| Page 2

Join 9/8 JCEB Webex To Learn About DOJ Federal Antitrust Health Industry Market Competition Enforcement & Latest On $2.67 Billion BCBS Class Action Antitrust Settlement

September 2, 2022

As companies that purchased health insurance and their employees or other individuals who received health insurance from certain Blue Cross Blue Shield entities wait to hear how to claim their share of the $2.67 billion In re: Blue Cross Blue Shield Antitrust Litigation private federal class action civil antitrust lawsuit settlement (“Settlement”) finally approved August 9, 2022 against the Blue Cross Blue Shield Association (“BCBSA”) and other settling individual Blue Cross Plans, employers and other plan sponsors, health care systems and providers, health insurers, pharmacy benefit managers, brokerages, and other health and health insurance market participants need to keep in mind that the private antitrust judgements are not their only exposure under federal antitrust laws. Health insurance and health industry market participants that engage in anticompetitive conduct or business transactions also risk investigation and prosecution under federal antitrust laws by the U.S. Department of Justice, the Federal Trade Commission and state regulators or attorneys general.

Market participants and others with health or health insurance industry market competitiveness concerns or interests should register and attend the September 8, 2022 Justice Department Health Industry Antitrust Enforcement Update to learn about key federal antitrust statutes regulating or prohibiting anticompetitive conduct and business transactions and hear how the Department of Justice uses these laws to promote market competition in the health care and health insurance marketplaces.

Hosted by the American Bar Association Joint Committee on Employee Benefits, the webinar will feature a discussion by U.S. Department of Justice Civil Division Healthcare and Consumer Products Section Antitrust Attorney Natalie Melada of basic federal antitrust rules and principles the Justice Department relies upon to safeguard market competitiveness and discusses selected Justice Department antitrust litigation and other compliance and enforcement initiatives the Department of Justice has undertaken to protect competition in the healthcare industry. Attorney and Solutions Law Press, Inc. editor and author Cynthia Marcotte Stamer also will provide an update on the In re: Blue Cross Blue Shield Antitrust Litigation and resulting $2.67 billion settlement approved August 9.

For more details and to register for the program, see here.

More Information

We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and following and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

A Fellow in the American College of Employee Benefit Counsel, Vice Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and managed care industry legal, public policy and operational concerns.

Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Her experience includes substantial work, publications and presentations on health care, health and managed care, employee plan and purchasing groups, noncompetition and other antitrust compliance concerns.

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

Comments Off on Join 9/8 JCEB Webex To Learn About DOJ Federal Antitrust Health Industry Market Competition Enforcement & Latest On $2.67 Billion BCBS Class Action Antitrust Settlement | Antitrust, Brokers, Corporate Compliance, Employers, ERISA, Federal Sentencing Guidelines, health Care, health insurance, health insurance marketplace, Health Plans, Insurance, Non-Competition Agreement, Public Policy | Tagged: Antitrust, Business Groups, Department of Justice, Employee Benefits, Group Purchasing Organizations, Health Care Competition, Health Care Consolidation, Health Insurer, Health Plan, In Re Blue Cross Blue Shield Antitrust Litigation, Physicians | Permalink
Posted by Cynthia Marcotte Stamer

Travis Nicholson Named New EEOC Dallas District Director

September 2, 2022

Travis Nicholson is taking over as the new Dallas District Director of the Equal Employment Opportunity Commission (“EEOC”). The EEOC announced Nicholson’s appointment to head up the Dallas District on August 30,2022.

As Director of the Dallas District Nicholson will oversee and manage the EEOC’s work in more than 200 counties in north, central, and west Texas, including the district office and its approximately 100 employees. He will also supervise the EEOC’s work with several of the agency’s state and local Fair Employment Practices Agencies that work with the EEOC on employment discrimination in Texas. A former compliance officer with the U.S. Department of Labor Office of Federal Contract Compliance Programs U.S. Army veteran, Nicholson began his career with the EEOC in 2009 as a bilingual investigator in its Detroit Field Office, investigating charges, including systemic and class matters, and conducting outreach to underserved communities and in line with the agency’s Youth at Work initiative. He then served as the Charlotte District Office’s outreach and education coordinator and a program analyst in the Office of Field Programs before becoming Houston’s deputy director in 2017. As the deputy district director in Houston, Nicholson was responsible for day-to-day operations and led process improvements and efficiencies in charge management, systemic investigations, and legal enforcement interaction

More Information

We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization, a Fellow in the American College of Employee Benefits Counsel repeatedly recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” by LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law and among the “Best Lawyers In Dallas” in “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for 30+ years of advising, representing and defending domestic and international public, closely held and government organizations on workforce, employee benefits, internal controls and governance, and other risk management, compliance and government relations concerns as well as her coaching, scholarship, training and legislative and public affairs advocacy on these and related areas.

Ms. Stamer helps health industry and other organizations and their management manage. Ms. Stamer’s legal and management consulting work throughout her nearly 30+ year career has focused on helping organizations and their management use the law and process to manage people, process, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.

Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce management operations and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy. Well known for her extensive work with health care, insurance and other highly regulated entities on corporate compliance, internal controls and risk management, her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes. Common engagements include internal and external workforce hiring, management, training, performance management, compliance and administration, discipline and termination, and other aspects of workforce management including employment and outsourced services contracting and enforcement, sentencing guidelines and other compliance plan, policy and program development, administration, and defense, performance management, wage and hour and other compensation and benefits, reengineering and other change management, internal controls, compliance and risk management, communications and training, worker classification, tax and payroll, investigations, crisis preparedness and response, government relations, safety, government contracting and audits, litigation and other enforcement, and other concerns. She also represents and defends clients in investigations, audits, enforcement actions and other dealings with the the Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and a multitude of federal, state, and locate agencies, state attorneys’ general and other federal and state agencies, public and private credentialing, licensing and accreditation bodies, as well as conducts and counsels clients on private litigation, employment and other services disputes, regulatory and public policy advocacy, training and discipline, enforcement and other strategic and operational concerns.

Ms. Stamer uses her deep and highly specialized health, insurance, labor and employment and other knowledge and experience to help employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compensation, health and other welfare benefit and insurance, severance, pension and deferred compensation, private exchanges, cafeteria plan and other employee benefit, fringe benefit, salary and hourly compensation, bonus and other incentive compensation and related programs, products and arrangements. She is particularly recognized for her leading edge work, thought leadership and knowledgeable advice and representation on the design, documentation, administration, regulation and defense of a diverse range of self-insured and insured health and welfare benefit plans including private exchange and other health benefit choices, health care reimbursement and other “defined contribution” limited benefit, 24-hour and other occupational and non-occupational injury and accident, expat and medical tourism, onsite medical, wellness and other medical plans and insurance benefit programs as well as a diverse range of other qualified and nonqualified retirement and deferred compensation, severance and other employee benefits and compensation, insurance and savings plans, programs, products, services and activities. As a key element of this work, Ms. Stamer works closely with employer and other plan sponsors, insurance and financial services companies, plan fiduciaries, administrators, and vendors and others to design, administer and defend effective legally defensible employee benefits and compensation practices, programs, products and technology. She also continuously helps employers, insurers, administrative and other service providers, their officers, directors and others to manage fiduciary and other risks of sponsorship or involvement with these and other benefit and compensation arrangements and to defend and mitigate liability and other risks from benefit and liability claims including fiduciary, benefit and other claims, audits, and litigation brought by the Labor Department, IRS, HHS, participants and beneficiaries, service providers, and others. She also assists debtors, creditors, bankruptcy trustees and others assess, manage and resolve labor and employment, employee benefits and insurance, payroll and other compensation related concerns arising from reductions in force or other terminations, mergers, acquisitions, bankruptcies and other business transactions including extensive experience with multiple, high-profile large scale bankruptcies resulting in ERISA, tax, corporate and securities and other litigation or enforcement actions.

Ms. Stamer also is deeply involved in helping to influence workforce, health care, pension, social security, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. She both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. A former lead consultant to the Government of Bolivia on its Social Security reform law and most recognized for her leadership on U.S. health and pension, wage and hour, tax, education and immigration policy reform, Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas, Ms. Stamer annually leads the Joint Committee on Employee Benefits (JCEB) HHS Office of Civil Rights agency meeting and other JCEB agency meetings. She also works as a policy advisor and advocate to many business, professional and civic organizations.

Author of the thousands of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns.

Ms. Stamer also shares her leadership through her extensive involvement in many professional, community and civic organizations. Currently, she serves as Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR and a representative for its Annual Agency Meeting with the EEOC, Chair of the ABA Intellectual Property Section Law Practice Management Committee, Vice Chair of the ABA International Section Life Sciences Committee, Chair-Elect of the ABA Tort & Insurance Section (TIPS) Medicine and Law Committee, RPTE Section Employee Benefits Committee Welfare Plan Chair, and in various other projects and capacities. She also previously has served as an ABA Joint Committee on Employee Benefits Council Representative, Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the ABA RPTE Employee Benefits & Other Compensation Group, the Society for Human Resources Management Region IV Board Chair and National Consultant’s Board Member; am Editorial Advisory Board Member and author for HR.com, Insurance ThoughtLeaders, BNA CD-Rolm, and Employee Benefits News; the Alliance for Healthcare Excellence Board President, Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, on the North Texas United Way Long Range Planning Committee Member, as a Board Member and Compliance Chair of the National Kidney Foundation of North Texas and many others.

Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. These include hundreds of highly regarded articles and workshops on health and other benefits, workforce, health care and insurance concerns.

For more information about these requirements, Ms. Stamer or her experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

Comments Off on Travis Nicholson Named New EEOC Dallas District Director | ADA, adea, Affirmative Action, Age Discrimination, Civil Rights, compensation, compliance, Corporate Compliance, CROWN Act, Department of Defense, DFAR, Disability, Disability Discrimination, Discrimination, Disease Management, Diversity, Drug & Alcohol, EEOC, EEOC, Employer, Employers, Employment, Employment Agreement, Employment Discrimination, Employment Policies, Employment Termination, enforcement, English As A Second Language, Executive Compensation, Government Contractors, health benefit, Health Benefits, HR, Human Resources, LBGT, LEP, LGBT, Management, Mergers & Acquisitions, Nonresident aliens, OFCCP, OFCCP, Public Accommodation, Race Discrimination, Rehabilitation Act, Retaliation, Risk Management, Sexual Harassment, third party administrators, tpa, Transgender, Union, USERRA, Workforce | Tagged: ADA, adea, civil rights, compliance, Dallas, EEOC, Employer, employment discrimination, employment law, enforcement, government contractor, Leadership, National Origin Discrimination, OFCCP, Race Discrimination, Sex Discrimination, Texas | Permalink
Posted by Cynthia Marcotte Stamer

$300,000+ Settlement Warns Health Plans, Other Covered Entities To Ensure Proper PHI Disposal

August 29, 2022

Health plans and insurers, health care providers, health care clearinghouses (“Covered Entities”), their business associate service providers, leaders and insurers should re-confirm their own organizations’ for handling and disposing of records and systems containing protected health information (“PHI”) comply with the Health Care Portability & Accountability Act (“HIPAA”) following the Department of Health & Human Services Office for Civil Rights (OCR) announcement yet another HIPAA enforcement action and settlement arising from improper PHI disposal.

OCR’s $300,000 plus settlement with New England Dermatology P.C., d/b/a New England Dermatology and Laser Center (“NDELC”) announced last week resolves OCR charges that NDELC violated the HIPAA Privacy Rules when it placed specimen containers with patient identifying PHI in its parking lot garbage bin.

OCR Long Enforced HIPAA PHI Disposal Responsibilities

OCR has long interpreted and enforced HIPAA as requiring Covered Entities and business associates to ensure appropriate processes are used to protect PHI when that safeguards are in place when disposing of patient information to keep it from being accessible by the public. ”Improper disposal of protected health information creates an unnecessary risk to patient privacy,” said Acting OCR Director Melanie Fontes Rainer.

The NEDLC enforcement action and NEDLC Resolution Agreement follow prior OCR settlements and warnings to Covered Entities and business associates about their responsibility to protect PHI through proper disposal during their ongoing operations as well as when closing operations.

Past OCR enforcement actions and settlements demonstrated OCR’s readiness to hold Covered Entities and their business associates accountable for properly disposing of records and materials containing PHI, In 2015, for instance, Cornell Prescription Pharmacy paid OCR $125,000 and implemented a correction action plan to correct alleged HIPAA violations after an OCR investigation of a local news report confirmed unsecured paper documents containing PHI of more than 1600 patients were disposed of in an unlocked, open container on Cornell’s premises. The documents were not shredded and contained identifiable information regarding specific patients. See Cornell Prescription Pharmacy Resolution Agreement. See also $800,000 HIPAA Settlement in Medical Records Dumping Case.

Other OCR enforcement actions highlighted the responsibility of Covered Entities and business associates to protect PHI when disposing of computer or other devices. For instance, OCR collected $1,215,780.00 from Affinity Health to settle potential HIPAA Civil Monetary Sanctions after OCR found it exposed the PHI of up to 344,579 individuals by returning photocopiers to a leasing agent without erasing the data contained on the copier hard drives. Affinity Health Plan, Inc. Resolution Agreement.

The OCR guidance and enforcement actions also make clear that the obligation for proper protection and disposal continues through termination of the business or operations through which a Covered Entity or business associate possessed or retained PHI. Thus, in the FileFax Resolution Agreement, for instance the receiver appointed to liquidate the assets of FileFax, Inc. paid $100,000 out of the receivership estate to OCR to settle potential HIPAA violations after Filefax shut its doors during the course of OCR’s investigation into alleged HIPAA violations.

New $300,000+ NEDLC Settlement Agreement

The NEDLC investigation and resulting settlement reflect OCR’s continued concern about ensuring appropriate protection of PHI through disposal. On May 11, 2021, NEDLC filed a breach report with OCR that reported empty specimen containers with the PHI on labels were placed in a garbage bin in their parking lot. The containers’ labels included patient names and dates of birth, dates of sample collection, and name of the provider who took the specimen. On March 31, 2021, a third-party security guard found one specimen container bearing a label containing patient names, dates of birth, dates of sample collection, and name of the provider who took the specimen. During the investigation, NEDLC stated that from February 4, 2011 until March 31, 2021, it regularly discarded specimen containers with an attached label that contained PHI as regular waste, bagged and placed in an exterior dumpster accessible via the parking lot, without alteration to the PHI containing label.

OCR’s New England Regional Office found the practice of disposing of specimen containers with their labels containing PHI violated the HIPAA Privacy Rule including the impermissible use and disclosure of PHI and failure to maintain appropriate safeguards to protect the privacy of PHI.

Under the NEDLC Resolution Agreement, NEDLC paid $300,640 to OCR and agreed to implement a “robust” corrective action plan that includes two years of OCR monitoring to settle OCR’s charges that it breached HIPAA by failing to appropriately secure and protect PHI through disposal. Among other things, the corrective action plan requires NEDLC to:

Within 60 days, develop, maintain, and revise, as needed and present for OCR review its written policies and procedures to comply with the physical safeguard and disposal of PHI created, received or maintained by or on behalf of NEDLC and all other HIPAA Privacy, Security and Breach Notification and training protocols to ensure workforce member compliance with these policies; and sanctions for workforce members violating these requirements;
Implement the updated policies and procedures within 30 days of receipt of HHS approval;
Distribute the policies to existing members of its workforce within 30 days of receipt of HHS approval of the policies and subsequently to new members of the workforce within 30 days of their beginning of service and obtain a signed written or electronic initial compliance certification from all members of the workforce and relevant business associates stating that the workforce members have read, understand, and shall abide by such policies and procedures;
Assess, update, and revise, as necessary, the policies and procedures at least annually or as needed, provide the revised policies and procedures to HHS for review and approval, and redistribute to and obtained new compliance certifications from workforce members and business associates within 30 days of HHS approval;
If it receives information during the Compliance Term that a workforce member or business associate may have failed to comply with its policies and procedures for safeguarding PHI, promptly investigate and it the investigation finds a violation, notify HHS within 30 days of the violation and corrective action taken;
Comply with specified breach investigation and notification requirements;
Provide reports certified by a designated leader of the organization its implementation of the corrective action plan, annually and upon the occurrence of certain other events during the two-year monitoring period.

Take Aways From NEDLC And Other OCR Improper Disposal Enforcement

As the NEDLC and other settlements make clear, Covered Entities and business associates are accountable for recognizing and protecting all PHI in the various phases of its lifecycle in the organization including when it is being disposed or migrating through various systems. Existing OCR enforcement actions like the NECLC Settlement Agreement highlight the need for other Covered Entities and their business associates to ensure all necessary steps are taken to protect PHI when disposing of any items, devices and data containing PHI from patient labeled items including identification bracelets, medication containers and labels, meal trays, folders, tags, storage containers, computers, copiers, jump drives and other electronic storage or other devices and plethora of other items. The announcement of the NEDLC settlement signals the advisability for Covered Entities and their business associates to reassess and reconfirm the adequacy of their own disposal processes and documentation.

Security and disposal practices and procedures are among the elements of HIPAA compliance that OCR expects Covered Entities to address in the documented risk assessments the regulations require Covered Entities to prepare and maintain. See $750,000 HIPAA Settlement Underscores the Need for Organization Wide Risk Analysis. As with other HIPAA compliance responsibilities, OCR regulations require that Covered Entities include their documented assessment and decision-making about the adequacy and reasonableness of their PHI protection and destruction practices under HIPAA as part of their overall HIPAA risk assessment plan and practices. The documented risk assessment requirements make it ill-advised for Covered Entities or business associates to assume their disposal or other HIPAA compliance obligations are satisfied by their past or current adoption of a standard set of policies and procedures obtained from a third-party.

When reviewing the adequacy of their organizations’ PHI disposal practices, Covered Entities and business associates should keep in mind OCR’s HIPAA regulations require them to document risk assessments, analysis, findings and actions as well as recurrently update this analysis periodically and at other times when warranted by events or developments putting the organizations on notice of potential concerns. These risk assessment requirements expect Covered Entities and business associates to conduct documented reviews and risk assessments “of their own circumstances to determine what steps are reasonable to safeguard PHI through disposal and develop and implement policies and procedures to carry out those steps” considering such issues as the form, type, and amount of PHI to be disposed. Covered entities are responsible for conducting and documenting their analysis as well as their adoption, implementation and enforcement of the resulting policies and procedures. HIPAA’s six-year record retention requirements extend to creation and preservation of the risk assessment documentation by a Covered Entity or business associate and OCR commonly asks for these assessment when initiating an audit or investigation. Accordingly, while organizations should consider examples discussed in OCR’s PHI destruction guidance when conducting their own risk announcement, each Covered Entity or business associate should resist the temptation of assuming reliance upon those examples is an adequate substitute for conducting and documenting their own specific risk assessment and analysis.

Best practices require tracking of all elements of PHI created, used, accessed, disclosed, or disposed of all times through documented, appropriate destruction. Ensuring proper fulfillment of these requirements necessitates that these policies and practices cover both disposition or destruction as part of continuing operations as well as required safeguards for disposal or destruction when a Covered Entity or business associate shuts down, sells or otherwise terminates operations that possess or have had access to PHI.

Of course, Covered Entities, business associates, their leaders and liability insurers also should remain mindful that their likely responsibilities and potential liability for mishandling PHI generally also runs concurrent with other contractual, statutory, regulatory or common law exposures. For instance, as HIPAA compliance is part of the Conditions of Participation that Medicare participating Covered Entities and Medicare Advantage Plans must meet to qualify for program participation, noncompliance could trigger program exclusion, False Claims Act or related exposures. Deficiencies in security or destruction of credit card, banking or other PHI that also qualifies as personal financial information could trigger exposure under Federal Trade Commission, state identity theft and privacy or other laws. Public companies and their leaders also may need to evaluate if deficiencies in their security or destruction protocols trigger investor disclosure obligations under Securities and Exchange Commission rules or other federal or state laws. Considering these and other exposures, documented, compliance and defensibility of PHI and other sensitive information use, protection, disclosure and destruction should rank high among the priorities of all Covered Entities and their leaders.

Since these evaluations could uncover or involve discussions of past or ongoing known or potential compliance concerns, Covered Entities and business associates should consider engaging legal counsel experienced with compliance and risk management under HIPAA and other implicated legal risks to advise and aid the Covered Entity to structure, conduct, evaluate findings and determine and implement any corrective actions that the review reveals as required or advisable within the scope of attorney client privilege. If circumstances come to light that indicate a breach of the standards in the course of the disposal compliance assessment or otherwise, Covered Entities also promptly should work with legal counsel timely to investigate, determine and provide any required notifications or other corrective action and document their actions to meet applicable HIPAA and other legal obligations and mitigate liability.

More Information

About the Author

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Comments Off on $300,000+ Settlement Warns Health Plans, Other Covered Entities To Ensure Proper PHI Disposal | Corporate Compliance | Tagged: Data Privacy, Data Security, Health Insurer, Health Plan, HIPAA, medical records, PHI, plan records | Permalink
Posted by Cynthia Marcotte Stamer

AHRQ Mental Health Mobile Apps Selection Tips

July 6, 2022

The Agency for Healthcare Research and Quality (AHRQ) issued a brief called “Evaluation of Mental Health Mobile Applications” to help healthcare experts pick out mental health mobile health applications. Along with choosing mental Health applications and other health plan mental health benefit design, plan sponsors, fiduciaries, administrators and insurers also must ensure their overall plan design and all features comply with federal mental health parity mandates.

The report covers three areas: risk and mitigation strategies, functions, and mental health app features.

AHRQ hopes the tips will help providers, patients, and payers in selecting mental health mobile applications and seeking the best fit based on various features.

The report is part of a growing list of resources and enforcement efforts federal and state agencies have initiated over the past year as part of growing concerns about mental health.

Along with educational outreach and tools, the Employee Benefit Security Administration and Department of Health and Human Services also are ratcheting up audits and enforcement of federal mental health parity mandates. Given this heightened scrutiny, employer and other health plan sponsors, fiduciaries, administrators and insurers using mobile applications or other virtual mental health solutions in their health plans should arrange for a compliance review of their health plan compliance with these mandates within the scope of attorney client privilege to mitigate liability risks.

In a recent American Bar Association Joint Committee on Employee Benefits webinar moderated by Cynthia Marcotte Stamer, the EBSA’s Director of Health Plan Compliance and Enforcement Amber Rivers emphasized her agency is prioritizing mental health parity compliance a free recent audits showed widespread noncompliance with the requirement for parity in nonqualitative mental health conditions.

More Information.

For additional information about the requirements or concerns discussed in this article, republication or other related matters, please contact the author, employment lawyer Cynthia Marcotte Stamer via e-mail, via telephone at (214) 452 -8297 or on LinkedIn.

Solutions Law Press, Inc. invites you to receive future updates by registering here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

About the Author

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, well-known for her extensive work with health and other employee benefits, health care and life sciences, insurance, financial services, technology, and other highly regulated and performance reliant organizations and their leadership, Ms. Stamer works with these and other businesses and their management, employee benefit plans, insurers, health care and life sciences, governments and other organizations deal with all aspects of health care, human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. Her day-to-day work encompasses both labor and employment issues, as well as independent contractor, outsourcing, employee leasing, management services and other nontraditional service relationships. She supports her clients both on a real-time, “on demand” basis and with longer term basis to deal with all aspects for workforce and human resources management, including, recruitment, hiring, firing, compensation and benefits, promotion, discipline, Form I-9 and other compliance, trade secret and confidentiality, noncompetition, privacy and data security, safety, daily performance and operations management, internal controls, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy. her more than 30 years’ of experience encompasses domestic and international businesses of all types and sizes.

Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service as a practicing attorney, as well as as an industry, policy management consultant, and policy strategist as well through her leadership participation in professional and civic organizations. Examples of her many leadership involvements include service as the Vice President and Executive Director of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; Vice Chair of the ABA International Law Section Life Sciences and Health Committee; Vice Chair of the ABA Tort & Insurance Practice Section Medicine and Law Committee and former Vice Chair of its Employee Benefits Committee and its Worker’s Compensation Commitee; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; ABA Real Property Probate and Trust (RPTE) Section former Employee Benefits Group Chair, current Welfare Committee Co-Chair and past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative, and Defined Contribution Committee Co-Chair, past Welfare Benefit Committee Chair and current Employee Benefits Group Fiduciary Responsibility Committee Co-Chair, Substantive and Group Committee member, Membership Committee member and RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and policy adviser to the National Physicians’ Council for Healthcare Policy and others.

Ms. Stamer also is a widely published author, highly popular lecturer, and serial symposia chair, who publishes and speaks extensively on human resources, labor and employment, employee benefits, compensation, occupational safety and health, and other leadership, performance, regulatory and operational risk management, public policy and community service concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications.

About Solutions Law Press, Inc.™

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2022 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

Comments Off on AHRQ Mental Health Mobile Apps Selection Tips | ACA, Association Health Plan, Data Breach, Data Security, Employee Benefits, Employer, Employers, ERISA, fiduciary duty, Fiduciary Responsibility, Government Accountability, government employer, government plan, group health plan, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health plan, Health Plans, health reform, HIPAA, Joint Employer, Protected Health Information, self insured health plan, tpa | Permalink
Posted by Cynthia Marcotte Stamer

Apple’s Former Top Lawyer’s Guilty Plea Warns Other Corporate Insiders Of Insider Trading Perils

June 30, 2022

The guilty plea to felony insider trading by former Apple, Inc. corporate secretary and director of corporate law Gene Levoff announced today reminds corporations and their leaders of the importance of ensuring their own insider trading controls are up-to-date and consistently followed.admitted engaging in an insider trading scheme that spanned five years, Attorney for the United States Vikas Khanna announc

Levoff plead guilty by videoconference before U.S. District Judge William J. Martini to six counts of an indictment charging him with securities fraud stemming from charges I nitially filed in February 2019.

The securities fraud counts each carry a maximum penalty of 20 years in prison and a $5 million fine. levoff’s sentencing is scheduled for November 10, 2022.

The SEC also previously filed a civil complaint against Levoff based on the same conduct.

Levoff Insider Trading Charges

In court documents and statements, the Justice Department charged that Levoff illegally realized profits of approximately $227,000 on certain trades and avoided losses of approximately $377,000 on others by using misappropriated material, nonpublic information about Apple’s financial results between February 2011 and April 2016.

Although Levoff was subject to Apple’s regular quarterly “blackout periods,” which prohibited individuals with access to material nonpublic information from engaging in trades until a certain period after the company disclosed its financial results to the public, as well as the company’s broader Insider Trading Policy – which he was responsible for enforcing. Levoff ignored these restrictions by repeatedly executing trades based on material, nonpublic information without Apple’s knowledge or authorization. On several occasions, Levoff executed trades within a blackout period after notifying other individuals subject to the restriction that they were prohibited from buying or selling Apple stock until the blackout period terminated.

Throughout this period, Levoff served as Apple’s top corporate attorney, assistant secretary and corporate secretary and co-chairman of Apple’s Disclosure Committee, which reviewed and discussed the company’s draft quarterly and yearly earnings materials and periodic U.S. Securities and Exchange Commission (SEC) filings before they were publicly disclosed. The Justice Department alledged that Levoff used these positions to minethese materials for inside information about Apple to guide his decisions to buy and sell Apple stock ahead of its earnings announcements. When Apple posted strong revenue and net profit for a given financial quarter, he purchased large quantities of stock, which he later sold for a profit once the market reacted to the news. When there were lower-than-anticipated revenue and net profit, Levoff sold large quantities of Apple stock, avoiding significant losses.

Warning To Other Corporations & Insiders

Statements from the Justice Department and other officials made in connection with the announcement of Levoff’s guilty plea contain strong warnings for other corporations and their insiders against engaging in insider trading.

“Gene Levoff betrayed the trust of one of the world’s largest tech companies for his own financial gain,” Attorney for the United States Khanna said. “Despite being responsible for enforcing Apple’s own ban on insider trading, Levoff used his position of trust to commit insider trading in order to line his own pockets. This Office will continue to prioritize securities fraud prosecutions.” (Emphasis added.)

“This defendant exploited his position within a company strictly for financial gain that he would not have otherwise realized,” Terence Reilly, FBI Acting Special Agent in Charge in Newark, said. “That’s called ‘gaming the system.’ Insider trading is not just illegal, it is a threat to the viability of our markets. The average American, whose retirement savings is invested in these companies, has every right to expect that rules are being followed, the game is being played fairly, and their nest egg is safe from profiteers who willingly sidestep the rules to improve their own financial future at the expense of others. The FBI is here to make sure the playing field is level.”

Given these warnings, corporate insiders and their corporations should take documented steps to review and verify the adequacy of their policies and their administration to prevent insider trading.

Adopung and consistently enforcing appropriate insider trading policies and processes is particularly critical because the felony criminal liability associated with insider trading violations make can trigger organizational liability for the corporation and other leaders under the Federal Sentencing Guidelines for failing to take appropriate preventive measures or to properly respond to redress and report violations.

As illustrated by the Levoff prosecution and conviction, insider trading policies and controls should reach to all relevant levels of the organization including senior management, board members, and even those attorneys or other parties on the audit and oversight committees responsible for their administration and compliance.

Simply having policies alone is not sufficient. Documented steps should be taken to ensure that prohibitions and restrictions against trading and disclosures of purchases and sales by insiders provide adequate protection and processes to prevent insider trading.

To ensure appropriate flexibility to investigate and monitor activities involving stock, corporations also should require all insiders eligible to buy or sell stock to sign a Fair Credit Reporting Act compliant consent that also meets the requirements of applicable state law for conducting the necessary investigations to monitor and enforce compliance.

As the conduct of the compliance and risk assessments necessary to evaluate and determine actions required or recommended in response to the emerging SEC and other cybersecurity obligations and risks could uncover and involve discussions of obligations and options for responding to known or suspected past or existing noncompliance risks, organizations and leaders should conduct their audit and analysis to the extent possible with the guidance of and within the scope of attorney-client privilege.

Efforts should begin by taking carefully crafted, well-documented documented steps to prudently evaluate and strengthen cybersecurity and breach safeguards and compliance, as well as prudently to assess and verify those of their vendors and others involved with their employee benefit plans or their administration within the scope of attorney-client privilege.

These another process is some procedures and their results should be reported regularly to the Board of Directors.

More Information

We hope this update is helpful. For more information about or assistance with these or other workforce, internal controls and compliance or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

About the Author

Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, and author of the “Medical Privacy” Chapter in the BNA/ERISA Litigation Treatise, the “Other Torts Chapter” in the BNA/ABA E-Heath & Other Torts Treatise, “Privacy and the Pandemic Workshop” for the Association of State and Territorial Health Plans, as well as a multitude of other highly regarded data privacy and security, workforce and health care change and crisis management and other highly regarded publications and presentations, Ms. Stamer is widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with private and public companies of all types and sizes, health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. In the course of this work, she has had extensive involvement in the design, administration and defense of payroll, employee benefit, insurance, securities, trade secret and other confidential information and other internal and external record and data systems and processes as well as investigation, reporting, redress and mitigation of cyber and other incidents.

As a part of this work, she has continuously and extensively worked with domestic and international health and other employee benefit plans, their sponsors, fiduciaries, administrators, and insurers; managed care and insurance organizations; hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EHR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies. She also has extensive experience dealing with OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement; and other strategic and operational concerns.

American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, current RPTE Welfare Benefit Committee Co-Chair and former Chair of its Fiduciary Responsibility, Plan Terminations and Distributions and Defined Contribution Plan Committees, a former JCEB Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former SHRM Consultants Board and Region IV Chair, former Texas Association of Business Board, BACPAC Board and Dallas Chapter Chair, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas.

Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstance at any time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any situation and does not necessarily address all relevant issues. Because developments could impact the currency and completeness of this discussion, the author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein. ©2022 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on Apple’s Former Top Lawyer’s Guilty Plea Warns Other Corporate Insiders Of Insider Trading Perils | Corporate Compliance, insider trading | Tagged: Apple, Employee Benefits, Employer, insider trading, Internal Controls, Internal Investigations, SEC, securities fraud, stock | Permalink
Posted by Cynthia Marcotte Stamer

Federal Contractors Should Check If On OFCCP List Of Contractors Facing Compliance Review

May 20, 2022

Federal supply & service contractors should check the new Office of Federal Contract Compliance Programs (OFCCP) Corporate Scheduling Announcement List (CSAL) to see if their organization is among the 400 federal contractors and subcontractors selected for Compliance Review.

The CSAL released today is a courtesy notification to contractors selected for a Compliance Review (Establishment Review), Corporate Management Compliance Evaluation, or Functional Affirmative Action Program Review. The review will start once the contractor receives OFCCP’s Office of Management and Budget approved scheduling letter.

OFCCP has published the methodology for developing this list as well as frequently asked questions where answers to other matters related to this topic are included.

Contractors facing these reviews should begin preparing for the audit in anticipation of receipt of their scheduling letter by conducting their own compliance review within the scope of attorney=client privilege before the audit and working with qualified legal counsel to use OFCCP compliance assistance options and technical assistance to prepare for the evaluation.

These preparations should begin with an assessment whether any grounds exist for challenging the contractor’s selection for the audit under the applicable criteria. If a contractor believes it should not be selected for evaluation, OFCCP should be contacted promptly.

Whether or not a contractor is on the list of contractors selected for Compliance Review, every contractor should take documented steps to review and reconfirm their continuing compliance including new data security and other standards and requirements recently put in place, prioritized for review and enforcement or both.

More Information

About the Author

For more information about these requirements, Ms. Stamer or her experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

Comments Off on Federal Contractors Should Check If On OFCCP List Of Contractors Facing Compliance Review | Affirmative Action, American Rescue Plan Act, apprentisship, board of directors, Brokers, Child Labor, Civil Rights, compensation, compliance, conflict of interest, Construction, Corporate Compliance, CROWN Act, Data Security, Department of Defense, DFAR, Disability Discrimination, Discrimination, Employer, Employment, Employment Discrimination, Employment Policies, enforcement, Government Contractors, health Care, Public Accommodation, Public Policy, Race Discrimination, Rehabilitation Act | Tagged: compliance, Employer, government contractor, OFCCP | Permalink
Posted by Cynthia Marcotte Stamer

Emotional Injury Damages Not Recoverable In Private Rehabilitation Act or Affordable Care Act Disability Discrimination Lawsuits

May 2, 2022

Emotional distress damages are not recoverable in a private action to enforce the disability discrimination and accommodation requirements of either the Rehabilitation Act of 1973 (“Rehab Act”) or the Patient Protection and Affordable Care Act (“ACA”) according to the May 1, 2022 United States Supreme Court ruling in Cummings v. Premier Rehab Keller authored by Supreme Court Justice John Roberts.

The Cummings decision resulted from a suit that sought emotional distress damages brought by filed by a deaf and legally blind woman, Jane Cummings against Premier Rehab Keller after it denied her request that it provide an American Sign Language interpreter at her physical therapy sessions. Premier Rehab told Cummings the therapist could communicate with her through other means, Claiming Premier Rehab’s failure to provide an ASL interpreter constituted discrimination on the basis of disability in violation of the Rehab Act and Section 1557 of the ACA, Cummings sued Premier Rehab seeking various damages and other relief, including emotional distress damages.

The Supreme Court took notice that Premier Rehab was subject to these laws because its receipt of Medicare and Medicaid payments qualified as federal financial assistance triggering their applicability.

The Supreme Court affirmed the previous District Court and Fifth Circuit Court of Appeals’ rulings that emotional distress damages are not recoverable in a private action to enforce either the Rehab Act or the ACA.

The Supreme Court Majority based its decision on its finding that the Rehab Act and Act both are spending statutes that condition their offer of federal funding on a promise by the recipient not to discriminate creating what amounts essentially to a contract between the Government and the recipient of funds. Following previously established Supreme Court precedent for “private spending clause actions,” the Court ruled the emotional distress or other remedy is not available unless “the funding recipient is on notice that by accepting federal funding, it exposes itself to liability of that nature.”

To decide whether emotional distress damages are available under the Spending Clause statutes in this case, the Court therefore asked if a prospective funding recipient deciding whether to accept
federal funds would have had “clear notice” regarding that liability. Because the two statutes are silent on the availability of emotional injury damages, the Supreme Court followed prior precedent by looking to whether the emotional damages sought by Cummings were the type of damages traditionally available in suits for breach of contract so as to put Premier Rehab and other defendants on notice of their exposure to such damages from actions under the Rehab Act or ACA. While acknowledging some exceptional circumstances where punitive damages may be recovered where “the conduct constituting the breach is also a tort for which punitive damages are recoverable,” the Court found such damages “are generally not available for breach of contract.” Concluding that the recognized exception to the general rule was insufficient to give funding recipients the requisite notice that they could face such damages. the Supreme Court ruled that funding recipients under the Rehab Act and the ACA “have not, merely by accepting funds, implicitly consented to liability for punitive damages.”

To read the full Majority opinion and related consenting and dissenting opinions, see here.

While the Supreme Court’s ruling means private litigants cannot recover emotional injury damages in discrimination actions brought to enforce the Rehabilitation Act or the ACA, health industry and other organizations remain subject to other substantial liability risks for improper discrimination in violation of those laws. Beyond recoveries for actual damages, attorneys’ fees and costs recoverable by private litigants, covered organizations also can face substantial civil monetary penalties, program disqualification, in some instances even False Claims Act liability for billing in violation of program conditions of participation and other risks. As federal agencies continue to make enforcement of these sanctions a priority, organization covered by either of these laws should use care to maintain appropriate compliance and risk management to ensure their ability to defend against any potential charges.

More Information

About the Author

For more information about these requirements, Ms. Stamer or her experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

Comments Off on Emotional Injury Damages Not Recoverable In Private Rehabilitation Act or Affordable Care Act Disability Discrimination Lawsuits | ACA, Civil Rights, Corporate Compliance, CROWN Act, Disability Discrimination, Discrimination, Employers, Employment, Employment Discrimination, health Care, Public Accommodation, Public Policy, Race Discrimination, Rehabilitation Act | Tagged: chris rock, CROWN Act, Employer, hair shaming, Jada Pinkett Smith, Management, National Origin Discrimination, Race Discrimination, will smith | Permalink
Posted by Cynthia Marcotte Stamer

Comment To OCR By 6/6 To Help Shape How OCR Implements HITECH Act Recognized Security Practices Standards For Purposes Of Setting Civil Monetary Penalties Under HIPAA Security Rules.

April 29, 2022

June 6, 2022 is the deadline for health plans, their sponsors, fiduciaries, administrative and other business associates and others to provide input to the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) that OCR says it seeks to help shape how it defines and implements the “recognized security standards” requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), as amended in 2021 for purposes of its administration and enforcement of civil monetary penalty and other provisions of of the Health Insurance Portability and Accountability Act (“”HIPAA”). The regulatory and enforcement decisions that OCR makes could significantly impact the civil monetary penalty liability, compliance, audit and recordkeeping responsibilities that health plans, health care providers, health care clearinghouses and their business associates (“Covered Entities”) face under the HIPAA Security and Breach Notification Rules.

OCR is inviting public input on two issues under the OCR Request for Information on Considerations for Implementing the Health Information Technology for Economic and Clinical Health (HITECH) Act, as Amended (RFI) released April 6, 2022:

The definition and administration of the “recognized security practice” factor the HITECH Act requires OCR to consider when assessing audit results, civil monetary penalty and settlement amounts and other HIPAA Security and Breach Rule enforcement; and
The rules that OCR will follow to determine when and how OCR will share portions of amounts it receives from civil monetary penalties or settlements with individuals harmed by breaches of electronic protected health information,

Recognized Security Practices

Section 13412 of the HITECH Act requires HHS to take into consideration certain recognized security practices of covered entities (health plans, health care clearinghouses, and most health care providers) and business associates1 when determining potential fines, audit results, or other remedies for resolving potential violations of the HIPAA Security Rule pursuant to an investigation, compliance review, or audit.

A primary goal of the requirement, which took effect January 5, 2021, is to encourage covered entities and business associates to do “everything in their power to safeguard patient data.”

The RFI solicits comment on how covered entities and business associates are implementing “recognized security practices,” how they anticipate adequately demonstrating that recognized security practices are in place, and any implementation issues they would like OCR to clarify through future guidance or rulemaking.

Civil Money Penalty (CMP) and Settlement Sharing

Section 13410(c)(3) of the HITECH Act requires HHS to establish by regulation a methodology under which an individual harmed by a potential violation of the HIPAA Privacy, Security, and/or Breach Notification Rules may receive a percentage of any CMP or monetary settlement collected with respect to that offense.

Section 13140(d)(1) of HITECH requires that OCR base determinations of appropriate penalty amounts on the nature and extent of the violation and the nature and extent of the harm resulting from such violation. The HITECH Act does not define “harm,” nor does it provide direction to aid HHS in defining the term.

The RFI solicits public comment on the types of harms that should be considered in the distribution of CMPs and monetary settlements to harmed individuals, discusses potential methodologies for sharing and distributing monies to harmed individuals, and invites the public to submit alternative methodologies.

Comments Due 6/6

Health plan and other Covered Entity input could significantly impact how OCR implements and administers these two important aspects of the HIPAA Security Rule going forward. As these decisions are likely to significantly impact the policies, practices, recordkeeping, breach investigation and other obligations that Covered Entities would need to meet in the event of an audit, breach or other investigation or enforcement, timely, thoughtful input from all Covered Entities and affected stakeholders is important. In addition, its decisions on how to distribute CMPs.

For more information about the RFI or instructions for submitting comments, see here.

Health Plan Security & Breach Exposures Beyond HIPAA

Beyond the significant exposures health plans and their business associates may face under HIPAA, recent Department of Labor Employee Benefit Security Administration (“EBSA”) guidance also signals growing risks for health plans and their fiduciaries under the Employee Retirement Income Security Act of 1974. See e.g., HIPAA & ERISA Fiduciary Rules Drive Imperative To Protect Health Plan Data & Systems From Hacking & Other Cyber Threats.

These are just some of the emerging health plan compliance risks and responsibilities that health plan, their fiduciaries, sponsors, administrators, service providers and insurers need to watch and manage. Amber M. Rivers, Director of the Employee Benefit Security Administration Office of Health Plan Standards and Compliance will discuss these and other risks during the “Department of Labor Health Plan Compliance and Enforcement Update” at a virtual program hosted by the American Bar Association Joint Committee on Employee Benefits from Noon to 1:30 p.m. Central Time on May 5, 2022 to be moderated by Solutions Law Press, Inc. author and publisher, attorney Cynthia Marcotte Stamer will moderate the program.

For additional information about or to register for this program, see here.

More Information.

About the Author

As part of these involvements, Ms. Stamer is scheduled to moderate the discussion of “Department of Labor Health Plan Compliance and Enforcement Update” with Amber M. Rivers, Director of the Employee Benefit Security Administration Office of Health Plan Standards and Compliance that the ABA Joint Committee on Employee Benefits is hosting on May 5, 2022. For additional information about or to register for this program, see here.

About Solutions Law Press, Inc.™

Comments Off on Comment To OCR By 6/6 To Help Shape How OCR Implements HITECH Act Recognized Security Practices Standards For Purposes Of Setting Civil Monetary Penalties Under HIPAA Security Rules. | ACA, Association Health Plan, Data Breach, Data Security, Employee Benefits, Employer, Employers, ERISA, fiduciary duty, Fiduciary Responsibility, Government Accountability, government employer, government plan, group health plan, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health plan, Health Plans, health reform, HIPAA, HIPAA, Joint Employer, Protected Health Information, self insured health plan, tpa | Permalink
Posted by Cynthia Marcotte Stamer

Exchange Enrollment Reaches All Time High

April 26, 2022

The Health Insurance Marketplaces 2022 Open Enrollment Report (“Report”) published by the Centers for Medicare and Medicaid Services last month reveals the 2022 Open Enrollment Period (“2022 OEP”) produced the highest enrollment in health care marketplace plans since passage of the Patient Protection and Affordable Care Act (“ACA”) 12 years ago.

A review of the data reveals a number of possible explanations for the increased enrollment including but not limited to Biden Administration emphasis on outreach, the expansion of the enrollment period and availability of subsidies, and more. Businesses sponsoring health plans, insurers and other payers, government and community leaders, taxpayers and other others may wish to evaluate this data and these implications further to assess their short term and long term implications on their health plan concerns and existing and proposed practices, governmental policy proposals and other planning considerations.

Reported Key Findings

The Report found that 14.5 million consumers selected or automatically re-enrolled in marketplace health care coverage through HealthCare.gov during the 2022 OEP, 2.5 million more consumers than signed up for marketplace coverage during the 2021 OEP. This reflects a 21 percent increase in enrollment over 2021 OEP enrollment.

Other findings highlighted in the Report include the following:

In HealthCare.gov states, 10.3 million consumers enrolled in health coverage during the 2022 OEP between November 1, 2021 and January 15, 2022.
Across the 18 SBMs, 4.3 million enrollees signed up for health coverage during the 2022 OEP from November 1, 2021 through the end of their respective reporting periods.
Nationwide, the number of new consumers signing up for Marketplace coverage during the 2022 OEP increased by 20 percent, to 3.1 million, from 2.5 million in the 2021 OEP.
Among consumers who attested to a race or ethnicity, 19 percent identified as Hispanic/Latino in the 2022 OEP, compared to 18 percent in the 2021 OEP, and the percent of consumers with a known race or ethnicity who identified as Black increased to 9 percent in the 2022 OEP, from 8 percent in the 2021 OEP.
Nationwide, 2.8 million more consumers are receiving APTC in 2022 compared to 2021. Additionally, 1.1 million consumers reported household incomes over 400% FPL during the 2022 OEP, who would not have been eligible for APTC without the American Rescue Plan (ARP). The average monthly premium after APTC fell by 19 percent, from $164 in 2021 to $133 in 2022, and 28 percent of consumers selected a plan for $10 or less per month after APTC during the 2022 OEP.
The percentage of all Marketplace consumers who received costsharing reductions (CSRs) increased slightly from the 2021 OEP to the 2022 OEP, from 47 percent to 49 percent, respectively.
The average monthly 2022 premium for HealthCare.gov enrollees was $111. If consumers had not received the additional APTC provided by the ARP, the average monthly premium after APTC for HealthCare.gov consumers would have been 53 percent higher, or $170.

The Report findings summarize data about health plan selections through the individual Marketplaces during the 2022 2022 OEP and includes OEP data for the 33 states with Marketplaces that use the HealthCare.gov eligibility and enrollment platform for the 2022 plan year (HealthCare.gov states), as well as for the 18 State-based Marketplaces (SBMs) that use their own eligibility and enrollment platforms. For purposes of the Report, the 2022 OEP for the Health Insurance Marketplaces ran between November 1, 2021 and January 15, 2021 for the 33 states that used HealthCare.gov. For the 18 State-based Marketplace (SBMs) states using their own platforms, the reporting period reflects plan selection and Marketplace activity from the beginning of OE on November 1, 2021, to the end of each SBM’s respective OEP and any run-out period. Any renewals processed before November 1, 2021, are also included.

Data Underlying Report

For those interested in evaluating the 2022 OEP enrollment results and trends, CMS has prepared a number of Public Use Files (PUFs) summarizing plan selection activity during the applicable OEPs in more detail including:

2022 OEP State-Level Public Use File: The state-level PUF includes total health plan selections in all 50 states plus the District of Columbia. The PUF provides state-level data on metrics such as average monthly premium, financial assistance, age, gender, metal level, self-reported race and ethnicity, rural location, household income as a percent of the federal poverty level (FPL), and plan switching behavior among consumers with a plan selection. In addition, the state-level PUF includes data on dental plan selections and Basic Health Plan (BHP) enrollments. Certain data elements are only available for the 33 HC.gov states in 2022.
2022 OEP State, Metal Level, and Enrollment Status Public Use File: The state, metal level, and enrollment status PUF contains data with stratifications by state, metal level and enrollment status. It includes total health plan selections in all 50 states plus the District of Columbia and state, metal level, and enrollment status-level data on enrollment status, average monthly premium, financial assistance, age, gender, self-reported race and ethnicity, rural location, metal level, and household income as percent FPL. Certain data elements are only available for the 33 HC.gov states in 2022.
2022 OEP County-Level Public Use File: The county-level PUF includes total health plan selections, as well as data such as average monthly premium, financial assistance, age, gender, metal level, self-reported race and ethnicity, household income as a percent of the FPL, and plan switching behavior. In addition, the county-level PUF includes data on dental plan selections. This PUF only includes data for consumers with a plan selection in the 33 states that used the HC.gov platform in 2022.
2022 OEP ZIP Code-Level Public Use File: The ZIP code-level PUF includes total health plan selections, the count of consumers with APTC, and average APTC among consumers with APTC. This PUF only includes data for consumers with a plan selection in the 33 states that used the HC.gov platform in 2022.
2022 OEP Snapshot Public Use File: The Snapshot PUF presents data that CMS released during the 2022 OEP. It includes total health plan selections, including a breakdown of new and returning consumers, consumers on submitted applications, call center volume, and website usage. State-level health plan selection counts are also included.
Supplemental HC.gov Data: Data on availability and plan selections of Health Savings Account (HSA)-eligible plans and average and median deductibles of plans selected during the 2014-2022

To access these data files, see here.

Amber M. Rivers, Director of the Employee Benefit Security Administration Office of Health Plan Standards and Compliance will discuss “Department of Labor Health Plan Compliance and Enforcement Update” at a virtual program hosted by the American Bar Association Joint Committee on Employee Benefits from Noon to 1:30 p.m. Central Time on May 5, 2022. Solutions Law Press, Inc. author and publisher Cynthia Marcotte Stamer will moderate the program.

During the program, Ms. Rivers will the provide updates on the health plan eligibility, COVID emergency orders, surprise billing, mental health parity and other Department of Labor regulatory, compliance, audit, enforcement priorities and other health plan projects and developments.

For additional information about or to register for this program, see here.

More Information.

About the Author

About Solutions Law Press, Inc.™

Comments Off on Exchange Enrollment Reaches All Time High | ACA, Association Health Plan, Employee Benefits, Employer, Employers, Government Accountability, government employer, government plan, group health plan, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health plan, Health Plans, health reform, self insured health plan | Permalink
Posted by Cynthia Marcotte Stamer

2022 ACA Marketplace Open Enrollment Up 21% Over 2021 Open Enrollment

April 26, 2022

Reported Key Findings

Other findings highlighted in the Report include the following:

In HealthCare.gov states, 10.3 million consumers enrolled in health coverage during the 2022 OEP between November 1, 2021 and January 15, 2022.
Across the 18 SBMs, 4.3 million enrollees signed up for health coverage during the 2022 OEP from November 1, 2021 through the end of their respective reporting periods.
Nationwide, the number of new consumers signing up for Marketplace coverage during the 2022 OEP increased by 20 percent, to 3.1 million, from 2.5 million in the 2021 OEP.
Among consumers who attested to a race or ethnicity, 19 percent identified as Hispanic/Latino in the 2022 OEP, compared to 18 percent in the 2021 OEP, and the percent of consumers with a known race or ethnicity who identified as Black increased to 9 percent in the 2022 OEP, from 8 percent in the 2021 OEP.
Nationwide, 2.8 million more consumers are receiving APTC in 2022 compared to 2021. Additionally, 1.1 million consumers reported household incomes over 400% FPL during the 2022 OEP, who would not have been eligible for APTC without the American Rescue Plan (ARP). The average monthly premium after APTC fell by 19 percent, from $164 in 2021 to $133 in 2022, and 28 percent of consumers selected a plan for $10 or less per month after APTC during the 2022 OEP.
The percentage of all Marketplace consumers who received costsharing reductions (CSRs) increased slightly from the 2021 OEP to the 2022 OEP, from 47 percent to 49 percent, respectively.
The average monthly 2022 premium for HealthCare.gov enrollees was $111. If consumers had not received the additional APTC provided by the ARP, the average monthly premium after APTC for HealthCare.gov consumers would have been 53 percent higher, or $170.

Data Underlying Report

2022 OEP State-Level Public Use File: The state-level PUF includes total health plan selections in all 50 states plus the District of Columbia. The PUF provides state-level data on metrics such as average monthly premium, financial assistance, age, gender, metal level, self-reported race and ethnicity, rural location, household income as a percent of the federal poverty level (FPL), and plan switching behavior among consumers with a plan selection. In addition, the state-level PUF includes data on dental plan selections and Basic Health Plan (BHP) enrollments. Certain data elements are only available for the 33 HC.gov states in 2022.
2022 OEP State, Metal Level, and Enrollment Status Public Use File: The state, metal level, and enrollment status PUF contains data with stratifications by state, metal level and enrollment status. It includes total health plan selections in all 50 states plus the District of Columbia and state, metal level, and enrollment status-level data on enrollment status, average monthly premium, financial assistance, age, gender, self-reported race and ethnicity, rural location, metal level, and household income as percent FPL. Certain data elements are only available for the 33 HC.gov states in 2022.
2022 OEP County-Level Public Use File: The county-level PUF includes total health plan selections, as well as data such as average monthly premium, financial assistance, age, gender, metal level, self-reported race and ethnicity, household income as a percent of the FPL, and plan switching behavior. In addition, the county-level PUF includes data on dental plan selections. This PUF only includes data for consumers with a plan selection in the 33 states that used the HC.gov platform in 2022.
2022 OEP ZIP Code-Level Public Use File: The ZIP code-level PUF includes total health plan selections, the count of consumers with APTC, and average APTC among consumers with APTC. This PUF only includes data for consumers with a plan selection in the 33 states that used the HC.gov platform in 2022.
2022 OEP Snapshot Public Use File: The Snapshot PUF presents data that CMS released during the 2022 OEP. It includes total health plan selections, including a breakdown of new and returning consumers, consumers on submitted applications, call center volume, and website usage. State-level health plan selection counts are also included.
Supplemental HC.gov Data: Data on availability and plan selections of Health Savings Account (HSA)-eligible plans and average and median deductibles of plans selected during the 2014-2022

To access these data files, see here.

More Information.

About the Author

About Solutions Law Press, Inc.™

Comments Off on 2022 ACA Marketplace Open Enrollment Up 21% Over 2021 Open Enrollment | ACA, Association Health Plan, Employee Benefits, Employer, Employers, Government Accountability, government employer, government plan, group health plan, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health plan, Health Plans, health reform, self insured health plan | Permalink
Posted by Cynthia Marcotte Stamer

Texas Supreme Court Extends Emergency Order Providing COVID-19 Protections For Tenants

April 20, 2022

The Texas Supreme Court’s Fiftieth Emergency Order Regarding the COVID-19 State of Disaster (50th Order”) published today (April 20, 2022) reissues the judicial relief and procedures previously in effect under its Forty-Eighth Emergency Order (Misc. Dkt. No. 22-9015) in light of the U.S. Department of Treasury’s allocation of additional rental assistance funds to the Texas Department of Housing and Community Affairs (“TDHCA”) for the Texas Eviction Diversion Program.

Under the 50th Order, any Texas action for eviction to recover possession of residential property
under Chapter 24 of the Texas Property Code and Rule 510 of the Texas Rules of Civil
Procedure based, in whole or part, on the nonpayment of rent must comply with additional requirements and procedures beyond those typically required for residential convictions in the absence of the COVID-19 health care emergency.

Review the requirements of the 50th Order here.

Landlords and tenants contemplating or dealing with eviction or unpaid rent enforcement should review and follow these orders carefully.

More Information

About the Author

Well-known for her extensive work with health and life sciences, insurance, employee benefits, health and other insurance, financial services, technology, energy, manufacturing, retail, hospitality, government contractors, governmental and other highly regulated employers, her more than 30 years’ of experience encompasses domestic and international businesses of all types and sizes.

About Solutions Law Press, Inc.™

Comments Off on Texas Supreme Court Extends Emergency Order Providing COVID-19 Protections For Tenants | Corporate Compliance, COVID, COVID-19, Landlord-Tenent, Pandemic, Real Estate | Tagged: COVID-19, Landlord-Tenant | Permalink
Posted by Cynthia Marcotte Stamer

Businesses Face New Federal CROWN Act Hair Discrimination Prohibitions That Became Law Just Days Before Oscar Night Hair Joke Incident

March 31, 2022

U.S. businesses should use caution not to allow the widespread sympathy and limited media and public criticism that comedian Chris Rock currently enjoys after Will Smith inappropriately responded to Rock’s hair shaming of Smith’s wife, actress Jada Pinkett Smith, to overlook their organization’s growing legal responsibility and risks to prevent hair shaming in their operations.

The March 27 Oscar Night incident where Will Smith responded to Rock making a “GI Jane” joke of Pinkett-Smith’s shortly cropped hair occurred only five days after new federal protections against hair shaming under the Creating a Respectful and Open World for Natural Hair Act of 2021 (“CROWN Act”) became law.

CROWN Act & Various State Laws Prohibit Hair Discrimination

In recent years many states have enacted laws that prohibit or regulate discrimination or regulation of hair styles in the workplace and other business dealings. This month, Congress got on the bandwagon by enacting the CROWN Act.

Signed into law on March 22, 2022 the CROWN Act prohibits discrimination based on a person’s hair texture or hairstyle if that style or texture is commonly associated with a particular race or national origin in federally assisted programs, housing programs, public accommodations, and employment.

In its discussion of its Congressional Purpose, the CROWN Act states that while discrimination on the basis of natural or protective hairstyles that people of African descent are commonly adorned with can be a type of racial or national origin discrimination that violates federal laws such as the Civil Rights Act of 1964 (42 U.S.C. 2000e et seq.), section 1977 of the Revised Statutes (42 U.S.C. 1981), and the Fair Housing Act (42 U.S.C. 3601 et seq.), some Federal courts have misinterpreted Federal civil rights law by narrowly interpreting the meaning of race or national origin to allow employers to discriminate against people of African descent who wear natural or protective hairstyles even though the employment policies involved are not related to workers’ ability to perform their jobs.

The CROWN Act seeks to protect people of African descent from hair-style based race or national origin discrimination by making discrimination against any individual based on the person’s hair texture or hairstyle, if that hair texture or that hairstyle is commonly associated with a particular race or national origin (including a hairstyle in which hair is tightly coiled or tightly curled, locs, cornrows, twists, braids, Bantu knots, and Afros):

Prohibited race and national origin discrimination under 42 U.S.C. 1981;
An unlawful employment practice for an employer, employment agency, labor organization, or joint labor-management committee controlling apprenticeship or other training or retraining (including on-the-job training programs) under title VII of the Civil Rights Act of 1964;
A prohibited discriminatory housing practice under the Fair Housing Act (42 U.S.C. 3601 et seq.);
Prohibited discrimination in any public accommodation under sections 201, 202, or 203 of the Civil Rights Act of 1964 (42 U.SC. 2000a et seq.).

Although not expressly addressed in the CROWN Act, the manner in which it adds its hair discrimination prohibitions to these federal discrimination laws makes it highly likely that its hair discrimination prohibitions will be interpreted as including the harassment and hostile work environment protections afforded under these laws for other types of race or national origin discrimination.

Although Pinkett-Smith prior to the Oscar Night episode explained hormonal imbalance related alopecia (hair loss) influenced her current closely cropped hairstyle choice, shortly cropped hairstyles are not uncommon natural hairstyles among black or other women. It bears mentioning that none of the federal discrimination laws amended by the CROWN Act includes any exemption for comedians or other “jokes.”

Businesses Should Act To Comply

Given the newness of the federal CROWN Act, it remains to be seen whether Pinkett-Smith’s or other similar hairstyles will fall within the protection of the CROWN Act. As most businesses will not want to incur the cost and negative publicity of testing these limits, businesses should review their existing practices for policies and practices that could present exposure risks, consider adjusting policies, practices, and communications that might create unnecessary exposures, establish appropriate practices to monitor complaints or other actions that might prompt charges or other exposures and monitor regulatory guidance, lawsuits and governmental enforcement actions. Businesses also should consider establishing and communicating appropriate procedures for individuals that believe their rights under the CROWN Act or other similar laws have or are being violated to report their concerns and for timely investigation and resolution of those complaints like those used to maintain and monitor compliance with other discrimination laws. In conducting their assessments and risk mitigation actions, businesses should keep in mind that discrimination exposures could arise from impressions or expectations created by pre-enactment policies, discipline, feedback or other actions which make it advisable to take revise and republish policies, update training or take other action to resolve.

More Information

About the Author

Ms. Stamer helps management manage. Ms. Stamer’s legal and management consulting work throughout her nearly 30+ year career has focused on helping organizations and their management use the law and process to manage people, process, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.

For more information about these requirements, Ms. Stamer or her experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

Comments Off on Businesses Face New Federal CROWN Act Hair Discrimination Prohibitions That Became Law Just Days Before Oscar Night Hair Joke Incident | Civil Rights, Corporate Compliance, CROWN Act, Discrimination, Employers, Employment, Employment Discrimination, Race Discrimination | Tagged: chris rock, CROWN Act, Employer, hair shaming, Jada Pinkett Smith, Management, National Origin Discrimination, Race Discrimination, will smith | Permalink
Posted by Cynthia Marcotte Stamer

Prepare For Health Plan Impacts From FDA COVID 2nd Booster Approval

March 29, 2022

Employer and other group health plan sponsors, fiduciaries, administrators and insurers should prepare their plans and their administrators to respond appropriately to today’s (3/29/2022) U.S. Food and Drug Administration (“FDA”)’s authorization of a second booster dose of either the Pfizer-BioNTech or the Moderna COVID-19 vaccines for certain populations will affect health plan COVID-19 coverage, workplace vaccination mandates or both.

FDA Emergency Use Approval of Second COVID-19 Booster

On March 29, 2022, the FDA amended its e emergency use authorization (“EAU”) for COVID-19 vaccination to add authorization for second COVID-19 booster shots under the following circumstances:

A second booster dose of the Pfizer-BioNTech COVID-19 Vaccine or Moderna COVID-19 Vaccine may be administered to individuals 50 years of age and older at least 4 months after receipt of a first booster dose of any authorized or approved COVID-19 vaccine.
A second booster dose of the Pfizer-BioNTech COVID-19 Vaccine may be administered to individuals 12 years of age and older with certain kinds of immunocompromise at least 4 months after receipt of a first booster dose of any authorized or approved COVID-19 vaccine. These are people who have undergone solid organ transplantation, or who are living with conditions that are considered to have an equivalent level of immunocompromise.
A second booster dose of the Moderna COVID-19 Vaccine may be administered at least 4 months after the first booster dose of any authorized or approved COVID-19 vaccine to individuals 18 years of age and older with the same certain kinds of immunocompromise.

The second booster doses EAU announced March 29 applies only to the Pfizer-BioNTech and Moderna COVID-19 vaccines and the authorization of a single booster dose for other age groups with these vaccines remains unchanged. For more information on the FDA COVID-19 Vaccine Approvals, see e.g. ,Comirnaty and Pfizer-BioNTech COVID-19 Vaccine; Spikevax and Moderna COVID-19 Vaccine; COVID-19 Vaccines; Emergency Use Authorization for Vaccines Explained.

Second Booster Authorization Health Plan Implications

Group health plans, their sponsors, fiduciaries, administrators and insurers need to evaluate their existing group health plan language to determine if and when their group health plan will cover second COVID-19 booster doses.

While Federal law currently mandates that all group health plans and group and individual health insurance covered by the Patient Protection & Affordable Care Act (“ACA”) cover FDA-approved initial vaccination and first booster vaccinations administered in accordance with recommendations of the Advisory Committee on Immunization Practices (“ACIP”), the ACIP as of now has not amended its COVID-19 vaccination recommendations to include the FDA second boosters approved by the FDA.

Health plans’ current obligation to cover without cost sharing initial COVID-19 vaccinations and first boosters in accordance with FDA authorizations to covered individuals arises under Section 3203 of the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”). Since January 5, 2021, Section 3203 of the CARES Act has mandated that all group health plans and health insurance issuers subject to the Patient Protection and Affordable Care Act (“ACA”) cover without cost sharing any COVID-19 vaccine with an FDA approved EUA Biologics License Application (“BLA”) consistent with the recommendations of the ACIP. While the CARES Act mandates coverage for ACIP-recommended COVID-19 vaccinations, including vaccines and boosters securing FDA approval subsequent to the effective date of the mandate. As enacted, the CARES Act mandate grows to include COVID-19 vaccinations and booster shots securing FDA approval subsequent to its enactment when recommended by the ACIP. Since the CARES Act only mandates coverage of ACIP recommended vaccines and as of March 29, 2022, the second booster is nt ACIP recommended, the Cares Act does not appear to mandate group health plans and health plan insurers cover the second booster shot approved by the FDA as of March 29, 2022. If in the future the ACIP recommends the booster, coverage by ACA covered group health plans and individual and group health insurance would become mandatory.

As of March 29, 2022, coverage of the second COVID-19 booster with or without cost-sharing also does not appear to be required to comply with the preventive care mandates of §2713 of the Public Health Service Act [PHSA]) enacted as part of the ACA.

The ACA preventive care and other mandates generally apply to individual health insurance coverage, fully insured small- and large-group coverage, and self-insured group plans that are not grandfathered or otherwise exempt.

Where applicable, Section 2713’s preventive care mandate generally requires ACA covered plans to cover without cost sharing specified preventive health services recommended with an A or B rating by the United States Preventive Services Task Force (USPSTF) and any immunization with a recommendation by ACIP adopted by the Centers for Disease Control and Prevention (CDC), for routine use for a given individual. As of now neither agency has adopted a recommendation of the second COVID-19 vaccine booster. Since Section 2713 specifies that its coverage mandates cannot trigger an obligation for covered group health plans to cover a new or revised recommendation any sooner than one year after a new or revised recommendation ispublished, any future adoption by the USPSTF, but not the ACIP, of a recommendation of the second booster shot will not trigger a federal coverage mandate. the ACA preventive care mandate. In contrast, ACA covered health plans would become immediately obligated to cover the second COVID booster if and when the ACIP in the future adds it to its recommendations, as the CARES Act mandate effectively renders moot the one year waiting period applicable for the ACA mandate.

As ACA group health plans and health insurance will become immediately required by the CARES Act to cover the second booster if and when the ACIP amends its COVID recommendations to recommend the second booster, group health plans, their sponsors, fiduciaries, administrators and insurers should monitor the ACIP recommendations for possible changes.

Along with this diligent oversight, most plan sponsors, fiduciaries and administrators should review their existing health plan language to determine if their existing plan language provides the currently mandated coverage as well as if the current language expressly provides or is sufficiently ambiguous to open the door for construction of the plan as authorizing coverage beyond existing applicable mandates. The COVID-19 related operational disruptions and exigencies present when the existing COVID-19 coverage mandates took effect creates a substantial likelihood that many plans contain less than optimal language regarding the COVID-19 vaccine and other mandates. Employer and other health plan sponsors, insurers, fiduciaries and administrators should assess whether tightening up their health plan language for the vaccination and other mandates is advisable to minimize compliance exposure risks, plan administration errors or unnecessary overpayments. Regardless of whether any change in plan language is necessary or advisable, group health plan fiduciaries, sponsors, administrators and insurers should prepare plan administration team members to respond to likely questions from plan members about COVID-19 vaccine and other COVID-related coverage. Health plan and human resources staff should be trained both to provide the appropriate substantive responses and to follow appropriate processes and procedures to contain the spread of fiduciary liability and to minimize the retaliation and other risks.

More Information

About the Author

A Fellow in the American College of Employee Benefits Counsel repeatedly recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” by LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law and among the “Best Lawyers In Dallas” in “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other workforce, employee benefits, health care and insurance legal representation, public policy leadership and advocacy, coaching, scholarship and training.

Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, Vice Chair of the ABA International Section Life Sciences Committee, current Chair-Elect of the ABA Tort & Insurance Section (TIPS) Medicine and Law Committee, former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer’s has worked extensively health and other employee benefit plan, managed care and other health and wellness, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, workforce and vendor performance management, regulatory and public policy and other legal and operational concerns. As a part of this work, she has continuously and extensively worked with domestic and international health plans, their sponsors, fiduciaries, administrators, and insurers; managed care and insurance organizations; hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EHR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

This involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EHR, HIPAA and other technology, data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement; and other strategic and operational concerns.

Ms. Stamer also shares her leadership through her extensive involvement in many professional, community and civic organizations including several current leadership roles in various ABA Committees, as a former Joint Committee on Employee Benefits Council Representative, former Society for Human Resources Management Region IV Board Chair and National Consultant’s Board Member; former Editorial Advisory Board Member and author for HR.com, Insurance ThoughtLeaders, BNA CD-Rolm, and Employee Benefits News; former Alliance for Healthcare Excellence Board President, Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, former Board Member and Compliance Chair of the National Kidney Foundation of North Texas. Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. These include hundreds of highly regarded articles and workshops on health and other benefits, workforce, health care and insurance concerns.

For more information about these requirements, Ms. Stamer or her experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

Comments Off on Prepare For Health Plan Impacts From FDA COVID 2nd Booster Approval | Corporate Compliance | Tagged: COVID-19, Employer, Fiduciary, Health Insurance, Health Plans, vaccine | Permalink
Posted by Cynthia Marcotte Stamer

DOD Contractors May Face Added Health Plan Obligations On DOD Contracts Funded With Consolidated Appropriations Act, 2022 Funds

March 17, 2022

Businesses hoping to cash in on Department of Defense (“DOD”) appropriations in the Consolidated Appropriations Act, 2022 (“CAA”) signed into law on March 15, 2022 by contracting with DOD to perform functions currently performed by DOD civilian employees better budget to pay employer health plan contributions for workers that will perform the contracted services at the same rate as DOD would pay for services performed by its civilian employees.

Section 8047 of the CAA generally prohibits the DOD from using DOD appropriations from the CAA to pay for outsourced services to perform activities or functions performed by DOD civilian employees as of March 15, 2022 unless:

The conversion is based on the result of a public-private competition that includes a most efficient and cost-effective organization plan developed by such activity or function;
The Competitive Sourcing Official determines that, overall performance periods stated in the solicitation of offers for performance of the activity or function, the cost of performance of the activity or function by a contractor would be less costly to the Department of Defense by an amount that equals or exceeds the lesser of 10 percent of the most efficient organization’s personnel-related costs for performance of that activity or function by Federal employees or $10,000,000; and
The contractor does not receive an advantage for a proposal by not making an employer-sponsored health insurance plan available to the workers to be employed in the performance of that activity or function under the contract or offering such workers an employer-sponsored health benefits plan that requires the employer to contribute less towards the premium or subscription share than the amount that is paid by the Department of Defense for health benefits for civilian employees under chapter 89 of title 5, United States Code.

The health coverage requirement Section 8047 adds an addition nuance to the long and complex list of recruiting, employment, compensation, fringe benefit, procurement, cybersecurity, governance, contracting, conflict of interest, recordkeeping and a multitude of other requirements applicable to DOD contractors under the U.S. Department of Labor Office of Federal Contract Compliance Programs (OFCCP) regulations, the DOD Federal Acquisition Regulation (FAR), Defense Federal Acquisition Regulation Supplement (DFARS) and other federal laws and regulations.

Beyond the health coverage requirements of CAA Section 8047, DOD and other federal government contractors and subcontractors also should review and update their compliance plans for compliance with other applicable contracting and compliance obligations, many of which have been impacted by a series of policy and enforcement changes implemented by changes in Federal statutes, regulations and Executive Order impacting affirmative action, cybersecurity, benefits, compensation, worker classification and a host of other practices. Noncompliance with these requirements can trigger substantial judgments, civil monetary penalties, program disqualification and exclusion and in some instances criminal or civil prosecution under the False Claims Act and other federal statutes. DOD and other governmental contractors and subcontractors are encouraged to review their compliance plans, practices and documentation to confirm their readiness to defend a potential audit or enforcement action.

More Information.

About the Author

Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. Her day-to-day work encompasses both labor and employment issues, as well as independent contractor, outsourcing, employee leasing, management services and other nontraditional service relationships. She supports her clients both on a real-time, “on demand” basis and with longer term basis to deal with all aspects for workforce and human resources management, including, recruitment, hiring, firing, compensation and benefits, promotion, discipline, Form I-9 and other compliance, trade secret and confidentiality, noncompetition, privacy and data security, safety, daily performance and operations management, internal controls, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

Well-known for her extensive work with health and life sciences, insurance, financial services, technology, energy, manufacturing, retail, hospitality, government contractors, governmental and other highly regulated employers, her more than 30 years’ of experience encompasses domestic and international businesses of all types and sizes.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service as a management consultant, business coach and consultant and policy strategist as well through her leadership participation in professional and civic organizations such her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and policy adviser to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; ABA Real Property Probate and Trust (RPTE) Section former Employee Benefits Group Chair, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative, and Defined Contribution Committee Co-Chair, past Welfare Benefit Committee Chair and current Employee Benefits Group Fiduciary Responsibility Committee Co-Chair, Substantive and Group Committee member, Membership Committee member and RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

About Solutions Law Press, Inc.™

Comments Off on DOD Contractors May Face Added Health Plan Obligations On DOD Contracts Funded With Consolidated Appropriations Act, 2022 Funds | Corporate Compliance, corporate governance, DFAR, Emploeyrs, Employee Benefits, Employer, Employers, Government Accountability, Government Contractors, government employer, government plan, OFCCP, OFCCP | Permalink
Posted by Cynthia Marcotte Stamer

Proposed SEC Cyber Rules Expand Cyber Obligations & Risks For Public Companies and Other SEC Regulated Entities & Their Leaders

March 9, 2022

Public companies and other market participating or influencing companies and their leaders should begin preparing to comply with enhanced cybersecurity risk management, disclosure, strategy, governance and incident reporting and response requirements of a Proposed Rule the Security and Exchange Commission (“SEC”) published in today’s (March 9, 2022) Federal Register.

Published on the heels of the SEC’s announcement of plans to hold public companies and their leaders accountable for lax cybersecurity risk management and disclosure, the SEC’s promotion of the Proposed Rule is one of a growing series of SEC and other federal agency initiatives ratcheting up responsibilities and legal liability risks of organizations and their executives in the face of growing cybersecurity threats. Aside from the added SEC requirements directly applicable to market participating or influencing companies, the protections intended to protect investors against undisclosed or improperly managed cyber-related risks to their investments also are likely to impact the cybersecurity practices of organizations that provide investments or investment related services with respect to employee benefit plans and the disclosures they provide.

In the face of these rising risks, public companies and their leaders should move promptly to conduct documented assessments of the adequacy of their existing cybersecurity safeguards, risk assessments and breach detection and response practices within the protective scope of attorney-client privilege as soon as possible considering the requirements of the Proposed Rule and other rapidly evolving rules, precedent and cyberthreats. Meanwhile, individuals and organizations wishing to comment on the Proposed Rule should submit their comments as soon as possible and no later than May 8, 2022, which is the last day of the 60-day comment period established in the Proposed Regulation.

Cybersecurity Risks & Responsibilities Of Companies & Their Leaders Rising

With cybersecurity threats and compliance concerns growing, the SEC is prioritizing cybersecurity investigation and enforcement against public companies and other market participants for lack cybersecurity governance, safeguards or disclosures. See e.g., SEC Office of Compliance Inspections and Examinations Cybersecurity and Resiliency Observations. Along announcing its commitment to hold market involved and impacting regulated entities accountable for failing to maintain and enforce appropriate internal and external controls to prevent, detect and redress cybersecurity threats, including appropriate board governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, training and awareness, investor disclosures and other practices.

Beginning in 2019, the SEC strengthened its warnings to public companies and other market involved and influencing organizations and has begun more aggressively investigating and pursuing enforcement against companies that fail to fulfill their SEC cybersecurity obligations. As public companies and investor losses from data breaches, malware and other cybersecurity have continued, taken enforcement action against various public companies that experienced significant drops in stock value due to malware, data breach or other cybersecurity incidents. See here. For instance, in August, 2021, London-based educational publishing giant Pearson plc, agreed to pay $1 million to settle SEC charges that it had inadequate cybersecurity disclosure controls and procedures and made misleading statements and omissions about the 2018 data breach involving the theft of student data and administrator log-in credentials of 13,000 school, district and university customer accounts. In its semi-annual report, filed in July 2019, Pearson referred to a data privacy incident as a hypothetical risk, when, in fact, the 2018 cyber intrusion already had occurred. Also in a July 2019 media statement, Pearson stated that the breach may include dates of births and email addresses, when, in fact, it knew that such records were stolen, and falsely that Pearson had “strict protections” in place, when, in fact, it failed to patch the critical vulnerability for six months after it was notified. The media statement also omitted that millions of rows of student data and usernames and hashed passwords were stolen. The SEC order further found that Pearson’s disclosure controls and procedures were not designed to ensure that those responsible for making disclosure determinations were informed of certain information about the circumstances surrounding the breach and that Pearson waited to inform investors about the breach until after contacted by the media. After the SEC issued an order that found Pearson violated Sections 17(a)(2) and 17(a)(3) of the Securities Act of 1933 and Section 13(a) of the Exchange Act of 1934 and Rules 12b-20, 13a-15(a), and 13a-16 thereunder, without admitting or denying the SEC’s findings, Pearson agreed to cease and desist from committing violations of these provisions and to pay a $1 million civil penalty.

Until recently, these cybersecurity enforcement actions focused primarily on entities. Last summer, however, the SEC announced that along with continuing its enforcement against public companies and other market involved and impacting companies for cybersecurity deficiencies, it now intends to purse enforcement against officers, directors or other leaders of companies that allow these deficiencies. Coincident with this announcement, the SEC made good on its promise to prosecute individual leaders by suing leaders of three companies accused of violating SEC cybersecurity controls, governance, and disclosure rules.. See, e.g., SEC Announces Three Actions Charging Deficient Cybersecurity Procedures.

Newly Proposed SEC Cybersecurity Rule Clarifies Expectations, Facilitates Noncompliance Enforcement Against Public Companies & Leaders

The SEC publication of the Proposed Rule both reenforces its prior cybercompliance warnings and adds more teeth to the SEC’s efforts to monitor, investigate and enforce its rules against market involved and impacting regulated entities and their leaders that fail to fulfill their cybersecurity obligations.

The “clarifications” in the Proposed Rule define minimum expectations for public company management and disclosures to investors about their cyber risk management, strategy, and governance and requiring public companies to notify investors of material cybersecurity incidents very quickly.

Among other things, the Proposed Rule will require that public companies:

Amend Form 8-K to require registrants to disclose information about a material cybersecurity incident within 4 business days after the registrant determines that it has experienced a material cybersecurity incident;
Add new Item 106(d) of Regulation S-K and Item 16J(d) of Form 20-F to require registrants to provide updated disclosure relating to previously disclosed cybersecurity incidents and to require disclosure, to the extent known to management, when a series of previously undisclosed individually immaterial cybersecurity incidents has become material in the aggregate; and
Amend Form 6-K to add “cybersecurity incidents” as a reporting topic.

The Proposed Rule also will require enhanced and standardized disclosure about public company cybersecurity risk management, strategy, and governance by:

Adding Item 106 to Regulation S-K and Item 16J of Form 20-F to require a registrant to:
Describe its policies and procedures, if any, for the identification and management of risks from cybersecurity threats, including whether the registrant considers cybersecurity as part of its business strategy, financial planning, and capital allocation; and
Require disclosure about the board’s oversight of cybersecurity risk and management’s role and expertise in assessing and managing cybersecurity risk and implementing the registrant’s cybersecurity policies, procedures, and strategies; and
Amending Item 407 of Regulation S-K and Form 20-F to require disclosure regarding board member cybersecurity expertise including disclosure in annual reports and certain proxy filings if any member of the registrant’s board of directors has expertise in cybersecurity, the name(s) of any such director(s) and any detail necessary to fully describe the nature of the expertise; and
Requiring public companies present the cybersecurity disclosures in Inline eXtensible Business Reporting Language (Inline XBRL).

Given the SEC’s announced cybersecurity priorities, most commentators expect the SEC to move promptly to implement the Proposed Rule after the comment period ends on May 8. If these expectations prove true, market participating and influencing entities and their leaders already at risk under preexisting enforcement priorities will have to move quickly to clean up their compliance and fulfill their new responsibilities.

Managing existing risks and meeting these new requirements will be complicated by the need or advisability for many of the impacted public companies and their leaders to consider and appropriately address longstanding and newly expanding SEC and other cybersecurity exposures and disclosures. Aside from meeting the particulars of the new requirements going forward, companies also should be prepared to address preexisting cybersecurity exposures under existing SEC and other laws, regulations and contracts.

In conducting these activities, organizations and their leaders should keep in mind that their SEC cybersecurity obligations and exposures include both SEC specific new and unresolved historical obligations as well as cybersecurity risks arising from other operational, contractual and regulatory sources.

Federal electronic crimes, the Fair Credit Reporting Act, the Fair and Accurate Credit Transactions Act (“FACTA”), the Internal Revenue Code, and a plethora of other federal and state laws long have required or made highly advisable that organizations and their leaders include appropriate cybersecurity governance, security, breach detection and response, disclosure and mitigation obligations in their Federal Sentencing Guideline or other organizational compliance programs.

To adequately fulfill the SEC expectations, corporations and their leaders generally also will need to assess compliance, controls and exposures considering other cybersecurity duties and risks from key components of public company and other organizations’ operations, heightened exposures to private litigation, audits, investigations and enforcement and other cybersecurity responsibilities and risks subsumed within their public company and employee benefit plan operations. See e.g., New DOJ Civil Cyber-Fraud Initiative Pressures Federal Contractors & Grant Recipients To Tighten Cybersecurity Controls, Training & Other Safeguards ;Federal Agencies Take Aim At Businesses, Benefit Plan Fiduciaries & Service Providers & Others With Lax Cybersecurity & CyberBreach Compliance; Build Defenses By Strengthening Internal & External Controls & Risk Management; HIPAA & ERISA Fiduciary Rules Drive Imperative To Protect Health Plan Data & Systems From Hacking & Other Cyber Threats; Check Up Updated FinCEN Advisory on Ransomware For Opportunities To Strengthen Defenses; Raise Cybersecurity & Cyberbreach Compliance & Risk Management To Defend Against Rising Cyber Regulatory & Enforcement Risks; DOJ Civil Cyber-Fraud Initiative Pressures Federal Contractors & Grant Recipients To Tighten Cybersecurity Controls, Training & Other Safeguards.

As part of these efforts, organizations and their leaders should move quickly to position themselves to defend against potential investigation and enforcement risks created by these emerging policies. These efforts should seek to ensure compliance with all applicable statutory, regulatory and contractual requirements as well as institutionalize the necessary operational controls to protect systems, data and operations from cyber breaches and other threats, to detect and redress cyber events promptly, and to ensure that the organization otherwise can demonstrate both their compliance efforts, as well as their timely prudent detection, investigation, reporting, mitigation and remediation in response to actual or suspected cyber threats or other compliance breaches.

Assessments should take into account all existing required statutory, regulatory, and contractual controls and practices, documentation and other procedures. In addition, organizations should consider the advisability of adopting other “best practice” safeguards or actions taking into account relevant agency guidance and resources, government or other contracts, other industry or related standards, known and suspected breaches, “red flags” and threats, their own, their vendor and business partner and other risk profiles and experience, and other factors likely to be viewed as prudent under the circumstances.

In assessing, designing and administering the cybersecurity processes, organizations and their leaders should give due attention to assessing and addressing the adequacy of their internal and external controls to ensure the adequacy of their systems, processes, oversight and response practices and capabilities as of the time of the assessment and on an ongoing basis. Beyond establishing required policies and formal controls, organization should ensure that their organizations have in place the necessary policies and practices to monitor and control cyberthreats arising from conduct and risks created by employees and other internal workforce, vendors and other parties interacting with the business and its operations. As part of these efforts, most organizations will need to evaluate their contractual obligations and requirements for vendors, suppliers and others interacting with their businesses. Beyond general contractual compliance obligations, organizations should weigh requiring contractors, suppliers and other business partners to make specific commitments to maintain and monitor compliance and other risks, to provide timely notice and reports, to cooperate with audits and investigations necessary or advisable to respond to private or government complaints, government or other investigation, reporting or other requirements, their own compliance and risk assessments, audits and investigations and other compliance and risk management efforts. Organizations also should give careful attention and review the adequacy of protections and responsibilities arising from contractual cybersecurity and breach notice, investigation, cooperation, indemnification, insurance and other associated protections and cooperation.

Organizations also should consider establishing and administering processes for independent monitoring of regulatory, news, and other reports that could provide early warning of potential cybersecurity weaknesses, threats and breaches.

All processes should include appropriate governance, oversight and reporting to provide for ongoing monitoring and oversight necessary to identify and respond to evolving risks arising in the course of their operations as well as consistent practices for carefully documenting their compliance and risk management compliance efforts.

Because of the frequently high cost of breach investigation, response and mitigation, most organizations will want to consider securing cyber liability or other coverage, require vendors and other business partners to provide cyber liability indemnifications backed up with insurance or other adequate assurance of their ability to fulfill these financial responsibilities.

Organizations and their leaders also should ensure that their compliance programs are backed up with appropriate governance and oversight to monitor and maintain compliance, address emerging issues and identify and respond to new requirements and incidents with appropriate process and documentation to defend compliance and mitigate other cyber-related risks for their organizations, their investors and their leaders.

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstance at any time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any situation and does not necessarily address all relevant issues. Because developments could impact the currency and completeness of this discussion, the author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein. ©2022 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™

Comments Off on Proposed SEC Cyber Rules Expand Cyber Obligations & Risks For Public Companies and Other SEC Regulated Entities & Their Leaders | Corporate Compliance | Permalink
Posted by Cynthia Marcotte Stamer

South Sudan F-1 Visa Status Extended

March 4, 2022

The U.S Department of Homeland Security U.S. Citizenship and Immigration Services is extending its designation of South Sudan for Temporary Protected Status and associated Employment Authorization:
for South Sudanese F–1 Nonimmigrant Students experiencing severe economic hardship as a direct result of the current South Sudan humanitarian crisis.

More Information

About the Author

Well-known for her extensive work with health and life sciences, insurance, financial services, technology, energy, manufacturing, retail, hospitality, governmental and other highly regulated employers, her nearly 30 years’ of experience encompasses domestic and international businesses of all types and sizes.

About Solutions Law Press, Inc.™

Comments Off on South Sudan F-1 Visa Status Extended | COVID, COVID-19, employee, Employer, Employers, h-2A Visa, I-9, Immigration, Internal Controls, Internal Investigations, Pandemic, Remote Work, Telecommuting, visas | Permalink
Posted by Cynthia Marcotte Stamer

DOJ Sues To Stop UnitedHealth Acquisition Of Change Health To Protect Employer Plan Innovation & Commercial Health Insurance Market Competition

March 3, 2022

The U.S. Department of Justice along with the Minnesota and New York Attorneys General (collectively “Justice Department”) have filed a civil antitrust lawsuit to stop UnitedHealth Group Incorporated (“United”) from acquiring Change Healthcare Inc. (“Change”) on February 24, 2022 in an announced $13 billion transaction that the Justice Department claims will harm self-insured employer health plan innovation and competition in the commercial health insurance market. The suit is the latest in a series of Justice Department suits that seek to prevent continued consolidation of the health industry giants following decades of industry consolidation.

United, headquartered in Minnetonka, Minnesota, is an integrated health care enterprise that includes, among other subsidiaries, UnitedHealthcare, the largest health insurer in the United States; Optum Health, a large network of health care providers located throughout the country; OptumRx, a large pharmacy benefit manager; and OptumInsight, a health care technology business. United’s revenues were $288 billion in 2021.

Change Healthcare Inc. headquartered in Nashville, Tennessee, is a leading independent health care technology company providing health care analytics, software, services and data to health care providers, health insurers and other software and services firms in the health care industry. Today, Change markets itself as a partner to a wide variety of other health care ecosystem organizations including United’s major health insurance competitors as providing vital software and services need for innovation and problem solving. These services include electronic data interchange (EDI) clearinghouse services, which transmit claims and payment information between insurers and providers, and first-pass claims editing solutions, which review claims under the health insurer’s policies and relevant treatment protocols. Change’s revenues were $3.4 billion in 2021.

In the civil antitrust complaint filed in the U.S. District Court for the District of Columbia on February 24, 2022, the Justice Department charges United’s acquisition of this neutral player would allow United to tilt the playing field in its favor, harming current competition and allowing United to control and distort the course of innovation in this industry for the foreseeable future.

Among other things, the Justice Department alleges allowing United to eliminate a significant independent and innovative competitor firm by acquiring Change will undermine competition in the commercial health insurance market, stifle innovation in the employer health insurance markets and suppress competition in the market for a vital technology used by health insurers to process health insurance claims and reduce health care costs by giving United control of a critical data highway through which about half of all Americans’ health insurance claims pass each year.

As alleged in the complaint, the proposed transaction would give United, a massive company that owns the largest health insurer in the United States, access to a vast amount of its rival health insurers’ competitively sensitive information. Post-acquisition, United would be able to use its rivals’ information to gain an unfair advantage and harm competition in health insurance markets. The Justice Department also claims the proposed transaction would eliminate United’s only major rival for first-pass claims editing technology — a critical product used to efficiently process health insurance claims and save health insurers billions of dollars each year — and give United a monopoly share in the market.

A Justice Department press release about the lawsuit quotes Principal Deputy Assistant Attorney General Doha Mekki of the Justice Department’s Antitrust Division as saying, “Unless the deal is blocked, United stands to see and potentially use its health insurance rivals’ competitively sensitive information for its own business purposes and control these competitors’ access to innovations in vital health care technology. The department’s lawsuit makes clear that we will not hesitate to challenge transactions that harm competition by placing so much control of data and innovation in the hands of a single firm.”

The suit is the latest in a series of civil antitrust lawsuits challenging proposed mergers or acquisitions of between health insurance industry giants as anticompetitive in recent years. Stay tuned for more details.

More Information

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications. As a significant part of her work, Ms. Stamer has worked extensively on pandemic, business and other crisis planning, preparedness and response for more than 30 years.

Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns. Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. As a part of this work, she has continuously and extensively worked with domestic and international health plans, their sponsors, fiduciaries, administrators, and insurers; managed care and insurance organizations; hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EHR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

The American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. These include hundreds of highly regarded articles and workshops on health and other benefits, workforce, health care and insurance concerns.

For more information about these requirements, Ms. Stamer or her experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

Comments Off on DOJ Sues To Stop UnitedHealth Acquisition Of Change Health To Protect Employer Plan Innovation & Commercial Health Insurance Market Competition | Antitrust, Association Health Plan, Brokers, compensation transparency, compliance, Corporate Compliance, drug pricing, EBSA, Emploeyrs, Employee Benefits, Employer, Employment, Employment Policies, ERISA, health benefit, Health Benefits, health Care, health care transparency, Health Industry Consolidation, health insurance, health plan, Health Plans, HR, Human Resources, insurers, Internal Controls, Managed Care, Management, Mergers & Acquisitions, pbms, pharmacy, prescription drugs, self insured health plan, Surprise Billing, third party administrators, tpa | Tagged: Health Care, Health Insurance, Health IT, Health Plans | Permalink
Posted by Cynthia Marcotte Stamer

Biden Administration DHS Proposes New Rules On When Noncitizens Ineligible To Enter Or Remain In US Based On Likelihood To Become “Public Charge”

February 28, 2022

The U.S Department of Homeland Security is inviting public comment on proposed regulations (the “Proposed Rule”) defining the rules DHS will apply to decide when a noncitizen is inadmissible to the United States under section 212(a)(4) of the Immigration and Nationality Act (INA) because the person is likely at any time to become a “public charge.” The proposed rules could affect workers or family members of workers who are noncitizens seeking to renew visas who have accessed certain public assistance while in the United States as well as noncitizens seeking new visas to enter the United States. The deadline for submitting comments is April 25, 2022.

Public Charge Rule Generally

Under Section 212(a)(4) of the INA, an applicant for a visa, admission, or adjustment of status generally is inadmissible if the applicant “is likely at any time to become a public charge” The public charge ground of inadmissibility, therefore, applies to individuals applying for a visa to come to the United States temporarily or permanently, for admission, or for adjustment of status to that of a lawful permanent resident.By statute, however, some categories of noncitizens such as refugees; asylees; certain T and U nonimmigrant visa applicants (human trafficking and certain crime victims, respectively); and certain self-petitioners under the Violence against Women Act are exempt from the public charge inadmissibility ground. Also the DHS Secretary possesses discretionary authority to waive public charge inadmissibility for a noncitizen that provides a suitable and proper bond or undertaking approved by the Secretary.INA Section 235 addresses the inspection of applicants for admission, including inadmissibility determinations of such applicants and INA Section 245 generally establishes eligibility criteria for adjustment of status to that of a lawful permanent resident.

Public Charge Proposed Rule Highlights

The Proposed Rule would consider a noncitizen likely at any time to become a public charge if he or she is likely at any time to become primarily dependent on the government for subsistence, as demonstrated by either the receipt of public cash assistance for income maintenance or long-term institutionalization at government expense. The Proposed Rule also would establish:

How DHS proposes to identify the types of public benefits that would be considered as part of the public charge inadmissibility determination;
General principles regarding consideration of current and past receipt of public benefits in public charge inadmissibility determinations
Factors that DHS would consider in prospectively determining, under the totality of the circumstances framework, whether an applicant for admission or adjustment of status before DHS is inadmissible under the public charge ground.
Changes to existing information collections submitted with applications for adjustment of status to that of a lawful permanent resident to include questions relevant to the statutory minimum factors.
A requirement that all written denial decisions issued by USCIS to applicants reflect consideration of each of the statutory minimum factors, as well as the Affidavit of Support Under Section 213A of the INA where required, consistent with the standards set forth in the Proposed Rule, and specifically articulate the reasons for the officer’s determination.

The proposed regulation, if adopted as proposed, would implement the following major changes:

Amend 8 CFR 212.18, Application for waivers of inadmissibility in connection with an application for adjustment of status by T nonimmigrant status holders. This section clarifies that T nonimmigrants seeking adjustment of status are not subject to the public charge ground of inadmissibility.
Add 8 CFR 212.20, Applicability of public charge inadmissibility. This section identifies the categories of noncitizens who are subject to the public charge ground of inadmissibility.
Add 8 CFR 212.21, Definitions. This section establishes key regulatory definitions: Likely at any time to become a public charge, public cash assistance for income maintenance, long-term institutionalization at government expense, receipt (of public benefits), and government.
• Add 8 CFR 212.22, to clarify that evaluating the likelihood at any time of becoming a public charge is a prospective determination based on the totality of the circumstances. This section provides details on how the statutory minimum factors, as well as an Affidavit of Support Under Section 213A of the INA, if required, and current or past receipt of public benefits would be considered when making a public charge inadmissibility determination. This section also states that the fact that an applicant has a disability, as defined by section 504 of the Rehabilitation Act (Section 504), will not alone be a Start Printed Page 10572 sufficient basis to determine whether the noncitizen is likely at any time to become a public charge. This section also includes categories of noncitizens whose past or current receipt of public benefits will not be considered in a public charge inadmissibility determination.
Add 8 CFR 212.23, Exemptions and waivers for public charge ground of inadmissibility, which will provide a list of statutory and regulatory exemptions from and waivers of the public charge ground of inadmissibility.
Amends 8 CFR 245.23, Adjustment of aliens in T nonimmigrant classification, which will clarify T nonimmigrants seeking adjustment of status are not subject to the public charge ground of inadmissibility.

The Proposed Rule differs from the previous regulation DHS published on August 14, 2019 on the pubic charge rule, which is no longer in effect. Rather than continuing Trump Administration efforts to defend the prior regulation against various litigation challenges then pending before the United States Supreme Court, the Biden Administration announced its withdrawal of the prior regulation to reconsider its provisions, resulting in the termination of that litigation. The proposed regulation reflects the results of the Biden Administration’s new approach to the rule making, which many perceive as more generous to noncitizen applicants in various respects. The Preamble to the proposed regulation reflects the Biden Administration’s view that the 2019 Final Rule expanded DHS’s definition of “public charge,” in a manner ‘associated with widespread indirect effects on noncitizens were not even subject to the public charge ground of inadmissibility, such as U.S. citizen children in mixed-status households. According to the Preamble to the Proposed Rule, although the 2019 Final Rule imposed heavy paperwork burdens while the 2019 Final Rule was in place DHS only denied 3 of the 47,555 applications for adjustment of status to which the rule was applied and DHS subsequently reopened and approved those 3.

Potential Implications On Employers, Health Care Organizations & Others

The implications of the Proposed Rule vary depending on the circumstances. Because the Proposed Rule will de-emphasize prior reliance of a noncitizen on certain assistance, it may make it easier for noncitizen employees and others who received assistance during the COVID-19 pandemic or under other circumstances in the past to renew their visa to remain in the U.S. This could be helpful to businesses that concerned about the loss of noncitizen workers or service providers who otherwise might be disqualified by the prior need for or receipt of public assistance or unwilling to come or stay in the U.S. because of the disqualification of family members under the public assistance criteria.

The easing of the standard also may impact health care, community, religious, charitable or other organizations concerned that certain populations of noncitizens they service could be denied entry or forced to leave the United States.

Meanwhile, federal, state and local governments, community agencies and others also should assess the program eligibility and cost implications of the Proposed Rule and begin planning accordingly.

To review the Proposed Rule, a summary of the proposed regulation and history of the public charge rule and other details, see here. Persons interested in commenting on the proposed regulation should submit their comments electronically on or before April 25, 2022 following the instructions here.

More Information

About the Author

About Solutions Law Press, Inc.™

Comments Off on Biden Administration DHS Proposes New Rules On When Noncitizens Ineligible To Enter Or Remain In US Based On Likelihood To Become “Public Charge” | COVID, COVID-19, employee, Employer, Employers, h-2A Visa, I-9, Immigration, Internal Controls, Internal Investigations, Pandemic, Remote Work, Telecommuting, visas | Tagged: Corporate Compliance, COVID-19, Department of Homeland Security, Eligibility to Work, Employer, I-9, Immigration, Internal Controls, Managment, Workforce | Permalink
Posted by Cynthia Marcotte Stamer

Confirm Continuing Form I-9 Compliance As Employees Return From COVID-19 Remote Work

February 24, 2022

U.S. employers of employees returning to the workplace after working remotely during the COVID-19 emergency should include verifying the physical presence and all other Form I-9, Employment Eligibility Verification (Form I-9) requirements for complying with Section 274A of the Immigration and Nationality Act (INA) are met by each employee returning to the workplace to minimize the risk of liability arising from failing to physically examine eligibility and identity documentation of employees hired to work remotely without physical examination of their original identity and eligibility documentation based on COVID-19 related limited Form I-9 flexibilities granted by the Department of Homeland Security (“DHS”); upcoming or missed deadlines for reverification of eligibility to work documentation for employees whose eligibility documentation contains an expiration date or both. Employers should use care to ensure that COVID-19 related staffing or other operational disruptions result in any failures to timely reverify eligibility to work for employees with expiring eligibility documents; to examine in the physical presence of the employee the identity and eligibility documents of employees hired to work remotely during the COVID-19 health care emergency within three days of the date the employee resumes working at an employer’s worksite on a regular basis or April 30, 2022.

U.S. law requires that each employer, agricultural recruiter and referrers for a fee who recruits, refers for a fee, or hires an individual for employment in the U.S. (“employer”) verify the employee’s identity and employment authorization by properly completing and retaining the Form I-9 for that employee. In addition to requiring each employee to complete Section 1 of the Form I-9, employers also must require each employee to present original identity and eligibility to work documentation for examination by the employer in the physical presence of the employee before the employer completes and signs Section 2 of the Form I-9. In some instances, employers that previously completed a Form I-9 for an employee subsequently may be required to complete Section 3 (“reverify”) when the employee relief upon documentation with an expiration date to prove eligibility to work by presenting unexpired original eligibility documentation to the employer for examination in the physical presence of the employee before the employer can complete the certifications required by that Section of the Form I-9.

Whether conducting an original employment verification or reverifying the employment eligibility of an employee when eligibility documents expire, the Form I-9 rules normally require the employer to physically examine the document presented by the employee to prove identity and eligibility to work to ensure the documents the employee presented are originals of a document on the Lists of Acceptable Documents or is an acceptable receipt and that the presented document reasonably appears genuine and to relate to the presenting employee. When the documents meet these conditions, during this physical examination, the employer must enter the necessary information to complete the applicable of Section 2 or 3 of the Form I-9 and appropriately date and sign the Form I-9.

Employers hiring employees based on documents that will require reverification usually track the impending expirations and notify the impacted employees at least 90 days before the date is required that they will be required to present a List A or List C document (or acceptable receipt) showing continued employment authorization on the date that their employment authorization or documentation whichever is sooner, expires.

COVID-19 DHS Form I-9 Flexibility Guidance Limited To Qualifying COVID-19 Remote Employees; Set To Expire April 30

On March 20 2020, DHS issued Form I-9 flexibilities guidance in response to precautions implemented by employers and employees related to physical proximity associated with the COVID-19 health care emergency. Under the currently applicable extension of the flexibility guidance published in December, 2021, that flexibility is set to expire on April 30, 2020.

The March 20, 2020 Form I-9 flexibility guidance granted employers temporary flexibility to delay examination of original identity and employment authorization documents in the employee’s physical presence for employees working remotely as a COVID-19 precaution provided that the employer:

Inspected the Section 2 documents remotely over video link, fax or email, etc.;
Obtained, inspected, and retained copies of the documents, within three business days for purposes of completing Section 2;
Physically inspected the documents after normal operations resumed by requiring all employees on boarded using remote verification to report to the employer within three business days for in-person verification of Form I-9 identity and employment eligibility documentation;
Maintained and provided as required written documentation of their remote onboarding and telework policy for each employee and other necessary documentation and other evidence to meet the criteria to qualify for the flexibility; and
E-Verify participants who met the criteria and choose the remote inspection option continue to follow current guidance and create cases for their new hires within three business days from the date of hire.

For purposes of completing the Form I-9 documentation for employees covered by this flexibility, DHS directed employers taking advantage of this flexibility to delay physical inspection to enter “COVID-19” as the reason for the physical inspection delay in the Section 2 when originally completing the employee’s Form I-9 and when the employer physically inspected the documents when normal operations resumed, to add “documents physically examined” with the date of inspection to the Section 2 additional information on the Form I-9, or to section 3 as appropriate. DHS specified that employers could rely upon this COVID-19 related flexibility until the earlier of 60 days from the date of its notice or within 3 business days after the termination of the National Emergency.

On March 31, 2021, DHS updated its March 20, 2020 Form I-9 flexibilities guidance effective April 1, 2021, to limit an employer’s ability to delay inspection in the physical presence of the employee to remote workers. The updated guidance states employers are required to inspect the Form I-9 identity and employment eligibility documentation in person for any employees who physically report to work at a company location on any regular, consistent, or predictable basis. For employees working remotely hired on or after April 1, 2021, however, the March 31, 2021 update specifies the flexibility to delay inspection in the physical presence of the employee applies to employees working work exclusively in a remote setting due to COVID-19-related precautions until the earlier of the date the remote worker undertakes non-remote employment on a regular, consistent, or predictable basis, or the date DHS terminates Form I-9 flexibility guidance. DHS also stated that the flexibilities do not prevent employers from commencing, in their discretion, the in-person verification of identity and employment eligibility documentation for employees hired on or after March 20, 2020, and presented such documents for remote inspection in reliance on the flexibilities first announced in March 2020.

Since DHS subsequently extended the availability of the Form I-9 flexibility policy through April 30, 2022 because of ongoing precautions related to COVID-19, employers that meet the conditions of the guidance currently may continue to delay in person inspection of the Form I-9 eligibility and identification documents for a remote worker hired after March 31, 2021 until the earlier of the date the employee resumes physically reporting to work at a company location on any regular, consistent or predictable basis; April 30, 2022 or the date normal operations resume. Meanwhile, employers must monitor the DHS and ICE’s Workforce Enforcement announcements about when the extensions end and normal operations resume.

Verify & Strengthen Compliance To Avoid Potentially Costly Fines & Other Liability

Maintaining appropriate Form I-9 verification and documentation compliance is critical to reduce exposure to expensive civil fines and in the case of certain wilful violations, even potential criminal liability.

DHS base penalties for I-9 violations adjust for inflation annually. Under the inflation adjustments implemented in November, 2021. the I-9 violation penalty per Form I-9 are now:

For the first offense, $590-$4,722;
For the second offense, $4,722-$11,803; and
For the third or subsequent offense, $7,082-$23,607.

Appropriate documented compliance and remediation efforts by an employer are taken into account and can significantly mitigate if not eliminate civil and criminal liability assessments for Form I-9 and other immigration law violations Given the potential liabilities of noncompliance and the likely expiration of the COVID-19 flexibility guidance. all employers should include confirmation of continued I-9 compliance to their risk management activities.

As the COVID-19 health care emergency abates and businesses resume more normalized operations, employers that have resumed normal operations as well as employers with workers continuing to work remotely as part of their COVID-19 containment arrangements should ensure the employer has inspected the Form I-9 original identity and eligibility documentation of each employee physically reporting to work on any regular, consistent or predictable basis. In addition, as employees that previously worked remotely in response to the COVID-19 health care emergency resume onsite work, employers also should confirm that the Form I-9 documents not previously inspected in the presence of the employee in reliance on the I-9 flexibility guidance are required to present their original documentation for in person inspection by the employer within three days. Finally, because the COVID-19 health care emergency disrupted the normal operations and staffing of many employers, most employers also will want to audit the expiration dates, if any of any time limited eligibility documents presented by their employees to ensure that timely steps are taken to notify and secure updated eligibility documentation for employees whose employment relies upon those expiring documents.

Along with confirming that I-9 documentation for new hires and noncitizen employees relying upon expiring documentation during the COVID-19 health care emergency, employers also generally shoild reconfirm the adequacy of their overall I-9 policies, practices and documentation. Section 274A(b) of the Immigration and Nationality Act (INA), codified in 8 U.S.C. § 1324a(b), requires employers to verify the identity and employment eligibility of all individuals hired in the United States after November 6, 1986. 8 C.F.R. Section 274a.2 designates the Form I-9, Employment Eligibility Verification (Form I-9), as the vehicle for documenting this verification. For current employees, employers are required to maintain for inspection original Form(s) I-9 on paper or as an on-screen version generated by an electronic system that can produce legible and readable paper copies. For former employees, the retention of Form(s) I-9 is required for a period of at least three years from the first day of employment or one year from the date employment ends, whichever is longer.

Employers receiving a NOI or other request for inspection typically will want to contact experienced legal counsel immediately upon receipt to discuss any concerns and review the materials to identify any potential areas of concern and opportunities for improvement or liability mitigation prior to the inspection.Employers that receive a Notice of Inspection (NOI) from DHS can expect to be asked to produce the requested Form(s) I-9 for inspection along with a copy of the employer’s payroll, a list of active and terminated employees, articles of incorporation, business licenses and other supporting documentation. Businesses relying on contractors, subcontractors or leased employees should be prepared to access and provide any documentation regarding those workers available when requested, particularly in light of ongoing worker reclassification and joint employer initiatives by various federal agencies. The time period to produce these documents in the NOI can be short. Typically the NOI offers three or more days before the scheduled inspection. However, legal counsel frequently may work with DHS to arrange for a short extension of the deadline to allow for collection and organization of the requested materials. However, even with such extensions, advance preparation and organization, including collection or negotiation of access to contract labor, contractor, payroll and other relevant records, can be critical.

More Information

About the Author

About Solutions Law Press, Inc.™

Comments Off on Confirm Continuing Form I-9 Compliance As Employees Return From COVID-19 Remote Work | COVID, COVID-19, employee, Employer, Employers, I-9, Internal Controls, Internal Investigations, Pandemic, Remote Work, Telecommuting | Tagged: Corporate Compliance, COVID-19, Department of Homeland Security, Eligibility to Work, Employer, I-9, Immigration, Internal Controls, Managment, Workforce | Permalink
Posted by Cynthia Marcotte Stamer

DOL Invites Employer Input On Youth Employee Mental Health Needs

February 17, 2022

Employers should put managing legal and operational demands for mental health accommodation for youth and other workers and their risk management agenda this year.

The Surgeon General’s recent release of an advisory report, “Protecting Young People’s Mental Health,” is one of a series of studies and guidance that the federal government has released in recent months on the impacts of the pandemic on mental health issues. The recently released Surgeon General report discusses impacts of the pandemic on mental health needs of young people. In connection with these findings, the United States Department of Labor is inviting employers and other interested persons to respond to a brief questionnaire from the National Youth Employment Coalition to help understand how workforce providers are grappling with this crisis. The DOL says this input will provide insight into the youth employment field’s current capacity to screen, connect, and serve youth with mental health needs. however, employers contemplating responding should note that the survey template requests that they respond it be identified by providing their name and other information. It is not clear whether the provision of this information may be used to target the employer for subsequent scrutiny.

The deadline for responding to the survey is March 11, 2022. To learn more, see here.

More Information

Want to know more? The author of this update, employment lawyer Cynthia Marcotte Stamer, conducted a briefing on these and other federal COVID-19 vaccination and other workforce requirements as a panelist on the “COVID-19 Vaccination Mandates & Incentives” virtual seminar the American Bar Association Joint Committee on Employee Benefits hosted on November 12, 2021. To purchase a recording of the program, see here. For information about obtaining Ms. Stamer’s slides, email here.

Solutions Law Press, Inc. also invites you to receive future updates by registering here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here. For specific information about the these or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

About the Author

For help developing, administering or defending your organization’s workforce, employee benefits, compensation or compliance practices, contact the author. Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for management work, coaching, teachings, and publications.

Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. Her day-to-day work encompasses both labor and employment issues, as well as independent contractor, outsourcing, employee leasing, management services and other nontraditional service relationships. She supports her clients both on a real-time, “on demand” basis and with longer term basis to deal with all aspects for workforce and human resources management, including, recruitment, hiring, firing, compensation and benefits, promotion, discipline, compliance, trade secret and confidentiality, noncompetition, privacy and data security, safety, daily performance and operations management, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

Well-known for her extensive work with health, insurance, financial services, technology, energy, manufacturing, retail, hospitality, governmental and other highly regulated employers, her nearly 30 years’ of experience encompasses domestic and international businesses of all types and sizes.

About Solutions Law Press, Inc.™

If you or someone else you know would like to receive future updates about developments on these and other concerns, please provide your current contact information and preferences including your preferred e-mail by creating or updating your profile here.

Comments Off on DOL Invites Employer Input On Youth Employee Mental Health Needs | ADA, Corporate Compliance, COVID-19, Disability, Disability Discrimination, Disability Plans, Discrimination, Drug & Alcohol, EEOC, Employee Benefits, Employer, Employers, Employment, Employment Discrimination, Employment Policies, group health plan, health benefit, Health Benefits, health Care, Health Plans, Mental Health, Mental Health Parity | Tagged: Discrimination, Mental Health, youth employment | Permalink
Posted by Cynthia Marcotte Stamer

Tight Labor Market Heightens Importance Of Protecting IP & Other Data Against Departing Employee Risks

January 24, 2022

With employers increasingly competing for workers., U.S. businesses should shore-up legal and operational data security and intellectual property safeguards against misappropriation, misuse or damage by departing workers.

January, 2022 Bureau of Labor Statistics (“BLS”) data released January 21, 2022 confirms employee turnover continues to rise as employers compete for workers in today’s worker-strapped employment market.

BLS reported on January 21, 2022 that:

Job openings rates decreased in 16 states, increased in 3 states, and were little changed in 31 states and the District of Columbia on the last business day of November;
Quits rates increased in 22 states and decreased in 2 states; and
Total separations rates increased in 13 states.

See BLS State Job Openings and Labor Turnover Summary

The resulting competition for workers makes it increasingly difficult for businesses to retain and recruit sufficient workers to meet their operating needs. The National Association of Manufacturers 2021 Fourth Quarter Manufacturers’ Outlook Survey released in December 2921 sighted the shortage of workers as a leading business concern. Meanwhile, a recent Goldman Sachs survey shows small business owners identify finding workers as their top business challenge.

With the pool of unemployed workers continuing to decline, employers understandably increasingly are looking to entice employed workers away from their existing positions. Consequently, savvy business leaders should recognize that along with working to recruit additional workers to meet their growth needs, their organizations also need tot take steps to retain key workers and protect against the loss of know how and intellectual property in the face of stepped up efforts of other employers to recruit their valuable employees.

In recognition other businesses may target their best workers, businesses reliant upon labor competitive workforces should both to review existing compensation to deter against the loss of key workers and to strengthen their non competition, trade secret and other intellectual property safeguards to minimize intellectual property and other competitive risks that typically rise from another employer’s recruitment of a key employee.

When conducting these activities, businesses should start my re-evaluating their current employment, noncompete, trade secret and other practices both for market competitiveness and their legal effectiveness in light of widespread changes in market practices and legal rules.

Business concerned about protecting against the loss of workers or intellectual property are cautioned to confirm that their policies and practices are reviewed and updated to take into account evolving market and legal rules and practices. Changing federal tax and other rules may impact the employer’s expectations and responsibilities concerning the tax and treatment of bonus or other golden handcuffs intended by the business to incent key workers to stay with the organization. Along side with these changing rules, evolving federal antitrust enforcement guidance, state regulatory and enforcement precedent, and other federal and state changes also may impact traditional employer noncompetition, nonsolicitation, trade secret and other commonly used employee retention, intellectual property and other business intelligence safeguards. Consequently businesses intending to use and rely upon these practices will want to review and update these practices to avoid unanticipated legal barriers to enforcement and maximize the reliability of these safeguards both against existing employees who may depart employment now, and the future separation of new recruits.

Beyond ensuring that legal policies and practices are up-to-date, employers also should consider whether their operational practices safeguard their data and other sensitive business information against misappropriation or misuse. information requiring protection includes not only traditionally recognized trade secrets and confidential information critical to business competitiveness, as well as credit card and other personal and business information of customers and business partners, licenses, human resources, tax and other data that the business has a contractual or statutory obligation to protect against improper access, use or disclosure. In addition to adopting appropriate privacy, investigation, background consent and other policies and procedures to position the company to legally monitor and investigate potential inappropriate dealings with these and other sensitive resources, savvy businesses will work with legal counsel to implement appropriate processes and procedures for ongoing prevention, monitoring and redress of suspicious access and other improper activities involving these materials.

Furthermore, businesses also should consider the likelihood that departing workers may view their transition to new employment as freeing them to address past perceived wrongs by filing wage and hour, safety, whistleblower or other complaints, charges or litigation. In the face of these risks, employers will want to ensure that their existing wage and hour, harassment,safety and other workforce policies and practices are currently compliant as well as be prepared to respond to any allegations of past misconduct. Employers should carefully conduct exit interviews and investigate any alleged misconduct or other negative feedback to mitigate potential risks and liabilities. Employers also should consult with experienced employment and employee benefits counsel about appropriate design, administration and documentation of these policies, practices, arrangements and activities. Businesses also use special care to manage and relate to defend against whistleblower, interference and retaliation liabilities and claims given recently announced retaliation enforcement initiatives by the Equal Opportunity Commission, the Occupational Safety & Health Administration and other Department of Labor agencies. See e.g. Manage Heightened Retaliation Exposures Arising From COVID-19 Safety, Return-To-Work & Other Practices.

More Information

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Chair of the American Bar Association Intellectual Property Section Law Practice Management Committee and with a long history of leadership involvement in many other community, charitable, professional and other organizations, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for management work, coaching, teachings, and publications.

Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. Her day-to-day work encompasses both labor and employment issues, as well as independent contractor, outsourcing, employee leasing, management services and other nontraditional service relationships. She supports her clients both on a real-time, “on demand” basis and with longer term basis to deal with all aspects for workforce and human resources management, including, recruitment, hiring, firing, compensation and benefits, promotion, discipline, compliance, trade secret and confidentiality, noncompetition, privacy and data security, safety, daily performance and operations management, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

Want to know more? See here for details about the author of this update, attorney Cynthia Marcotte Stamer, e-mail her here or telephone Ms. Stamer at (469) 767-8872.

About Solutions Law Press, Inc.™

Comments Off on Tight Labor Market Heightens Importance Of Protecting IP & Other Data Against Departing Employee Risks | Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

Latest Texas Supreme Court Emergency Order Extends & Modifies COVID Pandemic Rules For Texas Courts

January 20, 2022

The COVID-19 pandemic outbreak continues to disrupt ordinary litigation and administrative procedures including cases pending in Texas state, municipal and justice courts. On January 19, 2022, the Texas Supreme Court renewed and amended the COVID pandemic relief announced in its 45th Emergency Order. Its 47th Emergency Order:

Allows all Texas courts to use video and teleconferencing methods in civil and criminal cases through April 1, 2022;
Allows justice and municipal courts to suspend or modify trial-related and pretrial hearing deadlines through March 1, 2022;
Continues courts’ authority to modify certain procedures and deadlines in child-protection cases; and
Allows courts to continue to use reasonable efforts to hold proceedings remotely with certain exceptions or actions required.

Meanwhile, the order encourages justice and municipal courts to “move swiftly to return to regular pretrial and trial proceedings as soon as reasonably feasible before March 1, 2022.

The modified schedules, procedures, and dynamics resulting from this and other courts’ and administrative agencies can significantly disrupt the speed, progress and dynamics of investigations and litigation. Businesses and others involved in these enforcement activities should carefully explore the implications of these changes on the timing, prosecution or defense, cost and other aspects of their proceedings.

More Information

The author of this update, employment lawyer Cynthia Marcotte Stamer, conducted a briefing on these and other federal COVID-19 vaccination and other workforce requirements as a panelist on the “COVID-19 Vaccination Mandates & Incentives” virtual seminar the American Bar Association Joint Committee on Employee Benefits hosted on November 12, 2021. To purchase a recording of the program, see here. For information about obtaining Ms. Stamer’s slides, email here.

About the Author

For help developing, administering or defending your organization’s COVID-19 Mandatory Vaccine Policy or other workforce, employee benefits, compensation or compliance practices, contact the author. Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years working as an on demand, special project, consulting, general counsel or other basis with domestic and international business, charitable, community and government organizations of all types, sizes and industries and their leaders on labor and employment and other workforce compliance, performance management, internal controls and governance, compensation and benefits, regulatory compliance, investigations and audits, change management and restructuring, disaster preparedness and response and other operational, risk management and tactical concerns.

For more information about these concerns or Ms. Stamer’s work, experience, involvements, other publications, or programs, see www.cynthiastamer.com, on Facebook, on LinkedIn or Twitter or e-mail here.

About Solutions Law Press, Inc.™

Comments Off on Latest Texas Supreme Court Emergency Order Extends & Modifies COVID Pandemic Rules For Texas Courts | ACA, ADA, Affirmative Action, Corporate Compliance, COVID-19, Disability Discrimination, EEOC, Emergency, Employers, Employment Discrimination, Employment Policies, Government Contractors, Rehabilitation Act, Retaliation, Safety | Permalink
Posted by Cynthia Marcotte Stamer

SCOTUS To Hear Oral Arguments on OSHA COVID-19 Vaccination Rule Enforceability On January 7

December 22, 2021

The Supreme Court will hold a special session on January 7, 2022 to hear oral arguments whether the U.S. Department of Labor’s Occupational Safety and Health Administration (“OSHA”) can enforce the COVID-19 Vaccination and Testing Standard rules that require employers with 100 or more employees to adopt and enforce COVID-19 vaccination and other related safety safeguards and the Healthcare Emergency Temporary Standard that imposes similar but more burdensome COVID-19 vaccination and other related safety and Recordkeeping requirements on healthcare organizations

The ETS and Healthcare ETS are key elements of a package of federal vaccine mandate and other added COVID-19 safety rules President Biden announced on September 9 he was directing federal agencies to impose on employers through a series of agency rules as part of his “Path Out Of The Pandemic.

The ETS and health care emergency temporary standard vaccination, testing and masking requirements add to existing OSHA guidance requiring employers to educate and train workers to use multiple safeguards to avoid and contain the spread of COVID-19 in their workplaces in accordance with these rules, OSHA’s general duty to provide a safe workplace, its anti-retaliation and anti-interference rules and other OSHA rules.

The OSHA COVID-19 mandates and companion rules that seek to require vaccination and other safeguards for federal workers, government contractors, facilities participating in Medicare and Medicaid and certain educational and childcare programs touched off a wave of court challenges across the country, which have resulted in conflicting and often unstable injunctive rulings.

The Supreme Court scheduled the special session on Wednesday, December 22. It is anticipated that the resulting decision will be quickly forthcoming help to clarify the enforceability of other federal agency Covid-19 vaccination mandates rules.

OSHA COVID-19 ETS

The ETS OSHA issued as a temporary emergency standard on November. 5, 2021 currently covers employers with 100 or more employees. However comments published with the ETS indicate OSHA is considering extending the ETS to smaller employers.

Under the ETS, covered employers must develop, implement and enforce a mandatory COVID-19 vaccination policy, unless they adopt a policy requiring employees to either get vaccinated or undergo regular COVID-19 testing and wear a face covering at work. The ETS requires covered employers to ensure their workforce is fully vaccinated or adopt a and enforce a policy that requires workers either prove they are fully vaccinated or workers who remain unvaccinated to wear masks and produce a negative test result on at least a weekly basis before coming to work. The ETS also imposes burdensome documentation and record keeping requirements.

The ETS is in addition to a separate mandate applicable to health care workers providing services to Medicare and Medicaid participating health care facilities. In June OSHA issued a different emergency temporary standard for certain healthcare workers that originally required nursing home and certain other care facilities to require and enforce vaccination of employees and other service providers. OSHA extended its health care emergency temporary standard to cover workers at most health care organizations following President Biden’s September 9 directives.

Along with OSHA’s issuance of the ETS and Healthcare ETS, the Safer Federal Worker Task Force, the Centers for Medicare and Medicaid Services, and the Department of Education also published rules seeking to implement the other aspects of the Biden vaccination mandate strategy.

Both the ETS and the health care emergency standards provide exceptions for and require covered employers to provide accommodations for disabilities and seriously held religious beliefs required by federal equal employment opportunity laws administered by the Equal Employment Opportunity Commission (“EEOC”) while making clear that the covered employer must be able to demonstrate with evidence that accommodations were required as well as implement appropriate alternative safeguards to maintain workplace safety. Where the accommodation prevents vaccination, this generally means adherence to testing, masking, social distancing and other standards to provide for safety.

Employers walk a tightrope negotiating these dual obligations. Discrepancies in the language used by OSHA to describe an employer’s responsibility to determine whether and when accommodation is required in the ETS compared to language in existing EEOC guidance calling for employer deference to religious and disability requests raises ambiguity regarding the degree of deference the OSHA rules allow an employer to allow to the accommodation claims made by employees versus the EEOC.

In addition, employers also must contend with the challenges of managing retaliation and other claims from workers associated with COVID-19 safety practices. The highly subjective, fact specific nature of these determinations under either interpretation make these determinations challenging for employers. The risk of negotiating these challenges is further complicated by the exposure to likely retaliation charges under the OSHA or Civil Rights Act anti-retaliation rules that employers must negotiate when dealing with expectations and waive of accommodation inquiries and requests from employees.

Retaliation and interference protections often protect employees against adverse employment action for good faith questions about or participating in investigations or other protected activity regarding safety, discrimination or accommodation even when the employee was not entitled to the accommodation or other protection asserted.

The significance of the retaliation risk is highlighted by the prioritization of retaliation investigation and enforcement recently announced by both the EEOC and OSHA. In March, OSHA launched a national emphasis program focusing enforcement efforts on companies that put the largest number of workers at serious risk of contracting the coronavirus. The program also prioritizes employers who retaliate against workers for complaints about unsafe or unhealthy conditions, or for exercising other rights protecteds by federal law.

The EEOC and other Department of Labor agencies also are prioritizing retaliation and interference investigation and enforcement. On November 17, 2021 the EEOC announced its involvement in the new initiative to end retaliation against workers who exercise their protected labor and employment law rights by collaborating among these civil law enforcement agencies to protect workers on issues of unlawful retaliatory conduct, educating the public and engaging with employers, business organizations, labor organizations and civil rights groups in the coming year.

In furtherance of this effort, the EEOC updated its COVID-19 technical assistance to include more information about employer retaliation under the Civil Rights laws the EEOC enforces in pandemic-related employment situations. Key points shared in this new technical guidance include:

Job applicants and current and former employees are protected from retaliation by employers for asserting their rights under any of the EEOC-enforced anti-discrimination laws.
Protected activity can take many forms, including filing a charge of discrimination; complaining to a supervisor about coworker harassment; or requesting accommodation of a disability or a religious belief, practice, or observance, regardless of whether the request is granted or denied.
Additionally, the ADA prohibits not only retaliation for protected EEO activity, but also “interference” with an individual’s exercise of ADA rights.

These and other OSHA safety mandates, alone or coupled with the disability, religious accommodation, age and other equal employment opportunity nondiscrimination, and anti interference

Employers Face Significant Continuing Risks Despite Preliminary Injunctions Against COVID Vaccine Rules

While litigation over the validity of its ETS and other aspects of the Biden plan to mandate vaccination of millions of Americans, OSHA has said it is continuing to collect comments because it views the comment period as separate from the litigation. OSHA extended the comment deadline stakeholders additional time to review the ETS and collect information and data necessary for comment.

While awaiting the outcome of the litigation over the OSHA vaccine mandates, employers should use care to conduct themselves to mitigate their exposure to violations of other remaining OSHA safety and recordkeeping rules, age, disability, religious and other discrimination claims and retaliation and interference claims.

The preliminary injunctions against the vaccine mandate rules does not impact the exposure of employers to retaliation and interference charges that could arise from their handling of employee questions or opposition to compliance with employer policies, assertion of rights, expressions of concern, and other activity. That means retaliation and interference claims present as big or bigger threat as the rules themselves and last beyond the reach and validity of the rules.

Facing peril from all sides, employers must tread carefully in developing and administering their workplace COVID-19 vaccination and other safety policies to manage the exposures created from the resulting Catch-22 legal and political environment. Employees of course must will monitor the litigation and other regulatory developments. At the same time, employers should use when dealing with worker and other inquiries, expressions of concern and other dealings with employees and applicants regarding COVID-19 safety, leave, accommodation and other concerns as well as to document carefully and preserve other evidence necessary to support performance and other business justified employment actions against potential retaliation or discrimination challenges.

Employers should use care to protect sensitive discussions about how to design and administer their policies, respond to employees and other sensitive matters by seeking the advice of qualified legal counsel and discussing these and related matters within within the scope of attorney-client privilege.

Employers should use care to carefully consider and document their decisions, including the basis and evidence supporting their justification in all workforce dealings keeping in mind that charges of retaliation or interference could arise from workforce actions not directly connected with an employee’s involvement in COVID-related concerns.

More Information

About the Author

About Solutions Law Press, Inc.™

Comments Off on SCOTUS To Hear Oral Arguments on OSHA COVID-19 Vaccination Rule Enforceability On January 7 | ACA, ADA, Affirmative Action, Corporate Compliance, COVID-19, Disability Discrimination, EEOC, Emergency, Employers, Employment Discrimination, Employment Policies, Government Contractors, Rehabilitation Act, Retaliation, Safety | Permalink
Posted by Cynthia Marcotte Stamer

HIPAA & ERISA Fiduciary Rules Drive Imperative To Protect Health Plan Data & Systems From Hacking & Other Cyber Threats

December 20, 2021

Health plans, their employer and other health plan sponsors, fiduciaries and vendors as well as health care providers, healthcare clearinghouses, their vendors that are business associates covered by the Privacy, Security and Breach Notification Rules of the Health Insurance Portability & Accountability Act (“HIPAA”) are urged to act promptly to take well-documented steps to confirm and protect electronic protected health information and systems against the increasingly common hacking and other common cybersecurity threats in light of the rising cyber-hacking and other cybersecurity threats and exposures.

As implemented and enforced by the Department of Health & Human Services Office of Civil Rights (“OCR”), HIPAA generally requires that health plans, health care providers, healthcare clearinghouses and their service providers that qualify as business associates (hereafter “covered entities”) safeguard the privacy and security of individually identifiable protected health information (“protected health information”) in paper, electronic or other form against use, access or disclosure other than as allowed by HIPAA. Along with its general restrictions upon use, access or disclosure of protected health information, HIPAA also requires that covered entities and their business associates take the special precautions to protect electronic protected health information (“ePHI”) against improper access, use, disclosure or loss required by the OCR HIPAA Security Rule. Meanwhile, the OCR HIPAA Breach Notification Rule requires that covered entities notify affected individuals, OCR and in the case of breaches involving records of more than 500 individuals, the media in accordance with the OCR Breach Notification Rule following breach of unsecured protected health information.

OCR has an established policy of investigating all breach reports involving more than 500 individuals and these investigations commonly result in settlements that extract agreements by affected covered entities or business associates to pay huge resolution payments to avoid being assessed significantly larger civil liability penalties authorized by HIPAA. See e.g., Clinical Laboratory Pays $25,000 To Settle Potential HIPAA Security Rule Violations (May 25, 2021); Health Insurer Pays $5.1 Million to Settle Data Breach Affecting Over 9.3 Million People (January 15, 2021); Aetna Pays $1,000,000 to Settle Three HIPAA Breaches (October 28, 2020); Health Insurer Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People (September 25, 2020); HIPAA Business Associate Pays $2.3 Million to Settle Breach Affecting Protected Health Information of Over 6 million Individual – (September 23, 2020); Lifespan Pays $1,040,000 to OCR to Settle Unencrypted Stolen Laptop Breach (July 27, 2020); Small Health Care Provider Fails to Implement Multiple HIPAA Security Rule Requirements (July 23, 2020).

A review of the OCR data base of unsecured electronic protected health information breaches reveals that OCR has received a wave of required unsecured electronic health information breach notifications impacting 500 or more individuals arising from hacking of electronic systems or e-mail since January 1, 2021, including notices from Apple Blossom Family Practice VA Healthcare Provider (500 individuals/Network Server Hacking/IT Incident); Network Server; Texas ENT Specialists TX Healthcare Provider (535,489 individuals/ Network ServerHacking/IT Incident0; Eduro Healthcare, LLC UT Healthcare Provider (8059 individuals/Hacking/IT Incident Email); Sacramento County Department of Health Services CA Healthcare Provider (2096 individuals/Hacking/IT Incident Email); Weddell Pediatric Dental Specialists, LLC IN Healthcare Provider (5356 individuals/Hacking/IT Incident Email); Javery Pain Institute MI Healthcare Provider (1387 individuals/Hacking/IT Incident Email); OSR Physical Therapy AZ Healthcare Provider (714 individuals/Hacking/IT Incident Email}; Nippon Life Insurance Company of America NY Health Plan (4109 individuals/Unauthorized Access/Disclosure Email); Bansley and Kiener, LLP IL Business Associate (50119 /Hacking/IT Incident Network Server) Baylor Scott & White Medical Center – Waxahachie TX Healthcare Provider (883 individuals/Unauthorized Access/Disclosure Electronic Medical Record); Bansley and Kiener, LLP IL Business Associate (2297 individuals/Hacking/IT Incident Network Server); Bansley and Kiener, LLP IL Business Associate (2711/Hacking/IT Incident Network Server); Bansley and Kiener, LLP IL Business Associate (15,814/Hacking/IT Incident Network Server); Mertz Manufacturing Inc Health Insurance Plan OK Health Plan (868 individuals/Hacking/IT Incident Network Server); Department of Behavioral Health and Developmental Services VA Healthcare Provider (4037 individuals/Unauthorized Access/Disclosure Other) Great Plains Manufacturing, Inc KS Health Plan (4110 individuals/Hacking/IT Incident Network Server); and Roy Varughese, M.D. TX Healthcare Provider (2916 individuals/Hacking/IT Incident Email). These recent breach notifications represent only the latest in a rising tide of hacking associated data breach notifications that OCR has received in recent years.

While provider breach reports still are the most common, health plan data breaches are becoming increasingly common. Between January 1 and December 20, 2021, for instance, OCR reported having open investigations arising from health plan breaches of unsecured protected health information reported after December 31, 2021 by Mertz by Manufacturing Inc Health Insurance Plan OK Health Plan; Great Plains Manufacturing, Inc KS Health Plan; Region IV Area Agency on Aging MI Health Plan; Kaiser Permanente MD Health Plan; Iowa Total Care, Inc. IA Health Plan; Maritz Holdings Inc. MO Health Plan; State of TN Finance & Administration TN Health Plan; Providence Health Plan OR Health Plan as well as a plethora of previously health plan associated breaches reported prior to 2021.

While health plan breach notifications generally have lagged far behind provider notifications in number, reported health plan breaches generally have resulted the largest civil monetary penalty or resolution payments largely due to the massive number of individuals affected by these breaches. See e.g., Health Insurer Pays $5.1 Million to Settle Data Breach Affecting Over 9.3 Million People (January 15, 2021); Aetna Pays $1,000,000 to Settle Three HIPAA Breaches (October 28, 2020); Health Insurer Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People (September 25, 2020); HIPAA Business Associate Pays $2.3 Million to Settle Breach Affecting Protected Health Information of Over 6 million Individual (September 23, 2020). In fact, health plan breaches account for the top three largest resolution agreements to date. The biggest among these resolution agreements is the still record-setting $16 million resolution agreement between health insurance giant, Anthem, Inc. and OCR that Anthem entered into to settle potential HIPAA violations OCR uncovered in its investigation of breaches of the electronic protected health information of 79 million remains OCR’s largest. See Record $16M Anthem HIPAA Settlement Signals Need To Tighten HIPAA Compliance & Risk Management

In January, 2021, OCR announced New York health insurer, Excellus Health Plan, Inc., would pay $5.1 million to settle potential HIPAA violations related to a breach affecting over 9.3 million people. The settlement resulted from OCR’s investigation of a September 9, 2015 breach report that cyber-attackers gained unauthorized access to its information technology systems. Excellus Health Plan reported that the breach began on or before December 23, 2013 and ended on May 11, 2015. The hackers installed malware and conducted reconnaissance activities that ultimately resulted in the impermissible disclosure of the protected health information of more than 9.3 million individuals, including their names, addresses, dates of birth, email addresses, Social Security numbers, bank account information, health plan claims, and clinical treatment information. The resolution payment is the second largest collected by OCR to date.

In October, 2020, OCR announced a resolution agreement with Aetna Life Insurance Company and affiliated covered entity (Aetna) where Aetna paid a $1 million resolution payment to settle potential HIPAA violations that arose from Aetna’s filing of hacking related breach reports in 2017 and OCR’s September 2021 announcement of a resolution agreement where Premera Blue Cross (PBC) agreed to pay $6.85 million to OCR (the second largest in OCR history) to settle potential HIPAA violations related to a breach affecting over 10.4 million people. This resolution represents the third largest payment to resolve a HIPAA investigation in OCR history.

The magnitude of these three recordbreaking resolution agreements sends a strong signal that health plans and other covered entities impacted by hacking incidents should expect little sympathy or quarter from OCR. OCR Director Roger Severino drove this point home when he warned in OCR’s announcement of the Aetna resolution agreement, “Hacking continues to be the greatest threat to the privacy and security of individuals’ health information. In this case, a health plan did not stop hackers from roaming inside its health record system undetected for over a year which endangered the privacy of millions of its beneficiaries. …. We know that the most dangerous hackers are sophisticated, patient, and persistent. Health care entities need to step up their game to protect the privacy of people’s health information from this growing threat.”

Coupled with these warnings, the series of alerts issued by OCR urging health plans and other HIPAA covered entities to guard their electronic systems and electronic protected health information against various hacking, malware and other cybersecurity threats send a clear message to health plans and other HIPAA regulated covered entities and business associates to constantly monitor and reconfirm the adequacy of their own HIPAA privacy, security, breach notification and other procedures and protections or be prepared to face similar sanctions from OCR.

Along side the OCR warnings, employment and union sponsored health plans, their insurers, business associates and fiduciaries also now face additional pressure to take prudent steps to secure their health plans’ protected health information and electronic data systems against improper use, access, destruction or disclosure under April, 2021 Employee Benefit Security Administration (“EBSA”) guidance package that for the first time officially recognizes cybersecurity as included in the fiduciary responsibilities of employee benefit plan fiduciaries under the Employee Retirement Income Security Act (“ERISA”) and addition of cybersecurity to its plan audits. As a result, in addition to complying with HIPAA, ERISA-covered health plan fiduciaries and sponsors also should be prepared to demonstrate that plan fiduciaries have taken the steps prudently necessary to guard health and other employee benefit plan data and systems against cybersecurity threats. In light of this guidance health plan fiduciaries and sponsors generally will want to ensure that at minimum, they can demonstrate that the health plan and health plan vendor cybersecurity safeguard meet or exceed the recommendations included in the following guidance materials published by EBSA as part of this cybersecurity announcement and any other steps that are prudent to guard against cybersecurity threats:

Tips for Hiring a Service Provider: Helps plan sponsors and fiduciaries prudently select a service provider with strong cybersecurity practices and monitor their activities, as ERISA requires.
Cybersecurity Program Best Practices: Assists plan fiduciaries and record-keepers in their responsibilities to manage cybersecurity risks.
Online Security Tips: Offers plan participants and beneficiaries who check their retirement accounts online basic rules to reduce the risk of fraud and loss.

In light of this OCR and EBSA guidance, health plan sponsors, fiduciaries and vendors and other HIPAA covered entities and business associates are urged to take documented steps to audit and strengthen as needed their safeguards against hacking and other cybersecurity threats including:

In the case of any health plan or health plan vendor, taking well documented steps to assess and tighten as necessary their health plan systems and data security to meet or exceed the recommendation outlined in the EBSA cybersecurity guidance or otherwise necessary to prudently guard their plans and plan data and systems against cybersecurity threats.
Reviewing and monitoring on a documented, ongoing basis the adequacy and susceptibilities of existing practices, policies, safeguards of their own organizations, as well as their business associates and their vendors within the scope of attorney-client privilege taking into consideration data available from OCR, data regarding known or potential susceptibilities within their own operations as well as in the media, and other developments to determine if additional steps are necessary or advisable.
Updating policies, privacy and other notices, practices, procedures, training and other practices as needed to promote compliance and defensibility.
Renegotiating and enhancing service provider agreements to detail the specific compliance, audit, oversight and reporting rights, workforce and vendor credentialing and access control, indemnification, insurance, cooperation and other rights and responsibilities of all entities and individuals that use, access or disclose, or provide systems, software or other services or tools that could impact on security; to clarify the respective rights, procedures and responsibilities of each party in regards to compliance audits, investigation, breach reporting, and mitigation; and other relevant matters.
Verifying and tightening technological and other tracking, documentation and safeguards and controls to the use, access and disclosure of protected health information and systems.
Conducting well-documented training as necessary to ensure that members of the workforce of each covered entity and business associate understand and are prepared to comply with the expanded requirements of HIPAA, understand their responsibilities and appropriate procedures for reporting and investigating potential breaches or other compliance concerns, and understand as well as are prepared to follow appropriate procedures for reporting and responding to suspected
violations or other indicia of potential security concerns.
Tracking and reviewing on a systemized, well-documented basis actual and near miss security threats to evaluate, document decision-making and make timely adjustments to policies, practices, training, safeguards and other compliance components as necessary to identify and resolve risks.
Establishing and providing well-documented monitoring of compliance that includes board level oversight and reporting at least quarterly and sooner in response to potential threat indicators.
Establishing and providing well-documented timely investigation and redress of reported
violations or other compliance concerns.
Establishing contingency plans for responding in the event of a breach.
Establishing a well-documented process for monitoring and updating policies, practices and other efforts in response to changes in risks, practices and requirements.
Preparing and maintaining a well-documented record of compliance, risk, investigation and other security activities.
Pursuing other appropriate strategies to enhance the covered entity’s ability to demonstrate its compliance commitment both on paper and in operation.

Because susceptibilities in systems, software and other vendors of business associates, covered entities and their business associates should use care to assess and manage business associate and other vendor associated risks and compliance as well as tighten business associate and other service agreements to promote the improved cooperation, coordination, management and oversight required to comply with the new breach notification and other HIPAA requirements by specifically mapping out these details.

Leaders of covered entities or their business associates also are cautioned that while HIPAA itself does not generally create any private right of action for victims of breach under HIPAA, breaches may create substantial liability for their organizations or increasingly, organizational leaders under state data privacy and breach, negligence or other statutory or common laws. In addition, physicians and other licensed parties may face professional discipline or other professional liability for breaches violating statutory or ethical standards. Meanwhile, the Securities and Exchange Commission has indicated that it plans to pursue enforcement against leaders of public health care or other companies that fail to use appropriate care to ensure their organizations comply with privacy and data security obligations and the Employee Benefit Security Administration recently has issued guidance recognizing prudent data security practicces as part of the fiduciary obligations of health plans and their fiduciaries.

Finally, health plans and other covered entities are reminded that appropriate strategic planning and use of attorney-client privilege and other evidentiary tools can critically impact the defensibility of pre-breach, breach investigation and post-breach investigation and decision-making. Because HIPAA, EBSA and other rules typically require prompt investigation and response to known or suspected hacking or other cybersecurity threats, health plans and other covered entities or business associates should seek the assistance of experienced legal counsel to advise and assist in these activities to understand the potential availability and proper use of these and other evidentiary rules as part of the compliance planning process as well as to prepare for appropriate use in the event of a known or suspected incident to avoid unintentional compromise of these protections.

For Additional Information Or Assistance

If you need have questions or need assistance with health, benefit, payroll, investment or other data, systems or other privacy or security related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help. Longtime scribe for the American Bar Association Joint Committee on Employee Benefits agency meeting with OCR and author of leading publications on HIPAA and other privacy and data security concerns, Ms. Stamer also regularly assists clients and provides input to Congress, OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications. She also is a highly-sought out speaker on privacy and data security who serves on the planning faculty and speaks for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters, e-mail Ms. Stamer or call (214) 452-8297.

About Solutions Law Press, Inc.™

Important Information About This Communication

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.

Comments Off on HIPAA & ERISA Fiduciary Rules Drive Imperative To Protect Health Plan Data & Systems From Hacking & Other Cyber Threats | Corporate Compliance, Cybercrime, Cybersecurity, ERISA, fiduciary duty, Fiduciary Responsibility, Health Plans, HIPAA, HIPAA, Privacy, tpa | Permalink
Posted by Cynthia Marcotte Stamer

COVID-19 Vaccination Rule Injunctions Leave Employers With Significant Liability Challenges Even As OSHA Extends Comment Period on OSHA COVID-19 Vaccine ETS

December 1, 2021

Employers face significant continuing risk from retaliation and other claims from workers associated with COVID-19 safety practices despite court-compelled delays in the Biden Administration’s efforts to implement its vaccination mandates and the U.S. Department of Labor’s Occupational Safety and Health Administration (“OSHA”) announcement of its extension of the comment deadline for its now-enjoined COVID-19 Vaccination and Testing Standard to January 19, 2022.

ETS & Other Federal Vaccine Mandates

The ETS is one of several vaccine mandate and other added COVID-19 safety rules President Biden announced on September 9 he directed federal agencies to impose on employers through a series of agency rules as part of his “Path Out Of The Pandemic” plan that include Executive Orders ordering:

OSHA to issue emergency rules that would require all employers with more than 100 employees to get vaccinated or be tested at least weekly;
OSHA and other federal regulations to require vaccinations for all federal workers, contractors and subcontractors;
OSHA and the Centers for Medicare and Medicaid Services (“CMS”) rules to require COVID-⁠19 vaccinations for all health care workers at Medicare and Medicaid participating hospitals and other health care settings;
Using Department of Education and federal funding measures to support vaccination and masking in schools; and
Calling on large entertainment venues to require proof of vaccination or testing for entry.

OSHA COVID-19 ETS

The highly subjective, fact specific nature of these determinations under either interpretation make these determinations challenging for employers. The risk of negotiating these challenges is further complicated by the exposure to likely retaliation charges under the OSHA or Civil Rights Act anti-retaliation rules that employers must negotiate when dealing with expectations and waive of accommodation inquiries and requests from employees.

Job applicants and current and former employees are protected from retaliation by employers for asserting their rights under any of the EEOC-enforced anti-discrimination laws.
Protected activity can take many forms, including filing a charge of discrimination; complaining to a supervisor about coworker harassment; or requesting accommodation of a disability or a religious belief, practice, or observance, regardless of whether the request is granted or denied.
Additionally, the ADA prohibits not only retaliation for protected EEO activity, but also “interference” with an individual’s exercise of ADA rights.

These and other OSHA safety mandates, alone or coupled with the disability, religious accommodation, age and other equal employment opportunity nondiscrimination, and anti interference

Litigation Challenging ETS & Other Federal Vaccine Mandates

Along with OSHA’s issuance of the ETS, the Safer Federal Worker Task Force, the Centers for Medicare and Medicaid Services, and the Department of Education also published rules seeking to implement the other aspects of the Biden vaccination mandate strategy.

The ETS and other rules also are facing court challenges. On November 12, 2021, the U.S. Court of Appeals for the Fifth Circuit granted a motion to stay OSHA’s COVID-19 Vaccination and Testing Emergency Temporary Standard, published on November 5, 2021 (86 Fed. Reg. 61402) (“ETS”). The court ordered that OSHA “take no steps to implement or enforce” the ETS “until further court order.” The U.S. Court of Appeals for the Sixth Circuit now has jurisdiction over ETS challenges and DOL has filed a motion to lift the stay. While OSHA remains confident in its authority to protect workers in emergencies, OSHA has suspended activities related to the implementation and enforcement of the ETS pending future developments in the litigation. Note that the comment period is separate from the litigation.

On Monday, November 29, 2021, for instance, a Federal District Court in Missouri v. Biden issued a preliminary injunction staying enforcement against the States of Missouri, Nebraska, Arkansas, Kansas, Iowa, Wyoming, Alaska, South Dakota, North Dakota, and New Hampshire of the vaccine and other COVID-19 safety requirements for federal contractors and subcontractors imposed by the Safer Federal Workforce Task Force COVID-19 Workplace Safety: Guidance for Federal Contractors and Subcontractors issued by website posting on September 24, 2021

Employers Face Significant Continuing Risks Despite Preliminary Injunctions Against COVID Vaccine Rules

More Information

About the Author

About Solutions Law Press, Inc.™

Comments Off on COVID-19 Vaccination Rule Injunctions Leave Employers With Significant Liability Challenges Even As OSHA Extends Comment Period on OSHA COVID-19 Vaccine ETS | ACA, ADA, Affirmative Action, Corporate Compliance, COVID-19, Disability Discrimination, EEOC, Emergency, Employers, Employment Discrimination, Employment Policies, Government Contractors, Rehabilitation Act, Retaliation, Safety | Permalink
Posted by Cynthia Marcotte Stamer

Davis-Bacon Construction Contractors Should Include New WHD Conformance Guide Review In Compliance Processes

November 27, 2021

Construction industry government contractors and subcontractors should add reviewing their policies under the recently published Department of Labor, Wage and Hour Division (“WHD”) Davis-Bacon Wage Determination Conformance Request Guide to their compliance reviewe processes.

Davis-Bacon and other federal contractors and subcontractors face a host of new and evolving regulatory and enforcement responsibilities and risks arising both from legislative, regulatory and enforcement changes pushed through by the Biden-Harris Administration, Congressional Democrats or both. While the Biden-Administration has trumpeted the announcements if some changes like the Biden-Harris Administration ‘s vaccination and other COVID-19 safety mandates, efforts to replace Trump Administration era regulations used to determine joint-employer liability under laws such as the National Labor Relations Act, wage and hour laws, and the Family Medical Leave Act with much more pro-labor Obama era joint-employer standards, changes in federal minimum wage rates for government contractors and various other rules, other changes are accomplished through “clarifications” or other more subtle actions. While keeping abreast of the more widely publicized policy and enforcement changes, construction industry contractors also must use care not to overlook subtle interpretative “clarifications,” “guides” and other resources that shed light on changes in interpretation and enforcement likely to affect their workforce practices including the WHD’s interpretation and enforcement of Davis-Bacon wage and fringe benefit rules.

The recently released Wage and Hour Division Davis-Bacon Wage Determination Conformance Request Guide provides resources WHD views as helpful to assist construction contractors and contracting agencies comply with the requirements of the Davis-Bacon and Related Acts as currently construed by WHD. WHD also says the Guide details the information and construction types contained in wage determinations and provides what WHD calls “additional clarity” regarding the limited circumstances in which contractors and contracting agencies may need to request a new class of laborer or mechanic be added to a published wage determination for a specific contract.

The publication of the Guide sends a strong signal that federal construction contractors and subcontractors can expect WHD audit and enforcement of their compliance with the standards set forth i the Guide as part of the broader regulatory and enforcement agenda impacting their industry under the Biden-Harris Administration. Construction contractors should act to review and update their policies and budgets as well as and consider tightening their compliance and risk management practices in response to this guidance as well as other emerging regulatory and enforcement guidance.

More Information

For assistance or more information about these and other workforce requirements contact the author.

About the Author

For help developing, administering or defending your organization’s wage and hour and other workforce, employee benefits, compensation or compliance practices, contact the author. Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years working as an on demand, special project, consulting, general counsel or other basis with domestic and international business, charitable, community and government organizations of all types, sizes and industries and their leaders on labor and employment and other workforce compliance, performance management, internal controls and governance, compensation and benefits, regulatory compliance, investigations and audits, change management and restructuring, disaster preparedness and response and other operational, risk management and tactical concerns. In the course of this work, she has advised government contractors and other employers, published and spoken extensively on wage and hour and other workforce compliance for more than 30 years.

About Solutions Law Press, Inc.™

Comments Off on Davis-Bacon Construction Contractors Should Include New WHD Conformance Guide Review In Compliance Processes | Construction, Employers, Government Contractors, government employer, government plan | Permalink
Posted by Cynthia Marcotte Stamer

Hourly Minimum Wage For Government Contractor & Disabled Employees Rises To $15 On 1/30

November 22, 2021

A new Department of Labor Wage and Hour Division final rule is increasing the federal minimum wage for certain federal contractors and disabled employees working on government contracts to $15 on January 30, 2022.

On November 22, 2021, the U.S. Department of Labor Wage and Hour Division announced a final rule that increases the hourly minimum wage for employees of covered government contractors and disabled employees to comply with President Biden’s Executive Order 14026.

The new final rule:

Increases the hourly minimum wage for certain federal contractors to $15 beginning January 30, 2022.

Continues to index the minimum wage to an inflation measure in future years.

Eliminates the tipped minimum wage for federal contractors by 2024.

Requires a $15 minimum wage for workers with disabilities performing work on or in connection with covered contracts.

Re-extends the federal minimum wage to outfitters and guides operating on federal lands.

The new federal minimum wage rules follow the Biden-Harris Administration’s announcement of new COVID-19 vaccination mandates for most government contractors and subcontractors working on $250,000 or greater federal contracts as well as the reconstitution of Obama Administration era pro-worker joint employer and other worker classification practices.

Because government contractors typically perform work at rates bid months if not years in advance at the time services are rendered, adjustments in the minimum wage can substantially impact the profitability of those contracts. To minimize these risks, impacted employers will want to assess the impact of the wage increase as well as complete preparations to comply with the new rules.

In the face of these developments, government contractors should update their policies and budgets as well as and consider tightening their compliance and risk management practices.

More Information

For assistance or more information about these and other workforce requirements contact the author.

About the Author

About Solutions Law Press, Inc.™

Comments Off on Hourly Minimum Wage For Government Contractor & Disabled Employees Rises To $15 On 1/30 | compensation, compliance, Construction, Corporate Compliance, Education, employee, Employee Benefits, Employer, Employers, Employment Policies, Fair Labor Standards Act, FLSA, Government Contractors, government employer, government plan, Handicapped Employee, Human Resources, Joint Employer, Labor Management Relations, OFCCP, Pay, Rehabilitation Act, Workforce | Permalink
Posted by Cynthia Marcotte Stamer

PBGC Posts 2022 Plan Year Present Value Table

November 22, 2021

On November 22, 2021, PBGC posted a table showing the applicable present values for 2022 plan years. A two-column spreadsheet version of the table is also available for convenient copying. For more information see Technical Update 07-04.

More Information

Comments Off on PBGC Posts 2022 Plan Year Present Value Table | Corporate Compliance | Permalink
Posted by Cynthia Marcotte Stamer

Temporary Stay Of OSHA Vaccine ETS Fuels Continued Employer Risk & Uncertainty

November 22, 2021

The Occupational Safety & Health Administration (“OSHA”) has suspended implementation and enforcement of COVID-19 Vaccination and Testing Emergency Temporary Standard(“Rule”) in response to the November 12, 2021 5th Circuit Court of Appeals order staying implementation of the Rule – for now. While the action delays the deadline for covered employers to comply with the Rule, employers still remain exposed to other COVID-related discrimination, retaliation, safety and other claims.

One of a series of new federal rules adopted over the past few months that require businesses employing more than 100 employees, government contractors and subcontractors and health care providers participating in Medicare or Medicaid to implement and enforce COVID-19 vaccination and other safeguards, the Rule ordered covered employers to adopt and enforce requirements that employees to get vaccinated or undergo regular testing and wear masks unless the employee qualifies for a religious or disability exception. Similar but tighter vaccination mandates are required in a separate OSHA emergency temporary standards for health care workers, a new condition of participation requirement for covered health care organizations to participate in Medicare or Medicaid, and conditions of eligibility to enter into federal government contracts over $250,000.

Last week, the 5th Circuit ordered that OSHA “take no steps to implement or enforce” the ETS “until further court order.” The Rule also faces challenges in several other Circuit Courts of Appeals. Ultimately, the Supreme Court is expected to decide the fate of the Rule.

While OSHA remains confident in its authority to protect workers in emergencies, OSHA has suspended activities related to the implementation and enforcement of the ETS pending future developments in the litigation.

Pending final resolution of court challenges to the Rule, the 5th Circuit stay temporarily puts on hold the Rule OSHA published November 5, 2021, which generally requires employers with at least 100 employees to adopt and enforce COVID-19 vaccination or alternative testing and masking requirements for all employees in their workplaces by December 4, 2021.

Regardless of the ultimate outcome of challenges to the OSHA Rule, employees face significant risk negotiating vaccine and other COVID-19 safety policies from employee discrimination, retaliation and safety challenges and inquiries. The suspension adds more uncertainty and controversy to employers struggling to develop and administer Covid-19 vaccination and other safety policies around often conflicting federal and state rules in a highly charged political and litigious environment fraught with discrimination and retaliation claims risks fueled to new heights by new OSHA and EEOC retaliation guidance published last week.

Aside from OSHA’s announced confidence that the 5th Circuit’s temporary stay will be removed as litigation over the Rule progresses, the 5th Circuit order technically does not stop implementation of OSHA’s separate emergency temporary standard requiring vaccination for health care workers or new rules adding COVID-19 vaccination requirements as conditions of program participation for government contractors and Medicare participating health care providers.

Regardless of the outcome of the 5th Circuit ordered stay, the uncertainty created from differences among these federal and state rules and the 5th Circuit ordered stay provides tinder for retaliation claims against employers regardless of how the business chooses to respond to the stay.

Even if the mandates are enjoined are inapplicable to an organization, opposition to compliance, questions, expressions of concern, and other activity can support retaliation claims. That means retaliation and interference claims present as big or bigger threat as the rules themselves and last beyond the reach and validity of the rules.

Facing peril from all sides, employers must tread carefully in developing and administering their workplace COVID-19 vaccination and other safety policies to manage the exposures created from the resulting Catch-22 legal and political environment. Employees of course must will monitor the litigation and other regulatory developments. At the same time, employers should use when dealing with worker and other inquiries, expressions of concern and other dealings with employees and applicants regarding COVID-19 SAFETY, leave, accommodation and other concerns as well as to document carefully and preserve other evidence necessary to support performance and other business justified employment actions against potential retaliation or discrimination challenges.

More Information

About the Author

About Solutions Law Press, Inc.™

Comments Off on Temporary Stay Of OSHA Vaccine ETS Fuels Continued Employer Risk & Uncertainty | ADA, Affirmative Action, compliance, Corporate Compliance, COVID, COVID-19, Disaster, Disease Management, Diversity, EEOC, Employee Benefits, Employee Handbook, Employer, Employers, Employment, Employment Discrimination, Employment Policies, Employment Termination, Government Contractors, health Care, HR, Human Resources, Joint Employer, Labor Management Relations, Management, OFCCP, OSHA, Pandemic, vaccination mandate, vaccine mandate, Worker Classification, Workforce | Permalink
Posted by Cynthia Marcotte Stamer

Manage Heightened Retaliation Exposures Arising From COVID-19 Safety, Return-To-Work & Other Practices

November 17, 2021

Employers should take care to design and administer their COVID-19 vaccination, testing, masking, accommodation, return-to work, discipline and other safety and employment policies and practices to defend against already high and rising risk that their organization may face charges of illegal retaliation or interference brought by an employee, a federal agency or both.

Already the most frequently frequently alleged form of discrimination for years, Equal Employment Opportunity Commission (“EEOC”) statistics show retaliation claims accounted for a staggering 55.8 percent of all charges filed with the EEOC in 2020, making retaliation the most frequently cited claim in charges filed with the agency above even charges of disability, race and sex.

Fallout from the COVID-19 pandemic promises to add fuel to this trend by requiring already resource challenged employers to assimilate and administer evolving and often controversial or even arguably conflicting leave, safety, and other requirements with respect to an often assertive and in a politically charged and often fearful workforce.

To make matters worse, the EEOC, U.S. Department of Labor (DOL) and the National Labor Relations Board (NLRB) recently announced a new joint initiative targeting investigation and enforcement of retaliation and interference claims against employers. According to the November 17, 2021 EEOC announcement of its involvement in the new initiative, the agencies see to end retaliation against workers who exercise their protected labor and employment law rights by collaborating among these civil law enforcement agencies to protect workers on issues of unlawful retaliatory conduct, educating the public and engaging with employers, business organizations, labor organizations and civil rights groups in the coming year.

Job applicants and current and former employees are protected from retaliation by employers for asserting their rights under any of the EEOC-enforced anti-discrimination laws.
Protected activity can take many forms, including filing a charge of discrimination; complaining to a supervisor about coworker harassment; or requesting accommodation of a disability or a religious belief, practice, or observance, regardless of whether the request is granted or denied.
Additionally, the ADA prohibits not only retaliation for protected EEO activity, but also “interference” with an individual’s exercise of ADA rights.

While anti-retaliation protections enforced by the EEOC only apply to the exercise of rights under the federal equal employment opportunity (EEO) laws, similar protections also apply under the Family and Medical Leave Act, the Occupational Safety and Health Act, and the Immigration and Nationality Act’s anti-discrimination provisions prohibiting some types of workplace discrimination based on citizenship status, immigration status, or national origin.

For purposes of these and other laws containing antiretaliation provisions, retaliation generallyoccurs when an employer (through a manager, supervisor, or administrator) takes an adverse action against an employee or applicant because the employee or applicant raised a concern, made a complaint or reported a concern about a workplace practice, condition or activity prohibited by the law, reported a suspected violation of law, participated in an investigation, or engaged in other protected activity under the law.

An adverse action is an action that could dissuade or intimidate a reasonable worker from engaging in a protected activity. Because adverse action can be subtle, it may not always be easy to spot. Examples
of adverse action include, but are not limited to:

Firing or laying off
Demoting
Denying overtime or promotion
Disciplining
Denying benefits
Failing to hire or rehire
Intimidation
Making threats
Blacklisting (e.g., notifying other potential employers that an applicant should not be hired or refusing to consider applicants for employment who have reported concerns to previous employers)
Reassignment to a less desirable position or actions affecting prospects for promotion (such as excluding an employee from training meetings)
Reducing pay or hours
More subtle actions, such as isolating, ostracizing, mocking, or falsely accusing the employee of poor performance.

Under each of these laws, the antiretaliation prohibitions may protect applicants and employees against adverse job action for in good faith making a complaint, cooperating in an investigation whether the employee or another party makes the complaint, asking for accommodations, asking questions about rights or policies that might impact of protected rights, expressing concerns about the appropriateness of employer practices covered by these laws, or engaging other actions, communications or behaviors relating to protected rights that the employee believes he or another employee enjoys, employers need to use care both in responding to employees and in administering promotions, demotions, terminations, layoffs and other workforce activities with respect to employees that have engaged in activity that could trigger the antiretaliation protections to avoid creating evidence that supports a retaliation claim as well as to consistently carefully capturing and retaining documentation and other evidence that can be used to demonstrate legally defensible reasons for job decisions impacting these employees that might be needed to defend against retaliation, interference or other discrimination charges under these and other laws.

Employers also may wish to discuss with legal counsel the advisability and strategies for proactively reviewing job performance, promotion, termination, discipline and other job actions involving employees whose prior involvement in protected activity arguably might provide a basis for asserting protection against retaliation or interference under any of these laws.

More Information

If you would like more information about employer strategies for managing compliance and risks arising from the administration of workforce related COVID-19 or other practices, The author of this update, employment lawyer Cynthia Marcotte Stamer, may be able to help. Ms. Stamer recently discussed COVID-specific retaliation risks and other employer concerns arising from federal COVID-19 vaccination and other workforce requirements as a panelist on the “COVID-19 Vaccination Mandates & Incentives” virtual seminar the American Bar Association Joint Committee on Employee Benefits hosted on November 12, 2021 and has assisted employers to manage and defend exposures under EEOC, occupational health and safety and other federal and state laws for more than 30 years. To purchase a recording of the program, see here. For information about obtaining Ms. Stamer’s slides, email here.

About the Author

About Solutions Law Press, Inc.™

Comments Off on Manage Heightened Retaliation Exposures Arising From COVID-19 Safety, Return-To-Work & Other Practices | Corporate Compliance | Permalink
Posted by Cynthia Marcotte Stamer

New Rule Requires Health Plans & Insurers To Report Prescription Drug Data

November 17, 2021

Employer-based health plans, health insurance issuers, and other group health plans should begin preparing to report prescription drug and health coverage costs data for prescription drugs covered by their programs after December 31, 2021 required by an interim final rule with request for comments issued by the Departments of Health and Human Services (HHS), Labor, the Treasury (collectively, the Departments), and the Office of Personnel Management today. Since the new rule requires covered plans and insurers to report data for prescription expenditures in 2020 and 2021 by December 27, 2022 and annually thereafter, covered plans and insurers will want complete the necessary arrangements to collect the data as soon as possible to minimize the cost and burdens of collecting and preparing the reports required at the end of the year.

The new “Prescription Drug and Health Care Spending Interim Final Rule with Request for Comments, is the fourth rule in a series that the Departments are issuing to implement the Title I (the “No Surprises Act”) of Division BB of the Consolidated Appropriations Act (CAA), 2021.

The rule requires health plans, health insurance issuers offering group or individual health insurance coverage, and health benefits plans offered to federal employees to submit key data to the Departments, which will work through the HHS Assistant Secretary for Planning and Evaluation (ASPE) to publish a report on prescription drug pricing trends and rebates, as well as their impact on premiums and consumers’ out-of-pocket costs.

The interim final rule also requires plans and health insurers to provide the Departments with an annual overview of their top 50 drugs across key areas of concern annually, including:

General information regarding the plan or coverage;
Enrollment and premium information, including average monthly premiums paid by employees versus employers;
Total health care spending, broken down by type of cost (hospital care; primary care; specialty care; prescription drugs; and other medical costs, including wellness services), including prescription drug spending by enrollees versus employers and issuers;
The 50 most frequently dispensed brand prescription drugs;
The 50 costliest prescription drugs by total annual spending;
The 50 prescription drugs with the greatest increase in plan or coverage expenditures from the previous year;
Prescription drug rebates, fees, and other remuneration paid by drug manufacturers to the plan or issuer in each therapeutic class of drugs, as well as for each of the 25 drugs that yielded the highest amount of rebates; and
The impact of prescription drug rebates, fees, and other remuneration on premiums and out-of-pocket costs.

The rule provides that plan sponsors, issuers, and FEHB carriers generally will be required to submit this information aggregated at the state/market level, rather than separately for each plan. To ensure that the Departments and Office of Personnel Management are able to conduct meaningful data analysis and identify prescription drug trends, the rule also provides uniform standards and definitions, including for identifying prescription drugs regardless of the dosage strength, package size, or mode of delivery.

A CMS fact sheet published along with the rule Shares more details about how data will be collected and analyzed and other information on the data submission requirements.

The new data submission requirements will apply starting with data from the 2020 calendar year. However, the Departments are deferring enforcement of the new requirements until December 27, 2022, to give regulated entities time to come into compliance. This means the required information for 2020 and 2021 is due by December 27, 2022, although it may be submitted sooner.

The extended deadline for reporting is the result of an exercise of discretion by the Departments. Technically, the CAA requires plans and issuers to begin submitting the required information to the Departments by December 27, 2021, and to submit this information by June 1 of each year thereafter. However, the Departments are exercising discretion to provide temporary deferral of enforcement with regard to the December 27, 2021 and June 1, 2022 deadlines. Consequently, the Departments say they will not initiate enforcement action against a plan or issuer that submits the required information for 2020 and 2021 by December 27, 2022. OPM also will allow its FEHB carriers to report information for 2020 and 2021 by December 27, 2022.

The Departments anticipate releasing their first report in June 2023 and biennially thereafter.

Along with publishing the rules, the Department invited public comments on its provisions. Comments on this IFC are due at 5 p.m. on January 24, 2022.

The Departments say additional information on prescription drug rebates, fees, and other remunerations paid by drug manufacturers to plans, issuers, and pharmacy benefit managers—including the top 25 drugs generating the highest rebate amounts—will help the Departments understand and report on prescription drug costs, and how they fluctuate over time.

In addition to preparing to meet the requirements in today’s rules, plans and insurers also need to prepare to comply with two earlier interim final rules (published on July 13, 2021and October 7, 2021, respectively) and a notice of proposed rulemaking (published on September 16, 2021).

More Information

About the Author

For more information about these requirements, Ms. Stamer or her experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Comments Off on New Rule Requires Health Plans & Insurers To Report Prescription Drug Data | Association Health Plan, Brokers, compensation transparency, compliance, Corporate Compliance, drug pricing, EBSA, Employee Benefits, Employer, Employment, Employment Policies, ERISA, health benefit, Health Benefits, health Care, health care transparency, health insurance, health plan, Health Plans, HR, Human Resources, insurers, Internal Controls, Managed Care, Management, pbms, pharmacy, prescription drugs, Surprise Billing, third party administrators, tpa | Permalink
Posted by Cynthia Marcotte Stamer

Transgender Awareness Week Highlights Transgender Employment Right & Discrimination Risks

November 15, 2021

November 13-20 promises to be a week with transgender issues front and center for employers in the U.S. and other regions of the world joining in the 2021 observance of Transgender Awareness Week from November 13-20 and the Transgender Day of Remembrance on November 20. Employer can anticipate invitations to join in the observances as well as heightened emphasis and communications about transgender rights and concerns as agencies like the Office of Federal Contracts Compliance Programs (“OFCCP”), Equal Employment Opportunity Commission (“EEOC”) and other federal and state governmental agencies involved in these concerns as well as various transgender advocacy groups participate in these annual observances.

Reportedly first celebrated in 1999, the Transgender Day of Remembrance commemorates victims of anti-transgender hate crimes, During the day, transgender people and their allies take action to bring attention to the transgender community and advance advocacy to address the prejudice, discrimination, and violence the community faces. Leading up to the Transgender Day of Remembrance, Transgender Awareness Week observed November 13th to November 19th annually generally is observed through a series of events intended to educate about transgender and gender non-conforming people and the issues associated with their transition or identity.

Transgender Employment Discrimination Risks Rising

In 2020, the United States Supreme Court ruled in Bostock v. Clayton County that the sex discrimination prohibitions of Title VII of the Civil Rights Act protect applicants and employees from employment discrimination based on transgender or other sexual preferences. In keeping with this decision, the Department of Labor Equal Opportunity Commission (“EEOC”) has adopted and administer aggressive educational outreach, investigation and enforcement programs targeting employment discrimination against transgender, lesbian, bisexual, and gay (“LBGT”) individuals based on their sexual orientation. Additionally, the Office of Federal Contract Compliance Programs (“OFCC”) since 2014 has explicitly prohibited federal contractors from discriminating against job applicants and employees based on gender identity and sexual orientation and under the Biden-Harris Administration is committed to firmly administering the prohibitions against discrimination against employees and applicants announced in Executive Order 11246 against federal government contractors and grant recipients.

The Biden-Harris Administration has heightened this emphasis by making sexual orientation discrimination a priority. In March, President Biden became the first President to recognize Transgender Day of Visibility, calling upon all individuals to join in the fight for full equality for all transgender people. On day one of this Administration, President Biden issued Executive Order 13988, Preventing and Combating Discrimination on the Basis of Gender Identity or Sexual Orientation, in which he stated:

Discrimination on the basis of gender identity or sexual orientation manifests differently for different individuals, and it often overlaps with other forms of prohibited discrimination, including discrimination on the basis of race or disability. For example, transgender Black Americans face unconscionably high levels of workplace discrimination, homelessness, and violence, including fatal violence. It is the policy of my Administration to prevent and combat discrimination on the basis of gender identity or sexual orientation, and to fully enforce Title VII and other laws that prohibit discrimination on the basis of gender identity or sexual orientation. It is also the policy of my Administration to address overlapping forms of discrimination.

In keeping with this commitment, OFCCP and EEOC both are stepping up their outreach and enforcement. On June 28, 2021, the EEOC published its Frequently Asked Questions on Sexual Orientation and Gender Identity. and has made LBTG discrimination an investigation and enforcement priority that has resulted in several charges. In August, 2021, for instance, the EEOC sued an Applebee’s franchise for allegedly discriminating based on sexual orientation by subjecting a Black line cook to a hostile work environment based on his sexual orientation and race and then allegedly retaliating against him for complaining.. On October 26, 2021, for instance, the EEOC announced that Minnesota furniture retailer Frizzell Furniture agreed to pay $60,000, revise its policies and conduct training to resolve a finding of gender identity sex discrimination. According to the EEOC, its investigation showed Frizzell Furniture did not hire a job applicant for a sales position because he is transgender. A hiring official informed the applicant he would not “mix well with the customers.” ddition, OFCCP has announced that it also is also exploring a method for voluntary self-identification to solicit and record information for people who have a non-binary gender identity.

Meanwhile, OFCCP also published its own Frequently Asked Questions on Sexual Orientation and Gender Identity in June, 2021. The OFCCP Guidance addresses the responsibility of government contractors and subcontractors to contract not to discriminate based on sexual preference and addresses the OFCCP’s expectations about the basic steps that contractors should take in advertising job positions, screening applicants, administering restroom access and other matters of concern relating to compliance with these obligations. It also subsequently announced that it also is also exploring a method for voluntary self-identification to solicit and record information for people who have a non-binary gender identity.

In the face of these developments, employers and others covered by Title VII should be aware and exhibit sensitivity during this week’s observances. In addition, the observances this week provide an excellent reminder of the advisability of reviewing and tightening existing policies and practices regarding transgender and other policies, practices and training regarding sexual preference nondiscrimination in the workplace.

For Help Or More Information

For help developing, administering or defending your organization’s LBGT or other equal employment opportunity policies and practices, or other workforce, employee benefits, compensation or compliance practices, contact the author.

About the Author

. Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney who has advised and represented employers, employee benefit plans and others and has spoken and published extensively regarding LBGT and other equal employment opportunity concerns for more than 25 years. Board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years working as an on demand, special project, consulting, general counsel or other basis with domestic and international business, charitable, community and government organizations of all types, sizes and industries and their leaders on labor and employment and other workforce compliance, performance management, internal controls and governance, compensation and benefits, regulatory compliance, investigations and audits, change management and restructuring, disaster preparedness and response and other operational, risk management and tactical concerns.

About Solutions Law Press, Inc.™

Comments Off on Transgender Awareness Week Highlights Transgender Employment Right & Discrimination Risks | Civil Rights, Corporate Compliance, Diversity, EEOC, EEOC, employee, Employee Benefits, Employers, Human Resources, LBGT, Transgender | Permalink
Posted by Cynthia Marcotte Stamer

DOL Proposes Ending Industry-Recognized Apprenticeship Programs

November 12, 2021

The U.S. Department of Labor is proposing to eliminate the Industry-Recognized Apprenticeship Program. In a Notice of Proposed Rulemaking seeking public comment published November 12, the department says elimination of the program will allow the department to direct its resources toward expanding access to good-paying jobs through Registered Apprenticeships and create reliable pathways to middle class.

The proposed rule is the latest of several actions taken by the department in response to President Biden’s Executive Order 14016, including the suspension of review of applications for Standard Recognition Entities in the Industry Recognized Apprenticeship Program. The proposal is part of the Biden-Harris Administration’s larger apprenticeship effort, including expanding and strengthening the proven Registered Apprenticeship model, investing in pipelines to these programs, and improving the quality of apprenticeship programs.

The proposed rule would rescind the regulatory framework used to establish and govern IRAPs. If the proposal is finalized, the department says it will work with previously recognized SREs and IRAPs to explore options to become program sponsors or intermediaries under the Registered Apprenticeship system.

In the NPRM, the department says that IRAPs created a duplicative system that could lead to lower quality standards for training and poorer safety and welfare protections for apprentices compared to Registered Apprenticeship Programs. Unlike IRAPs, Registered Apprenticeships are also required to provide apprentices with progressively increasing wages, which serve as an important incentive to attract and recruit apprentices while developing a pipeline of local, diverse, well-trained workers to meet talent needs across a diverse array of industries, and increase the competitiveness of the U.S. workforce.

Scheduled for publication in the Federal Register on Nov. 15, 2021, the NPRM is available now for public inspection. Interested persons should review and comment on the proposal as soon as possible.

More Information

The author of this update, employment lawyer Cynthia Marcotte Stamer, will discuss these and other federal COVID-19 vaccination and other workforce requirements as a panelist on the “COVID-19 Vaccination Mandates & Incentives” virtual seminar the American Bar Association Joint Committee on Employee Benefits will host on November 12, 2021 beginning at Noon Central Time.

Ms. Stamer also is finalizing an updated summary of the new ETS, which Solutions Law Press, Inc. has arranged to make available to interested readers. If you or someone you know would like a copy of this resource, email here .

About the Author

About Solutions Law Press, Inc.™

Comments Off on DOL Proposes Ending Industry-Recognized Apprenticeship Programs | apprentisship, Education, employee, Employer, Employers, Employment | Permalink
Posted by Cynthia Marcotte Stamer

Most OSHA COVID-19 Vaccine & Other Mandates Take Effect 12/4 For 100+ Workforces As OSHA Considers Extending Mandates To Smaller Workplaces

November 4, 2021

December 4, 2022 is the deadline for employers 100 or more employees to comply with the new Occupational Safety and Health Administration COVID-19 Vaccination Emergency Temporary Standard Interim Final Rule (“ETS”) implementing the employer vaccine, masking and testing mandates President Biden announced his administration intended to impose in September. The ETS is scheduled for official publication in the Federal Register tomorrow. (November 5, 2021). The ETS establishes workplace vaccination, vaccination verification, face covering and testing requirements to address “the grave danger of COVID-19 in the workplace for employers of 100 or more employees. The request for comments included in the Preamble to the ETS indicates that OSHA also is considering extending the rules to apply to smaller employers. Businesses employing more than 100 employees must prepare to comply by December 4, 2022, except that the compliance deadline for certain testing requirements for nonvaccinated employees is January 4, 2021. As the request for comments indicates OSHA is considering extending the rule to businesses with fewer than 100 employees, businesses also should critically evaluate the impact of the rules on their operations and submit comments during the comment period.

Biden Administration COVID-19 Vaccination Strategy

The ETS implements part of a series of COVID-19 vaccination mandates President Biden announced in September that his administration planned to adopt to substantially increase the number Americans covered by vaccination requirements, including:

OSHA to issue emergency rules that would require all employers with more than 100 employees to get vaccinated or be tested at least weekly;
OSHA and other federal regulations to require vaccinations for all federal workers, contractors and subcontractors;
OSHA and the Centers for Medicare and Medicaid Services (“CMS”) rules to require COVID-⁠19 vaccinations for all health care workers at Medicare and Medicaid participating hospitals and other health care settings;
Using Department of Education and federal funding measures to support vaccination and masking in schools; and
Calling on large entertainment venues to require proof of vaccination or testing for entry.

Regarding the OSHA mandate, President Biden’s “Path out of the Pandemic COVID-19 Action Plan” states OSHA is developing an Emergency Temporary Standard (ETS) that will require all employers with 100 or more employees to ensure their workforce is fully vaccinated or require any workers who remain unvaccinated to produce a negative test result on at least a weekly basis before coming to work.

Along with OSHA’s issuance of the ETS, HHS, OFCCP, the Department of Education also are moving forward to implement the other aspects of the Biden vaccination mandate strategy.

These new mandates are in addition to continuing to encourage employers to use and train workers on using multiple safeguards to avoid And contain the spread of COVID-19 in their workplaces.

Noncompliance with the mandates could put covered employers at significant risk.

Among other things, of course, is the potential OSHA liability. OSHA already has made clear it’s willingness to sanction employers for violating CoVID emergency standards by nailing AMA Health Holdings LLC, for and Lakewood Resource and Referral Center Inc. (“CHEMED”) for failing to comply with COVID-19 safety protocols issued in June.

In June OSHA issued an emergency temporary standard to protect healthcare workers from contracting coronavirus. In March, OSHA launched a national emphasis program focusing enforcement efforts on companies that put the largest number of workers at serious risk of contracting the coronavirus. The program also prioritizes employers who retaliate against workers for complaints about unsafe or unhealthy conditions, or for exercising other rights protected by federal law.

OSHA cited the facility’s operator, AMA Health Holdings LLC, with two citations for failing to develop and implement effective measures to mitigate the spread of the virus and not recording each work-related illness.

The AMA Holdings OSHA action demonstrates OSHA’s commitment to investigate complaints of violations is its COVID emergency standards and fine employers that violate them.

The citations against AMA Health Holdings follow OSHA’s earlier citation of CHEMED for retaliating against employees for questioning the adequacy of COVID safety at the dental practice where they worked.

Government contractor and healthcare employers also could face program exclusions or penalties under other elements of the Biden Administration vaccine strategy.

Additionally, employers should keep in mind that improperly handled employee questions or statements of concern about the adequacy of workplace COVID -19 safeguards could create retaliation or whistleblower risks. The threat for retaliation liability extends well beyond employers actually covered by the impending mandates. Regardless of what the rules actually eventually provide, employees of covered and uncovered employers are likely to have questions about the adequacy of safeguards and their workplace rights. These questions could come from people believing their entitled to work without being vaccinated, employees a certain rate to takeoff time for vaccination or other reasons with or without pay, employees asking or asserting rights to paid time off for vaccination or other reasons or a host of other matters. Retaliation protections can arise even when the employee doesn’t qualify for the rights asserted as long as the employee can demonstrate that the request is based in a good faith belief that the right might exist. Consequently, employers should use care to investigate and respond carefully to these concerns.

More Information

About the Author

About Solutions Law Press, Inc.™

Comments Off on Most OSHA COVID-19 Vaccine & Other Mandates Take Effect 12/4 For 100+ Workforces As OSHA Considers Extending Mandates To Smaller Workplaces | Child Safety, Construction, Corporate Compliance, COVID, COVID-19, Employer, Employers, Employment Discrimination, Employment Policies, OSHA, Pandemic, Retaliation, Safety, vaccine mandate | Permalink
Posted by Cynthia Marcotte Stamer

Federal Agencies Take Aim At Businesses, Benefit Plan Fiduciaries & Service Providers & Others With Lax CyberSecurity & CyberBreach Compliance; Build Defenses By Strengthening Internal & External Controls & Risk Managment

October 19, 2021

Businesses, their employee benefit plan fiduciaries, their employer and other sponsors, their record keepers, financial advisors and other service providers and other business partners face growing pressure to shore up cyber security and cyber breach compliance and other safeguards to defend against a slew of new and ongoing federal cyber security and breach regulatory and enforcement the Biden-Harris Administration is rolling out in its effort to stem the rising tide of cybersecurity incidents.

Agencies Targeting Businesses, US Entities & Their Leaders For CyberSecurity & CyberBreach Regulation & Enforcement

On October 6, 2021, Deputy Attorney General Lisa O. Monaco announced plans to civilly prosecute federal government contractors that fail to follow required cyber security standards under the False Claims Act under a new Civil Cyber-Fraud Initiative to be led by DOJ’s Civil Division’s Commercial Litigation Branch, Fraud Section. While adding new exposures to the already substantial exposures federal government contractors and grant recipients already face for failing to comply with applicable cybersecurity and cyberbreach notifications under federal and state laws, the Civil Cyber-Fraud Initiative also provides more evidence that the Biden-Harris Administration is serious about moving forward on its broader strategy to stem the recurrent waves of disruptive cyber breaches and other security incidents buffeting U.S. public and private institutions and citizens by ramping up cybersecurity regulations, oversight and enforcement against all U.S. organizations. See e.g., New DOJ Civil Cyber-Fraud Initiative Pressures Federal Contractors & Grant Recipients To Tighten Cybersecurity Controls, Training & Other Safeguards. May 12, 2021 Executive Order on Improving the Nation’s Cybersecurity; July 28, 2021 National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems.

The DOJ Civil Cyber-Fraud Initiative is the latest in a growing list of new regulatory and enforcement programs placing pressure on U.S. businesses and their leaders to get serious about cybersecurity. Examples of some of the more far reaching of these new or continuing programs include:

Government Contractors.

Under the Civil Cyber-Fraud Initiative, DOJ plans to use the False Claims Act to prosecute pursue cyber security related fraud by government contractors and grant recipients. According to DOJ, the initiative will hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cyber security products or services, knowingly misrepresenting their cyber security practices or protocols, or knowingly violating obligations to monitor and report cyber security incidents and breaches. Federal contractors and grant recipients submitting claims for federal funds will be considered to have filed a false claim in violation of the False Claims Act if their cyber security and cyber breach practices are not compliant with applicable federal requirements when the payment is requested.

Federal Health Program Participating Health Care Providers And Plans.

The DOJ Cyber-Fraud Initiative follows a similar interpretation of the Department of Health & Human Services (“HHS”) Office Inspector General (“OIG”) about the cybersecurity and cyberbreach compliance requirements health care providers and health plan issuers participating in Medicare and certain other federally funded health care programs (“Medicare Participating Providers”) are accountable to meet under the Conditions of Participation for those programs. HHS OIG’s construction of these Conditions of Participation as including cybersecurity and cyberbreach compliance signs that Medical Participating Providers with deficient cybersecurity practices now may risk program disqualification and False Claims Act liability along with their already well-known exposure to civil monetary penalties under the Health Insurance Portability & Accountability Act (“HIPAA”) protected health information privacy, security and data breach rules.

Health & Other Employee Benefit Plans.

Health plans and other employee benefit plans, their fiduciaries, record keepers and service providers also face growing cybersecurity responsibilities and risks. While HHS Office of Civil Rights (“OCR”) continues to clarify and expand its interpretation, investigation and enforcement of HIPAA privacy, security and data breach rules against health plans, health care providers, health care clearinghouses and their business associates, the Department of Labor Employee Benefit Security Administration is turning up the heat on employee benefit plan fiduciaries to prudently protect their employee benefit plan assets and participants against cyberthreats.

On April 14, 2021, the Department of Labor Employee Benefit Security Administration (“EBSA”) made official its interpretation of the duty of prudence applicable to employee benefit plan fiduciaries under Section 404 of the Employee Retirement Income Security Act (“ERISA”) includes a duty for ERISA-covered employee benefit plan fiduciaries to take “appropriate precautions” to mitigate risks to plan participants and assets from both internal and external cybersecurity threats. The April 14 announcement makes official EBSA’s interpretation of the duty of prudence applicable to fiduciaries of ERISA-covered employee benefit plans as extending to a duty to act prudently to safeguard plan assets and plan participants against cybersecurity threats.

Concern about cyberthreats to private employee benefit plans covered by ERISA, their participants and beneficiaries has soared as massive data breaches Federal Thrift Savings Plan, Anthem, Capital One, the Public Employees Retirement Association of New Mexico and other employee benefit plans, their vendors and service providers increasingly have impacted millions of employee benefit plans, their accounts and participants.

While Congress chose to subject health plans to the detailed health privacy, security and breach rules of HIPAA and financial and certain other employee benefit plan service providers to consumer financial disclosure and data information security requirements of laws like Gramm-Leach-Bliley Act and the Fair and Accurate Credit Transactions Act, and even employers and others conducting background and other credit checks to the Fair Credit Reporting Act, growing awareness of the cyberthreat to employee benefits has not prompted Congress to date to extend those laws or otherwise to enact express statutory requirements for employee benefit plans and their fiduciaries. However, private litigants and others increasingly have speculated that a fiduciary duty to safeguard plan asset against cyberthreats might be subsumed in the obligation of fiduciaries under Section 404 of ERISA at all times to act with “the care, skill, prudence, and diligence under the circumstances then prevailing that a prudent man acting in a like capacity and familiar with such matters would use in the conduct of an enterprise of a like character and with like aims.” See, e.g., See Record $16M Anthem HIPAA Settlement Signals Need to Tighten Your Health Plan HIPAA Compliance & Risk Management.

While EBSA has worked to formulate its recently announced positions, private litigants increasingly have begun debating the applicability and effect of ERISA on cyberbreaches involving ERISA regulated plans. See e.g., In re Anthem, Inc. Data Breach Litig., No. 15-CV-04739-LHK, 2015 WL 7443779, at *1 (N.D. Cal. Nov. 24, 2015)(holding Anthem entitled under ERISA to remove claims to federal court and refusing employee benefit plan participants’ motion to remand to state court state claims arising from data breach); In re Anthem, Inc. Data Breach Litig., No. 15-MD-02617-LHK, 2016 WL 3029783 (N.D. Cal. May 27, 2016)(refusing to dismiss participant claims against non-Anthem defendants for lack of standing), motion reconsideration denied In re Anthem, Inc. Data Breach Litig., No. 15-CV-04739-LHK, 2016 WL 324386 (N.D. Cal. Jan. 27, 2016); Bartnett v. Abbott Lab’ys, No. 20-CV-02127, 2021 WL 428820, at *5 (N.D. Ill. Feb. 8, 2021) (dismissing breach of fiduciary duty claim based on inadequate evidence); In re: Premera Blue Cross Customer Data Sec. Breach Litig., No. 3:15-MD-2633-SI, 2017 WL 539578, at *21 (D. Or. Feb. 9, 2017). While mostly unsuccessful to date for procedural or factual sufficiency reasons, the preemption issues argued in many of these cases support concerns that under the proper circumstances ERISA could apply to breaches involving plans or their participants. As these and other actions continue to wind their way through the courts, EBSA also has begun to acknowledge that ERISA plan fiduciaries duties of prudence include cybersecurity responsibilities.

EBSA’s first official recognition of a cybersecurity responsibility by plan fiduciaries appears in the Default Electronic Disclosure by Employee Pension Benefit Plans Under ERISA Final Rule (the “Electronic Disclosure Rule”), which took effect July 27, 2020 . In the discussion of its requirements regarding website-based electronic disclosures in Subpart (e)(3), the Electronic Disclosure Rule requires that “[T]he administrator must take measures reasonably calculated to ensure that the website protects the confidentiality of personal information relating to any covered individual.” Similarly, the requirements for using e-mail to provide electronic disclosures in Subsection (k)(4) of the Electronic Disclosure Rule require the plan administrator to take “measures reasonably calculated to protect the confidentiality of personal information relating to the covered individual.” While recognizing these cyber security responsibilities in the Electronic Disclosure Rule, however, EBSA explained in the Preamble to the Electronic Disclosure Rule that it decided not to include more cumbersome cybersecurity requirements in the Electronic Disclosure Rule out of concern over the cost and other burdens of such requirements. Nevertheless, the Electronic Disclosure Rule imposed a responsibility by plan fiduciaries of employee benefit plans making electronic disclosures to ensure that electronic recordkeeping systems have in place reasonable controls, adequate records management practice, and other measures calculated to protect Personally Identifiable Information.

EBSA’s April 14, 2021 reflects EBSA now views the fiduciary responsibilities of ERISA-covered employee benefit plan fiduciaries generally as including the responsibility to take “appropriate precautions” to mitigate risks to plan participants and assets from both internal and external cybersecurity threats. Beyond acknowledging a duty to take prudent steps to protect plans assets and participants against internal and external cybersecurity threats, EBSA also shared the following three resources to help plan sponsors, fiduciaries and participants to safeguard benefit plans and personal information against emerging cyber threats:

Tips for Hiring a Service Provider: Helps plan sponsors and fiduciaries prudently select a service provider with strong cybersecurity practices and monitor their activities, as ERISA requires.
Cybersecurity Program Best Practices: Assists plan fiduciaries and record-keepers in their responsibilities to manage cybersecurity risks.
Online Security Tips: Offers plan participants and beneficiaries who check their retirement accounts online basic rules to reduce the risk of fraud and loss.
Participants in Securities Markets, Market Infrastructure Providers & Vendors.

Meanwhile the Securities and Exchange Commission (“SEC”) also has made clear its expectation that all firms participating in the securities markets, market infrastructure providers and vendors will appropriately monitor, assess and manage their cybersecurity risk profiles, including their operational resiliency. Consistent with the shared understanding of best cybersecurity practices shared with the agencies, the SEC guidance makes clear its market involved and impacting regulated entities are accountable for maintaining and enforcing appropriate internal and external controls to prevent, detect and redress cybersecurity threats, including appropriate board governance and risk management, access rights and controls, data loss prevention,mobile security, incident response and resiliency, vendor management, training and awareness and other practices. See SEC Office of Compliance Inspections and Examinations Cybersecurity and Resiliency Observations. Recently announced enforcement actions demonstrate that the SEC is acting on its promise to go after SEC regulated entities that breach these expectations. See, e.g., SEC Announces Three Actions Charging Deficient Cybersecurity Procedures.

These and other recently announced federal regulatory and enforcement developments send a clear message to businesses and their leadership, employee benefit plan sponsors, fiduciaries, record keepers and other vendors, SEC securities market involved organizations and others to clean up their cybersecurity compliance and risk management. Beyond the governmental enforcement risks these developments signal, these and other emerging regulatory developments provide added fuel for the already substantial private litigant and government complaints, investigations and prosecutions against businesses, their leaders, their employee benefit plan fiduciaries, record keepers and other service providers,and others. and their leaders unable to defend the adequacy of their cybersecurity related practices.

Raise Cybersecurity Compliance & Defenses To Mitigate Risks & Liabilities

In the face of these developments, all businesses, employee benefit plan fiduciaries, their employer and other sponsors, record keepers and other vendors and their leaders should prioritize cybersecurity compliance, risk management, oversight and controls. As part of these efforts, organizations and their leaders should move quickly to position themselves to defend against potential investigation and enforcement risks created by these emerging policies. These efforts should seek to ensure compliance with all applicable statutory, regulatory and contractual requirements as well as institutionalize the necessary operational controls to protect systems, data and operations from cyber breaches and other threats, to detect and redress cyber events promptly, and to ensure that the organization otherwise can demonstrate both their compliance efforts, as well as their timely prudent detection, investigation, reporting, mitigation and remediation in response to actual or suspected cyber threats or other compliance breaches.

More Information

About the Author

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with private and public employer, health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. In the course of this work, she has had extensive involvement in the design, administration and defense of payroll, employee benefit, insurance, securities, trade secret and other confidential information and other internal and external record and data systems and processes as well as investigation, reporting, redress and mitigation of cyber and other incidents.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstance at any time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any situation and does not necessarily address all relevant issues. Because developments could impact the currency and completeness of this discussion, the author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein. ©2021 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™.

Comments Off on Federal Agencies Take Aim At Businesses, Benefit Plan Fiduciaries & Service Providers & Others With Lax CyberSecurity & CyberBreach Compliance; Build Defenses By Strengthening Internal & External Controls & Risk Managment | Association Health Plan, Corporate Compliance, corporate governance, Cybercrime, Cybersecurity, Data Breach, Data Security, EBSA, Employee Benefits, Employer, Employers, ERISA, fiduciary duty, Fiduciary Responsibility, Government Accountability, Government Contractors, government employer, government plan, group health plan, health benefit, Health Benefits, health Care, Health Care Fraud, Health Care Sharing Ministries, health insurance, health insurance marketplace, Health IT, health plan, Health Plans, health reform, HIPAA, HIPAA, Medicare Part D, multiple employer plan (Meps), Personal Health Records, Personal Health Recordss, Privacy, Protected Health Information, Public Policy, Retirement Plans, SEC | Permalink
Posted by Cynthia Marcotte Stamer

New DOJ Civil Cyber-Fraud Initiative Pressures Federal Contractors & Grant Recipients To Tighten Cybersecurity Controls, Training & Other Safeguards

October 11, 2021

Federal government contractors and grant recipients should tighten cyber security policies, practices and internal controls to mitigate their exposure to civil False Claims Act claims by the Department of Justice (“DOJ”) under a new DOJ Civil Cyber-Fraud Initiative announced by DOJ last week. The new initiative adds False Claims Act civil liability to the already substantial civil liability that government contractors and other businesses already face for failing to comply with applicable cyber security and cyber breach notifications under federal and state laws. In the face of these added liabilities, federal contractors and grant recipients should act quickly to audit their cyber security and cyber breach practices, tighten cyber security and breach detection; oversight, credentialing and controls over employees, contractors and others with access to facilities and systems and take other appropriate action to prevent and remediate compliance deficiencies and risks.

Federal Government Contractors Bear Cybersecurity Responsibilities

Federal government contractors can face cyber security and breach responsibilities under a myriad of federal laws, regulations and contracting standards which are incorporated into their government contracts as part of conditions for participation in the applicable contract or program. For example, businesses that sell products to the U.S. government generally are required to comply with 15 basic safeguarding requirements and procedures to protect systems used to collect, process, maintain, use, share, disseminate, or dispose of Federal Contract Information (FCI) set forth in FAR 52.202.21. Companies that produce products used by the Department of Defense (DoD) may be required to comply with the minimum cybersecurity standards set by DFARS if those products aren’t commercially available off-the-shelf (COTS). DFARS 252.204-7012 requires contractors with CUI to follow NIST SP 800-171, report cyber incidents, report cybersecurity gaps. DFARS 252.204-7019 (interim) requires primes and subcontractors to submit self-assessment of NIST 800-171 controls through the Supplier Performance Risk System (SPRS). DFARS 252.204-7020 (interim) requires primes and subcontractors give the DoD access to their infrastructure to verify the self-assessment (via DMCA) and requires contractors roll requirements down to subcontractors. Meanwhile, DFARS 252.204-7021 (interim) governs the rollout of the Cybersecurity Maturity Model Certification program over 5 years. These requirements are in addition to any cyber security or cyber breach requirements otherwise applicable to government contractors or grant recipients under laws such as the Fair & Accurate Credit Transactions Act (“FACTA”) that also might apply to other businesses that do not do business with the federal government.

New DOJ Civil Cyber-Fraud Initiative Against Government Contractors Heightens Enforcement & Liability Risks

According to the DOJ announcement, DOJ expects the initiative to:

Build broad resiliency against cyber security intrusions across the government, the public sector and key industry partners.
Hold contractors and grantees to their commitments to protect government information and infrastructure.
Support government experts’ efforts to timely identify, create and publicize patches for vulnerabilities in commonly used information technology products and services.
Ensure that companies that follow the rules and invest in meeting cyber security requirements are not at a competitive disadvantage.
Reimburse the government and the taxpayers for the losses incurred when companies fail to satisfy their cyber security obligations.
Improve overall cyber security practices that will benefit the government, private users and the American public.

The False Claims Act is the government’s primary civil tool to redress false claims for federal funds and property involving government programs and operations. The DOJ’s Civil Cyber-Fraud Initiative does not create new cyber security and cyber breach obligations to promote these goals. Rather, it piggybacks on already existing federal mandates by adding False Claims Act civil liability to the already substantial civil liability that government contractors and grant recipients already risk for failing to maintain and administer their data security and data breach practices in accordance with applicable federal laws. Under the new Civil Cyber-Fraud Initiative, DOJ has signaled it intends to include compliance with applicable cyber security and cyber breach reporting requirements applicable to contractors as part of the obligations of government contractors and grant recipients to comply with applicable law as a condition of eligibility to participate in federal programs and receive federal funds. Federal contractors and grant recipients submitting claims for federal funds will be considered to have filed a false claim in violation of the False Claims Act if their cyber security and cyber breach practices are not compliant with applicable federal requirements when the payment is requested.

Companies and individuals found to have violated the False Claims Act generally are liable for treble damages plus a penalty that is linked to inflation. In addition to allowing the United States to pursue perpetrators of fraud on its own, the FCA allows private citizens to file suits on behalf of the government (called “qui tam” suits) against those who have defrauded the government. Private citizens who successfully bring qui tam actions may receive a portion of the government’s recovery. Many DOJ Fraud Section investigations and lawsuits arise from such qui tam actions and result in often large recoveries by DOJ and the reporting whistleblowers. As a result of availability of whistleblower recoveries, government contractors should anticipate that disgruntled employees, contractors, or others with whom they do business with knowledge of data breaches or other cybersecurity weaknesses may be incentivized to act as whistleblowers.

Cyber Risks Already Substantial Cyber Risks

The False Claims Act exposure under the new DOJ Civil Cyber-Security initiative adds to the already substantial and mounting risks that government contractors already face under an ever-expanding tapestry of federal, state and in some instances, international statutes, regulations and rulings.

Along with any exposures specifically applicable to it as a government contractor, depending on the nature of the business and the data it collects, the business also likely falls subject to duties to safeguard the confidentiality and security of wide range of electronic or other personal financial, tax and other data under various federal and state laws such as FACTA, the Internal Revenue Code, the Health Insurance Portability & Accountability Act (HIPAA), state identity theft, and a host of other statutes and regulations, contractual agreements, or both.

Due to the nature of their activities and involvements, some of the most significant of these obligations may arise from electronic crime related provisions of the Criminal Code of the United States, which by virtue of their criminal nature trigger potential organizational compliance program responsibilities under the U.S. Sentencing Commission Organizational Guidelines for government contractors and other covered entities such as 18 U.S. Code § 1028 – Fraud and related activity in connection with identification documents, authentication features, and information; 18 U.S.C. § 1029. Fraud and Related Activity in Connection with Access Devices; and 18 U.S.C. § 1030. Fraud and Related Activity in Connection with Computers.

However, government contractors also can face cybersecurity responsibilities, breach notification and other obligations and liabilities under a wide range of other civil laws and regulations. For instance, FACTA generally requires covered entities that collect or use certain personal financial information to conduct due diligence, monitor the security of records and adopt disposal practices that are reasonable and appropriate to prevent the unauthorized access to – or use of – information in a consumer report. As implemented by the Federal Trade Commission regulations, entities with covered accounts must develop and implement written identity theft prevention programs designed to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft.

Beyond these federal obligations, government contractors, like other businesses, also typically are exposed to liability under a wide variety of cyber security, cyber breach notification and other obligations and liabilities under state laws, regulations and common law. See, e.g. here. While the particulars vary based on the state, the nature of the business, where and how the business collects and maintains its data and other factors, the applicable state electronic confidentiality and data security requirements in most states and under some federal laws increasingly include express duties to take steps to protect data, to monitor from breaches and other threats, and/or to notify subjects of the breached data and in some cases, regulators and the public within a short period after a breach happens. Businesses operating in multiple states typically faces exposure under the laws of each jurisdiction where it operates with data impacted by the breach.

Because cyber security events increasingly create business and financial losses, investigation and defense costs, penalties and other liabilities and costs, cyber security breaches and other events also increasingly that fuel shareholder disclosure obligations and shareholder lawsuits. Indeed, former Securities and Exchange Commission Chair Mary Jo White in May, 2016 characterized cyber security as the biggest risk facing the financial system See here. In response to investor risks from cyber security events, the SEC has required regulated entities to make disclosures about these risks to investors since 2011. See CF Disclosure Guidance: Topic No. 2 – Cybersecurity. Given this guidance, it should come as no surprise that the SEC has imposed substantial fines against entities following a breach. See e.g. R.T. Jones reaches settlement with SEC in data breach case; Morgan Stanley Fined $1 Million for Client Data Breach.

Act To Manage Compliance & Risks

In the face of these added liabilities, federal contractors and grant recipients should act quickly to work with qualified legal counsel within the scope of attorney-client privilege to audit the adequacy of their existing cyber security and cyber breach practices under applicable federal statutes and contracts and other relevant laws and regulations as well as to confirm that adequate breach notification has been made for any existing or past breaches. To the extent that the audit uncovers any potential deficiencies in prior breach notification or other compliance, the federal contractor or grant recipient general will want to seek guidance from legal counsel regarding the advisable steps, if any, to take to mitigate and resolve outstanding liabilities, particularly in light of whistleblower liabilities. In addition to examining past and current compliance risks, government contractors and grant recipients also will want to explore advisable steps and documentation that will position their organizations to demonstrate their appropriate monitoring and maintenance of ongoing compliance or otherwise strengthen their defenses against potential cyber breaches as well as whistleblower and retaliation claims arising from employees or others seeking to use these exposures as leverage for settlements or claims. Given the potential magnitude of the liability, businesses generally not only need to take well documented steps properly to safeguard sensitive electronic sensitive personal information and systems holding or using it as well as be prepared to promptly provide notice in the event of any breach with the short time contemplated by law.

As part of these efforts, businesses and their leaders will want to ensure their compliance efforts include both adoption of all required formal policies, appropriate credentialing of employees, contractors and others accessing systems or facilities, well documented operational compliance and risk audits, documented risk assessment and response, compliance hotline reporting and investigation, suitable up-the-ladder reporting, and other appropriate procedures to facilitate rapid identification of potential concerns and other operational compliance.

Effective internal and external workforce credentialing, training, management and oversight are key to the success of these efforts, particularly because cyber breaches and other data threats often leverage internal access created by workforce infiltration, susceptibilities created by social engineering or other opportunities created from lax workforce or contractor compliance with security controls or both. See, e.g., Insider threat: The human element of cyberrisk.

Effective internal monitoring and reporting protocols also are essential to ensure rapid breach identification, investigation and notification. These protocols also should be developed and implemented to ensure timely disclosure and management of any breaches within required time frames.

In recognition of the typically high financial and operational costs of breach investigation, notification and defense, organizations also should weigh the advisability of securing and requiring business partners to secure cyber insurance or other protection to help mitigate these costs in the event of a cyber event.

While the conduct of these assessments inevitably will require the involvement of outside consulting services, business leaders also are cautioned to use care to take appropriate steps to protect these interactions by arranging to engage these services pursuant to attorney-client privilege to help shield sensitive information likely to be uncovered through compliance, risk management or investigation activities. Likewise, given the short time allowed for breach mitigation and notification, businesses should weigh carefully whether to engage regulatory counsel to assist with the initial breach notification and mitigation, separate and apart from cyber litigation defense counsel that might be available under applicable cyber insurance policies unless the proposed litigation defense counsel has proven cyber and other regulatory knowledge, experience and qualifications handling breach mitigation and notification events.

More Information

About the Author

Author of “Privacy and the Pandemic Workshop” for the Association of State and Territorial Health Plans, as well as a multitude of other health industry matters, workforce and health care change and crisis management and other highly regarded publications and presentations, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein. ©2020 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™.

Comments Off on New DOJ Civil Cyber-Fraud Initiative Pressures Federal Contractors & Grant Recipients To Tighten Cybersecurity Controls, Training & Other Safeguards | Corporate Compliance, corporate governance, Cybercrime, Cybersecurity, Data Breach, Data Security, Employers, Federal Sentencing Guidelines, Government Accountability, Government Contractors, government plan, Identity Theft, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

FTC Statement Warning To Confirm Health & Fitness Apps & Other Connected Devices Compliant With Applicable Federal Health Breach Notification Rules

October 1, 2021

Vendors and developers of mobile health apps and connected devices (“health apps”) that track or collect fitness or other health information that contain individually identifiable health information created or received by health care providers (“personal health records” or “PHR”) and their service providers (“collectively “PHR Vendors””) should verify their data security and breach notification policies and processes comply with applicable federal data breach rules in light of a September 15, 2021 Federal Trade Commission (“FTC”) policy statement cautioning health app vendors and their service providers that that app providers are responsible for complying with the FTC Health Breach Notification Rule; Final Rule, 16 C.F.R. Part 318 (“Health Breach Rule”) unless the breach is covered by and addressed in accordance with the Health Insurance Portability & Accountability Act (“HIPAA”) Breach Notification for Unsecured Protected Health Information, 45 CFR Parts 160 and 164 (“HIPAA Breach Rule”) applicable to health plans, health care providers, health care clearinghouses and their service provider business associates (“HIPAA Entities”) experiencing breaches of protected health information (“PHI”).

The HIPAA Breach Notification Rule and the Health Breach Rule implement enhanced health information data security and breach notification requirements added to federal law by the Health Information Technology for Economic and Clinical Health Act (HITECH) enacted by Congress as part of the American Recovery and Reinvestment Act (ARRA) of 2009. Widely recognized, the HIPAA Breach Rule adopted and enforced by the Department of Health & Human Services Office of Civil Rights (“OCR”) implements breach notification and other requirements for the protection of electronic PHI applicable to HIPAA Covered Entity. In contrast, the FTC Health Breach Rule implements the HITECH Act’s requirements for breaches not subject to the HIPAA Breach Rule of individually identifiable consumer health information in “personal health records” and falls under the FTC’s jurisdiction to investigate and enforce.

Awareness of the HIIPAA Breach Rule is much more widespread, largely due to OCR’s long and ever-growing list of settlements and prosecutions of violations of its HIPAA Breach Rules. See e.g., Pennsylvania OCR Settlement Warns Others Against Disability Or Other Civil Rights Discrimination In COVID-19 Resource Allocation & Other Response; Gastroenterology Practices Pays $100K For HIPAA Noncompliance; OCR Warns HIPAA Entities To “Get Serious” About HIPAA Compliance In Announcing Latest Settlement Against Ambulance Company; $1.6M HIPAA Penalty Mostly Due To Inadequate Security Assessment & Oversight. However the FTC’s lack of enforcement or other meaningful action of the Health Breach Rules since its adoption has fostered both a lack of awareness and concern about compliance with its requirements regarding reporting of breaches of PHR.

FTC Health Breach Rule For PHR Breaches

The FTC Health Breach Rule applies to breaches of electronic PHR. For purposes of the Health Breach Rule, “personal health record” or “PHR” generally means an electronic record any information, collected from an individual, that:

Is not subject to the HIPAA Breach Notification rules applicable to HIPAA Entities when a breach of electronic PHI happens;
Is created or received by a health care provider, health plan, employer, or health care clearinghouse;
Relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual; and
Either identifies the individual or with respect to which there is a reasonable basis to believe that the information can be used to identify the individual; and
Is managed, shared, and controlled by or primarily for the individual.

Where applicable, the Health Breach Notification Rule requires that the Health App vendors or related entities notify consumers, the FTC, and, in some cases, the media when that data in a Personal Health Record is disclosed or acquired without the consumers’ authorization. In addition, a third party service provider of such vendors or entities that experiences a breach must notify such vendors or entities of the breach, so that they can in turn notify their customers. Beyond requiring notification of breaches of Personal Health Records, the Health Breach Rule also contains specific requirements governing the timing, method, and contents of the breach notice to consumers. In general, it requires entities to provide breach notices by first class mail, or if specified as a preference by the individual, via e-mail “without unreasonable delay,” and in no case later than 60 calendar days after discovering a breach. Substitute notice, through the media or a web posting, also may be required when there is insufficient contact information for ten or more individuals.

Violations of the Health Breach Rule can be costly. The HITECH Act authorizes the FTC to seek civil penalties for violations. Companies that fail to comply with the rule could be subject to monetary penalties of up to $43,792 per violation per day.

FTC Signals Health Rule Enforcement Impending

The FTC Commission’s adoption of a Statement of the Commission on Breaches by Health Apps and Other Connected Devices (the”Statement”) at its September 15, 2021 meeting signals the FTC is preparing to begin enforcing the Health Breach Rule after taking no enforcement action in the decade since its adoption.

Responding to the explosive growth Health Apps and their use, the Statement notes that Health Apps such as wearable fitness tracking devices that collect consumers’ health information are covered by the Health Breach Notification Rule if they can draw data from multiple sources, and are not covered by the HIPAA Breach Rule. The Statement warns PHR Vendors not covered by HIPAA are responsible for protecting PHRs from unauthorized access and face civil monetary penalties of up to $43,792 per violation per day for failing to provide breach notification in accordance with the Health Breach Notification Rule when their PHRs experience a “breach of security” of PHRs on a Health App.

The Statement also urges PHR Vendors, health app developers, and others involved with the creation, provision or use of mobile devices collecting or accessing fitness or other individually identifiable health information to examine their obligation and recommends using the Developing a Mobile Health Act Tool (the “Tool”) to help determine what laws apply. For example, the Statement states a Health App would be covered under the FTC’s Health Breach Rule if it collects health information from a consumer and has the technical capacity to draw information through an API that enables synching with a consumer’s fitness tracker, but cites to cross references to the HIPAA Breach Rule in the Health Breach Rule to explain that a Health App developer is a “health care provider” subject to the HIPAA Breach Rule because it “furnish[es] health care services or supplies.”

Comments made by FTC Commissioner Lina M. Khan regarding the need for the Statement add weight to the credibility of concerns about impending enforcement. While noting the Health Breach Rule “imposes some measure of accountability on tech firms that abuse our personal information, Ms. Khan identified “the commodification of sensitive health information, where companies can use this data to feed behavioral ads or power user analytics” as an even “more fundamental problem.” She also stated “Given the growing prevalence of surveillance-based advertising, the Commission should be scrutinizing what data is being collected in the first place and whether particular types of business models create incentives that necessarily place users at risk.”

ALL HEALTH APP VENDERS & PROVIDERS SHOULD VERIFY COMPLIANCE WITH APPLICABLE BREACH REQUIREMENTS

In the face of OCR’s ongoing enforcement of HIPAA and the Statement’s signal of the FTC’s new commitment to the Health Breach Rule enforcement PHR Vendors, HIPAA Covered Entitles, and others involved with the development, provision, use or management of mobile apps or other devices that collect or access individually identifiable health information should take documented steps to evaluate their responsibilities and risks and address potential compliance exposures promptly. As PHI Vendors also could face exposure from service providers, this review should include assessment of those compliance risks and exposures. PHR Vendors also may wish to consider reviewing and strengthening contractual requirements for compliance, notification, audit and other vendor safeguarads. Given the potential of enforcement based on current or past practices or events and the likely need for candid discussion of issues and concerns associated with past and present noncompliance risks, HIPAA Covered Entities, PHR Vendors and others dealing with health apps or connected devices also should consider engaging legal counsel familiar with the various rules to help guide this evaluation within the scope of attorney-client privilege.

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication. Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein. ©2020 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™.

Comments Off on FTC Statement Warning To Confirm Health & Fitness Apps & Other Connected Devices Compliant With Applicable Federal Health Breach Notification Rules | Corporate Compliance, FTC, Health IT, Health Plans, HIPAA, HIPAA, Personal Health Records, Personal Health Recordss | Permalink
Posted by Cynthia Marcotte Stamer

Agencies Release of 3rd Surprise Billing Reminder Time Short For Health Plans To Prepare For 2022 Compliance Deadline; Learn More in 10/17 Briefing

September 30, 2021

Yesterday’s release by the Departments of Labor, Health and Human Services, Treasury and the Office of Personnel Management (“Agencies”) release yesterday (September 30, 2021) an a third interim final rule (“3rd Rule”) implementing requirements applicable to health plans and health care providers enacted under the No Surprises Act (the “Act) warns health plans, their employer and other sponsors, insurers, fiduciaries and service providers time is running out to update their plans, contracts and practices to prepare to meet comply with the Act when its rules take effect in 2022.

The release of the 3rd Rule yesterday follows the Agencies’ issuance of an interim final rule on consumer protections against surprise billing (“1st Rule”) in July and a proposed rule to help collect data on the air ambulance provider industry (“2nd Rule”) earlier in September, both of which take effect on January 1, 2022.The rules implement the Act’s ban on surprise billing for emergency services and ancillary care at in-network facilities, and limit high out-of-network cost sharing for emergency and non-emergency services by prohibiting them from being higher than if such services were provided in-network. In addition to the Act’s requirements implemented by these three rule packages, health plans and health providers also need to begin preparing to comply with new rules regarding prescription drug coverages and various other requirements of the Act, as well as a plethora of regulatory and market changes impacting health plans and their administration that have emerged over the past year.

Solutions Law Press, Inc. is hosting a complimentary briefing by Cynthia Marcotte Stamer on key requirements of the Act expected to impact health plans and their administration on Monday, October 18, 2021 from 11:30 a.m. to 1:00 p.m. Central Time. Registration is limited. Persons interested in attending should e-mail here to request registration as soon as possible.

Act’s Surprise Billing Ban

The Act seeks to protect patients from surprise bills and remove them from the middle of payment disputes between out-of-network providers, facilities, or providers of air ambulance services and health plans or issuers.

The 1st Rule published on July 1, 2021 states that, beginning in 2022, patients will only be required to pay cost sharing based on in-network rates for certain out-of-network emergency services, out-of-network non-emergency services at in-network facilities and out-of-network air ambulance services.

The 3rd Rule builds on this work and details how the total payment to an out-of-network provider or facility will be determined. In some cases – based on the law – state law or application of a state All-Payer Model Agreement will determine this amount. Where neither applies, the rule sets forth the federal process that will apply for determining the amount. When a payment dispute for items/services that fall under surprise billing protections occur, either a provider, facility, or air ambulance provider or plan/issuer may initiate a 30-day open negotiation period. If open negotiation fails, either party may initiate the federal independent dispute resolution process. This rule details how this process initiates, what is eligible for this process and how independent dispute resolution entities should consider factors when determining a payment amount.

Self Pay Patient’s Good Faith Estimate Requirements

In added consumer protections, today’s 3rd Rule also outlines key requirements related to uninsured (or self-pay) individuals. Self-pay individuals are individuals who have coverage but do not choose to have their care billed to their health plan or issuer. When individuals schedule an item or service with certain providers and facilities, those providers and facilities will be required to inquire about the individual’s health coverage status, and if the individual wants their care billed to their health plan or issuer.

The provider or facility must provide a good faith estimate of expected charges for the care they are scheduling for individuals deemed uninsured (or self-pay). An uninsured (or self-pay) individual may also request a good faith estimate, without scheduling an item or services. The rule also establishes a process for uninsured (or self-pay) individuals to initiate a payment dispute resolution process if they are ultimately billed substantially in excess of the good faith estimate they received.

Time Running Short To Complete Compliance Preparations

The Act’s restrictions on balance billing of out of network and self pay services, along with new rules regarding prescription drug coverage and various other health benefit rules are scheduled to take effect under the Act beginning in January, 2022 as well as a host of other statutory, regulatory and market changes impacting health benefit programs for the upcoming year. Aside from the complexities of meeting the direct requirements of the rules, health plans and their sponsors, fiduciaries, administrators and advisors working to update their plans also will need to determine and decide how to respond to state law regulatory surprise billing and other price transparency and balance billing rules that the Act and its implementing regulations incorporate. Employer and other health plan sponsors, health plan fiduciaries and their service providers need to confirm the necessary arrangement are prepared in a timely fashion to ensure their health plans are designed and administered to comply with these requirements. In addition to updating plan documents, contracts, and processes, health plans, their sponsors, fiduciaries, administrative service providers and others likely need to review budget forecasts, stop loss and other insurance, participant and provider communications, systems, and a host of other operating features of their programs. Given the emerging nature of the guidance, meeting current deadlines are likely to prove challenging. Accordingly health plan sponsors, administrators, fiduciaries, insurers, and advisors should move quickly to begin preparations.

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

Comments Off on Agencies Release of 3rd Surprise Billing Reminder Time Short For Health Plans To Prepare For 2022 Compliance Deadline; Learn More in 10/17 Briefing | Balance Billing, Corporate Compliance, group health plan, health benefit, Health Benefits, health Care, health care transparency, health insurance, health insurance marketplace, Health IT, health plan, Health Plans, health reform, out-of-network, Surprise Billing, Surprise Billingn, transparency | Permalink
Posted by Cynthia Marcotte Stamer

Group Health Plan Section 111 Medicare Secondary Payer (MSP) Records To Accept Future Effective Date

September 27, 2021

An impending change in the Medicare Secondary Payer (”MSP”) recordkeeping system could slightly lighten group health plan reporting burdens.

Effective October 4, 2021, Section 111 record submissions will accept effective dates up to three months in the future for Group Health Plan (GHP) claims. Because Medicare entitlement records may have effective dates up to three months in the future, CMS is updating the COB&R systems to accept these future MSP effective dates.

When a S111 GHP record is submitted and the Medicare Beneficiary’s entitlement is in the future (up to 3 months) and there are no errors, the system will now create an MSP record with a future MSP Effective Date. For S111 GHP records, a future MSP Effective Date (up to 3 months) will be accepted for beneficiaries with both current and future entitlement start dates (i.e., for prospective enrollments).

For example, if a Responsible Reporting Entity submits an MSP record on 10/05/2021 and the beneficiary’s Medicare entitlement date is 01/01/2022, the Benefits Coordination and Recovery Center (BCRC) will now accept the Medicare entitlement date of 01/01/2022 as the MSP effective date.

Some health plans might find these new rules alleviate some of the burden of their reporting now or as part of an upcoming system upgrade.

More Information

This article is republished by permission of the author, Cynthia Marcotte Stamer. To review the original work, see here.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years working as an on demand, special project, consulting, general counsel or other basis with domestic and international business, charitable, community and government organizations of all types, sizes and industries and their leaders on labor and employment and other workforce compliance, performance management, internal controls and governance, compensation and benefits, regulatory compliance, investigations and audits, change management and restructuring, disaster preparedness and response and other operational, risk management and tactical concerns.

Widely recognized for her work with health plan, managed care and other heath insurance, health care and life sciences health and other data and technology and related matters, organizations, she has worked extensively with other employer, employee benefits, insurance, trade and other association, financial, transportation, manufacturing, energy, real estate, accounting and other services, public and private academic and other education, hospitality, charitable, civic and other business, government and community organizations. and their leaders, on health and managed care and other employee benefits, related program design, documentation, contracting, insurance, administration, technology, compliance and internal controls, investigations and defense, regulatory and public policy and related matters. Ms. Stamer also has extensive experience published and spoken extensively on these and other human resources, employee benefits, compensation, worker classification and other workforce and other services; insurance; health care; workers’ compensation and occupational disease; business reengineering, disaster and distress; and many other performance, risk management, compliance, public policy and regulatory affairs, and other operational concerns.

A former lead advisor to the Government of Bolivia on its pension project, Ms. Stamer also has worked internationally and domestically as an advisor to business, community and government leaders on these and other legislative, regulatory and other legislative and regulatory design, drafting, interpretation and enforcement, as well as regularly advises and represents organizations on the design, administration and defense of workforce, employee benefit and compensation, safety, discipline, reengineering, regulatory and operational compliance and other management practices and actions.

Ms. Stamer also serves in leadership of a broad range of professional and civic organizations and provides insights and thought leadership through her extensive publications, public speaking and volunteer service with a diverse range of organizations including as Chair of the American Bar Association (“ABA”) Intellectual Property Section Law Practice Management Committee, Vice Chair of the International Section Life Sciences and Health Committee, Past ABA RPTE Employee Benefits & Other Compensation Group Chair and Council Representative and current Welfare Benefit Committee Co-Chair, Past Chair of the ABA Managed Care & Insurance Interest Group, past Region IV Chair and national Society of Human Resources Management Consultant Forum Board Member, past Texas Association of Business BACPAC Chair, Regional Chair and Dallas Chapter Chair, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation and many others.

About Solutions Law Press, Inc.™

Comments Off on Group Health Plan Section 111 Medicare Secondary Payer (MSP) Records To Accept Future Effective Date | Corporate Compliance | Permalink
Posted by Cynthia Marcotte Stamer

DOL Delay Of Planned Replacement Of Trump-Era FLSA Joint Employer Rule Good For Employers

September 20, 2021

No business wants to get hit with a bill or judgement for unpaid overtime or other wages and penalties under the Fair Labor Standards Act (“FLSA”). It’s even worse when the back pay and fines are for work performed by employees of another business that didn’t pay.

Today’s U.S. Department of Labor (“DOL”) announcement putting on hold for now its previously announced plan to replace the Trump-era “Joint Employer Status Under the Fair Labor Standards Act” final rule (“Joint Employer Rule”) with a much less business friendly rule is good for business.

Joint Employer Liability

Under the minimum wage and overtime rules of the Fair Labor Standards Act (“FLSA”), an employee can have more than one employer for the work they perform. Joint employment applies when – for the purposes of minimum wage and overtime requirements – the DOJ considers two separate companies to be a worker’s employer for the same work. When this happens, hours of work performed for any business considered within the joint employer group are aggregated for purposes of determining when overtime is worked and each business is jointly and severally liable for any unpaid minimum wage and overtime do regardless of whether those hours of work was performed for that particular business. The Joint Employer Rule governs when that can happen.

While both DOL and private litigants long have used the joint employer rules and precedent to nail businesses for other employer’s wage and hour liability, the Trump Administration adopted the Joint Employer Rule to overrule Obama Administration practices for interpreting and enforcing the rule that replaced the historically applied judicial tests with standards that significantly increase the likelihood of joint employer liability by unrelated businesses.

Historically, joint employer determinations were reached by applying highly subjective, fact specific analysis heavily reliant upon decades of court decisions which required some evidence that the alleged joint employer possessed or exercised some control over the employees to support the finding of joint employment. Under these historical tests, mere benefit from work performed by individuals employed by another employer did not establish a presumption, much less proof of joint employment.

As part of the Obama Administration’s pro-worker agenda, however, DOL made up and began applying new standards without formally issuing new regulations adopted interpretive and enforcement guidelines for finding joint employer status that that significantly broadened the employment relationships that the DOL treated as joint employers in a manner that presumed the existence of a joint employment relationship whenever the alleged joint employer benefitted from the performance of work. Contrary to decades of judicial precedent, these new standards asserted joint employer liability when the facts showed little or any evidence that the alleged joint employer possessed or exercised any control over the employee or the details of his work. A host of businesses were surprised to be nailed by DOL with wage and hour backpay orders and penalties arising from work performed by subcontractors, contractors, and other businesses including overtime liability attributable to work performed for the benefit of other businesses with no connection to the sanctioned business.

The Trump Administration adopted the Joint Employer Rule provide regulations to overrule the practices implemented during the Obama Administration By clarifying and regulation want it perceive to be the historical tests of joint employment established In decades of judicial precedent.

As finalized in January, 2020, the Joint Employer Rule uses a balancing test to the considers the following factors to determine whether a business sufficiently directly or indirectly controls a employee of another business to be liable as a joint employer:

hires or fires the employee;
supervises and controls the employee’s work schedule or conditions of employment to a substantial degree;
determines the employee’s rate and method of payment; and
maintains the employee’s employment records.

Not surprisingly, President Biden announced plans to reinstitute the pro-labor joint employment standards created and applied during the Obama Administration by issuing a new regulation that would have rescinded and replaced the Joint Employer Rule.

The U.S. District Court for the Southern District of New York stymied Biden‘s efforts by ruling his regulation defined joint employment contrary to statutory language and Congressional intent. and failed to take into account the department’s prior joint employment guidance. Accordingly, the court forced the Biden administration to reconsider by vacating Biden’s regulation. A strong joint employer standard is critical because FLSA responsibilities and liability for worker protections do not apply to a business that does not meet the definition of employer.

As the court’s ruling invalidated the regulation that would have withdrawn it, the Joint Employer Rule as adopted during the Trump Administration will take effect October 5, 2021.

Protect Your Business

The Joint Employer Rule mitigates but doesn’t eliminate joint employer liability risks under the FLSA. Accordingly, despite today’s announcement confirming the Joint Employer Rule will go into effect at least temporarily, businesses should use care to mitigate their exposure to joint employer liability.

First, employers should keep in mind the Biden Administration is not giving up. The announcement by the DOL today makes clear that the Biden Administration plans to take another stab at overturning the Joint Employer Rule when it states “Until the effective date of the rescission of the Joint Employer Rule, part 791 of Title 29 of the Code of Federal Regulations remains in effect.” (emphasis added). Accordingly even as businesses enjoy this reprieve, they must stay vigilant for the almost certainty more efforts to rescind or weaken the Joint Employer Rule, enforce joint employment inconsistently with the Joint Employer Rule like the Obama Administration or both.

Second, joint employment findings remain a real and significant risk for many businesses even under the Joint Employer Rule.

Joint employer determinations under the Joint Employer Rule continue to turn on highly subjective analysis of facts and circumstances that support joint employer findings in many circumstances surprising to many business owners,

For these reasons, virtually all businesses should critically evaluate their existing and prospective relationships for potential joint employer liability under the FLSA and respond as needed to mitigate risk both under the Joint Final Rule and under the standards the Biden Administration hopes to use.

As a further backstop to these risks, most businesses also will want to consider revising contracts and business practices to require companies providing services to give contractual guarantees of compliance, agreements to defend, indemnify and hold harmless for joint employer liability claims, and to provide records documenting compliance on an ongoing basis to mitigate or defend against liability should the DOL or a private litigant bring claims.

Before beginning these assessments, businesses and their leaders are encouraged to engage an attorney experienced in FLSA and other joint employer and other worker classification laws in light of the legally sensitive evidence and discussions inherently involved in this process. Conducting this analysis within the scope of attorney-client privilege helps protector limit the discoverability of sensitive discussions and work product in the event of a Labor Department investigation or litigation.

For More Information

We hope this update is helpful. For more information about this or other labor and employment developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER, Texas Top Rated Lawyer” in Law and Labor and Employment Law and Health Care; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management manage FLSA and other workforce, compliance, risk management, and other legal concerns as well as public policy leadership and advocacy, coaching, teachings, and publications.

As a part of this work she has continuously and extensively worked with domestic and international employer and other management, employee benefit and other clients to assess, manage and defend joint employer and other worker classifications and practices under the FLSA and other federal and state laws including both advising and and assisting employers to minimize joint employer and other FLSA liability and defending a multitude of employers against joint employer and other FLSA and other worker classification liability.

Author of hundreds of highly regarded books, articles and other publications, Ms. Stamer also is widely recognized for her scholarship, coaching, legislative and regulatory advocacy, leadership and mentorship on wage and hour, worker classification and a diverse range of other labor and employment, employee benefits, health and safety, education, performance management, privacy and data security, leadership and governance, and other management concerns within the American Bar Association (ABA), the International Information Security Association, the Southwest Benefits Association, and a variety of other international, national and local professional, business and civic organizations including highly regarded works on worker reclassification and joint employment liability under the FLSA and other laws published by the Bureau of National Affairs and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.

Solutions Law Press, Inc. provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc. resources

Comments Off on DOL Delay Of Planned Replacement Of Trump-Era FLSA Joint Employer Rule Good For Employers | Corporate Compliance, Employer, Employers, Employment, Employment Policies, Fair Labor Standards Act, FLSA, Military Leave, Pay | Permalink
Posted by Cynthia Marcotte Stamer