Tucker Arensberg Attorneys

Subscribe to Tucker Arensberg Attorneys's Posts

In addition to the COBRA subsidy, the American Recovery and Reinvestment Act of 2009 (“ARRA”), enacted on February 17, 2009, made significant changes to HIPAA privacy and security obligations. Those changes affect covered entities, including group health plans, and also affect business associates.  Although most of the HIPAA changes are effective February 17, 2010, one change (regarding breach notifications) will become effective earlier.  A summary of the key provisions affecting group health plan covered entities and business associates is below.   

  • Requirement to Notify Individuals of HIPAA Breaches. The law changes now require covered entities to notify eachindividual whose unsecured protected health information (“PHI”) has been breached. For a breach of PHI under the control of a business associate, the business associate is required to notify the covered entity. Notice of the breach has to be provided to the Secretary of the US Department of Health and Human Services (“HHS”) and in the case of a mass breach involving more than 500 individuals, to a prominent media outlet.  Unsecured PHI means PHI that is not secured through the use of a technology or methodology specified by the Secretary of the US Department of Health and Human Services. 
    The Secretary of HHS is required to issue guidance about acceptable technology within 60 days of February 17, 2009. The law contains a default description of acceptable technology in the event that HHS does not timely issue guidance. The ARRA directs the HHS to issue regulations within 180 days of February 17, 2009. Then, the new notification requirements will apply to breaches discovered on or after the date that is 30 days after the date the regulations are published.
  • Additional Individual Rights

     Accounting of Disclosures for Treatment, Payment and Health Care Operations.Under current law, individuals have the right to an accounting of disclosures of their PHI made in the previous six (6) years requiring covered entities to track the disclosures. There are certain exceptions to the accounting requirement such as disclosures that are made for treatment, payment, or health care operations. Now, a covered entity that uses or maintains an “electronic health record” with respect to PHI must account for disclosures for treatment, payment, and heath care operations. This accounting is limited to disclosures made in the previous three (3) years. HHS is required to promulgate regulations implementing this new requirement. 

There are two general effective dates: (1) with respect to electronic health records acquired by a covered entity on January 1, 2009, the effective date is January 1, 2014 and (2) with respect to electronic records acquired by a covered entity after January 1, 2009, the effective date is January 1, 2011 or, if later, the date the electronic record is acquired. 

          Access to PHI in Electronic Form.  If a covered entity uses or maintains an electronic health record for PHI, the new law gives individuals the right to obtain a copy of the PHI in electronic format. The individual can also direct the covered entity to transmit an electronic copy directly to an entity or person designated by the individual. 
This requirement is effective as of February 17, 2010.   

–          Right to Restrict Disclosures for Payment & Health Care Operations. Under current law, individuals have the right to request that a covered entity not disclose their PHI for purposes of routine treatment, payment, or health care operations, although the covered entity is not required to agree to the restriction. Now, the covered entity must agree to the restriction for purposes of payment and health care operations (but not for purposes of treatment)  if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full. This requirement is effective as of February 17, 2010.

Continue Reading HIPAA Changes Affecting Group Health Plans And Business Associates Made By The American Recovery And Reinvestment Act Of 2009

By: Joni L. Landy, Esq.

New proposed cafeteria plan regulations were released on August 6, 2007 that replace prior proposed and temporary regulations, which are withdrawn, and consolidate law changes and guidance issued by the IRS over the past twenty years. The regulations preserve much of the existing guidance but clarify some outstanding issues and include a few new rules. Existing cafeteria plan regulations governing mid-year election changes and FMLA operations remain the same. This alert highlights some of the more notable new or clarifying provisions of the proposed regulations.Continue Reading IRS Releases New Proposed Cafeteria Plan Regulations

By: Lee Kim, Esq.

Who owns the intellectual property rights (e.g., copyrightable material, invention, etc.) if one’s employment contract is silent on the issue and is in the absence of an intellectual property ("IP") policy?

The following are situations in which the employer owns the IP:

–           Intellectual property has been created by an employee within the scope of employment.

–           Intellectual property has been created during working hours with the use of employer’s facilities.

–           Intellectual property has been specially commissioned by the employer pursuant to a written agreement.

–           Intellectual property has been funded by federal funds, state funds, or third party sponsorship.

The following are examples in which the employee owns the IP:

          Intellectual property created is unrelated to employee’s job responsibilities and the employee made no more than incidental use of the employer’s resources.

          Employer has released the intellectual property to the inventor.

          Employee has created a scholarly work, unless the employer specially commissioned such work (e.g., specifically hired the employee to create such a work or otherwise required the employee to create such a work).Continue Reading Intellectual Property Ownership: General Guidelines

Securing Rights to Your Website, By: Lee Kim

About the author: Lee Kim is an intellectual property associate at Tucker Arensberg, P.C.  She specializes in copyrights, trademarks, trade secrets, and patents.  See http://www.tuckerlaw.com/att/alpha/K/kim_lee.html

1. Securing Your Domain Name

If you are creating a website, you should first register at least one domain name of your choice with a reputable domain name registrar.  While there are many domain name registrars out there, well-regarded registrars include register.com, Go Daddy, and Network Solutions.

Tip: It is recommended that you register the domain name yourself instead of having a third party (e.g., consultant) do this on your behalf.  Domain name registrars such as the ones named above generally have support numbers that one can call if one needs assistance registering the domain name(s) of choice.

Why this is recommended: There are individuals, companies, and other entities (a.k.a. "cybersquatters") that attempt to make money by holding one’s domain name hostage.  For example, if one owns a trademark and the domain name that is being held hostage is identical or substantially similar to that trademark, then one needs to go through a dispute resolution process such as the Uniform Dispute Resolution Policy ("UDRP"), below.

Tip: Since domain name registration is relatively inexpensive, it is recommended that one register several domain name variants, such as top level domain ("TLD") variants (e.g., .org, .com, .net, .us, and the like) and singular/plural variants of the domain name.  You also may consider registering commonly misspelled variants of your domain name.  Also, there are commercial services which monitor the web for misuse of your domain name.  Thomson CompuMark is one such reputable provider.  Thomson CompuMark’s website has the following Uniform Resource Locator ("URL"): http://www.thomson-thomson.com.

Why this is recommended: There are individuals, companies, and other entities (a.k.a. "typosquatters") that attempt to make money off of typo-variants of domain names and oftentimes ask for exorbitant sums of money in exchange for these domain names.  See, e.g., http://searchengineland.com/070711-083600.php for an article on domain name best practices.  See, e.g., http://www.icann.org/tlds/ for an informational page on TLDs.  For example, if one owns a trademark and the domain name that is being held hostage is identical or substantially similar to that trademark, then one needs to go through a dispute resolution process such as the Uniform Dispute Resolution Policy ("UDRP"), below.

Question: What if someone holds my domain name hostage (i.e., a cybersquatter) or someone has a typo-variant of my domain name (i.e., a typosquatter)?

Answer: Often, the domain name is parked and the domain name owner makes revenue using click-through links.  Some domain name registrars and other Internet domain services offer domain name holders cash for parked domain names in exchange for the traffic that their respective domain name generates through the click-through links.  See, e.g., https://www.godaddy.com/gdshop/park/landing.asp?se=; http://www.whypark.com/.  If the cybersquatter or typo-squatter has a domain name that is identical or substantially similar to your trademark or service mark, has no rights or legitimate interests in the domain name, and is using the domain name in bad faith, then you may be able to successfully dispute the third party’s ownership of that domain name and request transfer or cancellation of the domain name by filing a Uniform Dispute Resolution Policy ("UDRP") complaint against that third party.  See http://www.icann.org/dndr/udrp/policy.htm for the UDRP policy.  The complaint may be filed with a dispute resolution provider such as the National Arbitration Forum or the World Intellectual Property Organization.
 
Question: Can I register my domain name as a trademark or a service mark?

Answer: Yes, if the domain name functions as a trademark or service mark which serves to identify your company’s name, products, and/or services.  The domain name may be registered with the United States Patent and Trademark Office ("USPTO") under certain conditions such as these. 

Question: What are the benefits of trademark or service mark registration of my domain name?

Answer: By obtaining a trademark or service mark registration with the USPTO, one may have legal recourse against a cybersquatter or typo-squatter under federal law.  Further, having the trademark or service mark registration leads to a stronger case if one has to file a complaint based upon the UDRP.  See, e.g., http://www.uspto.gov/web/offices/tac/tmfaq.htm#Basic002.Continue Reading Securing Rights to Your Website

Med Law Blog Editor

About Our Practice Group

Tucker Arensberg’s Healthcare Practice Group includes some of the most experienced health law attorneys in the region. We handle the legal problems so our clients can handle the important work of caring for patients. We work with physicians, physical therapists, dentists, optometrists, and all other professional care givers to help them avoid the many legal traps of running a practice. Tucker Arensberg lawyers have experience in all major health law issues.