Although Theranos’s history — which includes several administrative penalties for the troubled blood-testing company — has received an outsize amount of media attention, its experience with regulatory agencies highlights several important issues for start-up and emerging health care entities, writes Robert E. Wanerman in Epstein Becker & Green‘s Health Law Advisor blog.

He discusses four major questions raised in this type of case, with these headings: What Do Regulators Want?, What Do Health Care Providers and Payors Want?, Who Is Investing in the Venture?, and Who’s on Board?

On the first point, he wrote that “even in an environment that encourages innovation, health care organizations must understand the scope of regulatory oversight at the federal and state levels, and the range of remedies available to regulators for noncompliance. Every organization should also have a protocol in place for responding to regulatory inquiries or inspections.”

Read the article.

Civil fines across federal agencies have recently been increased dramatically under the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015 (2015 Act) (Sec. 701 of Public Law 114-74), with some more than doubling, according to an article published by Wilmer Cutler Pickering Hale and Dorr LLP.

“Companies violating the Hart-Scott-Rodino (HSR) Improvements Act, the Securities Exchange Act, or the Occupational Safety and Health Act (OSHA), among others, could soon face civil monetary penalties that are up to 150% higher than the existing levels. According to the Congressional Budget Office, the 2015 Act would increase the federal government’s revenue by $1.3 billion over the next ten years,” the article says.

The authors provide a chart listing some of the notable increases in federal civil fines under the 2015 Act.

Read the article.

BP Plc faces more than $20 million in penalties and surrendered profits after a U.S. regulator found that the energy giant manipulated commodity markets in Texas, according to a report by Bloomberg and published by The Business Times.

The case dates back to 2008, when — according to the Federal Energy Regulatory Commission — BP rigged prices at a Texas natural gas hub.

The order upholds an earlier ruling by the agency’s judge. BP had denied the allegations, Bloomberg reports.

“We find the violation here to have been very serious,” the commission said. “BP manipulated the market to profit from a natural disaster, and it did not stop after a trade or two but rather kept the scheme going for nearly three months.”

Read the article.

In an article published by IPWatchdog, James Cosgrove, a legal analyst at Juristat, offers some guidance on general trends regarding appeals at the United States Patent and Trademark Office and shows practitioners how to use big data to win their appeals.

“In the patent world, the phrase ‘final rejection’ has something of a unique meaning,” Cosgrove writes. “While the uninitiated likely would assume that a final rejection would indicate the end of the patent prosecution process, it is actually just the beginning of the final stage of prosecution, when applicants must decide how hard they really want to fight for their patent.”

He says the applicant has three ways forward at that point, and discusses the third: appealing the examiner’s rejection.

Read the article.

Employers are not exempt from the Occupational Safety and Health Administration’s reporting rule for on-the-job injuries linked to alcohol intoxication even though the injured employee’s consumption of alcoholic beverages took place off the job, reports Bradford T. Hammock of Jackson Lewis.

Amanda Edens, head of OSHA’s Technical Support and Emergency Management Directorate, outlined the interpretation in a later that was released April 18.

“According to Edens, OSHA health care professionals concluded the exception for self-medication does not apply because consuming alcohol ‘does not treat the disorder of alcoholism. Instead, drinking alcohol is a manifestation of the disorder,’ ” the article says.

Read the article.

Practical Law will present a free webinar in which management attorney Christopher J. Collins of SheppardMullin, plaintiff’s attorney Kalpana Kotagal of Cohen, Milstein Sellers & Toll, and EEOC trial attorney Justin Mulaire discuss conciliation and intervention under the federal anti-discrimination statutes.

The event will be Thursday, June 9, beginning at 1 p.m. Eastern time.

The webinar will address obligations on the part of employers, charging parties and the EEOC in conciliating and litigating EEOC cases.

Presenters:
Christopher J. Collins, Partner, SheppardMullin Richter & Hampton LLP
Kalpana Kotagal, Partner, Cohen, Milstein, Sellers & Toll, PLLC
Justin Mulaire, Trial Attorney, US Equal Employment Opportunity Commission

CLE credit is available for Arizona, Calif ornia, Colorado, Georgia, Hawaii, Illinois, Indiana, Missouri, New Hampshire, New Jersey, New York, North Carolina, Pennsylvania, Vermont, Washington. CLE credit is being sought for Minnesota, Oregon, Tennessee, Texas, Virginia. CLE credit can be self-applied for in Florida.

Register for the webinar.

Practical Law and the Wage & Hour Defense Institute (WHDI) will present a free, 75-minute webinar providing guidance on the U.S. Department of Labor’s final rule, updating the regulations governing white collar exemptions under the federal Fair Labor Standards Act (FLSA).

The webinar will be Wednesday, June 1, beginning at 1 p.m. EDT.

The rule, which takes effect Dec. 1, 2016, doubles the minimum weekly salary threshold required for the exempt classification of executive, administrative, professional, and computer professional employees. In addition, the new rule increases the minimum annual compensation and weekly salary requirements for exempt highly compensated employees (HCEs), and the special salary levels for employees in the motion picture industry and employees in American Samoa.

Moderator Paul Bittner of Ice Miller LLP (Columbus, OH), and speakers Susan N. Eisenberg of Cozen O’Connor (Miami) and Francis X. Neuner, Jr. of Spencer Fane (St. Louis), all members of the Wage & Hour Defense Institute, will discuss what employers must do now to ensure compliance with the final rule, including:

Counting bonuses and incentive payments toward satisfying the new minimum salary.

• Reclassifying exempt employees who no longer satisfy the salary threshold.
• Communicating reclassification decisions.
• Planning for scheduled adjustments to the salary threshold.
• Addressing pay increases and the effect on an employee’s exempt status.
• Evaluating the risk of improper classification.
• Understanding what the DOL’s final rule does not change.

A short Q&A session will follow.

Presenters:

• Paul Bittner, Partner, Ice Miller LLP (Columbus, OH)
• Susan N. Eisenberg, Member, Cozen O’Connor (Miami)
• Francis X. (Frank) Neuner, Jr., Partner, Spencer Fane (St. Louis)
• Suzanne K. Brown, Senior Legal Editor, Practical Law Labor & Employment (Moderator)

CLE credit is available for: Arizona, California, Colorado, Georgia, Hawaii, Illinois, Indiana, Missouri, New Hampshire, New Jersey, New York, North Carolina, Pennsylvania, Vermont, Washington. CLE credit is being sought for: Minnesota, Oregon, Tennessee, Texas, Virginia CLE credit can be self-applied for in: Florida

Register for the webinar.

Global companies have been embracing socially responsible spending projects to build stronger relationships with local communities, writes Michael Volkov in his firm’s Corruption, Crime & Compliance blog. He writes that the idea makes a lot of sense and real projects can result in real benefits.

“As with any significant source of money, there are risks. Major global companies have been caught in some embarrassing situations, some of which can have real legal and reputational consequences,” he explains.

In an attempt to promote the goodwill of the company in emerging markets, companies sometimes spend large amounts of money, only to find out later that foreign leaders have lined their pockets with the funds to the detriment of the locally intended beneficiaries, he adds.

Read the article.

Financial regulators have proposed new rules limiting the incentive pay of employees and other service providers at financial institutions, report Mark Jones and Robert L. Tian of Pillsbury Winthrop Shaw Pittman LLP.

“The new rules seek to establish general requirements applicable to the incentive-based compensation arrangements of covered persons working in covered institutions. Covered persons are any executive officers, employees, directors or principal shareholders who receive incentive-based compensation at a covered institution. Additional restrictions apply to senior executive officers and significant risk-takers,” they write.

Their article discusses the prohibition of excessive compensation, appropriate performance measures, effective controls, approval by the board of directors, and disclosure and record-keeping.

Read the article.

Photo by Mike Mozart of JeepersMedia

Regulators fighting the merger plan of Office Depot and Staples face a decision from a judge that may hinge on the veracity of the government’s relevant product market, reports Policy and Regulatory Report, a Mergermarket Group company. The issue of whether the Federal Trade Commission (FTC) gerrymandered its market has repeatedly surfaced during the government’s pursuit of a preliminary injunction against the proposed merger.

PaRR Global (Policy and Regulatory Report) spoke to various independent sources to assess holes in the arguments of both the FTC and the merging companies.

In its case, the FTC defined the relevant product market as “consumable office supplies,” such as pens and paper, which constitute a so-called cluster market, according to the PaRR analysis.

A cluster market is used in antitrust theory to group separate individual relevant product markets, such as the individual market for paper and the individual market for pens, into a wider market for analytical convenience.

Clustering is appropriate “only when the individual products face similar competitive conditions,” according to the government’s proposed findings of fact.

Read the article.

The renaming of George Mason University’s law school after Justice Antonin Scalia has erupted into a tense confrontation within its faculty: between professors embracing the move and scholars outside the law school offended by the association with the high court’s most influential conservative, reports The Wall Street Journal.

“Officials at the suburban Virginia public university say they have no intention of reconsidering the rebranding, which comes attached to not just controversy but a heap of money. The school is set to receive its largest combined gift, $10 million from a charity founded by billionaire conservative activist Charles Koch and a $20-million pledge from an anonymous donor who made the gift contingent on the name change,” according to the report.

More than 100 professors at George Mason have signed a petition condemning both the Scalia name and the legal ideas he espoused.

Read the article.

The rise of local bans on hydraulic fracturing, or “fracking,” by local governments has sparked a recent backlash in carbon-producing states, writes Kristen Van de Biezenbos of Texas Tech University School of Law in an article posted on the Social Science Research Network.

“In 2015, Texas, Oklahoma, and North Carolina passed laws that forbid any city, town, or other municipal body from banning fracking or passing certain regulations on the practice, by popular vote or otherwise. Other states are likely to follow suit,” she writes.

In an abstract, she says her article is the first to propose that cities and towns in those states could incorporate and enforce existing state environmental laws. “By doing so, those municipalities may be able to ensure compliance with those environmental regulations by oil and gas companies and minimize some of the environmental harms associated with fracking, even when they cannot enact outright bans on the practice. Further, this Article explains why the incorporation and enforcement of state environmental laws by cities and towns — and particularly cities and towns in states that have taken away local power to enact fracking bans — should not be expressly or impliedly preempted by those laws. Indeed, taking this approach would also further important policy goals inherent in federalism and help restore voter confidence in the democratic process.”

Read the article.

The whistleblower, employment and civil rights law firm Katz, Marshall & Banks, LLP has announced the release of its 2016 comprehensive practice guides for the whistleblower programs for the U.S. Securities and Exchange Commission (SEC) and the U.S. Commodity Futures Trading Commission (CFTC).

The firm has produced its SEC Whistleblower Practice Guide annually since the inception of the SEC Whistleblower Program in 2010 as part of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank). As a companion manual, the firm’s first-ever CFTC Whistleblower Practice Guide covers the whistleblower program for the CFTC, an independent agency with regulatory authority over futures trading.

The firm says in a release that both guides provide in-depth explanations of the rules and procedures concerning the respective programs, offer valuable practice trips for whistleblowers and their counsel, and outline the legal protections that whistleblowers have against retaliation for reporting violations to the SEC and CFTC.

“The Katz, Marshall & Banks SEC guide is an invaluable resource containing all of the ‘nuts and blots’ about reporting securities violations to the U.S. Securities and Exchange Commission,” said David J. Marshall, a founding partner of the firm and the SEC guide’s principal author. “The guide offers great detail on everything from preparing a winning ‘tip’ to cooperating in an SEC investigation to claiming a financial whistleblower award for helping to enforce the nation’s securities laws.”

SEC officials have continually praised the whistleblower program as a significant addition to the Commission’s ability to enforce the nation’s securities law – in some cases facilitating early intervention to minimize the harm to investors from unlawful conduct. To date, the SEC has paid over $55 million to 23 whistleblowers under the program.

The CFTC Whistleblower Program, which also was established through Dodd-Frank, began accepting whistleblower tips in September 2012, with the number of tips steadily rising since the program’s inception. The CFTC thus far has paid two awards to whistleblowers in connection with these tips, including a September 2015 payout totaling $290,000.

“We are pleased to introduce the Katz, Marshall & Banks CFTC Whistleblower Practice Guide to help whistleblowers earn the financial awards for helping to regulate commodity futures trading in the United States,” said Lisa J. Banks, a founding partner of the firm and the principal author of CFTC guide. “Following a couple of recent, significant awards under the CFTC Whistleblower Program, and with $300 million set aside in a special whistleblower fund, the Commission clearly is gearing up for a greater number and higher quality of whistleblower tips and payout of substantial awards.”

Available for free download from the Katz, Marshall & Banks website, the SEC Whistleblower Practice Guide can be found here, and the CFTC Whistleblower Practice Guide is available here.

About Katz, Marshall & Banks, LLP

Katz, Marshall & Banks, LLP is a boutique law firm representing plaintiffs in the areas of whistleblower, employment discrimination and sexual harassment law; Title IX of the Education Amendments; and other civil rights and civil liberties matters. The firm’s lawyers also represent whistleblowers in seeking monetary rewards by submitting tips to the Securities and Exchange Commission and Commodities Futures Trading Commission Whistleblower Programs, and through the filing of “qui tam” actions under the False Claims Act.

The eligibility of Sen. Ted Cruz to run for president will have a hearing Friday in Chicago, according to multiple news outlets.

CNN is reporting that a judge in Illinois on Friday will hear a lawsuit challenging Ted Cruz’s eligibility to serve as president, putting questions about the Texas senator’s status back into the news the day before the South Carolina primary.

Cruz has never denied being born in Canada, arguing that longstanding U.S. statutory law validates his claim that he was automatically a U.S. citizen at birth because his mother was a U.S. citizen.

Read the story.

Lincare, a major provider of in-home respiratory care and other services, will pay $238,900 in civil monetary penalties for violating the Health Insurance Portability and Accountability Act (HIPAA), federal authorities announced Wednesday, according to a report by Home Health Care News.

“This marks only the second time that the Office for Civil Rights (OCR) has imposed civil monetary penalties for a HIPAA violation. The penalty was challenged but now has been upheld by an administrate law judge (ALJ),” the report says.

The breach involved a Lincare branch in Wynne, Arkansas, doing business as United Medical. Faith Shaw worked as a manager there from 2005 until 2009. Shaw had stored records of 278 patients in her car, which she left behind when she moved out of her marital home in 2008. Her husband reported finding those records to the OCR.

Read the article.

Connor Raso of the Securities and Exchange Commission has published a 67-page article that analyzes when and why administrative agencies avoid rulemaking procedural requirements such as the Administrative Procedure Act’s notice-and-comment process.

The summary of the rticle states that “original empirical analysis shows that agencies invoke statutory exemptions to avoid such rulemaking procedures more frequently as the threat of a lawsuit challenging that avoidance declines. In situations with a low threat of suit, agencies have avoided rulemaking procedures for more than 90 percent of rules. Such avoidance falls when the threat of suit increases. But even when litigation ensues, courts do not consistently require agencies to comply with rulemaking procedures. This spotty judicial enforcement, along with significant agency avoidance, casts doubt on the claim that rulemaking procedures have significantly burdened the rulemaking process.”

But agency avoidance suggests that rulemaking procedures do less than commonly thought to promote public deliberation in the rulemaking process, foster agency expertise, guard against agency arbitrariness, and make agencies accountable to Congress and to the public. “This suggests that agency avoidance of rulemaking procedures has some benefits, but also many costs,” Raso writes.

Read the white paper.

As a part of its complimentary HIPAA education series, Compliancy Group will present a webinar on best practices for preparing for upcoming 2016 HIPAA audits, with lessons and examples from past breaches and fines.

The webinar will be Thursday, Jan. 28, beginning at 2 p.m. Eastern time.

“With 2016 audits looming in the headlines there is no doubt you should be prepared for the long overdue, stricter audits.” the company says on its website. “Past violations will be analyzed: causes of the incidents, gaps, and remediation. Learn from experts about how to stay out of the headlines, avoid penalties and protect your reputation.”

Register for the webinar.

By Rob Scott
Scott & Scott

I am a technology attorney representing financial institutions in transactions with service providers. The Gramm-Leach-Bliley (GLB) Act is a federal law that requires financial institutions take steps to ensure the security and confidentiality of customer data. As part of its implementation of the GLB Act, the Federal Trade Commission (FTC) requires financial institutions under its jurisdiction to safeguard customer records and information. This requirement is known as the Safeguards Rule.

The Safeguards Rule applies to organizations that are significantly engaged in providing financial products or services to consumers, including check-cashing businesses, data processors, mortgage brokers, nonbank lenders, personal property or real estate appraisers, and retailers that issue credit cards to consumers.

According to the Safeguards Rule, financial institutions must develop a written information security plan that describes their program to protect customer information. All programs must be appropriate to the financial institution’s size and complexity, the nature and scope of its activities, and the sensitivity of the customer information at issue. Covered financial institutions must among other things, select appropriate service providers and require them (by contract) to implement the safeguards.

From a transactional perspective, the Safeguards rule requires due diligence to insure that all service providers are “appropriate.” Once a service provider has been selected, appropriate contract language must be added in order to be in compliance with the Act.

Pursuant to Section 501(b) of GLBA, financial regulators have published the Interagency Guidelines for Establishing Information Security Standards and have established audit protocols to gauge compliance during routine audits.

Service Provider Definition

Under the regulations, a service provider is any party that is permitted access to a financial institution’s customer information through the provision of services directly to the institution. Examples of service providers include a person or corporation that tests computer systems or processes customers’ transactions on the institution’s behalf, document-shredding firms, transactional Internet banking service providers, and computer network management firms.

Overseeing Service Providers

The Security Guidelines establish specific requirements that apply to a financial institution’s contracts with service providers. An institution must:

• Exercise appropriate due diligence in selecting its service providers;
• Require its service providers by contract to implement appropriate measures designed to meet the objectives of the Security Guidelines; and
• Where indicated by its risk assessment, monitor its service providers to confirm that they have satisfied their obligations under the contract described above.

Sample Language for Monitoring and Oversight

Here is the language I like to use to make sure that the financial institution is in compliance with the requirement to oversee the service provider.

Use of Subcontractors. Vendor may use subcontractors in connection with this agreement provided that Vendor’s use of subcontractors is in compliance with the requirements set forth in 501(b) of GLBA. Upon request Vendor must certify that its vendors and subcontractors are in compliance with GLBA.

Oversight. Upon request, Vendor shall provide BANK with copies of audits, summaries of test results, or equivalent evaluations to confirm that Vendor is in compliance with its obligations under GLBA.

Requiring Service Providers to Implement Appropriate Security Measures

The contract provisions in the Security Guidelines apply to all of a financial institution’s service providers. After exercising due diligence in selecting a company, the institution must enter into and enforce a contract with the company that requires it to implement appropriate measures designed to implement the objectives of the Security Guidelines.

In particular, financial institutions must require their service providers by contract to:

• Implement appropriate measures designed to protect against unauthorized access to or use of customer information maintained by the service provider that could result in substantial harm or inconvenience to any customer; and
• Properly dispose of customer information.

Sample Language for Safeguards Rule

I use this language to make sure that that the service provider is contractually bound to implement appropriate measures.

Compliance With Laws. Vendor represents and warrants that the Services will be performed consistent with all applicable laws, rules and regulations, and that it will promptly re-perform at its expense any Services that fail to meet that standard. Vendor acknowledges that BANK is subject to the GLB Act, Title V, (“GLBA”) and that Vendor is considered a service provider under GLBA. During the term of this agreement, Vendor shall have, adequate administrative, technical, and physical safeguards designed to protect against unauthorized access to or use of customer information maintained by it or its subcontractors or vendors that could result in substantial harm or inconvenience to BANK or any customer, as set forth in GLBA to (i) ensure the security and confidentiality of such BANK Data; (ii) help protect against any anticipated or reasonably likely threats or hazards to the security or integrity of such BANK Data; (iii) help protect against unauthorized access to or use of such BANK Data; and (iv) ensure the proper disposal of BANK Data.

Incident Response Rule

In addition, the Incident Response Guidance requires a service provider to take appropriate actions to address incidents of unauthorized access to the financial institution’s customer information, including notification to the institution as soon as possible following any such incident.

Sample Language for Incident Response

Here is the sample language I like to use to use for the incident response rule.

Incident Response. Vendor will take appropriate actions to address incidents of unauthorized access to BANK’s customer information, including notifying BANK as soon as possible following any such incident.

When representing financial institutions in transactions with service providers, it is critically important to understand the regulatory framework and how it impacts the transaction. I rarely see vendor contracts that comply with these regulations. Failure to comply with the GLBA safeguards rules and contracting requirements with services providers can result in adverse audit findings by regulators and potentially increase liability for privacy and security claims for damages.

Goldman Sachs Group on Thursday agreed to pay $5.1 billion to end an investigation into its packaging of residential mortgage-backed securities in the run-up to the financial crisis, reports Forbes.

“Thursday’s agreement with the RMBS Working Group of the U.S. Financial Fraud Enforcement Task Force, still subject to finalization with the Justice Department and other authorities, includes a $2.4 billion civil monetary penalty and calls for $875 million in cash payments and $1.8 billion in ‘consumer relief’ such as forgiving principal for borrowers whose homes are worth less than their remaining mortgage obligations and supporting foreclosure prevention,” Forbes reports.

The bank said the settlement would knock $1.5 billion off its after-tax earnings from the fourth quarter of 2015.

Read the article.

There is good evidence that the founding fathers would have understood the words “natural born citizen” to mean only people born within a nation’s borders, but there’s also strong evidence on the other side of the debate, according to an article published by ThinkProgress.

Harvard University Law Professor Laurence Tribe, for example, wrote in a newspaper op-ed piece that “the constitutional definition of a ‘natural born citizen’ is completely unsettled,” and then he claims that, under the method of constitutional interpretation Cruz preferred when he was Tribe’s student, Cruz “wouldn’t be eligible, because the legal principles that prevailed in the 1780s and ’90s required that someone actually be born on US soil to be a ‘natural born” citizen.’”

But two former United States Solicitors cite the Naturalization Act of 1790, which states that children born outside of the country, but with parents who are U.S. citizens, are natural born citizens themselves.

Read the article.