate the above types of excluded records or information remains part of the designated record set and is subject to access by the individual under the Right of Access Rule.  Providers and other Covered Entities should use care to comply with the Right of Access Rule without providing more information than allowed as HIPAA liability can arise from failing to timely deliver access to all protected health information required by the Right of Access Rule or from sharing protected health information with an individual who is not either the individual or personal representative when the disclosure otherwise is not allowed by HIPAA To help negotiate these requirements, Covered Entities should become familiar with and process all requests for protected health information following the latest Right of Access Rule guidance. When in doubt, Covered Entities should seek the advice of experienced legal counsel within the scope of attorney-client privilege about proper fulfillment of their obligations under the Right of Access Rule in coordination with any other applicable responsibilities the Covered Entities has to provide access, disclose, or prevent disclosure of the requested information under otherwise applicable federal or states laws and regulations, ethical or other professional standards, contractual or other medical, insurance, financial, employee benefit or other rules relating to the requested records.

Optum Settlement 46th Right Of Access Enforcement Settlement

The Optum settlement resulted from OCR’s investigation of six complaints in the Fall of 2021 that Optum violated the Right of Access Rule by failing to provide timely access to medical records when requested by an adult patient or by the parents of minor patients.

In February 2022, OCR initiated investigations of these Right of Access complaints. The investigation revealed that patients received their requested records between 84 and 231 days after submitting their respective requests. Since the Right of Access Rule requires that Covered Entities deliver the records no later than 30 days from receiving the individual’s requests, those timeframes fell well outside of the deadline for delivery required by the HIPAA Right of Access Rule.  Accordingly, OCR concluded that Optum’s failure to provide timely access to the requested medical records was a potential violation of HIPAA.

Under the Resolution Agreement reached with Optum, Optum agreed to pay $160,000 to OCR as well as implement a corrective action plan that requires workforce training, reporting records requests to OCR, and reviewing and revising as necessary its right of access policies and procedures to provide timely responses to requests. Under the plan, OCR will monitor Optum Medical Care for one year.

Right Of Access Remains OCR Investigation & Enforcement Priority

The Optum enforcement action and settlement is the latest reminder to all Covered Entities that investigation and enforcement remains a top OCR priority. See e.g. OCR Sanction Of 44th Health Care Provider For Violating HIPAA Right of Access Rules Warning To Other Covered Entities. Because access to medical records empowers patients and their families to make decisions about their health care and improve their health overall, OCR views access to medical records “a fundamental right under HIPAA. For this reason, OCR believes it “critical that providers follow the law.”  Accordingly, OCR Director Melanie Fontes Rainer has warned that health care providers “must proactively respond to record requests and ensure timely access” and “make responding to parents’ or patients’ request for access to their medical records in a timely manner a priority.” See e.g., HHS’ Office for Civil Rights Settles Multiple HIPAA Complaints with Optum Medical Care Over Patient Access to Records (January 4, 2024).

While health care providers are the most common target of OCR’s Right Of Access complaints and enforcement, OCR’s August, 2023 Right of Access settlement against United Health Insurance Group (“UHIG”) confirms health plans also are targets. That settlement arose from OCR’s investigation of a March 2021 complaint alleging that UHIC did not respond to an individual’s request for a copy of their medical record. The investigation showed the individual first requested a copy of their records on January 7, 2021, but did not receive the records until July 2021, after OCR initiated its investigation.  Movrover, the March, 2021 complaint was the third complaint OCR received from the complainant against UHIC alleging failures to respond to his right of access. These findings led OCR to conclude UHIC’s failure to provide timely access to the requested medical records was a potential violation of the HIPAA right of access provision.  In OCR’s announcement of UHIG’s agreement to pay $80,000 to resolve these potential charges, OCR Director, Melanie Fontes Rainer warned, “Health insurers are not exempt from the right of access and must ensure that they are taking steps to train their workforce to ensure that they are doing all they can to help members’ access to health information.”  See, UnitedHealthcare Pays $80,000 Settlement to HHS to Resolve HIPAA Matter over Patient Medical Records Request.

Manage Right of Access Rule Exposure

Despite OCR’s warnings about the responsibility to comply with the Right of Access Rule, many health plans and other Covered Entities continue to violate the Rule. OCR has and continues to receive thousands of Right of Access Rule complaints each year.  In response to these persistent compliance issues, OCR continues to make enforcement of the Right of Access Rule a key enforcement priority through its Right Of Access Initiative.

In light of OCR’s commitment to continue to investigate and enforce compliance with the Right of Access Rule, health care providers and other Covered Entities and their business associates are urged to review their existing practices for receiving and processing patient record requests to confirm their own organizations’ compliance with the Right of Access Rule and other applicable federal and state statutory regulatory and contractual requirements. To reduce risks of violations, all health care providers and other Covered Entities should seek assistance from experienced legal counsel within the scope of attorney-client privilege to audit their past and current Right of Access Rule compliance for any necessary or advisable steps to prevent future violations and mitigate potential liabilities arising from potential past or future violations of the Right of Access Rule.  Aside from confirming documented timely responses to past requests for protected health information, among other things, most Covered Entities will want to consider:

  • Verifying that their current policies, privacy practices notices, training and other materials are updated to comply with all applicable policies and properly identify and provide current contact information for the Privacy Officer or other party responsible for receiving and responding to protected health information requests;
  • Appropriate procedures are in place to ensure that the Covered Entity can produce required documentation showing the individuals are appropriately notified of the Right of Access and other HIPAA rules, and that the Covered Entity captures the necessary documentation to show its receipt of all requests, and timely investigation and response to such requests;
  • Appropriate and documented processes for collecting, investigating, or resolving any potential concerns, complaints, or other issues, their evaluation, and resolution;
  • Appropriate workforce, business associates, and other policies, training, oversight, and enforcement to require and enforce compliance with applicable laws and policies; and
  • Appropriate processes, procedures, and training to ensure that staff fully understands and complies with both the specific processes and procedures of the Covered Entity for complying with the Right of Access Rule, as well as related procedures necessary to manage risks and responsibilities arising under verification of identity, personal representative, disclosure, recordkeeping or other HIPAA’ rules; medical, insurance, financial, or other data or privacy; licensure and market conduct; civil rights and nondiscrimination; fiduciary; licensure; marketing or other rules.

When confirming compliance with the Right of Access Rule, health plans and other Covered Entities also should reevaluate their organization’s exposure to other HIPAA associated risks. See, e.g., Health Plans Warned To Prevent Phishing By 1st Phishing-Related HIPAA Settlement; New HIPAA Resolution Agreement Warns Health Plans & Other HIPAA-Covered Entities To Manage Media Relations, Access & Disclosure; $80,000 Penalty Confirms Health Plans Exposure For Violating HIPAA Access Rights; $350K Settlement Highlights Need For Plans & Plan Service Providers To Ensure Security, Business Associate & Other HIPAA Requirements Met. Health plans take documented, prudent steps to reconfirm the adequacy of their own, and their business associates’ policies, processes, training, documentation and other compliance with these and other medical and other plan records and data maintenance, security, use, access and disclosure.

Aside from the direct exposures for these and other HIPAA violations arising under HIPAA, health plans, their fiduciaries, insurers, plan sponsors and administrators should keep in mind that the Employee Benefit Security Administration views potential data breaches and other HIPAA violations as a potential source of fiduciary liability under the Employee Retirement Income Security Act. 

While involving outside consultants or other service providers generally is valuable if not required to conduct some of these tasks, Covered Entities are encouraged to use experienced outside legal counsel to help plan, conduct, evaluate and decide, and implement responses to findings from these compliance and risk management activities both to benefit from legal counsel’s substantive legal expertise and experience and to take advantage of the opportunity to conduct sensitive discussions within the protection of attorney-client privilege or other evidentiary rules.  Experienced outside legal counsel can guide Covered Entities about the best way to work with consulting and other vendors to maximize these benefits. Where legal advice is provided to health plan fiduciaries, health plans, their fiduciaries, insurers, sponsors, and service providers also should keep in mind that advice and work product performed on behalf of a health plan or plan fiduciary may not enjoy the same protection against discovery under attorney-client privilege and work product rules.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management, or public policy developments, please get in touch with the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here, such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2024 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on $160K HIPAA Penalty Warns Health Plans & Other Covered Entities Deliver Timely Protected Health Information Access | Association Health Plan, Civil Monetary Penalties, Claims Administration, Corporate Compliance, Cybercrime, Data Breach, Data Security, Electronic Medical Record, employee, Employee Benefits, ERISA, Fiduciary Responsibility, group health plan, health plan, Health Plans, HIPAA, Protected Health Information, Reporting & Disclosure, self insured health plan | Tagged: , , , , , , , , , , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

EEOC Publish Guidance Discrimination & Accommodation Duties Applying Vaccine Mandates

December 22, 2023

The U.S. Equal Employment Opportunity Commission (EEOC) today posted updated and expanded technical assistancerelated to the COVID-19 pandemic, addressing questions about religious objections to employer COVID-19 vaccine requirements and how they interact with federal equal employment opportunity (EEO) laws.

The expanded technical assistance provides new information about how Title VII of the Civil Rights Act of 1964 applies when an applicant or employee requests an exception from an employer’s COVID-19 vaccination requirement that conflicts with their sincerely held religious beliefs, practices, or observances. Title VII prohibits employment discrimination based on race, color, religion, sex, and national origin.

“This update provides employers, employees, and applicants with important assistance when navigating vaccine-related religious accommodation requests,” said EEOC Chair Charlotte A. Burrows. “Title VII requires employers to accommodate employees’ sincerely held religious beliefs, practices, and observances absent undue hardship. This update will help safeguard that fundamental right as employers seek to protect workers and the public from the unique threat of COVID-19.”

The key updates to the technical assistance are summarized below:

  • Employees and applicants must inform their employers if they seek an exception to an employer’s COVID-19 vaccine requirement due to a sincerely held religious belief, practice, or observance.
  • Title VII requires employers to consider requests for religious accommodations but does not protect social, political, or economic views, or personal preferences of employees who seek exceptions to a COVID-19 vaccination requirement.
  • Employers that demonstrate “undue hardship” are not required to accommodate an employee’s request for a religious accommodation.

The EEOC is providing this information to the public as many employers are requiring employees to be vaccinated against COVID-19 as a condition of their employment.  

This technical assistance answers COVID-19 questions only from the perspective of the EEO laws. Other federal, state, and local laws come into play regarding the COVID-19 pandemic for employers, employees, and applicants. As new developments occur, the EEOC will consider any impact they may have on EEOC’s COVID-19 technical assistance and will provide additional updates and assistance to the public as needed.

More information about the civil rights implications of the COVID-19 pandemic is available in the record of the EEOC’s April 28, 2021hearing on that topic.  Employers and others involved in administering the workplace should carefully monitor developments and manage risks amid the evolving regulatory and workplace environment.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. At her career, she has worked extensively with healthcare and other employers to manage discrimination and other workplace and employee benefit compliance and risks. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here,

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2023 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on EEOC Publish Guidance Discrimination & Accommodation Duties Applying Vaccine Mandates | Corporate Compliance | Permalink
Posted by Cynthia Marcotte Stamer

Construction Industry Urged To COVID-19 Safety & Timekeeping Protocols

December 22, 2023

Construction industry government contractors and subcontractors should review their policies are up-to-date with new vaccination and other COVID-19 safety requirements applicable to government contractors under as well as other current and emerging Biden-Harris Administration rules and enforcement policies impacting construction industry contractors and subcontractors.

Along with the new rules on COVID-19 vaccination and other safety requirements, the Department of Labor, Wage and Hour Division (“WHD”) also has updated various other wage and hour requirements for Davis-Bacon Act-covered construction industry contractors. In September, 2021, for instance, WHD published an updated  Davis-Bacon Wage Determination Conformance Request Guide that details the information and construction types contained in wage determinations and provides additional clarity regarding the limited circumstances in which contractors and contracting agencies may need to request that WHD add a new class of laborer or mechanic to a published wage determination for a specific contract. The Guide also contains other useful resources to help construction contractors and contracting agencies comply with the requirements of the Davis-Bacon and Related Acts.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. At her career, she has worked extensively with healthcare and other employers to manage discrimination and other workplace and employee benefit compliance and risks. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here.

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2023 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.

Comments Off on Construction Industry Urged To COVID-19 Safety & Timekeeping Protocols | Corporate Compliance | Tagged: , , , , | Permalink
Posted by Cynthia Marcotte Stamer

IRS Warns Of Fraudulent Promotion of COVID Employee Retention Credits

December 22, 2023

As promoters continue to blanket businesses with promises to secure Employee Retention Credits (“ERCs”), the Internal Revenue Service (“IRS”) is warning businesses to review carefully the guidelines before trying to claim the credit before filing.

The IRS warns that the IRS and tax professionals continue to see third party promoters that charge large upfront fees or a fee contingent on the amount of the refund aggressively promoting these ERC schemes on radio, online and through telemarketing. Frequently the promoters may not inform taxpayers that wage deductions claimed on the business’ federal income tax return must be reduced by the amount of the credit.

“While this is a legitimate credit that has provided a financial lifeline to millions of businesses, there continue to be promoters who aggressively mislead people and businesses into thinking they can claim these credits,” said Acting IRS Commissioner Doug O’Donnell. “Anyone who is considering claiming this credit needs to carefully review the guidelines. If the tax professional they’re using raises questions about the accuracy of the Employee Retention Credit claim, people should listen to their advice. The IRS is actively auditing and conducting criminal investigations related to these false claims. People need to think twice before claiming this.”

The IRS has been warning about this scheme since last fall, but there continue to be attempts to claim the ERC during the 2023 tax filing season. Tax professionals note they continue to be pressured by people wanting to claim credits improperly. The IRS Office of Professional Responsibility is working on additional guidance for the tax professional community that will be available in the near future.

People and businesses can avoid this scheme, and by not filing improper claims in the first place. If the business filed an income tax return deducting qualified wages before it filed an employment tax return claiming the credit, the business should file an amended income tax return to correct any overstated wage deduction.

Businesses should be cautious of advertised schemes and direct solicitations promising tax savings that are too good to be true. Taxpayers are always responsible for the information reported on their tax returns. Improperly claiming the ERC could result in taxpayers being required to repay the credit along with penalties and interest.

What is the ERC?

The ERC is a refundable tax credit enacted as part of COVID relief designed for businesses who continued paying employees while shut down due to the COVID-19 pandemic or who had significant declines in gross receipts from March 13, 2020, to Dec. 31, 2021. Eligible taxpayers can claim the ERC on an original or amended employment tax return for a period within those dates.

To be eligible for the ERC, employers must have:

As a reminder, only recovery startup businesses are eligible for the ERC in the fourth quarter of 2021. Additionally, for any quarter, eligible employers cannot claim the ERC on wages that were reported as payroll costs in obtaining PPP loan forgiveness or that were used to claim certain other tax credits.

To report tax-related illegal activities relating to ERC claims, submit by fax or mail a completed Form 14242, Report Suspected Abusive Tax Promotions or Preparers and any supporting materials to the IRS Lead Development Center in the Office of Promoter Investigations.

Mail: Internal Revenue Service Lead Development Center
Stop MS5040
24000 Avila Road
Laguna Niguel, California 92677-3405
Fax: 877-477-9135

Employers should also report instances of fraud and IRS-related phishing attempts to the IRS at phishing@irs.gov and Treasury Inspector General for Tax Administration at 800-366-4484.

Go to IRS.gov to learn more about eligibility requirements and how to claim the Employee Retention Credit:

Other information and resources also include:

The bottom line of these and other IRS warnings is that taxpayers improperly claiming these credits risks penalties and other liabilities even if they act in good faith reliance on assurances by a promoter or other party. Consequently, any party filing for these credits should independently confirm eligibility. Additionally, taxpayers should get and retain copies of any opinions, advice or other analysis and authorities relied upon in case of a challenge.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. At her career, she has worked extensively with healthcare and other employers to manage discrimination and other workplace and employee benefit compliance and risks. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2023 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.

Comments Off on IRS Warns Of Fraudulent Promotion of COVID Employee Retention Credits | Corporate Compliance | Tagged: , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

OSHA Enforces Whistleblower Rights Of Worker Terminated For Expressing COVID-19 Safety Concerns

December 22, 2023

The October 28, 2022 Federal District Court ruling in Walsh v. Community Health Center of Richmond Inc. and Henry Thompson reminds employers that preventing workplace retaliation is as significant responsibility as the more commonly recognized duty to maintain safe workplaces and prevent workplace injuries under the Occupational Safety and Health Act (“OSH Act”) or other federal whistleblower acts administered enforced by the U.S. Department of Labor Occupational Safety and Health Administration (“OSHA”).

Along with requiring employers to maintain safe workplaces and follow a host of other specific safety and recordkeeping requirements, the OSH Act and its implementing rules protect workers who report a hazardous work condition from retaliation. OSHA enforces these rules as well as a multitude of other whistleblower rules.

OSHA sued Community Health Center of Richmond Inc. and its CEO, Henry Thompson (the “employer” or (“Community Health Center”) for allegedly violating the OSH Act’s whistleblower safeguards by suspending and later terminating Qiana Nunez for raising concerns about the potential for COVID-19 exposure at an in-person staff meeting during the COVID-19 pandemic.

At the beginning of the COVID-19 pandemic, Qiana Nunez worked for Community Health Center as an Executive Office Manager. Concerned about the potential spread of COVID-19 at Community Health Center’s planned in-person executive leadership meeting on March 17, 2020, Ms. Nunez sent an email to participants alerting them that the meeting would instead be held by teleconference. After CEO Thompson instructed her to re-set the meeting as an in-person meeting, Ms. Nunez did so, but told Thompson that she would not attend out of concern for her health.  Two days later, Ms. Nunez was suspended from her duties for “insubordination, confrontational and disruptive behavior, and refusal to participate in the . . . leadership meeting on Tuesday, March 17, 2020.” Ms. Nunez subsequently received a letter in April, 2020, informing her that Community Health Center was “exercising our employer right to terminate your at-will employment.” 

On May 7, 2020, Nunez filed a complaint with the Occupational Safety and Health Administration (“OSHA”) pursuant to Section 11(c) of the Occupational Safety and Health Act (“OSH Act”), alleging that defendants suspended and terminated her for making a complaint about unsafe conditions at the March 17, 2020 meeting, and for her refusal to attend. 

On June 17, 2020, while the Secretary’s Section 11(c) investigation was ongoing, Nunez also sued Community Health Center and Mr. Thompson-in federal court, asserting wage claims under the Fair Labor Standards Act and New York Labor Law and violations of New York Labor Law § 740See Nunez v. Cmty. Health Ctr. of Richmond, Inc., No. 1:20-cv-03036 (E.D.N.Y.) (the “Prior Action”). N.Y.L.L. § 740 protects employee-whistleblowers from adverse employment action. In her original complaint, Ms. Nunez identified then-Governor Andrew Cuomo’s March 16, 2020 COVID-related Executive Order as the law allegedly violated by defendants, but later amended her complaint to assert that the violation was OSH Act’s General Duty Clause.

Section 11(c)(1) of the OSH Act provides that “[n]o person shall discharge or in any manner discriminate against any employee because such employee has filed any complaint or instituted or caused to be instituted any proceeding under or related to this chapter . . . or because of the exercise by such employee on behalf of himself or others of any right afforded by this chapter.” Section 11(c)(2) further provides that “[a]ny employee who believes that [she] has been discharged or otherwise discriminated against by any person” in violation of Section 11(c)(1) may “file a complaint with the Secretary [of Labor] alleging such discrimination.”  If the Secretary believes Section 11(c)(1) was violated, “[the Secretary] shall bring an action in any appropriate United States district court against such person.”  Only the Secretary may sue under Section 11(c)(2); there is no private right of action. See Donovan v. Occupational Safety and Health Rev. Comm’n713 F.2d 918, 926 (2d Cir. 1983).

On October 9, 2020, the employer served a partial motion to dismiss the Prior Action arguing that because Nunez lacked a private right of action under the OSH Act, she could not predicate her state whistleblower claim on alleged OSH Act violations. Before briefing was completed, however, a settlement reached between Ms. Nunez and the employer. See Walsh v. Cmty. Health Ctr. of Richmond, 21-CV-3094 (ARR)(TAM), (E.D.N.Y. Sep. 28, 2022)

In light of the settlement reached in the state action, the employer in October 2021 moved for the court to bar and dismiss OSHA’s action seeking individual damages for the whistleblower arguing that the dismissal of the former employee’s prior state whistleblower claim prevents the department from obtaining monetary relief for the aggrieved worker. The employer argued the Department’s actions were barred by claim preclusion seeking money damages to be paid to defendants’ former employee, Qiana Nunez because Ms. Nunez litigated similar claims to final judgment in a prior lawsuit. The employers argued this prior litigation barred the Secretary from seeking monetary relief payable to Ms. Nunez in this action.

On Sept. 28, 2022, a federal court ruled in Walsh v. Cmty. Health Ctr. of Richmond that the prior litigation did not bar the Secretary from pursing the whistleblower damages on behalf of the employee because of the department’s exclusive authority to seek damages for individual whistleblowers under the OSH Act. The court recognized when the department brings such actions, it does so to vindicate broader public rights and reaffirmed the central importance of strong whistleblower protection provisions and enforcement.

The decision has significant implications significant implications both for COVID-19 related and other OSH Act whistleblower claims as OSHA enforces the whistleblower provisions of the Occupational Safety and Health Act and 24 other statutes protecting employees who report violations of various airline, commercial motor carrier, consumer product, environmental, financial reform, food safety, motor vehicle safety, healthcare reform, nuclear, pipeline, public transportation agency, railroad, maritime, securities, tax, antitrust, and anti-money laundering laws and for engaging in other related protected activities. The decision confirms both the willingness and the authority of OSHA to pursue federal enforcement under the OSH Act and potentially other federal whistleblower laws and its willingness to use this authority to seek recovery when state law whistleblower laws fail to produce a remedy for OSH Act whistleblower violations.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. At her career, she has worked extensively with healthcare and other employers to manage discrimination and other workplace and employee benefit compliance and risks. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2023 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.

Comments Off on OSHA Enforces Whistleblower Rights Of Worker Terminated For Expressing COVID-19 Safety Concerns | Corporate Compliance | Tagged: , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

Children’s Hospital Pays $45K To Resolve COVID Vaccine Religious Discrimination Suit

December 22, 2023
Pandemic’s End Doesn’t End COVID-19 Employer Headaches

Children’s Healthcare of Atlanta, Inc. (“CHOA”) is paying $45,000 to settle a religious discrimination lawsuit arising from its failure to grant a religious exemption from its COVID-19 vaccination requirements for a maintenance worker. The lawsuit highlights the continuing importance of all employers to use care when handling request for religious accommodation to vaccine or other workplace requirements.

The lawsuit filed by the U.S. Equal Employment Opportunity Commission (“EEOC”) arises from the 2019 denial of a request for a religious exemption to CHOA’s COVID-19 vaccine mandate made by a maintenance worker. CHOA previously had granted the same employee a religious exemption for vaccine mandates in 2017 and 2018. In 2019, however, CHOA denied the employee’s request for a religious accommodation and fired him, despite the employee working primarily outside and his position requiring limited interaction with the public or staff the EEOC said.

The EEOC alleged the denial of the vaccine exemption violated Title VII of the Civil Rights Act of 1964, which prohibits firing an employee because of their religion and requires that employers reasonably accommodate the sincerely held religious beliefs of their employees.

Under the consent degree entered in Ciil Action No. 1:22-CV-04953-MLB-RDC in U.S. District Court for the Northern District of Georgia, CHOA will pay $45,000 in monetary damages to the former employee. CHOA will also adjust its influenza vaccine religious exemption policy to presume the exemption eligibility of employees with remote workstations or who otherwise work away from the presence of other employees or patients, and to protect the ability of such employees to seek alternative positions within CHOA if their religious exemption request is denied. The decree further provides that CHOA will train relevant employees on religious accommodation rights under Title VII.

The EEOC announcement of the consent degree alerts employers of the continuing need to use care when handling religious accommodation requests to vaccine or other workplace policies. “ It is the responsibility of an employer to accommodate its employees’ sincerely held religious beliefs,” the announcement quotes Marcus G. Keegan, the regional attorney for the EEOC’s Atlanta District Office. “Unless doing so would require more than a minimal cost, an employer may not deny requested religious accommodations, let alone revoke those previously granted without issue. The EEOC is pleased that the employee has been compensated and that CHOA has agreed to take steps to ensure that it meets its obligation to evaluate religious accommodation requests in a manner consistent with federal law.”

Likewise, the announcement quotes Darrell Graham, district director of the Atlanta office, as saying , “The arbitrary denial of religious accommodations drives religious discrimination in the workplace. The EEOC remains committed to enforcing the laws that protect employees’ religious practices.”

CHOA’s denial of the exemption happened at the height of the COVID-19 pandemic.  Federal COVID – 19 vaccination mandates now are all ended.  While federal mandates initially dictated COVID-19 vaccination as a condition of participation in Medicare by healthcare providers, for government contractors and others, the original mandates were quickly revised to include religious exemption requirements before court rules, agency action and the end of the Pandemic put an end to these mandates. During and after the federal mandates, however, employers were required to negotiate a minefield of competing concerns and potential liabilities when deciding what and how to mandate and enforce safety, leave and other rules without running afoul of employment discrimination and whistleblower claims. See, e.g., EEOC COVID Guidance, Enforcement Highlights Need To Brace For COVID-Related ADA & Other Claims; Texas Private Employer COVID-19 Vaccination Mandates Prohibited Effective February 6, 2024; IRS Warns Of Fraudulent Promotion of COVID Employee Retention Credits; OSHA Enforces Whistleblower Rights Of Worker Terminated For Expressing COVID-19 Safety Concerns; Biden-⁠Harris Administration Ending COVID-⁠19 Vaccination Requirements For Federal Employees, Contractors, International Travelers, Head Start Educators & CMS-Certified Facilities; SCOTUS To Hear Oral Arguments on OSHA COVID-19 Vaccination Rule Enforceability On January 7; COVID-19 Vaccination Rule Injunctions Leave Employers With Significant Liability Challenges Even As OSHA Extends Comment Period on OSHA COVID-19 Vaccine ETS; Manage Heightened Retaliation Exposures Arising From COVID-19 Safety, Return-To-Work & Other Practices

While the federal COVID-19 vaccine mandate is gone, many healthcare and other employers continue to impose mandate requirements with appropriate disability and religious exemptions as part of their workplace safety and patient safety protocols. Additionally, beyond the Covid – 19 vaccination protocols, many workplace vaccination and other rules also can create conflicts with certain religious beliefs that prompt religious accommodation requests.

Employers administering these vaccination, and other policies must keep in mind that the duty to offer religious accommodation and the EEOC emphasis on enforcing accommodation rights for workers whose deeply held religious beliefs conflict with workplace rules lives on. The perils remain, even if the requirement is supported by well, established patient or workplace safety protocols. Employers need to evaluate and be prepared to defend their inability to accommodate the safety and other concerns underlying the workplace mandate against a potential religious discrimination challenge.

Employers must remain diligent in their management of responses to request for accommodations keeping in mind that EEOC COVID-19 – era guidance imposes a heavy burden on an employer to justify its refusal of a request. For this reason, employers that receive a request for religious of accommodation from an employee should seek the advice of experienced legal counsel as soon as possible if any question exists about whether the employer will grant the request. Employers also should ensure their policies clearly communicate the availability of religious and disability accommodation from these other requirements, establish clear protocols for requesting and processing those requests and prohibit and prevent retaliation.

To promote defensibility, employers also should consult with experienced legal counsel about the use of attorney, client, privilege, and other protocols to prevent or minimize the risk that discussions and actions in response to, or following a request for accommodation creates evidence of discrimination or retaliation.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. At her career, she has worked extensively with healthcare and other employers to manage discrimination and other workplace and employee benefit compliance and risks. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2023 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on Children’s Hospital Pays $45K To Resolve COVID Vaccine Religious Discrimination Suit | Academic Medicine, Accommodation, ADA, Affirmative Action, board of directors, Corporate Compliance, corporate governance, COVID-19, Disability, Disability Discrimination, Discrimination, Diversity, EEOC, employee, Employee Benefits, Employee Handbook, Employer, Employers, Employment, Employment Discrimination, Employment Policies, Employment Termination, health Care, health centers, health plan, Health Plans, HR, Human Resources, Insurance, insurers, Internal Controls, Internal Investigations, Managed Care, religious accommodation, Religious Organization, Religous Discrimination, Risk Management, Worker, Workforce | Tagged: , , , | Permalink
Posted by Cynthia Marcotte Stamer

Prepare Feedback! Tri-Agencies Plan To Reopen Surprise Billing Proposed Dispute Resolution Rule Comment Period

December 22, 2023

Got issues with the most recent articulation of the proposed rule on “Federal Independent Dispute Resolution (IDR) Operations” (“Rule”) that governs the independent dispute resolution process for resolving to disputes over out-of-network claims between health plans and heath care providers under the No Surprises Act?

The Departments of Health and Human Services, Labor, and the Treasury (the “Departments”) and the Office of Personnel Management intend to reopen the comment period for submitting comments on the proposed rule “Federal Independent Dispute Resolution (IDR) Operations.”

The announced plan to reopen the comment period on the Proposed Rule follows the Departments’ recent reopening of the dispute resolution portal and announcement of a $115 user fee for providers and health plans participating in the process beginning in February. See No Surprises Act Independent Dispute Resolution Portal Fully Reopened, New Fees Announced; No Surprises Act Dispute Resolution Portal For All Covered Health Claims

Concerned persons should begin preparing comments to submit while awaiting the Departments publication of official notice in the Federal Register of the reopening of the comment period.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

Comments Off on Prepare Feedback! Tri-Agencies Plan To Reopen Surprise Billing Proposed Dispute Resolution Rule Comment Period | compliance, Corporate Compliance, EBSA, Employee Benefits, Employer, Employers, ERISA, Excise Tax, fiduciary duty, Fiduciary Responsibility, health Care, health care transparency, health centers, health insurance, health insurance marketplace, Health IT, health plan, Health Plans, health reform, HR, Human Resources, Insurance, insurers, Internal Revenue Code, Managed Care, self insured health plan, Surprise Billing, third party administrators | Permalink
Posted by Cynthia Marcotte Stamer

H-2B Application Filing Window For 4/1/24 Opens 1/2/24

December 22, 2023

Employers interested in hiring noncitizen workers using the H-2B Temporary Employment Program on April 1, 2024 should be prepared to file when the new filing window opens January 2, 2024 at 12:00 A.M. Eastern Time. The three-day window for submitting H-2B applications requesting work start dates of April 1, 2024, or later, begins on January 2, 2024, at 12:00 a.m. Eastern Time.

The Office of Foreign Labor Certification (“OFLC”) will open the H-2B Application for Temporary Employment Certification (Form ETA-9142B and appendices) requesting work start dates of April 1, 2024, or later, on January 2, 2024, at 12:00 a.m. Eastern Time.

It’s important not to file early. OFLC will deny H-2B applications requesting an April 1, 2024, work start date if filed before January 2, 2024, at 12:00 a.m. Eastern Time.

OFLC will randomly order for processing all H-2B applications requesting a work start date of April 1, 2024, that are filed during the initial three calendar days (January 2-4, 2024) using the randomization procedures published in the Federal Register on March 4, 2019.

If OFLC identifies multiple applications that appear to have been filed for the same job opportunity, OFLC will issue a Notice of Deficiency. If multiple filings are submitted during the three-day filing window, all applications will receive a Notice of Deficiency requesting that the employer demonstrate that the job opportunities are not the same. Employers that fail to establish a bona fide need for each application will receive a non-acceptance denial for each application.

Employers are reminded that Foreign Labor Application Gateway (FLAG) System user accounts are solely for the use of the individual for whom they were created. Sharing the same user account is forbidden and is grounds for terminating FLAG access. Passwords or any other authentication mechanism should never be shared or stored in any place easily accessible. If stored, a password may not be stored in a clear-text or readable format.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2023 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on H-2B Application Filing Window For 4/1/24 Opens 1/2/24 | Corporate Compliance | Tagged: , , , , | Permalink
Posted by Cynthia Marcotte Stamer

EEOC Sexual Harassment Suit Against Texas Car Dealership Warns Other Employers To Manage Risks

December 20, 2023

A sexual harassment and retaliation lawsuit filed December 20, 2023 by Equal Employment Opportunity Commission (“EEOC”) against Austin, Texas based South Austin Nissan warns auto dealerships and other employers to ensure their sexual harassment prevention, investigation and other practices can withstand EEOC scrutiny.

According to the EEOC’s lawsuit, three managers at South Austin Nissan engaged in egregious and persistent sexual harassment towards female employees. These managers regularly touched or attempted to touch female employees. They also made sexual comments about female employees, critiquing their physical appearance and referring to the employees’ personal relationships.

The complaint says managers encouraged female salespeople to “show more, sell more,” suggesting the women wear revealing clothing at work to succeed in sales opportunities. The sales managers created a culture in which discussing vulgar sexual encounters and watching sexual videos was fairly commonplace. Several female employees who suffered harassment were forced to leave their jobs because of the managers’ conduct.  

The complaint also charges employees, including a male manager, reported the harassers’ behavior to both the director of human resources and chief operating officer. However, no appropriate investigation, effective corrective action, or remedial action was taken in response to the complaints. Instead, the reporting employees were transferred to other dealerships within the holding group. One reporting manager was transferred, received a reduction in pay, and was subsequently terminated for standing up against harassment.

If true, the alleged conduct violates Title VII of the Civil Rights Act of 1964, which prohibits sexual harassment in the workplace as an form of sex discrimination as well as outlaws retaliation against employees for reporting or cooperating in investigations of sexual harassment.

For purposes of Title VIi, sexual harassment includes unwelcome sexual advances, requests for sexual or other verbal or physical behavior of a sexual nature that implicitly or explicitly affects an individual’s employment, unreasonably interferes with the individual’s work performance, or creates a hostile or intimidating work environment. 

In this complaint, the EEOC seeks back pay damages, compensatory and punitive damages, and injunctive remedies, including implementation of stronger oversight over investigations into sexual harassment and discrimination. 

Sexual harassment and other discrimination is widely perceived by many as widely tolerated within the still mostly male dominated auto industry. These perceptions are fueled in part by Auto News Project XX study, which revealed women in the automotive industry experienced a highdegree of perceived sexism. Among other things, the Project XX Report reported:

  • 84% of women had heard demeaning comments from a male colleague;
  • 65% of women said they received an “unwanted advance” by a male coworker, more than any other industry surveyed;
  • 63% of women claimed to be excluded from male-oriented company events;
  • Nearly 70% of women were told they were “too aggressive” and 50% were told they were “too quiet;”
  • More than 50% received comments on their appearance and were told to dress more feminine and display their breasts.

See also, e.g., How Do Bender Biases In The Automotive Industry Affect Experiences Of Females Employed Ar Dealerships.

In the face of these concerns, EEOC and private litigant Title VII suits, settlements and judgements against auto dealerships and other auto industry employers has become increasingly common.

EEOC announcement of the suit highlights the importance of timely and appropriate employer prevention, investigation and response to sexual harassment, discrimination and retaliation. “It is unacceptable for a manager to suggest to women that their bodies are their best contribution in the workplace,” said Shannon Black, trial attorney in the EEOC’s Dallas District Office. “When an employer fails to remedy sexual harassment and retaliates against workers who report, it perpetuates the harms suffered by the employees who simply seek a healthy work environment.”

Dallas EEOC Regional Attorney Robert Canino said, “Whether male or female, a co-worker or supervisor who attempts to elevate concerns about sexual harassment should not have to fear reprisal. Corrective measures can maintain or restore employee morale and confidence. Surely, dealership owners and managers want to see their vehicles driven off the lot, not their employees.”

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2023 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on EEOC Sexual Harassment Suit Against Texas Car Dealership Warns Other Employers To Manage Risks | Corporate Compliance | Tagged: , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

No Surprises Act Independent Dispute Resolution Portal Fully Reopened, New Fees Announced

December 19, 2023

$115 is the fee that health plans participating in the Independent Dispute Resolution (“IDR”) process required by the No Surprises Act (the “NSA”) to resolve disputes with health care providers, facilities, and providers of air ambulance services (“providers”) over the amount the health plan will pay the provider for out-of-network health care or items for because the health plan and provider cannot reach agreement about the appropriate amount outside the IDR process will be required to pay disputes initiated on or after February 21, 2023 under a new final rule scheduled for publication by the of Health and Human Services (“HHS”), Labor (“DOL”) and Treasury (“Treasury”) (collectively the “Departments”) on December 21, 2023.

The Departments establishment of the IDR fee for post-February 20, 2025 disputes and their previous December 15, 2023 announcement of the full reopening of the IDR portal for all dispute categories are part of the Departments’ ongoing response to the August 3, 2023 Federal District court ruling in Texas Medical Association, et al. v. U.S. Department of Health & Human Services, et al., No. 6:23-cv-00059-JDK (TMA IV), which vacated portions of the previous guidance that the Departments previously adopted to establish the IDR process and the administrative fee amount for the Federal IDR process for disputes initiated during the calendar year beginning January 1, 2023.

Post February 22, 2024 IDR Fees

On December 18, 2023, the Departments released an advance copy of the final rule (the “Rule”) setting the fees the NSA requires both the health plan or issuer and a health care provider, facility, or air ambulance services provider (the “parties”) when the parties must use the NSA Federal Independent Dispute Resolution (IDR) process to set the amount a health plan must pay the provider for out-of-network medical care or items because the plan and provider cannot agree on an appropriate payment amount for disputes initiated on or after the date the Rule is published in the Federal Register. Since the Rule is scheduled for publication in the Federal Register on December 21, 2023, the new fee will apply to disputes initiated after February 20, 2023.

In response to the TMA IV ruling, the Rule amends existing regulations to provide that the Departments going forward will determine the administrative fee charged by the Departments to participate in the Federal IDR process, and the ranges for certified IDR entity fees for single and batched determinations, through annual notice and comment rulemaking, rather than in guidance published annually. The preamble to the final rule also sets forth the methodology used to calculate the administrative fee and the considerations used to develop the certified IDR entity fee ranges.

Following this new process, the Rule also finalizes an administrative fee amount of $115 per party and finalizes a certified IDR entity fee range of $200-$840 for single determinations and $268-$1,173 for batched determinations for disputes initiated on or after February 21, 2023. 

Interested parties can review the Rule here and the Departments Fact Sheet on the Rule here.

IDR Portal Reopened December 15, 2023

The Rule establishing the IDR fee for disputes initiated after February 20, 2024 follows the Departments’ December 15, 2023 announcement of their reopening of the IDR portal for processing all health benefit disputes covered by the NSA between providers and payers. 

As part of its provisions to protect patients from “surprise bills” or out-of-network services covered by the NSA, the NSA establishes rules and procedures for providers and payers to determine the appropriate out-of-network payment rate for out-of-network services received by patients enrolled in covered payer programs. Where payers and providers cannot agree about the appropriate payment rate using other NSA procedures, the IDR portal is the online system established under the NSA for disputing payers and health care providers arrange for a certified IDR entity to resolve disagreements about the appropriate out-of-network payment rate for items and services subject to the surprise billing protections in the NSA through a process in which the certified IDR entity reviews offers made by each disputing party along with supporting information about the dispute. Once established under the NSA, payers are required to pay providers the appropriate payment rate for the covered out-of-network services provided to the member patient and the provider is prohibited from balance billing charges in excess of the appropriate payment rate for those services. The Departments previously suspended the operation of the IDR portal earlier this year after a federal court ruled that rules adopted by the Departments implementing the NSA violated the NSA. 

In connection with the reopening of the IDR Portal, the Departments also announced the following extensions of the applicable IDR deadlines for the initiation of new batched disputes and new single disputes involving air ambulance services, resubmission of disputes determined by certified IDR entities to be improperly batched, and selection or reselection of a certified IDR entity.

  • Parties for whom the IDR initiation deadline under applicable regulations fell on any date between August 3, 2023 and December 15, 2023 will have until the 20th business day after the Federal IDR portal reopens, which is January 16, 2024, to initiate a new batched dispute or a new single dispute involving air ambulance services. Parties for whom the IDR initiation deadline falls between December 16, 2023 and January 15, 2024 will also have until January 16, 2024 to initiate a batched or air ambulance dispute. Parties whose initiation deadline falls on January 16, 2024 or after will have the usual 4 business days after the end of the Open Negotiation Period, or if the dispute is subject to the 90-calendar-day suspension period following a payment determination, the usual 30 business day period, to initiate a batched or air ambulance dispute in the Federal IDR portal.
  • For batched disputes and single disputes involving air ambulance services initiated under extensions of deadlines after the Federal IDR portal reopens, the deadline for the parties to jointly select a certified IDR entity will be 10 business days after initiation.
  • For disputing parties that were engaged in certified IDR entity selection for batched disputes when the Federal IDR portal temporarily closed, the deadline for parties to jointly select a certified IDR entity will be 10 business days after the Federal IDR portal reopens, which is December 29, 2023.
  • An initiating party that has received a notification from a certified IDR entity that a dispute initiated before August 3, 2023 was improperly batched will have one opportunity to resubmit the improperly batched items and services for reconsideration within 10 business days of being notified by the certified IDR entity, provided that the initiating party’s 4-business-day period to resubmit the batched dispute expired between August 3 and August 9, 2023.
  • The deadline to submit fees and offers will remain 10 business days after certified IDR entity selection.
  • Disputing parties with batched disputes that were impacted by the temporary suspension of use of the notice of offer form will be granted an additional 10 business days to submit offers, as communicated to impacted disputing parties by email from the Federal IDR Inbox.

The deadline extensions announced December 15, 2023 supplement extensions the Departments previously announced in November, 2023. On November 22, 2023, the Departments used their statutory authority (Internal Revenue Code Section 9816(c)(9), ERISA Section 716(c)(9), and PHS Act Section 2799A-1(c)(9)) to grant extensions in the following circumstances:

  • Disputing parties may request additional time, beyond the current business day deadline, to respond to the certified IDR entity’s requests for additional information. The Departments instructed certified IDR entities to grant such requests through January 16, 2024.
  • Certified IDR entities may provide parties, upon request, an additional 10 business days after the original offer deadline to submit an offer. Certified IDR entities may provide parties this additional time, as needed, through January 16, 2024.

On November 29, 2023, the Departments also announced another extension of the timeline for disputing parties to select a certified IDR entity. Under this extension, disputing parties will have 10 business days to select a certified IDR entity for all disputes through January 16, 2024. This extension will be provided automatically and does not require a request by disputing parties.

The Departments already announced the November 22, 2023 and November 29, 2023 extensions until January 16, 2023 for new single and bundled disputes and these extensions will persist for all disputes until January 16, 2023.

In connection with their full reopening of the IDR portal, the Departments renewed prior reminders to parties accessing or using the IDR portal to clear their computer’s cache or open the Federal IDR initiation web forms in a private or incognito window to see all the new features at least once a week to ensure access to the most up-to-date version of the initiation form as the Departments continue to implement Federal IDR web forms to accommodate guidance-related and system enhancements. Users failing to follow this recommendation risk additional follow-up with certified IDR entities or system errors.  

Users also are encouraged to review other previously published guidance, including No Surprises Act (NSA) Independent Dispute Resolution (IDR) Batching and Air Ambulance Policy Frequently Asked Questions (FAQs)FAQs about Affordable Care Act and Consolidated Appropriations Act, 2023 Implementation Part 63 (FAQs Part 63)FAQs about Consolidated Appropriations Act, 2021 Implementation Part 62 (FAQs Part 62), and the August 2023 IDR Administrative Fees FAQs for further information.

Parties can also reference updated IDR system job aids and updated guidance documents for further information

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2023 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on No Surprises Act Independent Dispute Resolution Portal Fully Reopened, New Fees Announced | Corporate Compliance | Tagged: , , , , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

No Surprises Act Dispute Resolution Portal For All Covered Health Claims

December 15, 2023

The No Surprises Act (“NSA”) Federal Independent Dispute Resolution (“IDR”) portal now is reopened for processing all health benefit disputes covered by the NSA between health care providers, facilities, and providers of air ambulance services (“providers”), and group health plans, health insurance issuers, and Federal Employee Health Benefits Program carriers (“payers”) (collectively, “disputing parties”). The December 15, 2023 announcement of the reopening of the IDR portal by the Departments of Health & Human Resources, Labor and Treasury (“Departments”) for all types of NSA-covered claims allows dispute resolution processes central to the administration of the NSA’s protections for health plan members against “surprise” balance bills for covered out-of-network services from health care providers including air ambulance.

As part of its provisions to protect patients from “surprise bills” or out-of-network services covered bu the NSA, the NSA establishes rules and procedures for providers and payers to determine the appropriate out-of-network payment rate for out-of-network services received by patients enrolled in covered payer programs. Where payers and providers cannot agree about the appropriate payment rate using other NSA procedures, the IDR portal is the online system established under the NSA for disputing payers and health care providers arrange for a certified IDR entity to resolve disagreements about the appropriate out-of-network payment rate for items and services subject to the surprise billing protections in the NSA through a process in which the certified IDR entity reviews offers made by each disputing party along with supporting information about the dispute. Once established under the NSA, payers are required to pay providers the appropriate payment rate for the covered out-of-network services provided to the member patient and the provider is prohibited from balance billing charges in excess of the appropriate payment rate for those services. The Departments previously suspended the operation of the IDR portal earlier this year after a federal court ruled that rules adopted by the Departments implementing the NSA violated the NSA. 

In connection with the reopening of the IDR Portal, the Departments also announced the following extensions of the applicable IDR deadlines for the initiation of new batched disputes and new single disputes involving air ambulance services, resubmission of disputes determined by certified IDR entities to be improperly batched, and selection or reselection of a certified IDR entity.

  • Parties for whom the IDR initiation deadline under applicable regulations fell on any date between August 3, 2023 and December 15, 2023 will have until the 20th business day after the Federal IDR portal reopens, which is January 16, 2024, to initiate a new batched dispute or a new single dispute involving air ambulance services. Parties for whom the IDR initiation deadline falls between December 16, 2023 and January 15, 2024 will also have until January 16, 2024 to initiate a batched or air ambulance dispute. Parties whose initiation deadline falls on January 16, 2024 or after will have the usual 4 business days after the end of the Open Negotiation Period, or if the dispute is subject to the 90-calendar-day suspension period following a payment determination, the usual 30 business day period, to initiate a batched or air ambulance dispute in the Federal IDR portal.
  • For batched disputes and single disputes involving air ambulance services initiated under extensions of deadlines after the Federal IDR portal reopens, the deadline for the parties to jointly select a certified IDR entity will be 10 business days after initiation.
  • For disputing parties that were engaged in certified IDR entity selection for batched disputes when the Federal IDR portal temporarily closed, the deadline for parties to jointly select a certified IDR entity will be 10 business days after the Federal IDR portal reopens, which is December 29, 2023.
  • An initiating party that has received a notification from a certified IDR entity that a dispute initiated before August 3, 2023 was improperly batched will have one opportunity to resubmit the improperly batched items and services for reconsideration within 10 business days of being notified by the certified IDR entity, provided that the initiating party’s 4-business-day period to resubmit the batched dispute expired between August 3 and August 9, 2023.
  • The deadline to submit fees and offers will remain 10 business days after certified IDR entity selection.
  • Disputing parties with batched disputes that were impacted by the temporary suspension of use of the notice of offer form will be granted an additional 10 business days to submit offers, as communicated to impacted disputing parties by email from the Federal IDR Inbox.

The deadline extensions announced December 15, 2023 supplement extensions the Departments previously announced in November, 2023. On November 22, 2023, the Departments used their statutory authority (Internal Revenue Code Section 9816(c)(9), ERISA Section 716(c)(9), and PHS Act Section 2799A-1(c)(9)) to grant extensions in the following circumstances:

  • Disputing parties may request additional time, beyond the current business day deadline, to respond to the certified IDR entity’s requests for additional information. The Departments instructed certified IDR entities to grant such requests through January 16, 2024.
  • Certified IDR entities may provide parties, upon request, an additional 10 business days after the original offer deadline to submit an offer. Certified IDR entities may provide parties this additional time, as needed, through January 16, 2024.

On November 29, 2023, the Departments also announced another extension of the timeline for disputing parties to select a certified IDR entity. Under this extension, disputing parties will have 10 business days to select a certified IDR entity for all disputes through January 16, 2024. This extension will be provided automatically and does not require a request by disputing parties.

The Departments already announced the November 22, 2023 and November 29, 2023 extensions until January 16, 2023 for new single and bundled disputes and these extensions will persist for all disputes until January 16, 2023.

In connection with their full reopening of the IDR portal, the Departments renewed prior reminders to parties accessing or using the IDR portal to clear their computer’s cache or open the Federal IDR initiation web forms in a private or incognito window to see all the new features at least once a week to ensure access to the most up-to-date version of the initiation form as the Departments continue to implement Federal IDR web forms to accommodate guidance-related and system enhancements. Users failing to follow this recommendation risk additional follow-up with certified IDR entities or system errors.  

Users also are encouraged to review other previously published guidance, including No Surprises Act (NSA) Independent Dispute Resolution (IDR) Batching and Air Ambulance Policy Frequently Asked Questions (FAQs)FAQs about Affordable Care Act and Consolidated Appropriations Act, 2023 Implementation Part 63 (FAQs Part 63)FAQs about Consolidated Appropriations Act, 2021 Implementation Part 62 (FAQs Part 62), and the August 2023 IDR Administrative Fees FAQs for further information. Parties can also reference

Parties should reference the No Surprises Act (NSA) Independent Dispute Resolution (IDR) Batching and Air Ambulance Policy Frequently Asked Questions (FAQs)FAQs about Affordable Care Act and Consolidated Appropriations Act, 2023 Implementation Part 63 (FAQs Part 63)FAQs about Consolidated Appropriations Act, 2021 Implementation Part 62 (FAQs Part 62), and the August 2023 IDR Administrative Fees FAQs for further information. Parties can also reference updated IDR system job aids and updated guidance documents for further information.

Questions can be directed to the Federal IDR mailbox at FederalIDRQuestion@cms.hhs.gov. Any additional updates will be provided at www.cms.gov/nosurprises as they become available.

Parties should reference the No Surprises Act (NSA) Independent Dispute Resolution (IDR) Batching and Air Ambulance Policy Frequently Asked Questions (FAQs)FAQs about Affordable Care Act and Consolidated Appropriations Act, 2023 Implementation Part 63 (FAQs Part 63)FAQs about Consolidated Appropriations Act, 2021 Implementation Part 62 (FAQs Part 62), and the August 2023 IDR Administrative Fees FAQs for further information. Parties can also reference updated IDR system job aids and updated guidance documents for further information.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2023 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on No Surprises Act Dispute Resolution Portal For All Covered Health Claims | Corporate Compliance | Tagged: , , , , , , , , , , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

Health Plans Warned To Prevent Phishing By 1st Phishing-Related HIPAA Settlement

December 8, 2023

Health plans and other entities covered by the Health Insurance Portability and Accountability Act (“HIPAA”) should tighten their phishing deterrence and other safeguards in response to the announcement of the Department of Health and Human Services Office of Civil Rights (“OCR”) of its settlement of its first official phishing-related HIPAA charges with a Louisiana medical group subject to HIPAA as a health care provider.

The resolution agreement with LaFourche Medical Group (“LaFourche”) announced December 7, 2023, resolves the first HIPAA charges OCR has classified officially as arising from a phishing attack warns health plans, health care providers, health care clearinghouses (“Covered Entities”) and their business associates (collectively, “HIPAA Entities”) to ensure the adequacy of their risk analysis, safeguards, training and other processes for guarding electronic protected health information (“ePHI”) against phishing or other impermissible access.

HIPAA Entities Duty To Guard EPHI Against Phishing

The HIPAA Privacy Rule and Security Rule require health care providers, heath plans, health care clearinghouses (“Covered Entities”) and their businesses associates (collectively “HIPAA Entities”) to protect EPHI and other protected health information against use, access, disclosure or destruction by third parties except under the conditions allowed by HIPAA.  These requirements include the requirements of the Security Rule to conduct and document comprehensive security assessments of risks to sensitive data systems, to implement and enforce detailed security safeguards to protect EPHI and the systems containing that data against these threats, to train and enforce compliance with these safeguards, and other requirements.  Meanwhile, the HIPAA Breach Notification Rule requires Covered Entities to report most breaches of unsecured EPHI to individuals whose data is affected, OCR, and in the case of breaches of EPHI affecting more than 500 individuals, to the media. 

Phishing is a type of cybersecurity attack used to trick individuals into disclosing sensitive information via electronic communication, such as email, by impersonating a trustworthy source. See OCR Quarter 1 2022 Cybersecurity Newsletter; OCR February 2018 Phishing Cybersecurity Newsletter.

OCR guidance confirms OCR views defending ePHI against phishing as a key part of compliance with these HIPAA requirements.  See, e.g. OCR Quarter 1 2022 Cybersecurity Newsletter; Defending Against Common Cyber-Attacks; AI-Augmented Phishing and the Threat to the Health Sector; HHS 405d Health Industry Cybersecurity Practices on Email Phishing Attacks; Videos on “How the HIPAA Security Rule Can Help Defend Against Cyber-Attacks” in English and Spanish. OCR February 2018 Phishing Cybersecurity Newsletter.  

OCR data confirms the number of breaches of unsecured ePHI reported to the OCR affecting 500 or more individuals (“large breaches”) due to hacking or IT incidents increased 45% from 2019 to 2020,  and hacking or IT incidents accounted for 66% of all large breaches reported to OCR in 2020. U.S. Department of Health and Human Services Breach Portal.  In keeping with this trend, large breaches affected more than 55 million individuals in 2022 and more than 89 million individuals in 2023.  OCR reports phishing played a key role in many of these breaches and contributed to many other breaches currently under OCR investigation.  See U.S. Department of Health and Human Services Breach Portal; OCR Quarter 1 2022 Cybersecurity NewsletterIt bears noting that the most costly and largest HIPAA breaches overall and virtually all OCR resolution agreements with health plans have involved large scale breaches resulting from phishing or other hacking.

The widespread availability and use of artificial intelligence technology has only made phishing attempts more effective, especially since those tools are freely available to the public. AI-Augmented Phishing and the Threat to the Health Sector

The 2021 HIMSS Healthcare Cybersecurity Survey reveals phishing is the most common attack impacting healthcare organizations, comprising almost half of all attacks. Data shows hackers frequently use phishing against the health sector because it often leads to data breaches that allow attackers to access large quantities of lucrative stolen health data. AI-Augmented Phishing and the Threat to the Health Sector.

LaFourche Breach & Findings

The OCR investigation of LaFourche arose from a May 28, 2021 data breach report LaFourche filed reporting a March 30, 2021 breach. According to the breach report, LAFOURCHE  learned on March 30, 2021, that an unauthorized individual obtained access to one of its owners’ email accounts through a phishing attack. LAFOURCHE  determined that the email account contained patients’ EPHI. According to the report, on March 30, 2021, LAFOURCHE  learned that an unauthorized individual obtained access to one of its owners’ email accounts through a phishing attack. LAFOURCHE  determined that the email account contained patients’ protected health information (PHI). As LAFOURCHE  was unable to identify the specific patients affected, LAFOURCHE  notified all of its patients – approximately 34,862 individuals of the incident. As LAFOURCHE  was unable to identify the specific patients affected, LAFOURCHE  notified all of its patients – approximately 34,862 individuals – of the incident.

OCR’s investigation opened in January, 2022 in response to the breach report revealed found that before LAFOURCHE  made the breach report LAFOURCHE  never conducted a Security Rule risk analysis and had no policies or procedures in place to regularly review information system activity to safeguard protected health information against cyberattacks. 

To resolve OCR HIPAA charges arising from the breach, LaFourche agreed to pay $480,000 to OCR and to implement and follow a corrective action plan that includes the following requirements:

  • Establishing and implementing security measures to reduce security risks and vulnerabilities to electronic protect health information in order to keep patients’ protected health information secure;
  • Developing, maintaining, and revising written policies and procedures as necessary to comply with the HIPAA Rules; and
  • Providing training to all staff members with access to patients’ protected health information on HIPAA policies and procedures.

OCR will monitor for two years. LaFourche’s adherence with the compliance plan for two years.

While the $480,000 that LaFourche is a significant amount for a medical practice to pay, agreeing and adhering to the requirements of the settlement agreement and its incorporated corrective action plan allows LaFourche to avoids becoming subject to significantly greater civil monetary penalties authorized by HIPAA for breaches of its Privacy, Security and Breach Notification Rules.  Under the terms of the resolution agreement, however, HHS can still pursue civil monetary penalties against LaFourche for the violations if OCR finds LaFourche failed to comply with any of the requirements of its corrective action plan or otherwise violates HIPAA.

LaFourche Resolution Agreement Warning To All HIPAA Entities To Tighten Phishing Defenses

The LaFourche resolution agreement serves as a warning to other HIPAA entities.  OCR’s announcement of the settlement quotes OCR Director Melanie Fontes Rainer as stating, “It is imperative that the health care industry be vigilant in protecting its systems and sensitive medical records, which includes regular training of staff and consistently monitoring and managing system risk to prevent these attacks. We all have a role to play in keeping our health care system safe and taking preventive steps against phishing attacks.”

Based on the LaFourche resolution agreement and other guidance, HIPAA entities should heed this warning by ensuring their organization is prepared to demonstrate to OCR in the event of an OCR audit or breach investigation by among other things, establishing appropriate governance with C-level oversight of compliance efforts; conducting documented periodic systemic risk assessments addressing phishing and other threats;  actions taken to implement appropriate safeguards and monitor their effectiveness; appropriate workforce training and enforcement of policies and procedures; timely investigation and response to known or suspected breaches; timely breach reporting and mitigation; and other compliance with the Security Rule.

With regard to phishing, the Office of Information Security Whitepaper on AI-Augmented Phishing and the Threat to the Health Sector provides specific tips for successful prevention of phishing attacks including but not limited to:

  • Ensuring proper email server configuration or integrating a spam gateway or other appropriate additional platform into the information infrastructure, such as a spam gateway filter, to help filter unwanted e-mails;
  • Multi-factor authentication (MFA) requirements to protect against stolen credentials, which can be the initial purpose of a phishing attack;
  • Up-to-date malware and other security software to detect malware as it is being executed onto the system;
  • Conducting periodic end-user awareness training on detection of phishing e-mails and interacting with all e-mail with healthy skepticism including specific training on comment formats and tricks including those generated using AI tools;
  • Systematically using appropriately updated and robust processes for monitoring and detecting suspicious activities/indicators on an ongoing basis.

HIPAA entities also should keep in mind that phishing is only one of a multitude of compliance and enforcement risks highlighted by OCR’s recent enforcement and guidance. Along with reviewing and updating their phishing defenses, HIPAA entities also should review and update other processes as needed to manage these exposures.

Additionally, HIPAA entities and their leaders also should take steps to understand and fully address all other statutory, ethical, contractual or other privacy or confidentiality requirements beyond those imposed by HIPAA. For example, health care providers, health plans and their fiduciaries, brokers, administrators and insurers also may bear responsibilities under the Employee Retirement Income Security Act fiduciary responsibility rules, the Fair and Accurate Credit Transactions Act, federal and state electronic crimes and privacy laws. Publicly traded organizations and their leaders may face responsibilities and liability under new Securities and Exchange Commission regulations. The Employee Benefit Security Administration considers managing cybersecurity risks a part of the fiduciary obligations of fiduciaries of employment-based health plans. Meanwhile, health care providers, insurance organizations and brokers, third party administrators, government contractors, attorneys and other advisors and others also may be subject to medical confidentiality and other data privacy and security obligations under federal and state electronic crimes, identity theft, ethics, professional licensure, contractual, common law privacy and other statutory and common laws.

While it commonly is necessary or advisable to involve consulting or other technical support in the conduct of these activities, HIPAA entities should keep in mind the likelihood that their analysis and review is likely to uncover and prompt discussion of potentially legally or politically sensitive information. For this reason, HIPAA entities and their leaders generally will want to engage experienced legal counsel for assistance in structuring and executing these activities to maximize their ability to claim attorney-client privilege or other evidentiary protections against discovery or disclosure of certain aspects of these activities.

Finally, HIPAA entities should keep in mind that HIPAA and other cybersecurity compliance and risk management is an ongoing process requiring constant awareness and diligence.  Consequently, HIPAA entities should both monitor OCR and other regulatory and enforcement developments as well as exercise ongoing vigilance to monitor and maintain compliance within their organizations.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication. 

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2023 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on Health Plans Warned To Prevent Phishing By 1st Phishing-Related HIPAA Settlement | Corporate Compliance | Tagged: , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

Employer’s Overzealous I-9 Documentation Demand Triggers Civil Monetary Penalty

December 7, 2023

A Florida steakhouse must pay civil monetary penalty for violating the Immigration and Nationality Act (“INA”) by requiring extra proof of eligibility of an employee to work in the United States.

A settlement agreement between OSI/Fleming’s LLC, which owns and operates the Fleming’s Prime Steakhouse & Wine Bar (“Fleming’s”) restaurant in Sandestin, Florida and the Justice Department announced December 7, 2023 resolves the department’s determination that Fleming’s violated the Immigration and Nationality Act (INA) by discriminating against a lawful permanent resident when checking whether he had ongoing permission to work.

U.S. law requires all employers to verify the eligibility of each employee to work by completing the required Form I -9, Employment Eligibility Verification (“I-9”). Completion of this duty requires the employer to confirm the worker’s identity and permission to work in the U.S. by requiring the worker to present an appropriate combination of legally acceptable documentation from the options listed on the I-9.

The I-9 rules allow workers to choose which valid, legally acceptable documentation to present to demonstrate their identity and permission to work, regardless of citizenship, immigration status or national origin. Employers cannot demand more documents than are necessary or specify documentation they prefer to see as part of this process.

After opening an investigation based on a worker’s complaint, the Department concluded that Fleming’s discriminated against a lawful permanent resident by rejecting the valid documents the worker originally provided and unnecessarily requiring him to present a document with an expiration date to prove his citizenship status. When yhe employee failed to do so, Fleming’s fired him.

After the department started its investigation, Fleming’s rehired the worker and paid him lost wages. Under the agreement, Fleming’s will pay a civil penalty of $7122.00 to the United States, train its human resources staff on the INA’s requirements and provide an alternative way of accepting a worker’s documentation if the company’s software will not accept a worker’s valid documentation.

The enforcement action cautions other employers to use care to closely follow the I-9 documentation requirements.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and VIce-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her labor and employment, employee benefit, health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions for Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as: 

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2023 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

Comments Off on Employer’s Overzealous I-9 Documentation Demand Triggers Civil Monetary Penalty | citizenship, Corporate Compliance, Employer, Employers, Human Resources, I-9, national origin, Nonresident aliens | Permalink
Posted by Cynthia Marcotte Stamer

Brett Brenner Appointed EEOC Deputy Chief Operating Officer

December 6, 2023

Brett Brenner has been appointed to the U.S. Equal Employment Opportunity Commission’s Deputy Chief Operating Officer position, effective December 3, 2023, The EEOC announced the appointment December 6., 2023.

A Senior Executive Service (SES) managerial position at the agency, Brenner has a long REOC employment history. Before his appointment Brenner was serving as the acting deputy chief operating officer for the EEOC and responsible for oversight of financial management, security issues, and internal equal employment opportunity and civil rights matters. Previously, Brenner was the associate director of the EEOC’s Office of Communications and Legislative Affairs for 13 years, an attorney in the EEOC’s Office of Legal Counsel, and an attorney-advisor in the agency’s Office of Field Programs. Brenner began his career with the EEOC in 1997 as a law clerk.

Before coming to the EEOC, Brenner also worked on the U.S. Senate Committee on Labor and Human Resources for Senators Nancy Kassebaum Baker of Kansas and Jim Jeffords of Vermont.

Brenner is a graduate of the University of Kansas, where he earned bachelor’s degrees in political science and journalism, as well as a juris doctor.

The SES is a federal government personnel program in which civil service employees serve at a level just below the top presidential appointee.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and VIce-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her labor and employment, employee benefit, health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions for Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2023 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

Comments Off on Brett Brenner Appointed EEOC Deputy Chief Operating Officer | Corporate Compliance | Tagged: | Permalink
Posted by Cynthia Marcotte Stamer

Texas Private Employer COVID-19 Vaccination Mandates Prohibited Effective February 6, 2024

December 1, 2023

After February 5, 2024, a new Texas law will prohibit Texas private employers from requiring employees get Covid – 19 vaccinations.

Senate Bill 7 bans private employers from requiring COVID-19 vaccines in the workplace. The new law will take effect on February 6, 2024. The law contains no exceptions for healthcare providers such as hospitals. Instead, the law allows healthcare and other employers previously to require unvaccinated staff to wear masks and other protective equipment.

Chapter 81B of the Texas Health and Safety Code already prohibits state and local governments from adopting workplace vaccine mandates. Provisions of the new law prohibiting private employer COVID-19 vaccination mandates will be incorporated in the newly created Chapter 81D. Accordingly, Texas law will prohibit all public and private employers from imposing workforce Covid – 19 vaccinations after February 5, 2024.

During the Covid – 19 pandemic, federal law, mandated workplace vaccination mandates for hospitals, government contractors, and various other organizations. During the course of the pandemic, these mandates were substantially eviscerated by a series of court decisions, and other regulatory modifications before ultimately being suspended or withdrawn by the close of the pandemic. Although the limitation and suspension of these federal mandates as an explicit requirement eliminated noncompliance with the mandates as a basis for per se prosecution under these requirements, it did not fully eliminate potential employer exposure for failing to require vaccination under federal law., Advocates for vaccination have argued that requiring vaccination during a period of contagion for Covid – 19 or other contagious diseases may be required to comply with the general duty clause under the Occupational Health & Safety Act. Since the abatement of Covid – 19 pandemic, this risk has been lessof a concern to most employers.

With Covid – 19 infection rates rising in recent months, however, employers generally will want to evaluate and document their policies and efforts to protect their workers from Covid – 19 and other highly contagious diseases in their workplaces taking account mandates, safety standards, and specific statute like the new Texas vaccination ban well to mitigate potential federal, occupational health and safety act, liability, exposures and costs and operational disruptions that typically follow an outbreak in their workplaces.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and VIce-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her labor and employment, employee benefit, health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions for Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2023 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

Comments Off on Texas Private Employer COVID-19 Vaccination Mandates Prohibited Effective February 6, 2024 | Corporate Compliance | Permalink
Posted by Cynthia Marcotte Stamer

Pizza Operator Faces Prison Time For Failing To Pay Employment Taxes

November 27, 2023

A Maryland restaurant owner faces up to five years in prison after he pleaded guilty l to willfully failing to pay employment taxes withheld from his employees’ wages today. One of a long list of criminal tax enforcement actions this year, the convictions demonstrates the risk business owners and operators run for willfully failing to properly withhold and pay employment taxes.

According to court documents and statements made in court, Francesco Illiano owned and operated two restaurants and a property management company that employed over 100 people. Illiano was responsible for collecting, accounting for and paying the income and Social Security and Medicare taxes withheld from the wages of employees of the three companies he controlled. From at least April 2014 to July 2016, the Justice Department says Illiano did not pay the withholdings to the IRS. Illiano had previously been assessed a Trust Fund Recovery Penalty for not paying more than $1.4 million in taxes withheld from employees of five Green Turtle restaurants he owned in 2011 and 2012. In total, Illiano caused a tax loss to the IRS of over $1.7 million.

Illiano is scheduled to be sentenced on March 6, 2024. Under the U.S. Sentencing Guidelines, he faces a maximum penalty of five years in prison as well as a period of supervised release, restitution and monetary penalties.

Business leaders should heed the conviction as a reminder of the importance of proper employment tax withholding and payment.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and VIce-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her labor and employment, employee benefit, health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions for Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as: 

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2023 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

Comments Off on Pizza Operator Faces Prison Time For Failing To Pay Employment Taxes | Corporate Compliance | Permalink
Posted by Cynthia Marcotte Stamer

New HIPAA Resolution Agreement Warns Health Plans & Other HIPAA-Covered Entities To Manage Media Relations, Access & Disclosure

November 21, 2023

A newly-announced settlement agreement and corrective action plan (the “Settlement”) between a prominent New York academic medical center and the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (“OCR”) arising from disclosures and access allowed a reporter covering the COVID-19 pandemic warns health care providers, health plans, healthcare clearinghouses (“covered entities”), their business associates and workforce members (collectively, “HIPAA entities”) to prevent their organizations and workforce members not to share protected health information (“PHI”) or allow reporters or other media to access patients or PHI without first obtaining the legally required patient authorizations as well as evaluate their own organization’s potential exposure to OCR enforcement from known or suspected unauthorized disclosures of PHI by their own organizations or workforce during the COVID-19 pandemic or other events over the past two years.

While the Settlement involved a health care providers, health plans and other HIPAA entities also are subject to the same HIPAA requirements to prevent unauthorized photography, videos, or other sharing or disclosure of participant or other PHI to media in interviews or other media interactions or by workforce members, business associates or other third parties. Furthermore, since the Employee Benefit Security Administration now views HIPAA compliance and other prudent steps to protect PHI and other sensitive health information as part of fiduciaries and plan administrator’s ERISA compliance obligations, the management of these and other HIPAA obligations also is critical to ERISA compliance. Accordingly, health plans and their fiduciaries, administrators, and sponsors should confirm their continued compliance in light of the insights provided by the Settlement and related OCR guidance.

HIPAA-Compliant Authorization Required Before Media Access To Patients Or Patient Information

The HIPAA Privacy Rule prohibits SJMC and other HIPAA entities from disclosing any patient’s PHI unless::

  • The individual who is the subject of the information (or the individual’s personal representative) authorizes the disclosure in writing in the form required by the Privacy Rule; or
  • The Privacy Rule otherwise expressly permits or requires the disclosure.

OCR guidance makes clear that these prohibitions continue to apply when health care providers or other HIPAA entities are dealing with have print, television, or other media reporters.

SJMC Settlement

The  Settlement between OCR and St. Joseph’s Medical Center (“SJMC”) resolves potential OCR charges that SJMC violated the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule by allowing an Associated Press (“AP”) reporter to access, photograph, and review clinical information of three COVID-19 patients without appropriate HIPAA authorization.  Although the dated documents governing the Settlement reflect the parties reached the Settlement Agreement in August, OCR only made the Settlement public on November 20, 2023.

The OCR investigation that prompted the settlement began shortly an AP article about SJMC’s response to the COVID-19 public health emergency containing photographs and information about three COVID-19 patients came to OCR’s attention.  The nationally distributed article included pictures of the three patients as well as details about the patients’ COVID-19 diagnoses, current medical statuses and medical prognoses, vital signs, treatment plans, and other PHI.

OCR determined from the investigation that SJMC allowed the AP reporter to observe and access clinical information of three patients receiving treatment for COVID on April 20, 2020 without first obtaining the necessary patient authorization required by HIPAA and that the disclosures were not otherwise allowed by any other exception to the Privacy Rule.

To avoid potentially much larger civil monetary penalties authorized by HIPAA, SHMC entered into the Settlement under which it agreed to pay $80,000 to OCR and agreed to develop written policies and procedures and train its workforce to comply with the HIPAA Privacy Rule. Under the Settlement, OCR also will monitor SHMC’s HIPAA compliance for two years.

Prior OCR Enforcement & Guidance Warned HIPAA Entities About Media Disclosures

OCR guidance and enforcement actions alerted SJMC and other HIPAA entities of their HIPAA responsibility not to disclose or allow access by the media or other third parties long before SJMC allowed the media access and disclosures that resulted in the new Settlement.

  • 2013 Shasta Regional Medical Center Enforcement

Shasta Regional Medical Center (“SRMC”) holds the distinction of being the first covered entity punished for wrongfully disclosing PHI to the media.  Under a resolution agreement OCR announced on June 14, 2013, OCR required SRMC to pay OCR $275,000 and implement a series of corrective actions for using and disclosing to the media PHI of a patient while trying to perform public relations damage control against accusations reported in the media that SRMC had engaged in fraud or other misconduct when dealing with the patient.   That SRMC resolution Agreement followed an OCR investigating a January 4, 2012 Los Angeles Times article report that two SRMC senior leaders had met with media to discuss medical services provided to a patient.  OCR’s investigation indicated that SRMC failed to safeguard the patient’s PHI from impermissible disclosure by intentionally disclosing PHI to multiple media outlets on at least three separate occasions, without a valid written authorization. OCR’s review also revealed senior management at SRMC impermissibly shared details about the patient’s medical condition, diagnosis and treatment in an email to the entire workforce.  Further, SRMC failed to sanction its workforce members for impermissibly disclosing the patient’s records pursuant to its internal sanctions policy.

  • 2016 NY-Presby Resolution Agreement & OCR Media Guidance

OCR’s next warnings to covered entities about their HIPAA responsibilities when dealing with the media came in 2016, when OCR concurrently announced a $2.2 million settlement with New York-Presbyterian Hospital and published its 2016 Frequently Asked Question (“Media FAQ”) addressing the obligation to comply with HI)PAA when dealing with the media.

According to the NY-Presby Resolution Agreement, OCR’s investigation revealed that NY-Presbyterian “blatantly” violated HIPAA when it allowed ABC film crews and staff virtually unfettered access to its health care facility.  OCR says the access NY-Presbyterian allowed ABC effectively created an environment where patients PHI could not be protected from impermissible disclosure to the ABC film crew and staff filming the episode.  While the Resolution Agreement reflects allowing the filming and other access to ABC without prior HIPAA-compliant authorization from patients in the facility itself violated HIPAA, OCR also particularly found “egregious” the facility allowing ABC film crews and staff to film a dying patient and another patient in significant distress without first obtaining a HIPAA-compliant authorization from each of those patients and even more so that NY-Presbyterian failed stop the filming even after a medical professional urged the crew to stop.

Based on its investigation, OCR charged NY-Presbyterian with violating 45 C.F.R. §§ 164.502(a) and 164.530(c) by:

  • Impermissibly disclosing the PHI of two identified patients to the film crew and other staff of “NY Med;”
  • Failing appropriately and reasonably to safeguard its patients’ PHI from disclosure during the filming of “NY Med” on its premises; and
  • Failing to implement policies, procedures, and practices to protect the privacy of the filming of  the television show.

OCR collected $2.2 million from New York-Presbyterian Hospital as the required settlement payment under that resolution agreement.

  • 2016 Media FAQ Guidance

Coincident with its announcement of the NYPH Settlement, OCR published the 2016 Media FAQ addressing HIPAA entities’ responsibilities when dealing with the media that outlined its interpretation of HIPAA as requiring HIPAA entities to protect patients and their PHI against unauthorized filming, photography, observation, and other access by news or other media or even other staff, patients or visitors. 

Among other things, the Media FAQ states that HIPAA prohibits health care providers and other HIPAA entities from inviting or allowing media personnel into treatment or other areas where patients or patient PHI will be accessible in written, electronic, oral, or other visual or audio form, or otherwise making PHI accessible to the media without prior written authorization from each patient or other subject of the PHI who is or will be in the area or whose PHI otherwise will be accessible to the media except in a very limited set of circumstances set forth in the Media FAQ.

The Media FAQ also states, “It is not sufficient for a health care provider to request or require media personnel to mask the identities of patients (using techniques such as blurring, pixelation, or voice alteration software) for whom authorization was not obtained, because the HIPAA Privacy Rule does not allow media access to the patient’s PHI, absent an authorization, in the first place.

In addition, the Media FAQ states that a health care provider also must ensure that reasonable safeguards are in place to protect against impermissible disclosures or to limit incidental disclosures of other PHI that may be in the area but for which authorization has not been obtained.

Concerning the limited circumstances when a health care provider or other HIPAA entity or business associate may disclose to the media or allow unconsented filming, photographing or use of PHI to the media or other film crews, the Media FAQ also clarifies that the HIPAA Privacy Rule does not require health care providers to prevent members of the media from entering areas of their facilities that are otherwise generally accessible to the public like public waiting areas or areas where the public enters or exits the facility.

In addition, the Media FAQ states a health care provider or other HIPAA entity may:

  • Disclose limited PHI about the incapacitated patient to the media in accordance with the requirements of 45 C.F.R. 164.510(b)(1)(ii) when, in the hospital’s professional judgment, doing so is in the patient’s best interest; or
  • Disclose a patient’s location in the facility and condition in general terms that do not communicate specific medical information about the individual to any person, including the media, without obtaining a HIPAA authorization where the individual has not objected to his information being included in the facility directory, and the media representative or other person asks for the individual by name as specified in 45 C.F.R. 164.510(a).

The Media FAQ also discusses circumstances where a healthcare provider or other HIPAA entity may use the services of a contract film crew to produce training videos or public relations materials on the provider’s behalf if the provider ensures that the film crew acting as a business associate enters into a HIPAA compliant business associate agreement with the HIPAA entity which among other things ensures that the film crew will safeguard the PHI it obtains, only use or disclose the PHI for the purposes provided in the agreement, and return or destroy any PHI after the work for the health care provider has been completed as required by 45 C.F.R. 164.504(e)(2). The Media FAQ also states that as a business associate, the film crew must comply with the HIPAA Security Rule and a number of provisions in the Privacy Rule, including the Rule’s restrictions on the use and disclosure of PHI.  In addition, the Media FAQ reminds HIPAA entities and business associates of the need to obtain prior authorizations from patients whose PHI is included in any materials before any of those materials are posted online, printed in brochures for the public, or otherwise publicly disseminated.

Finally, the Media FAQ states HIPAA entities can continue to inform the media of their treatment services and programs so that the media can better inform the public, provided that, in doing so, the covered entity does not share PHI with the media.

  • Memorial Herrman Health System Resolution Agreement

OCR’s next media coverage-related enforcement action involved the largest not-for-profit health system in Southeast Texas, Memorial Hermann Health System (MHHS). The 2017 MHHS Resolution Agreement and Corrective Action Plan resulted from HHHS issuing a press release with the name and other PHI  about a patient arrested and charged with fraudulently obtaining health care by presenting an allegedly fraudulent identification card to MHHS office staff without first obtaining authorization from the patient.  MHHS paid OCR a $2.4 million resolution payment as well as agreed to implement a detailed corrective action plan.  See $2.4M HIPAA Settlement Warns Providers About Media Disclosures Of PHI.

  • Three Resolution Agreements Following Disclosures ForBoston Trauma Reality Series

OCR followed up the next year with a concurrent announcement of resolution agreements against three unrelated hospitals for allowing ABC film crews to film in  patient treatment and other areas for the ABC medical documentary “Save My Life: Boston Trauma” series.  Under three separate settlement agreements, OCR collected a total of $999,000 from Boston Medical Center, Brigham and Women’s Hospital, and Massachusetts General Hospital for putting publicity before patient privacy by allowing ABC News documentary film crews to film patients and access other patient information for a news documentary without obtaining prior patient authorization under three separate settlement agreements with the hospitals.

The circumstances that resulted in the three resolution agreements announced on September 20, 2018 were strikingly similar to those underlying the NY-Presby Resolution Agreement. Notably, the investigations that resulted in the three settlement agreements all arose out of each of the respective hospital’s permitting an ABC documentary film crew filming a medical documentary to access patient areas of their hospitals. 

OCR’s investigation of MGH arose in response to an announcement about the impending filming on its website while OCR’s investigations of BMC and BWH started in response to a January 12, 2015 Boston Globe article that reported the Hospitals each separately had allowed ABC film crews filming a documentary to access PHI and film patients without obtaining patient authorization.  See Boston Medical Center Resolution Agreement (BMC Settlement Agreement);  Brigham and Women’s Hospital Resolution Agreement (BWH Settlement Agreement); and Massachusetts General Hospital Resolution Agreement (MGH Resolution Agreement)

The MGH Resolution Agreement reflects that OCR’s investigations began with an investigation of MGH on December 17, 2014 based on a news story posted to MGH’s website on October 3, 2014, indicating that ABC News would be filming a medical documentary program at MGH. The MGH Resolution Reports that the investigation revealed that before allowing the filming between October 2014 to January 2015, MGH reviewed and assessed patient privacy issues related to the filming and implemented various protections regarding patient privacy, including providing the ABC film crew with the same HIPAA privacy training received by MGH’s workforce.

Information contained in the respective settlement agreements reflect that OCR’s investigations of BMC and BWH began about a month later on January 25 and 26, 2015 respectively in response to the Boston Globe article. The BWH Settlement Agreement states that the BWH investigation revealed that like MGH, BWH reviewed and assessed patient privacy issues related to the filming and implemented various protections regarding patient privacy, including providing the ABC film crew with the same HIPAA privacy training received by BWH’s workforce before allowing the filming by the ABC film crew that occurred between October 2014 to January 2015.  The BMC Settlement Agreement does not state that OCR found BMC engaged in similar deliberations or undertook the same or other efforts to safeguard patients and their PHI.

The BMC Settlement Agreement reports that the OCR concluded based on the BMC investigation showed that BMC impermissibly disclosed PHI of patients to ABC employees during the production and filming of a television program at BMC in violation of HIPAA.  Meanwhile, while acknowledging the privacy deliberations and efforts undertaken at MGH and BWH, OCR also concluded that each of those organizations also violated HIPAA because in allowing the film crew access and to film patients and patient areas:

  • The timing at which they obtained patient authorizations showed MGH and BWH impermissibly disclosed the PHI of patients to ABC employees during the production and filming of a television program at BWH; and
  • Despite the various patient privacy protections in place, MGH and BWH failed to safeguard its patients’ PHI appropriately and reasonably from disclosure during a filming project conducted by ABC on its premises in 2014 and January 2015.

To resolve potential HIPAA violations, BMC has paid OCR $100,000, BWH has paid OCR $384,000, and MGH has paid OCR $515,000. In addition, each Hospital agreed to provide workforce training as part of a corrective action plan that will include OCR’s guidance on disclosures to film and media in the 2016 Media FAQ.

  • Allergy Associates of Hartford, P.C. Resolution Agreement

Large institutional health care organizations are not the only HIPAA entities subjected to OCR investigation or enforcement for inappropriate sharing of PHI with the media.  In its November 2018

On November 26, 2018, OCR announced  that Allergy Associates, the three doctor health care practice Allergy Associates of Hartford, P.C. would pay OCR $125,000 and take corrective action under a  Resolution Agreement and Corrective Action Plan resolving charges stemming from comments a physician made to a reporter on a patient dispute with the practice in 2015 violated HIPAA.

According to OCR, the disclosure of patient information that prompted OCR’s HIPAA charges resulted from a physician associated with the practice commenting to a local television station reporter for a story about a disabled patient’s complaint to the station that Allergy Associates turned her away from a scheduled appointment because of her use of a service animal.  After the patient contacted the television statement to complain about being turned away by the practice when accompanied by her service animal, the station contacted the doctor for comment about the dispute between the Allergy Associates’ doctor and the patient.  Although OCR reports its investigation revealed that Allergy Associates’ Privacy Officer instructed the doctor to either not respond to the media or respond with “no comment,” the doctor nevertheless accepted the television station reporter’s invitation to comment and discussed the dispute with the reporter.

OCR learned of the physician’s unauthorized comments to the reporter when it received a copy of an October 6, 2015, HHS civil rights complaint filed on behalf of the patient with the Department of Justice, Connecticut, U.S. Attorney’s Office (DOJ) by the Connecticut Office of Protection and Advocacy for Persons with Disabilities (OPA).  In response to this complaint, OCR initiated a joint investigation with DOJ into the civil rights allegations against Allergy Associates. The complaint also alleged that Allergy Associates impermissibly disclosed the patient’s PHI in violation of HIPAA.

OCR found the physician’s discussion of the patient’s complaint without first obtaining a HIPAA-complaint authorization from the patient both violated HIPAA and demonstrated a reckless disregard for the patient’s HIPAA privacy rights.  Additionally, Resolution Agreement also states that OCR’s investigation revealed that Allergy Associates did not take any disciplinary or other corrective action against the doctor after learning of his impermissible disclosure to the media.

To resolve the HIPAA charges, Allergy Associates agrees in the Resolution Agreement and Corrective Action Plan to pay $125,000 as well as to undertake a corrective action plan that includes two years of monitoring their compliance with the HIPAA Rules.

  • OCR COVID-19 HIPAA Guidance & Warnings About Media-Related HIPAA Responsibilities

With the COVID-19 pandemic fueling a torrent of media inquiries and coverage of patient, workforce and other aspects of the pandemic, OCR reminded health care providers and other HIPAA entities of HIPAA’s requirement of prior authorization before sharing PHI or allowing media to access patients or areas where media could observe patients or their PHI throughout the COVID-19 pandemic.

In its May 5, 2020 Guidance on Covered Health Care Providers and Restrictions on Media Access to Protected Health Information about Individuals in Their Facilities (“5/5 Guidance”), OCR warned covered health care providers and other HIPAA entities that the Privacy Rule prohibits HIPAA entities from giving media or film crews access to PHI including access to facilities where patients’ PHI could be accessible without the patients’ prior authorization and cautioned testing facilities and other health care providers to prevent unauthorized use, access or disclosure of test results and other PHI except as specifically allowed in the applicable HIPAA Law.  In this respect, the 5/5 Guidance quoted then OCR Director Roger Severino, as unequivocally stating “Hospitals and health care providers must get authorization from patients before giving the media access to their medical information; obscuring faces after the fact just doesn’t cut it.”

Consistent with this warning, the 5/5 Guidance described reasonable guidelines and safeguards that HIPAA entities should use to protect the privacy of patients whenever the media is granted access to facilities.  Additionally, the 5/5 Guidance specifically warned HIPAA entities among other things that:

  • HIPAA does not permit covered health care providers to give the media, including film crews, access to any areas of their facilities where patients’ PHI will be accessible in any form (e.g., written, electronic, oral, or other visual or audio form), without first obtaining a written HIPAA authorization from each patient whose PHI would be accessible to the media;  
  • Covered health care providers may not require a patient to sign a HIPAA authorization as a condition of receiving treatment; and
  • Masking or obscuring patients’ faces or identifying information before broadcasting a recording of a patient does not sufficiently deidentify patient information to allow unauthorized disclosure.  A valid HIPAA authorization is still required before giving the media such access. 

OCR emphasized that it expected health care providers and other HIPAA entities to continue to adhere to these Privacy Rule requirements throughout the COVID-10 pandemic even as it granted temporary enforcement relief from a narrow set of other HIPAA requirements during the COVID-19 health care emergency. See e.g., 5/5 Guidance; OCR Issues Guidance on How Health Care Providers Can Contact Former COVID-19 Patients About Blood and Plasma Donation OpportunitiesOCR Announces Notification of Enforcement Discretion for Community-Based Testing Sites During the COVID-19 Nationwide Public Health Emergency;  OCR Announces Notification of Enforcement Discretion to Allow Uses and Disclosures of Protected Health Information by Business Associates for Public Health and Health Oversight Activities During The COVID-19 Nationwide Public Health EmergencyOCR Issues Bulletin on Civil Rights Laws and HIPAA Flexibilities That Apply During the COVID-19 EmergencyOCR Issues Guidance to Help Ensure First Responders and Others Receive Protected Health Information about Individuals Exposed to COVID-19OCR Issues Guidance on Telehealth Remote Communications Following Its Notification of Enforcement DiscretionOCR Announces Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency. Also see generally HIPAA and COVID-19 | HHS.gov.

Despite these warnings, throughout the COVID-19 health care emergency videos and other media reports often incorporated videos or other images of patients and other descriptions or details about patients containing PHI reporters or media outlets obtained from accessing facilities, interviewing workforce members, or shared with the media or others allowed to access patients or facilities, often without a HIPAA-compliant patient authorization and often by workforce members without authorization or otherwise in violation of their employing HIPAA entity’s policies.  See e.g. Ezekiel Elliott COVID-Test Disclosure Highlights Health Care Provider & Plan HIPAA & Other Privacy Risks From Medical Testing & Other Medical Information;, Health care workers express overwhelming fatigue as COVID-19 cases surge across the countryPandemic takes its toll on health care workersABC News Special Coverage:  Coronavirus Pandemic.  Since the widespread media coverage makes clear SJMC was not the only health care provider or other HIPAA entity where the entity or members of its workforce allowed media access to facilities, shared or allowed the media or other third-parties to take patient photos, videos, or shared or allowed media access to other PHI, additional OCR enforcement actions or settlements arising from COVID-19 related media disclosures against other HIPAA-entities are likely.

To mitigate their own organizational exposure to potential HIPAA and other privacy-related exposures from known or as-of-yet unidentified past or future media-related HIPAA violations, all HIPAA entities should consult qualified legal counsel for advice and assistance within the scope of attorney-client privilege on investigating their organizations potential risks from any past media disclosures and opportunities for mitigating any known or uncovered HIPAA exposures by acting proactively as well as for guidance on best practices to prevent or mitigate liability from future dealings with the media.

To promote their compliance and the defensibility of their practices and efforts when compliance issues arise, HIPAA entities need conduct a well-documented assessment of their current and past compliance, policies, practices and workforce training on allowing media or others to enter, film, photograph or record within their facilities or otherwise disclosing or allowing media access to their facilities as well as their policies about when parties not involved in care of a particular patient can film, photograph, or otherwise record, observe or access areas where patients or patient PHI is or might be present without prior written consent of the patient.

Going forward, all HIPAA entities should ensure their policies clearly prohibit their entities, their business associates and their workforce from allowing film or media to film, photograph or even access areas where patients or their PHI are accessible or otherwise disclosing PHI to members of the media without first obtaining a HIPAA-compliant authorization from each patient whose presence or PHI could be observed, recorded or otherwise accessed.  Adopting the policy alone is insufficient, however, HIPAA entities also need to implement and enforce appropriate procedures and training to promote compliance with those policies and processes to monitor and respond to any violations of HIPAA’s requirements.

When considering the adequacy of their current policies, practices and training concerning filming, photography and other access and disclosure to patients, patient treatment areas and other PHI, HIPAA entities should keep in mind that the obligation to prevent unauthorized filming, photography or any other PHI access or disclosure PHI extends to “any third party not involved in patient care,” not merely those to media or film crews. Consequently, HIPAA entities should address potential risks from filming, photographs or other access and disclosure to patients, patient treatment or recordkeeping areas, or PHI by all parties within or with access to their facilities or records including but not limited to staff, business associates, contractors, other patients as well as media or other visitors. 

Recognizing that the NY-Presbyterian corrective action plan included a requirement that NY-Presbyterian require “all photography, video recording and audio recording conducted on NY-Presbyterian premises” be reviewed, preapproved and actively monitored for compliance with the Privacy Rule and NY-Presbyterian’s policies, HIPAA entities also should take steps to monitor and properly restrict and protect any filming, photography or other observations, records or other PHI by individuals within their workforce, as well as to regulate the access and activities of unrelated third parties.  In this respect, HIPAA entities are cautioned about the need to prohibit and enforce suitable prohibitions against members of their workforce and others using their own personal devices or other equipment to film, photograph, and copy or disseminate photographs, film, recordings or other records or data that qualifies as or contains PHI without authorization in accordance with established protocols. 

HIPAA entities also should take steps to ensure their policies and training make clear that these prohibitions apply whether or not the workforce member believes that identity of the patient or patient information is concealed or otherwise not discoverable. 

Moreover, even with respect to photographs, films or other recordings or records legitimately created for treatment, payment or operations purposes, HIPAA entities generally need to take steps to restrict use, access and disclosure of the photographs or other recordings to individuals legitimately involved in patient treatment, operations, payment or other activities allowed by the Privacy Rule and to safeguard those materials against use, access or disclosure to others within or outside their workforce except as allowed by HIPAA and other applicable law. .

Since HIPAA entities also are likely to be subject to other statutory, ethical, contractual or other privacy or confidentiality requirements beyond those imposed by the Privacy Rule, most HIPAA entities also will want to consider and take steps to identify and address these other potential legal or ethical responsibilities such as medical confidentiality duties applicable to physicians and other health care providers under medical ethics, professional licensure or other similar rules, contractual responsibilities, as well as common law privacy or other related exposures when conducting this review.  Additionally, most HIPAA entities also will want to take into account and manage their potential exposure to privacy, theft of likeness or other intellectual property, or other statutory or common law tort or contractual claims that might attached to the unauthorized filming, photographing, or surveillance of individuals under federal or state common or statutory laws.

Since this analysis and review in most cases will result in the uncovering or discussion of potentially legally or politically sensitive information, HIPAA entities should consider consulting with or engaging experienced legal counsel for assistance in structuring and executing these activities to maximize their ability to claim attorney-client privilege or other evidentiary protections against discovery or disclosure of certain aspects of these activities.

Finally, HIPAA entities should keep in mind that HIPAA compliance and risk management is an ongoing process requiring constant awareness and diligence.  Consequently, HIPAA entities should both monitor OCR and other regulatory and enforcement developments as well as exercise ongoing vigilance to monitor and maintain compliance within their organizations.

For More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297

Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and VIce-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.

Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws. 

For more information about Ms. Stamer or her labor and employment, employee benefit, health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as: 

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2023 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

Comments Off on New HIPAA Resolution Agreement Warns Health Plans & Other HIPAA-Covered Entities To Manage Media Relations, Access & Disclosure | Corporate Compliance | Tagged: , , , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

« Previous Entries
Next Entries »