The American Society for Health Care Human Resources Administration (ASHHRA) recently held an incredibly useful conference bringing together healthcare human resources leaders from around the country. Here are four key takeaways from that gathering of thought leaders.

  1. Employee Engagement Impacts Patient Care and Revenue

While this may seem self-evident to those on the front lines, there also is data to back this up. At a time when revenue is increasingly tied to patient satisfaction and quality metrics, strong employee engagement is not only the right thing to do, it is a financial imperative. Take for example one speaker’s reference to a Press Ganey study, which he explained showed a 1 percent change in employee morale equals a 2 percent change in the patient experience. Consider this connection between patient experience and revenue: a Harvard Business Review study found “a five-point increase in hospital rating is associated with a 1 percent increase in profit margin.” HR leaders are well-positioned to make the case for strong employee engagement programs.

  1. Innovative Recruiting and Staffing Alternatives are a Must Have

Speakers at the conference discussed many of the recruiting tools covered in this recent Healthcare Workplace Update post.  There were two other areas of interest on this front. First, the increasing use of predictive data analytics in recruiting. This is an investment that may yield significant dividends by reducing turnover or at least making it more predictable. Another topic was creating an internal staffing agency. This approach can reduce agency costs while retaining nurses and other professionals by meeting their desire to travel and work at different facilities.

  1. Plan for More Active Regulators

Speakers addressed the likelihood that regulators would be more active in the healthcare field than they have been in recent years. With new Equal Employment Opportunity Commission (EEOC) commissioners appointed by President Biden, the EEOC likely will publish more guidance on anti-discrimination laws and focus more on alleged systemic violations of those laws. On the accreditation front, The Joint Commission and other accreditors are adopting new survey approaches to measure compliance with the CMS COVID-19 vaccine rule. Finally, OSHA is in the midst of a “highly focused” inspection initiative aimed at hospitals, skilled nursing facilities, and assisted living facilities that treat or handle COVID-19 patients and have been previously cited or inspected for COVID-19 concerns that will continue until June 9. HR leaders can take a leading role in helping their organizations prepare for these new regulatory challenges.

  1. If You Don’t Engage Employees, Labor Unions Will

While union membership is at a record low in the U.S., several factors make today’s workplace fertile ground for union organizing. First, according to a study by McKinsey, “the top three factors employees cited as reasons for quitting were that they didn’t feel valued by their organizations (54 percent) or their managers (52 percent) or because they didn’t feel a sense of belonging at work (51 percent).” Second, according to a Gallup poll approval of labor unions is the highest it has been since 1965, with 68% having a favorable view of unions. That figure jumps to 77 percent among people ages 18-34 and 70 percent for college graduates. All these factors make clear that healthcare employers who want to be union-free need to invest in creating a culture where employees feel valued by their organization and their manager. HR leaders can play an integral role in establishing this kind of workplace culture.

Members of the Jackson Lewis Healthcare industry group work with clients on all these issues on a daily basis. Please contact the Jackson Lewis attorney you work with or one of our industry group members if you have any questions about these key takeaways.

Healthcare organizations across the United States are facing an unprecedented labor shortage. Many healthcare employers are moving quickly to implement creative solutions that will attract and retain a qualified workforce. Kaiser Health News reports that “after the pressure cooker of the past two-plus years led to staff turnover and a rash of early retirements, hospitals nationwide are focused on recruiting full-time nurses.”

While filling an ever-growing labor deficiency is a priority for many organizations, it is crucial to consider the legal implications of incentives and ensure they are designed and implemented in a compliant manner. As indicated in a recent report by, here are five prevalent employee incentives in healthcare, along with areas of employment law compliance that are sometimes overlooked.

  1. Loan Repayment and Tuition Advancement.
    Consider: Is the repayment amount or tuition advancement taxable income to the employee? Employers may implement Educational Assistance Programs that allow for tax-free payments, but there are several specific requirements to qualify.
  2. Bonuses.
    Consider: Does the bonus need to be included in an employee’s regular rate of pay for the purpose of overtime calculation under the Fair Labor Standards Act (FLSA)? Most bonuses must be included. Discretionary bonuses may be excluded, but there are specific statutory requirements. Examples of bonuses that may be excluded if they meet the statutory requirements include: bonuses for overcoming a challenging situation, bonuses for extraordinary effort, employee-of-the-month bonuses, and referral bonuses.
  3. Remote Work.
    Consider: Employees who are not exempt from overtime payment under the FLSA must track and report all time worked – including those quick late-night emails. In addition, employers are often required to comply with employment laws in that state where a remote worker resides if different than the state where the employer is located, and may be subject to other requirements as a result of doing business in that state.
  4. Independent Contractors.
    Consider: Does the relationship meet the current independent contractor test under the FLSA? The Biden Administration withdrew a narrower, more employer-friendly independent contractor analysis and has signaled intent to implement the “ABC test” currently in place in California. Also, keep in mind that many states have separate independent contractor tests.
  5. Focus on the Pipeline.
    Consider: Scholarship and volunteer programs can be a great way to increase a qualified workforce. These programs can also be designed with a goal of increasing diversity. State laws in this area are ever-changing and it is helpful to work with counsel on compliant program structure.

Please contact the Jackson Lewis attorney with whom you usually work or a member of our Healthcare group who can provide additional best practices and resources as we navigate these challenges together.

The Employee Retirement Income Security Act of 1974 (“ERISA”) aims to balance the dual policies of (1) ensuring fair and prompt enforcement of rights under employee benefit plans, and (2) encouraging the creation of such plans. To strike this balance, ERISA pairs comprehensive rules regarding fiduciary responsibility with federal causes of action that allow plan participants and beneficiaries to recover benefits due, enforce ERISA’s mandates, obtain injunctive relief, and, where applicable, obtain attorney’s fees. At the same time, to protect employers and plan sponsors from operating under a patchwork of potentially conflicting state and local regulations, ERISA promotes uniformity in benefits administration by preempting “any and all state laws insofar as they may now or hereafter relate to” any ERISA benefit plan. 29 U.S.C. § 1144(a).

The Supreme Court is currently considering a petition for certiorari that addresses the application of ERISA preemption to local “play-or-pay” laws. Ostensibly, these location-specific laws are intended to improve low-wage employee access to affordable health coverage by requiring large employers to make enhanced healthcare expenditures on behalf of such employees who reside in that location. To evade ERISA preemption, these laws typically provide that, instead of altering their existing ERISA plans to accommodate the enhanced benefits, employers can simply cut a check in the same amount directly to their employees, or in some cases the local government.

Seattle passed such a law in September 2019. Seattle Ordinance SMC 14.28 (“Ordinance”) mandates that large employers in the hotel sector operating within the City make monthly healthcare payments on behalf of their covered local employees. Payments increase depending on whether the employee is single or has a spouse and/or dependents. Employers who fail to comply with the Ordinance are subject to fines, penalties, and other damages. Employers may comply by creating new ERISA plans specifically for the covered employees, increasing contributions for their employees to existing ERISA plans, or making payments directly to the covered employees.

The ERISA Industry Committee, a nonprofit trade association, brought suit alleging that ERISA preempted the Ordinance because it “relates to” an ERISA benefit plan. The District Court granted the City’s motion to dismiss, holding that ERISA does not preempt the Ordinance because it offers employers a compliance option (i.e., the direct cash payments to employees) that does not require creating a new ERISA plan or altering an existing ERISA plan. ERISA Industry Committee v. City of Seattle, 2020 U.S. Dist. LEXIS 81750 (W.D. Wash. May 8, 2020). In an unpublished opinion, the Ninth Circuit affirmed. 840 F. A’ppx. 248 (2021).

The Committee petitioned for certiorari to the United States Supreme Court, arguing that the Ninth Circuit’s decision deepened an existing split with other courts of appeals, which have held that even a direct payment option interferes with ERISA plan administration because it requires employers to consistently monitor state and local minimum spending requirements and adjust their healthcare expenditures.

Large employers have a vested interest in the Supreme Court granting certiorari and reversing the Ninth Circuit decision. Even though local play-or-pay laws may serve the salutary purpose of ensuring good benefits for local employees, large employers maintain that such purpose cannot trump the overriding federal concern that nationwide employers be able to design benefits that work for their nationwide workforce. ERISA already imposes significant obligations on plan sponsors and fiduciaries when it comes to benefits administration, and it is important that those employers be able to administer their plans uniformly pursuant to ERISA.

The direct-payment option does not make play-or-pay laws such as the Ordinance any less intrusive upon ERISA’s domain. As the Committee argued in the proceedings before the district and appeals courts, direct payments are “financially more onerous and therefore not a realistic and legitimate alternative” to altering an employer’s current coverage to address covered employees. This effectively compels employers to alter their current coverage to meet the requirements of whatever local play-or-pay laws may be in effect in every jurisdiction in which they operate. Such tiptoeing through administrative raindrops of multiple (and potentially conflicting) local regulations – and the additional costs and complications associated with such maneuvering – is precisely what ERISA preemption is intended to eliminate.

If you need more information or have questions, please contact the Jackson Lewis attorney with whom you regularly work, or any member of our ERISA team.

In furtherance of the Biden Administration’s January 28, 2021, Executive Order 14009 and April 5, 2022, Executive Order 14070 to protect and strengthen the ACA, the Treasury Department and IRS published a proposed rule on April 7, 2022, advancing an alternative interpretation of Internal Revenue Code Section 36B. Employers can breathe a sigh of relief as the proposed changes do not alter the Employer Shared Responsibility Payment (ACA penalty) construct. Employers can continue to offer affordable employee-only coverage and spousal or dependent coverage that is unaffordable. However, the potential indirect effects of the proposed regulations on employers are noteworthy. For more information, please see this post at our Benefits Law Advisor blog.

With its new inspection initiative, the Occupational Safety and Health Administration (OSHA) is taking steps to ensure certain healthcare employers continue to protect workers against COVID-19, even as falling case numbers across the country have prompted many state and local agencies to withdraw mask mandates and other COVID-19 precautions. OSHA announced a “highly focused” inspection initiative limited to general medical and surgical hospitals, psychiatric and substance abuse hospitals, skilled nursing facilities, and assisted living facilities that treat or handle COVID-19 patients and have been previously cited or inspected for COVID-19 concerns. This initiative began March 9 and will continue until June 9, 2022, and it will comprise 15 percent of all inspections in a region. Read more.

Pay equity among physicians is not a new topic, and recent data suggests that the pay gap remains wide. 504 Maryland physicians responded to an updated survey on compensation, benefits and practice metrics conducted by Merritt Hawkins on behalf of MedChi, The Maryland State Medical Society. The results of MedChi’s first survey were released in 2018. The most recent results, announced on March 7, 2022 showed:

On average, male physicians earned 49.6% more than female physicians.

  • Average male physician compensation: $320,000.
  • Average female physician compensation: $213,000.

The gender disparity existed across specialties and practice settings.

  • Male primary care physicians earned an average of 41.2% more than female primary care physicians ($262,542 vs. $172,542).
  • Male surgical, diagnostic and other specialists earned an average of 33.5% more than female specialists ($350,625 vs. $250,115).
  • Male physicians in private practice earned 30.9% more than female physicians in private practice.

Female physicians reported working slightly more hours per week than male physicians.

  • Female physicians worked an average of 48.3 hours per week.
  • Male physicians worked an average of 48 hours per week.

The survey also showed disparity when different races were compared.

  • Average Asian/Asian-American physician compensation: $325,000.
  • Average white physician compensation: $268,000.
  • Average Black/African-American physician compensation: $225,000.

The push for pay equity continues as jurisdictions like Colorado, Illinois, New York City and Connecticut enact new laws with pay transparency requirements. For more information about how your organization can proactively evaluate its pay equity, contact your Jackson Lewis attorney.

Healthcare companies continue to face increased risks of ransomware attacks on their operations. According to the recently released BD Cybersecurity Annual Report for 2021, such attacks are also increasingly sophisticated. Management can take important steps to minimize the risks of this form of cybercrime.


Ransomware is malware that encrypts files on a device, rendering the files and systems that rely on them unusable. Bad actors seek to extort payment for the decryption information. As tactics evolve, threat actors are increasingly encrypting or deleting backup data; stealing data and threatening to publish, contacting employees, patients, or customers using stolen contact information; or posting a company’s name or data on a website to increase their leverage.

A ransomware attack can result in unauthorized access or acquisition of sensitive data; the loss, corruption, or unavailability of data; disruption to internal operations such as billing and invoicing; or the inability to provide essential services. These malicious attacks can cause significant business disruption, cost valuable time and money, divert labor, and result in reputational harm or loss of trust. They also can directly affect patient care and place lives at risk.

How Companies Can Manage the Risks

Healthcare organizations can minimize cyber-risks by having robust organizational and technical safeguards, as well as an incident response plan (IRP). While an IRP is tailored to the specific entity, at minimum, it will define a security incident; identify the stakeholders who will guide the response; determine the types of data and critical systems at risk; identify potential reporting obligations based on contracts, laws, and regulations; consider issues related to confidentiality and privilege; and account for the scope of any cyber insurance, including whether the carrier will appoint outside counsel and an expert forensic investigation firm.

The IRP also includes the fundamental steps for responding to a ransomware attack: containment, preservation, investigation, restoration, and remediation. Immediate containment stops the attack. An expert cybersecurity forensic investigation and the preservation of evidence attempt to identify and document the nature and scope of the incident. This information may help determine the contractual and legal reporting obligations that may apply, assist with responding to regulatory inquiries, or help defend against litigation. The restoration process restores data and critical system functionality, and remediation efforts attempt to minimize the potential risk and harm from the attack.

Negotiation of a Ransomware Demand

While the organization manages its response to a ransomware attack, it also may be negotiating the ransom demand. The U.S. Department of Treasury and FBI strongly discourage paying ransom demands. However, payment is not illegal unless the ransom group is on the Department of Treasury’s Office of Foreign Assets Controls sanctions list (also known as the OFAC list). A prohibited payment can result in fines, regardless of whether the organization knew the group was on the list. The Department of Treasury has identified steps to help mitigate the risk attached to a ransom payment. These include, at a minimum, having meaningful technical security measures in place, maintaining offline backups of data, implementing cybersecurity training to minimize the success of the attack, and voluntarily cooperating with federal authorities to investigate the attack.

Breach Reporting

According to the Fact Sheet: Ransomware and HIPAA from the Department of Health and Human Service Office for Civil Rights, when protected health information (PHI) is encrypted during a ransomware attack, unauthorized individuals are deemed to have taken possession or control of the information. As a result, a breach is presumed to have occurred, unless the covered entity or business associate can demonstrate a low probability the PHI has been compromised.

Whether the presence of ransomware constitutes a reportable breach under HIPAA is a fact-specific determination. This determination can be facilitated by engaging an expert, third-party cybersecurity forensic investigation firm to review the nature and scope of the attack and whether sensitive data was accessed or stolen.

In addition to breach notification obligations under HIPAA, the healthcare entity may have reporting obligations under state law.

Increased Ransomware Litigation

Moreover, healthcare entities are seeing an increase in litigation alleging negligence, failure to safeguard patient data, breach of contract, and unavailability of systems, equipment, or PHI that resulted in the inability to provide essential medical services.


Healthcare organizations can take steps to potentially minimize the risk and harm from a ransomware attack through preventive and responsive measures. These may include drafting or updating the organization’s IRP, engaging in cybersecurity risk-based vendor management, regularly training employees on data protection and security awareness, conducting regular risk assessments, and regularly reviewing and updating internal HIPAA Privacy and Security Rules policies and procedures.

Please contact a Jackson Lewis attorney if you have questions or need additional guidance.

This month, Doximity issued its Fifth Annual 2021 Physician Compensation Report. With the continued strain of the pandemic spanning 2021, the self-reported physician data reflected widespread burnout and early retirement, especially by female physicians. With respect to physician compensation, Doximity findings demonstrated:

  • While average doctor pay increased 3.8 percent between 2020 and 2021, there was a decline of real income compared to 2020 given the CPI 6.2% rate of inflation in 2021.
  • The top five metro areas with the highest physician pay were Charlotte, NC; St. Louis, MO; Buffalo, NY; Jacksonville, Florida; and, Orlando, Florida.
  • The top five metro areas with the lowest physician pay were Baltimore, MD; Providence, RI; San Antonio, TX; Washington, D.C.; and Boston, MA.
  • A widening gender pay gap of 28.2% this year, with female physicians making $122,000 less than male physicians in 2021.
  • Based on 2014-2019 data, Doximity estimates that over the course of a career, female physicians will earn over $2 million less than male physicians.

Specialties with the largest pay equity gaps between men and women are oral & maxillofacial surgery; allergy and immunology; ENT; pediatric nephrology; and thoracic surgery. Significantly, there is no one medical specialty where women earned the same or more than men in 2021. All specialties had a pay gap over 10%, except Pediatric Rheumatology (which had a gap of 7.9%). To compound matters, a recent Jama Network Open research letter found that physician residents who were mothers – compared to physician residents who were fathers – were more likely to be responsible for childcare or schooling (24.6% v. .8%), household tasks (31.4% v. 7.2%), to work primary from home (40.9% to 22%), and to reduce their work hours (19.4% to 9.4%). The study reflected the significant concern that these “short-term adjustments can have serious long-term repercussions as they may lead to lower earnings and negatively impact advancement.”

Doximity’s research also revealed that due to the pandemic, over 1% of physicians retired before expected, which is feared to strain an already tight labor market. The report also highlighted studies suggesting about half of doctors are considering an employment change due to the “COVID-related overwork.” The overwork also had a disproportionate impact on women physicians, with 25% of them reporting they are “considering early retirement” due to increased work during the pandemic.

This research reflects the importance of a physician/employer in any setting reflecting on the impact of the pandemic on its healthcare team. Moreover, the research shows continued pay equity deficits between female and male physicians, which may be exacerbated by the pandemic. Internal reflection on current pay practices to identify the factors contributing to it are critical to maintain top talent, improve morale amidst very difficult times and avoid wage and hour litigation.

In December 2020, Congress passed the “No Surprises Act” (NSA) as part of the Consolidated Appropriations Act of 2021. The NSA applies most commonly in situations where a patient receives out-of-network medical services from a provider to whom the patient had no meaningful opportunity to consent, as in the case of emergency room care or a service performed by an ancillary provider in connection with a scheduled surgery, such as an anesthesiologist. The intent of the NSA is to protect patients from later receiving large “surprise bills” from such out-of-network providers. To learn more, read the post on our ERISA Litigation Advisor blog.