Posted on

HITECH Means High Stakes in First-Ever State HIPAA Lawsuit

Yesterday, the Attorney General of the State of Connecticut filed suit against the Connecticut subsidiary of Health Net, charging it with violations of the privacy and security requirements of HIPAA. The action, filed yesterday in the United States District Court in Connecticut, comes on the heels of a security breach involving medical records and Social Security numbers. The suit also names United Health Group Inc. and Oxford Health Plans LLC, who acquired Health Net of Connecticut but who were not involved in the data breach.

If you forgot, last year the Health Information Technology for Economic and Clinical Health Act (HITECH), for the first time authorized individual state attorneys’ general to enforce the security and data privacy regulations under HIPAA, and this appears to be the first such action.

The lawsuit claims that Health Net in Connecticut failed to provide adequate security for the medical and financial records of hundreds of thousands of enrolled individuals, and failed to notify them promptly in connection with the breach. The breach, which took place last May, involved the disappearance of a computer hard drive. Health Net eventually reported the breach, posting a notice on its website and starting a staggered process of mailing letters to consumers November 30, 2009, almost six months after the security breach. For those of you involved in the collection, handling, maintenance, or use of personal, financial and medical information covered by HIPAA, new federal rules under the HITECH Act require “timely” notification of certain breaches, rules that have a compliance deadline of February 22, 2010.

Health Net attributed the delay in reporting to its inability to determine exactly what was on the computer hard drive that disappeared, thus not being sure if a notice was even required. One can only surmise that the mere fact that Health Net didn’t know what information was contained on a removable computer hard drive made its reasoning less than satisfactory to the Connecticut State Attorney General. Although Health Net appears to have conceded that the data was not encrypted, it did indicate that the data should not be visible without the use of specific software. However, Kroll Inc., a computer forensic firm retained by Health Net to investigate the breach, reported the data could be viewable with commonly available software.

Privacy, security and data protection of non-public, personally identifiable and sensitive information (e.g., health, financial data) are increasingly subject to stricter rules and regulations. The use of the Internet and web, making digital information more susceptible to undetected duplication, transmission and access – not to mention the obvious fact that carrying millions of pages of records would be impossible, while walking out with a single hard disk or CD-ROM on which the same data and information has been scanned or stored in digital form – can be virtually undetectable.

Do you know of any law firm that has a team of privacy and data security, identity theft and data breach legal professionals? A firm that has health care, financial services and insurance specialists, as well as lawyers steeped in digital technology, information security and e-commerce? A firm that has transactional, regulatory compliance and policy-oriented lawyers who can audit current practices and policies, assist in developing mechanisms needed to satisfy regulatory requirements, and provide legal support to help avoid a legal problem, and also regulatory, compliance and litigation professionals who can represent and defend clients if a problem arises? Now you do – Rimon. If you need more information, contact me, Joseph I. (“Joe”) Rosenbaum, or Mark Melodia or Paul Bond, or the Rimon attorney with whom you regularly work, if you need legal advice, information or support on this subject.

Posted on

UK Sports Minister Proposes Changes to Gambling Legislation

This post was also written by Laura Hicks.

Last week, Gerry Sutcliffe, Minister for Sport in the United Kingdom, announced proposals to make significant changes to the existing legislative framework under which remote gambling is regulated. Following a review of the system of online gambling regulation in Great Britain by the Department for Culture, Media and Sport, a consultation is being launched with a view to introducing laws requiring all online operators to apply for a license from the Gambling Commission in order to either advertise or provide gambling services to British consumers. According to the Minister for Sport, the proposed changes were “necessary to ensure the protections in the Gambling Act – to keep gambling crime free, to ensure gambling is fair and open, and to ensure that children and vulnerable people are protected from harm – continue to be afforded to British consumers.”

Under the proposals, a license will be required even if the gambling services are offered to British consumers using remote gambling equipment from outside Great Britain. Currently, only operators based and licensed in the UK are allowed to advertise in the UK, unless the country in which they are based is either a member state of the EEA or on the government’s “whitelist.” More information on the “whitelist” is available on the Department for Culture, Media and Sport website, but to give you some insight, territories currently on the list are Antigua and Barbuda, Tasmania, the States of Alderney and the Isle of Man. “Whitelisting” is the process used by the UK Ministry to assess the regulatory framework for gambling in any jurisdictions outside the EEA that apply for permission to advertise their services within the UK.

As well as being obliged to share information about suspicious betting patterns with the UK’s sports governing bodies and the Gambling Commission, foreign operators would also have to comply with British license requirements concerning the protection of children and vulnerable people, and contribute to the research, education and treatment of problem gambling in the UK.

This appears to be a move by the UK government to close a loophole in the laws that protect online gamblers in the UK, and that more closely mirror the more protectionist regime in the United States. If this extension of the licensing regime is introduced into legislation, it will be interesting to see how the regulator intends to enforce the license scheme against gambling companies with no UK presence. In the United States, enforcement has involved a variety of “indirect” mechanisms, from the Department of Justice’s use of the Interstate Wire Act of 1951, which applies to sports betting to assert jurisdiction over online gaming – even though the Fifth Circuit ruled in 2002 that the Wire Act only applies to sports betting – to seizing advertising payments made to broadcast networks by advertisers seeking to promote online gambling considered illegal by the United States. Since 2006, with the enactment of the Unlawful Internet Gambling Enforcement Act of 2006 (UIGEA), the United States has sought to seize assets in financial institutions tied to online gambling, based on what it considers illegal activity, money laundering and a variety of other offenses. It is noteworthy that UIGEA does not make online gambling illegal per se, but rather prohibits any transfer of funds from a financial institution (as defined in the legislation) to an illegal Internet gambling site.

Once you read the UK Sports Ministry’s announcement, if you need more information, contact Laura Hicks, an associate in the Media and Technology team, in our London office. Of course, you can always contact me, Joseph I. (“Joe”) Rosenbaum in New York, or Gregor Pryor in London, or the Rimon attorney with whom you regularly work, if you need legal advice, information or support on this subject.

Posted on

Now, Web-Birds of a Feather Can Actually Flock Together

Well, it seems like almost yesterday (actually a little more than a month ago), that a subsidiary of Mixx, the popular social voting site, launched TweetMixx, a new service that enables companies, brands, politicians, and celebrities collect and aggregate all the mentions about them on Twitter on a single page. “TweetMixx Channels,” as the service is branded, enables you to create a branded page, tailored to you – from your own Twitter Tweets and RSS Feeds to comments from customers, reviewers, fans or pretty much anything you like. We’ll use “you” generically to mean any label that fits – people, brands, goods, services, you name it.

Ever see those vanity license plates on cars? Now you can have your own vanity Twitter Mixx channel, and the service uses “Tabs” to allow a variety of features and functions. There’s one that uses search terms to find links and tweets about you on Twitter, in apparent deference to the new Federal Trade Commission Endorsement Guides (see our post FTC (Revised) Endorsement Guides Go Into Effect earlier today; there’s an “Insiders” tab that identifies anyone with a material connection or that is associated with you (e.g., employees, agents, paid endorsers); and other tabs that enable you to customize and populate the channel. In addition, since the service appears to act both as an aggregation and a search tool for content about you, consumers can find all the Twitter traffic and channel information about you in one place, and at the same time, you can use the service to track and monitor conversations and references to you on Twitter. Right for consumers; right for you – clever.

Remember Facebook’s personalized URLs just a few months ago (Legal Bytes blog post Facebook Adds Personalization & a (Brand) New Dimension)? This is not simply another social media fad. Already companies are getting on the bandwagon (or should we say birdwagon). Today, the National Hockey League (www.nhl.com) will be among the first few enterprises launching its TweetMixx Channel – its own private label branded distribution platform using the TweetMixx service. TweetMixx even provides you with a widget that can be embedded on other websites (think bloggers, profile pages, etc.). The NHL’s “Chatter” tab on TweetMixx, for example, will provide streaming tweets from hockey fans, while a “Links” tab will keep track of the tweets that are retweeted most often, and will rank these favorites by putting them at the top of the TweetMixx Channel web page.

So for advertisers, brand managers, marketing professionals and agencies, this new tool is the beginning of enabling a clearer strategic use of Tweets. Just as branded pages and channels, enabling two-way conversations, have emerged on YouTube and Facebook, allowing brands and celebrities to engage with consumers and fans, TweetMixx seeks to provide an ecosystem for Twitter traffic. Chris McGill, founder and CEO of Mixx, noted that each TweetMixx Channel can be analogized to a “tree.” You have TweetMixx plant a customized tree of your choice, then you are given the tools to nurture it, to prune it and to watch it grow. Do it right and you have branches where Twitter users can “flock, sit and sing” about you – the people, products, services and things they care about. TweetMixx owns the forest!

Can you or your brand afford to stay out of the social media arena? Are you afraid of the new risk-reward paradigm and uncertain what to do? Do you know you have to do something, but are suffering from analysis paralysis? Have traditional models got you stuck in the mire? Call us. Our Advertising Technology & Media law practice group and our newly formed Social Media Task Force already have unparalleled depth, experience and bench-strength in understanding, working with, and advising clients in this brave new world. From developing policies to monitoring compliance; from protecting and enforcing your rights to developing relationships and partnerships with others to engage in the conversation. To win it, you have to be in it. If you need help, contact me, Joseph I. (“Joe”) Rosenbaum, or the Rimon attorney with whom you regularly work. We are happy to help.

Posted on

Join Us for Cookies – It’s the Social (Media) Thing to Do

Just a reminder that space is filling up, so if you want to join us for any of the three West Coast social media law seminars please use the registration link below to sign up. Joseph I. (“Joe”) Rosenbaum and Anthony Traymore from the Advertising Technology & Media Group in New York and local Rimon lawyers in each office will present: “Social Media: It’s 10:00 p.m. Do You Know Where Your Brand Is?”

Can’t attend?  If you are a client, we can do a customized in-house seminar for your legal department, executive management, marketing or other professionals. Not a client, perhaps you should be.  Interested? Contact Joe Rosenbaum.

Posted on

Social Media: It’s 10 p.m. Do You Know Where Your Brand Is?

Did you miss our New York seminar on Social Media? Well now you can catch us in California. Three of Rimon’s offices in California will be hosting a seminar on social media, where Joseph I. (“Joe”) Rosenbaum and Anthony Traymore from the Advertising Technology & Media Group in New York, and local Rimon lawyers in each office, will present:

“Social Media: It’s 10 p.m. Do You Know Where Your Brand Is?”

Tweets, profiles, avatars, blogs, chats, friend requests, user-generated content, personalized pages, customized URLs—keeping up with social media is daunting. Social media continues to change the rules of engagement, and for companies, brands, marketing professionals and their legal advisors, engagement is now the rule. Just as economic and advertising models for whole industries are changing to take advantage of social media, industries must confront new and unprecedented legal risks in this brave new world of engagement—a world where lawmakers, regulators and courts are struggling to figure it out. Legal risks and challenges abound; so does opportunity—for brands who know before they go!

Rimon LLP is a State Bar of California-approved MCLE provider, and this course qualifies for 1.5 general MCLE Credit. The presentations will highlight:

  • Best practices for corporate engagement in social media
  • How to approach workplace policies
  • The current and potential legal landscape evolving around social media platforms
  • Case studies—social media successes and failures
  • Highlights of our “white paper”: A Legal Guide to the Commercial Risks and Rewards of the Social Media Phenomenon, recently released by the Rimon Social Media Task Force
  • And much more

Because of the high level interest received, we will be conducting the seminar in three of our California offices.

1.  Rimon’s San Francisco Office

Tuesday, December 8, 2009

Registration & Breakfast: 8:30 a.m.; Program: 9:00 – 10:30 a.m.

 

2.  Rimon’s Silicon Valley (Palo Alto) Office

Tuesday, December 8, 2009

Registration & Lunch: 12:30 p.m.; Program: 1:00 – 2:30 p.m.

 

3.  Rimon’s Century City (Los Angeles) Office

Wednesday, December 9, 2009

Registration & Breakfast: 8:30 a.m.; Program: 9:00 – 10:30 a.m.

 

We hope you will attend, and we encourage you to share this invitation with others. For your convenience, here is a link to the invitation & registration page for these sessions.

Posted on

The Fed Notices an Overdraft – Decides to Close the ATM Window

This post was written by Roberta G. Torian and Joseph I. Rosenbaum.

On Nov. 12, the Federal Reserve Board released its final rule on overdrafts for ATM and one-time debit card transactions (the “Final Rule”), which amends Regulation E. Although it hasn’t been published in the Federal Register yet, Legal Bytes thought you might like a little heads-up as to what is in the new Final Rule.

To start, a financial institution will have to obtain a consumer’s consent – in advance – to assess a fee for paying an overdraft in an ATM or one-time debit card transaction. To get consent, the financial institution must provide a description, give the consumer an opportunity to opt-in; and if consent is given (which can be revoked at any time), give the consumer written or electronic confirmation. While existing customers who haven’t opted in to the overdraft program by then can’t be charged a fee for these overdrafts after Aug. 15, 2010, for everyone else, compliance is required by July 1, 2010.

Here’s one you might not have considered. What if the system in place with the financial institution doesn’t distinguish between various types of overdrafts (e.g., one-time debit card versus recurring debit card transactions)? Well there is a safe harbor, but you’ll have to call Roberta G. Torian (or read the Final Rule yourself).

Now, the Final Rule doesn’t mean a financial institution is required to pay overdrafts, whether or not a consumer has consented, and it still allows them to maintain policies on overdraft limits, frequency, and other factors that would restrict the customer’s overdraft privileges. In other words, it doesn’t change an institution’s right to manage its overdraft program or risk – only the situations where it can charge a fee to the consumer.

The Final Rule does, however, delve a bit more deeply into the marketing and cross-selling considerations financial institutions must comply with. For example, the Final Rule prohibits conditioning other account services on opting in to the overdraft service. Furthermore, the consumer must be offered the same account terms, conditions and features, whether or not they opt-in to the overdraft program.

The Federal Reserve Board has created a model form for use by financial institutions (one that can be modified to fit the individual programs available) to obtain the consumer’s opt-in consent, and that highlight the disclosures required by the Final Rule. The form was developed because the Final Rule also prohibits including this new overdraft "consent" as part of the basic account agreement when a consumer opens an account. In other words, you need to give the consumer a meaningful opportunity to decide whether to opt-in, and not simply bury the "consent" in a string of clauses and terms.

Although the rule has not yet been published in the Federal Register, you can download a copy of the Final Rule right here. But if you really want to know the (opt) ins and (opt) outs of Regulation E, contact Roberta G. Torian, Joe Rosenbaum or any of the lawyers at Rimon with whom you work. Rimon has a full service Financial Institutions Group that can help virtually any financial institution with legal support, service, and representation, whenever and wherever the need arises. Call us, we are happy to help.

Posted on

Death Knell or Glimmer of Hope: Care to Bet on Online Gambling?

Legal Bytes has previously reported to you concerning Title VIII of the Security and Accountability For Every Port Act of 2006 (or SAFE Port Act), which is the part of the SAFE Port Act endearingly known as UIGEA (the Unlawful Internet Gambling Enforcement Act of 2006). On Tuesday, the U.S. Court of Appeals for the Third Circuit rejected a claim by the Interactive Media Entertainment & Gaming Association that UIGEA is too vague or unconstitutional or infringes on the individual’s right to privacy. The unanimous ruling was issued amid a tug-of-war between the Justice Department that is anxious to crack down on the gambling industry, and the actions of Rep. Barney Frank (D-Mass.) and other members of Congress who are advocating legislation to legalize the gaming industry.

The decision to uphold UIGEA, which banned payment processing by U.S. financial institutions for online betting, might appear to be a blow to the gaming industry, but there is a potential ray of hope. On page 8 of the Court’s Opinion, the Third Circuit concluded UIGEA was not constitutionally vague, nor had the law made any gambling activity illegal. Rather, the vagueness problem cited by the Court arose from the underlying state law. To wit, the Court explicitly notes what many in the industry have known for a long time: “[T]he Act itself does not make any gambling activity illegal [under the UIGEA]. Whether the transaction in Interactive’s hypothetical constitutes unlawful Internet gambling turns on how the law of the state from which the bettor initiates the bet[.]”

One can thus read this decision as an opportunity for state gambling clarity. Currently, only six states in the United States have an outright prohibition against Internet gambling; the other 44 states (and U.S. territories) have an opportunity, if they wish to seize it, to legalize, authorize, license, regulate and potentially tax online gambling.

For the record, the Frank Internet gambling legislation that proposes to delay enforcement of UIGEA pending the enactment of a federal online gambling licensing and regulatory framework, has been pending in committee since May, and there are many pressing items on Congress’s plate. Thus, it is unlikely that Congress is poised for quick action on this legislation. That said, the court’s decision appears to leave the door to online gambling enabled by state legislation open. Stay tuned.

If you need to know more, contact Amy S. Mushahwar directly, or you can always contact me, or the Rimon attorney with whom you regularly work. We are happy to help.

Posted on

Credit Card Act of 2009: Act I, Scene 1

A few months ago, Legal Bytes noted the progress of the Credit Card Act of 2009 (the “Act”), and when it was signed into law, we updated that blog post with a note about the inclusion, for the first time in federal law, of coverage of gift cards.

Today, some of the credit card protections the Act affords consumers go into effect. First, credit card bills must be mailed to the consumer at least 21 days before payment is due. Second, significant changes to the rates or fees that apply to credit cards can’t be implemented unless consumers are given at least 45 days’ notice. In both cases, this represents an elongation of the prior regulations (14 days and 15 days, respectively). 

Provisions of the Act also in effect now prohibit credit card issuers from raising their fees and interest rates without any notice if a credit card account holder fails to make a payment on time or goes over their credit limit. In most cases, such a charge would have required approval from the issuing institution anyway.

Most of the other significant provisions of the Act come into effect next February (e.g., restrictions on increases in interest rates for existing credit card balances), and by July 2010, the Federal Reserve Board is to have crafted and approved new rules covering consumer disclosures (i.e., advertising, application forms, etc.).

If you need to know more about compliance and credit cards—offline or online—contact me (Joseph I. Rosenbaum) or the Rimon attorney with whom you regularly work. We are happy to help.

Posted on

Gift Cards: The Chart is Free. It’s Our Experience You Pay For.

Last month, Legal Bytes posted Online Gaming Laws Survey – Free (Yes, You Read Correctly), which also included a link that would allow readers to download a copy of a chart summarizing the U.S. laws that apply to online gaming (Survey of U.S. Federal and State Gaming Laws & Regulations). In that posting, I asked “Why would a law firm be giving away such valuable research for free online, on the web, for everyone to see?” The answer, my friend, is . . . (you were expecting a Bob Dylan line, weren’t you) . . .

The answer is simple. We know that many lawyers and firms can do research! While it may come as a shock to some, it comes as no surprise to us that Rimon may not be the only, or even the first, law firm that has done 50-state surveys of various laws and regulations. However—and it’s a big HOWEVER—Legal Bytes may be among the few lawyer-driven blogs that actually gives research away to any visitor to our blog—for nothing. You don’t even have to be a client, but you may want to be. It’s free. Yours for the taking.

It’s free because in this age of information and social media, we believe it’s not the research that distinguishes lawyers or law firms. Oh, of course we must do research and, of course, we need to be good at it. We are. But clients want lawyers who can wisely and effectively apply and use the research; lawyers who know how to use years of hands-on experience gained from working with clients, and apply it to real-world, real-life and real-time situations. We give research away because our sustainable competitive advantage is based on relationships, and the depth and wealth of experience that enables us to bring value to clients when they call.

So, just as with online gaming, we turn today to gift cards and gift certificates, online and offline, and the wealth of experience our Advertising Technology & Media law group has developed and applies regularly for clients. The experience that lets us give valuable research away for free. So enough philosophy, show us the money.

In connection with the work we do for many clients, we have found it useful to develop and maintain a database, which we update periodically, relating to Gift Cards, payment instruments that are increasingly blurred with prepaid debit cards, stored value cards, smart or chip-cards, reward cards, discount certificates, and traditional credit, charge and debit cards. If you are in this market, you already know there are regulations that require certain disclosures, certain restrictions on expiration dates and on the imposition of inactivity fees, as well as escheat and abandoned property laws that may apply on a state-by-state basis. You also know that for the first time, the Credit Card Act of 2009 will impose federal legislative and regulatory requirements on gift cards.

So with pleasure to all of our current (and future) Legal Bytes readers and subscribers, here is a link to our publicly available chart covering Federal and State Gift Card Laws. The chart provides a handy citation and reference tool for the various gift card and gift certificate laws in the 50 United States and the District of Columbia, and includes a description of the newly enacted Credit Card Act of 2009, which provides certain consumer protections applicable to gift cards under U.S. federal law.

Now the disclaimers. First, no chart can be as comprehensive or as up-to-date or clear as actually reading and knowing the statutes and regulations themselves. It is a guide, not an authority, and you should not rely on it for anything other than as a roadmap to proper and thorough legal counsel based on the source material itself. That said, let’s not minimize its value either: it represents the distillation of years, and of hours of work and effort. A special thanks to Keri Bruce and Stacy Marcus for helping to consolidate and refine it so that it is ready for prime time.

Continue reading “Gift Cards: The Chart is Free. It’s Our Experience You Pay For.”

Posted on

Stimulus Package Includes Broadband Opportunities

This post was written by Amy Mushahwar and Judith Harris.

On Feb. 17, 2009, President Obama signed into law the American Recovery and Reinvestment Act of 2009 (otherwise known as the Stimulus Package) with two broadband deployment grant funding opportunities. As a follow-up to this statute, the Departments of Agriculture and Commerce recently released a Notice that will apply to awarding the first $4 billion of the total $7.2 billion in federal Stimulus Package broadband funds.

Broadband providers are already devising applications to serve rural, unserved and underserved geographic areas. But, did you know that other opportunities in the Notice could be of interest to you? For example, the Notice provides funding to conduct education campaigns in order to stimulate broadband uptake, and local broadband providers may need to partner with regional educators or advertisers to assist with these grass roots education campaigns. Or, broadband deployment applicants receive preferences for linking “community institutions” (which would include schools, universities and hospitals, to name a few) to their proposed broadband networks. The community institution preference would provide unique opportunities for those companies facilitating telemedicine or distance learning to partner with local telecommunications providers.

A link to a nuts-and-bolts Alert regarding the basic components of the NOFA and helpful deadlines is provided below. The Obama administration seems determined to move things along expeditiously. Applications will be accepted on a rolling basis from July 14 until Aug. 14, 2009, so you would have to work quickly on this, if you have any interest in riding this particular train.

You can view Rimon’s full Alert by clicking the link below:

Broadband Stimulus Notice Released with Application Details

If you need to know, you need to contact Amy Mushahwar, Judith Harris or your favorite Rimon attorney—who will be more than happy to help you.