We published an article with NYSBA Labor and Employment Law Journal, titled “Employee Threats to Critical Technologies Are Best Addressed Through a Formalized Insider Threat Risk Assessment Process and Program.” With the New York State Bar Association’s permission, we have linked it here.
Featured on Employment Law This Week: New Legislation Eases Disclosure Requirements for Startups under the Dodd-Frank Wall Street Reform.
Startups offering equity plans get regulatory relief. The legislation that President Trump signed in May to ease regulations under the Dodd-Frank Wall Street Reform and Consumer Protection Act also contained some good news for startups. The law adjusts the Rule 701 thresholds, which allow private companies to offer equity to employees without registering the sales as public offerings.
Watch the segment below.
Following is an excerpt:
After nearly ten years, on Tuesday, June 5, 2018, the World Wide Web Consortium (the “W3C”), the private organization focused on enhancing online user experiences, published the long awaited update to its Web Content Accessibility Guidelines 2.0 (“WCAG 2.0”), known as the WCAG 2.1. Those who have been following along with website accessibility’s ever-evolving legal landscape are well aware that, despite not having been formally adopted by regulators for the vast majority of the private sector, compliance with WCAG 2.0 at Levels A and AA has become the de facto baseline for government regulators, courts, advocacy groups, and private plaintiffs when discussing what it means to have an accessible website. …
Following is an excerpt:
The National Institute of Standards and Technology (“NIST) has announced that it will be seeking industry input on developing “use cases” for its framework of cybersecurity standards related to patient imaging devices. NIST, a component of the Department of Commerce, is the agency assigned to the development and promulgation of policies, guidelines and regulations dealing with cybersecurity standards and best practices. NIST claims that its cybersecurity program promotes innovation and competitiveness by advancing measurement science, standards, and related technology in ways that enhance economic security and quality of life. Its standards and best practices address interoperability, usability and privacy continues to be critical for the nation. NIST’s latest announcement is directed at eventually providing security guidance for the healthcare sector’s most common uses of data, inasmuch as that industry has increasingly come under attack. …
The European Union’s (“EU’s”) General Data Protection Regulations (“GDPR”) go into effect on May 25, 2018, and they clearly apply to U.S. companies doing business in Europe or offering goods and services online that EU residents can purchase. Given that many U.S. companies, particularly in the health care space, increasingly are establishing operations and commercial relationships outside the United States generally, and in Europe particularly, many may be asking questions akin to the following recent inquiries that I have fielded concerning the reach of the GDPR:
What does the GDPR do? The GDPR unifies European data and privacy protection laws as to companies that collect or process the personally identifiable information (“PII” or, as the GDPR calls it, “personal data”) of European residents (not just citizens).
Who must comply? The GDPR applies to any company that has personal information of EU residents or citizens or that conducts business in the EU, regardless of its home country.
What is the risk of non-compliance? The GDPR mandates documented compliance. The regulations provide for substantial fines of up to €20 million or 4 percent of global revenues for noncompliance. Willful non-compliance is most heavily fined under this tiered system.
How far along are most companies as to compliance? The consulting firm Gartner estimates that more than half of the companies that are subject to the GDPR will not be in compliance throughout this year. They will be at risk.
Who will adopt the regulations? All 28 EU members, plus Iceland, Norway, and Liechtenstein (collectively known as the “European Economic Area”), and likely the United Kingdom, will adopt the regulations.
Will the regulations be enforced extraterritorially? The GDPR applies worldwide as to any company that offers goods or services (even if they are free) within the EU or collects, processes, or maintains (anywhere) personal data about European residents (again, not just citizens).
How is “personal data” defined? The definition includes any information as to a human being (called a “data subject”) that can directly or indirectly identify him or her, including, but not limited to, names; birthdates; physical addresses; email and IP addresses; and health, biometric, and demographic information.
What constitutes compliance? In general terms, a subject company must limit the use of the retained personal data and maintain it securely.
- Explicit consent is required for each processing activity as to any covered datum.
- Access, free of charge, must be afforded to any data subject on request to a “data controller” (a person at the company charged with maintaining data), who, in turn, must assure that any “data processor” (any person or company that takes data from consumers and manipulates or uses it in some way to then pass along information to a third party) is compliant as to the requested action.
- Data subjects have the right to be “forgotten, i.e., to have their data expunged, and may revoke consent at will.
What does the GDPR require if there is a data breach? Data breaches that “may” pose a risk to individuals must be notified officially within 72 hours and to affected persons without undue delay.
This, of course, is only an outline of GDPR requirements and procedures. Any specific advice only can be provided knowing an individual company’s circumstances and needs. One does note that, as is the case in other regards, for example, antitrust, the assumptions prevalent within the EU are decidedly different from those in the United States. As a number of commentators have observed, while there is no defined “right of privacy” in the United States, a company is required to preserve information, including PII and personal health information, or PHI, in the event of litigation. In Europe, which has very limited litigation discovery, there is a defined right of privacy and individuals can cause data describing them to be erased (“forgotten”).
Many of you know also that there is a case pending a decision in the Supreme Court of the United States involving whether the U.S. government can compel Microsoft to produce PII that is collected and stored outside of the United States. An affirmative decision might create a conflict of law that will complicate the data retention abilities of American companies doing business overseas. So stay tuned.
Featured on Employment Law This Week: A California federal judge has ruled that a former GrubHub delivery driver was an independent contractor, not an employee.
The judge found that the company did not have the required control over its drivers for the plaintiff to establish that he is an employee. This decision comes as companies like Uber and Lyft are also facing lawsuits that accuse them of misclassifying employees as independent contractors. Carlos Becerra, from Epstein Becker Green, has more.
Watch the segment below and read our recent post.
James D. Schutzer is the Vice President at JDM Benefits, a consulting group that provides strategic benefits services to small and mid-size employers. His career in healthcare spans over 20 years and has included leadership roles in employee benefits and insurance sales. He spent 10 years working in sales for carriers like Wellpoint and Oxford Health Plans. Jamie frequently presents and lectures to many organizations on the topic of the Affordable Care Act and sat on the New York State Health Benefit Exchange Regional Advisory Council. In addition, Jamie is the Immediate Past President of New York State Association of Health Underwriters (NYSAHU) as well as Legislative Co-Chair, and is an Executive Committee member of the Business Council of Westchester, and currently serves as Treasurer. In December 2015, Jamie was named in the Employee Benefit Adviser as one of the 14 politically active brokers to know across the U.S.
While attempts to fully repeal and replace the Affordable Care Act in 2017 did not come to fruition, several developments are taking on momentum which will surely shape the ability of employers to sponsor insured health plans for their employees in the future. From the repeal of the individual mandate penalty, expansion of association health plans, State proposals to increase taxes on insurers, referenced-based pricing and new “blockchain” models to purchase services directly for employees, the insured markets will be under increasing stress to survive. It is possible that these trends will accelerate the collapse of the insurance markets and usher in a government provided single payer system, and/or self-directed mode of procuring healthcare via blockchain technology. I recently sat down with James Schutzer to discuss the evolving landscape in employer-provided group healthcare and obtain his insights regarding how these changes will impact costs and the future of employer-provided health insurance.
Michelle Capezza: How do you see the repeal of the individual mandate impacting the insurance markets and the ability of employers to obtain affordable insurance plans for their employees?
James Schutzer: For starters, the individual mandate penalty lacked the teeth from the beginning and I think it is still difficult to ascertain how many people enrolled in health insurance to avoid the penalty. There are different reports out in the market which argue the point from both sides. As an employee benefits advisor, I have seen a slight uptick in enrollment in employer sponsored coverage for the reason that employees want to avoid the individual mandate penalty. Therefore, I do not see the elimination of the individual mandate having a significant impact in the employer sponsored market. Plus, the employer mandate still exists as of this time and Applicable Large Employers are required to offer insurance or pay a penalty.
MC: For employers that seek to utilize the new rules expanding the ability to form association health plans (AHPs), how will this increase the adverse selection issues already straining insurance markets?
JS: One concern related to AHP’s is that they can possibly siphon off the “perceived” good risk leaving the older and sicker members in the small group market. This will certainly create a death spiral. Another concern is that employers can jump in and out of the small group market based on medical needs. I believe the proposed regulations try to address and prevent this type of behavior. I know the National Association of Insurance Commissioners has come out in opposition to AHP’s.
MC: How do you see these developments impacting an employer’s decision to sponsor a high deductible health plan with access to a health savings account for its employees versus self-funding a plan? Are these still viable modes of delivering employer-sponsored health coverage to employees?
JS: High deductible health plans with a health savings account are still growing but I have seen the pace slow down the last couple of years. One important piece which is still not readily available is the price transparency tools which enable people to be better healthcare consumers. On the other hand, we are seeing more employers testing the waters with partially self insured plans. There are many benefits to this strategy but it does come with risks. It is critical that the employer completely understands the inner workings of being partially self insured. Picking the right individual and aggregate stop loss, provider network, pharmacy benefit manager among other things is vital to the success of the plan.
MC: What is your view regarding the viability of referenced-based pricing models for employer-provided health insurance?
JS: Referenced based pricing (RBP) is a newer concept that is starting to break into the Northeast. This market is generally slower to adapt to change but RBP is proving to save employers money in other parts of the country. Hospital and major surgical costs have exploded and RBP is trying to tackle this issue head on by identifying the true cost basis and providing payment based on this data. Employers with a partially self funded plan rely on a “leased” network for their discounts when their employees utilize healthcare. This contracted rate is what the employer is responsible to pay (outside of the employee’s copay, deductible, etc). RBP looks to further peel back layers of hospital and high cost surgical claims and offer a more “fair” payment. In return, the employer’s costs are lowered. The one challenge to RBP is the potential for balanced billing but there are RBP vendors employers can work with to assist in defending the payment.
MC: Given the complexities of these markets and programs, it is no wonder blockchain is being applied to healthcare, and household name employers are beginning to develop models to contract directly with healthcare service providers and pharmaceutical companies and use their own technology to administer claims. It seems that if more transparency in pricing can be obtained, this would lend itself to blockchain purchases. How do you see this evolving, and do you think an AHP could operate this way?
JS: Yes, the blockchain phenomenon is creeping into healthcare. As I mentioned before, transparency is so badly needed in healthcare and blockchain might be the right conduit to deliver it. Healthcare is the only area I can think of where you do not know the cost of the service until after it has been performed. Although some progress has been made over time, there is still plenty of work to be done. Can you imagine needing a hip replacement and having the ability to price out the surgery in advance? But something which cannot be overlooked are the outcomes and the data to support this is sorely needed as well. Blockchain can definitely have an impact here as well as data can be easily accessible.
MC: As more individual data is collected via electronic medical records, and through direct blockchain purchasing developments, and other technology based tracking and healthcare delivery systems, do you see such Big Data being collated, analyzed and utilized to drive value based pricing initiatives and influence certain healthy behaviors?
JS: As I mentioned above, data is a key to bending the healthcare cost curve. I recently bought a new television and the research I was able to do online was remarkable. Brand, dimensions, reviews, prices…all at my fingertips. It would be a game changer if this type of data becomes available in the healthcare industry.
MC: Given these developments, do you see a potential for the pendulum to swing to a U.S. government-provided system of healthcare, requiring all employers and individuals to pay into such a system with increased payroll and income taxes, and perhaps requiring individuals to use blockchain technology to self direct their allotted government healthcare dollars to purchase healthcare services?
JS: I believe we must leave healthcare in the hands of the free market system as opposed to the government. I believe we are in the very early stages of a sea change in the healthcare industry. The current system is just not sustainable in the long run and although we can put band aids on the problem ultimately, there must be some major changes in the delivery system. We have the tools….now we have to figure out how to use them to our advantage.
MC: Thank you. Clearly there are many approaches to providing and obtaining health insurance. As cost pressures increase and the desire for transparency rises, it will be important to monitor which path stands.
Our colleague Daniel R. Levy, at Epstein Becker Green, has a post on the Trade Secrets & Employee Mobility blog that will be of interest to our readers: “It’s a Brave New World: Protecting Trade Secrets When Traveling Abroad with Electronic Devices.”
Following is an excerpt:
Consider the following scenario: your organization holds an annual meeting with all Research & Development employees for the purpose of having an open discussion between thought leaders and R&D regarding product-development capabilities. This year’s meeting is scheduled outside the United States and next year’s will be within the U.S. with all non-U.S. R&D employees traveling into the U.S. to attend. For each meeting, your employees may be subject to a search of their electronic devices, including any laptop that may contain your company’s trade secrets. Pursuant to a new directive issued in January 2018 by the U.S. Custom and Border Protection (“CBP”), the electronic devices of all individuals, including U.S. citizens and U.S. residents, may be subject to search upon entry into (or leaving) the U.S. by the CBP. …
Following is an excerpt:
Recently, a number of proposed class and collective action lawsuits have been filed on behalf of so-called “gig economy” workers, alleging that such workers have been misclassified as independent contractors. How these workers are classified is critical not only for workers seeking wage, injury and discrimination protections only available to employees, but also to employers desiring to avoid legal risks and costs conferred by employee status. While a number of cases have been tried regarding other types of independent contractor arrangements (e.g., taxi drivers, insurance agents, etc.), few, if any, of these types of cases have made it through a trial on the merits – until now.
In Lawson v. GrubHub, Inc., the plaintiff, Raef Lawson, a GrubHub restaurant delivery driver, alleged that GrubHub misclassified him as an independent contractor in violation of California’s minimum wage, overtime, and expense reimbursement laws. In September and October 2017, Lawson tried his claims before a federal magistrate judge in San Francisco. After considering the evidence and the relevant law, on February 8, 2018, the magistrate judge found that, while some factors weighed in favor of concluding that Lawson was an employee of GrubHub, the balance of factors weighed against an employment relationship, concluding that he was an independent contractor. …
On January 30, in New York City, our colleague Michelle Capezza of Epstein Becker Green will be a panelist at the “2018 Technology Economic & Financial Outlook,” hosted by the New Jersey Tech Council (NJTC).
From the “internet of things,” to the cloud, to autonomous cars, there is not a single industry segment that has not leveraged technology to develop better products and services for the benefit of their customers as well as their stakeholders. As technology makes the world smaller, it also opens up endless opportunities for creativity and innovation. The panel will discuss the impact that technology will have in 2018 on the regional, domestic, and global economic and financial environment.
For more information, visit NJTC.org.