Written by: Don Benson, Esq. The U.S. Labor Department announces in a March 16, 2016 press release that a Tampa assisted living facility must pay more than $56K in back wages to nine employees.  Two employees were miss-classified  as independent contractors. Seven other employees were miss-classified as exempt and paid on a salaried basis without over-time pay. Toria’s Support Care Services violated the minimum wage, overtime and recordkeeping provisions of the Fair Labor Standards Act. The employer miss-classified one maintenance worker and one care provider as independent contractors instead of employees, and failed to pay them the federal minimum wage and overtime. The employer also improperly paid other employees flat salaries without regard to how many hours they worked. In some instances, these salaries failed to cover the federal minimum wage of $7.25 per hour, and when employees worked more than 40 hours in a week the employer failed to pay…       Read More

Written by: Richard Sheinis, Esq. Senate Bill 2005, amending Tennessee’s data breach notification law, was signed by the Governor on March 24, 2016. The new law is effective July 1, 2016. The main changes to the current law (Tennessee Code Annotated, Section 47-18-2107) are as follows: Notification of a data breach must be provided to affected Tennessee residents within 45 days of the discovery of the breach. The old law required notification in a reasonable time. The amendment originally required notification within 14 days of discovery of the breach, but the notification period was changed to 45 days before the Senate passed the Bill. The new law removes the word “unencrypted” from the definition of personal information. The implication is that even if the personal information that is the subject of the breach is encrypted, notification is still required. This is different than the law of most states, as well…       Read More

Written by: Sean Cox, Esq. On December 1, 2015, significant changes to the Federal Rules of Civil Procedure went into effect, including two that deal with proportionality and cost-shifting. Typically, there is asymmetry between the amount of discoverable information in the possession of individual plaintiffs and business entity defendants. This, combined with the rule that the producing party should bear the cost of production, has led to disproportionate discovery costs between the parties. Two recent changes address this by modifying the scope of discovery. The scope of discovery now explicitly includes a proportionality limitation. While a proportionality limitation has been part of the federal rules, the Advisory Committee recognized that most judges were reluctant to limit discovery. Therefore, proportionality language was moved front and center in part “to encourage judges to be more aggressive in identifying and discouraging discovery overuse.” Fed. R. Civ. P. 26 (2015 Advisory Notes). (b) Discovery…       Read More

Written by: Patrick Powell, Esq. On March 21, 2016, the HHS Office for Civil Rights (“OCR”) officially launched Phase 2 of the HIPAA Audit Program.  Covered Entities and Business Associates need to be prepared for these audits and be on the lookout for emails from OCR beginning the audit process. The Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH Act”) requires OCR to periodically audit both Covered Entities and Business Associates for compliance with the HIPAA Privacy, Security, and Breach Notification Rules.  OCR conducted Phase 1 audits in 2011 and 2012.  The Phase 1 audits only examined Covered Entities and the results were generally disappointing.  OCR is now proceeding with Phase 2. OCR will conduct both desk audits and on-site audits of Covered Entities and Business Associates.  The first round of audits will be for Covered Entities with a second round for Business Associates.  Desk audits…       Read More

Compiled by: Rishard Sheinis, Esq. North Memorial Health Care paying $1.5 million in federal privacy settement Minnesota Star Tribune … million to settle charges that it violated federal health privacy law in connection with the 2011 theft of a laptop computer that contained patient data Medical data breach exposes patient records SiliconANGLE (blog) According to DataBreaches.net, over 20BG of data was leaked. The original intent, it seems, was to transfer old paper records to digital by scanning … 5 Major Hospital Hacks: Horror Stories from the Cybersecurity Frontlines IEEE Spectrum In these attacks, hackers hijack a computer network, encrypting or otherwise blocking access to the data, then demand a ransom payment in exchange … Man Charged With Felony Computer Hacking For Phishing Scheme and Illegal Access To … Westside Today A man was charged on Tuesday with felony computer hacking for a phishing scheme that allegedly gave him illegal access…       Read More

By: Richard Sheinis, Esq. Two medical providers recently paid large settlements to the Department of Health and Human Services’ Office for Civil Rights because of HIPAA violations. Both involved thefts of laptops, an issue I see with some regularity. In one case, The Feinstein Institute for Medical Research in Manhasset, L.I., a research arm for Northwell Health, agreed to pay $3.9 million after it acknowledged in 2012 that a laptop containing health data for 13,000 patients was stolen from an employee’s car. The laptop was password protected, but it was not encrypted. HHS stated, “Feinstein’s security management process was limited in scope, incomplete and insufficient to address potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI held by the entity.” In the second case, North Memorial Health Care is paying $1.55 million because a laptop was stolen from a locked car belonging to an employee of a…       Read More

Written by: Scott Cole The March 8 status conference in Florida v Georgia indicates that the Special Master is growing tired of massive discovery rather than settlement efforts.  The parties are still disputing burden of proof issues and related discovery deadlines, and GA has requested another extension.  But the Special Master blasted them for not focusing on core issues and mediation: “I am not prepared to grant any extension today. From prior conferences you know that I’m very reluctant to extend this marathon. Very early on and, again, as recently as last month I suggested that you meet and confer on limiting the scope of discovery to the basic, hard-core issues you believe necessary to inform judgment. Instead, as reflected, once again, in these progress reports, both sides have plunged even deeper into discovery of hundreds, perhaps thousands, of complex issues that will ultimately be left on the wayside, millions…       Read More

On Tuesday March 22nd, Of Counsel John Parkerson will be speaking on a panel program organized by World Affairs Council of Atlanta’s Young Leaders and the French-American Chamber of Commerce-Atlanta Chapter (“FACC-Atlanta”).  The event will be held at the Atlanta Center for International Arbitration and Mediation at Georgia State University’s College of Law and is titled, “Keeping the Door Ajar? Immigration and Refugee Policy in Today’s World.”  Mr. Parkerson will be joined by: Dr. Dabney Evans – Associate Professor, Rollins School of Public Health, Emory University; Ms. Paedia Mixon – CEO, New American Pathways; and Hon. Ted Terry – Mayor, City of Clarkston. For more information, click here

By Don Benson The EEOC has filed two new cases alleging sex discrimination based on sexual orientation: • In EEOC v. Scott Medical Health Center, P.C., (W.D. Pa., No. 2:16-cv-00225-CB, filed March 1, 2016). The EEOC sued Scott Medical Health Center, P.C., a provider of pain management and weight loss services, alleging that it discriminated against charging party Dale Baxley on the basis of sex in violation of Title VII when it subjected him to harassment because of his sexual orientation and/or because he did not conform to the employer’s gender-based expectations, preferences, or stereotypes. The Commission further alleges that the defendant failed to take action to stop the harassment after Baxley complained, resulting in his constructive discharge. According to the EEOC’s lawsuit, Baxley’s immediate supervisor knew that Baxley was gay and frequently assailed him with highly offensive anti-gay epithets, and other vulgar epithets based on sex stereotypes. When Baxley…       Read More

Compiles by: Richard Sheinis, Esq. Cox Communications Investigates Data Breach Affecting 40K Employees Info Security Magazine This is not the first breach that the company has faced. Last November, Cox was fined $595,000 by the FCC for failing to report a data breach involving … Cyber attack on cancer chain affects 2.2 million Health Data Management A cyber attack last year on 21st Century Oncology Holdings has put the information of 2.2 million individuals at risk, the company announced this … The False Promise of HIPAA for Healthcare Cybersecurity HealthITSecurity.com Finally, a compliance approach to healthcare cybersecurity creates an organizational governance structure that inhibits framing cyber risk as an … Verizon Wireless settles FCC complaint about supercookie tracking Computerworld “Consumers care about privacy and should have a say in how their personal information is used, especially when it comes to who knows what they’re … These Hackers Are Writing a…       Read More