“Your Own Cybersecurity Is Not Enough”: NJ Physician Practice Fined Over $400,000 for Data Breach Caused By Vendor

New Jersey’s Attorney General Gurbir S. Grewal and the New Jersey Division of Consumer Affairs (“Division”) recently announced that a physician group affiliated with more than 50 South Jersey medical and surgical practices agreed to pay $417,816 and improve data security practices to settle allegations it failed to properly protect the privacy of more than 1,650 patients whose medical records were made viewable on the internet as a result of a server misconfiguration by a private vendor. Our colleagues in the Workplace Privacy, Data Management & Security practice group discusses three important lessons from this case for physical practices in New Jersey and in other states. You can read it here.

Health Apps: Convenience vs. Security Risks

The pace of innovation in healthcare today has produced an amazing increase in the number of available mobile apps for health-related information. More than 300,000 healthcare apps are available online. Our colleagues in the Workplace Privacy, Data Management & Security practice group discusses whether healthcare providers can tap into the available technology of “connectivity” and still protect health and personally identifiable information. You can read it here.

EEOC’s Notice Pleading Survives Motion to Dismiss in Failure to Accommodate and Wrongful Termination Suit

A North Carolina district court recently declined to dismiss a failure to accommodate and wrongful termination action brought by the EEOC on behalf of a patient accounts representative in EEOC v. Advance Home Care, Inc. (“Advance”). The plaintiff was discharged after she could not return to work without restrictions following exhaustion of her FMLA leave. The court held that the EEOC’s complaint adequately alleged that the employee was qualified for her position and linked Advance Home Care’s alleged failure to accommodate to the discharge.

The plaintiff, who suffers from chronic bronchitis and COPD, was out on FMLA during the month of August 2015. Upon her return, she requested an accommodation to telecommute on either a full-time or part-time basis on the account of her disability. The plaintiff allegedly informed Advance that working from home would allow her to work without exposure to aggravating scents and odors present in the office and would allow her to work without taking inbound calls, which would result in her spending less time continuously talking.

Advance management allegedly told the plaintiff that it would get back to her regarding her request to telecommute, but never did, despite at least three requests from the plaintiff.

In November, the plaintiff was hospitalized and once again went on FMLA leave. During her absence, she received a satisfactory performance review. However, on more than one occasion, Advance management allegedly informed the plaintiff that her employment would be terminated if she did not return to work without restrictions after her FMLA leave ended. When she exhausted her FMLA leave and could not return to work free from restrictions, her employment was terminated.

The plaintiff was primarily responsible for managing cases for patients who required home health services. The plaintiff alleges that she spent part of her day on telephone calls arranging home health services, duties that she asserted she could perform remotely from her home in order to remove herself from the potential respiratory irritants in the office, and reduce the amount of time she would spend continuously talking.

In finding that the plaintiff had sufficiently plead a failure to accommodate, the Court noted that the EEOC did not have the burden of stating the essential functions of the plaintiff’s job with particularity to survive the pleading stage nor did the EEOC need to include facts to rebut Advance’s potential undue hardship defense. Instead, the court held that by alleging that the plaintiff spent part of her workday on the telephone and giving sufficient detail about the requested accommodation, the EEOC had provided enough information. The court could infer that the plaintiff could have performed her job duties with the requested accommodation.

As to the wrongful termination claim, the court rejected Advance’s argument that the plaintiff was not fulfilling the company’s legitimate expectations because she was not working at the time of her discharge and had stated that she was unable to return to work after exhausting her leave. Again, the court sided with the EEOC, accepting its argument that the plaintiff’s supervisor repeatedly informed her that her employment would be terminated upon the expiration of her FMLA leave if she could not return to work without restrictions. The court found that the EEOC had sufficiently plead wrongful termination in alleging that the plaintiff received a satisfactory performance review during her leave, requested an accommodation on several occasions with no meaningful response from Advance, and was discharged upon the expiration of her FMLA leave under circumstances giving rise to a reasonable inference that it was because of her disability.

This case demonstrates the importance of employers engaging in an interactive dialog with employees regarding requested accommodations rather than simply stating they must be able to perform their duties without restriction upon their return from a leave of absence.

“Vaccinate” Your Mandatory Flu Shot Policies Against Litigation

As we have just survived one of the worst flu seasons in recent memory, now is a good time to consider whether you should implement or revise a mandatory flu shot policy for 2018.  The Center for Disease Control and Prevention recommends all United States healthcare workers obtain annual flu vaccines.  While many healthcare employers implement flu vaccine policies for their employees, it is important that these policies account for employee objections based upon religious beliefs.  Federal and many state laws require employers to reasonably accommodate an employee’s religious beliefs or practices unless it causes undue hardship to the employer’s operation of its business.

Last month, the U.S. Department of Justice, Civil Rights Division, filed a lawsuit against a Wisconsin nursing home, alleging that the employer failed to accommodate an employee’s religious beliefs when she requested a religious exemption from the flu-shot requirement.  The Title VII lawsuit claims an employee sincerely held a religious belief “stemming from her interpretation of the Bible that prohibited her from putting certain foreign substances, including vaccinations, in her body because it was a ‘Holy Temple.’”  The complaint alleges that while the employer’s policy allowed for religious exemptions (employees could wear protective masks during the flu season instead of receiving the shot), it required employees to produce a “written statement from their clergy leader supporting the exemption with a clear reason and explanation” of the religious objection to the vaccination.  Employees who did not receive the shot or produce the clergy letter were considered to have voluntarily resigned employment.

The employee in this case explained she could not provide a letter “because she had no affiliation with any church or organized religion and therefore had no clergy leader to write the letter,” and offered to write a letter herself “that explained the Bible-grounded basis for her religious objection and cited specific Biblical passages in support,” and have family and friends “personally attest to the sincerity of her religious faith and practices.”  According to the allegations in the lawsuit, when the employer refused to accept this alternative to a clergy leader letter, the employee submitted to the flu shot and now reports “severe emotional distress” including “fear of ‘going to Hell’ because she had disobeyed the Bible by receiving the shot.”  The DOJ argues that requiring a letter from a clergy leader to support the exemption constitutes religious discrimination and an unlawful failure to accommodate the employee’s sincerely held religious belief.

In addition to religious-accommodation issues, unionized employers may face other hurdles to implementing or changing a flu vaccine policy.  Depending on the language contained in the collective-bargaining agreement, there may be an obligation to bargain with the union over flu shots before making them a new condition of employment.

To learn more about the firm’s healthcare industry team and specifics about how we can help you address these issues, please contact your Jackson Lewis attorney.

Why the Healthcare Industry Should Pay Particular Attention to Drug and Alcohol Issues in the Workplace

While all employers struggle with navigating the ever-changing landscape of drug and alcohol issues in the workplace, healthcare employers should pay particularly close attention.

According to the annual Quest Diagnostics Drug Testing Index, illicit drug use among U.S. employees continues to rise, resulting in the highest drug test positivity rates in the last 12 years. While the statistics on whether healthcare workers are more or less likely to abuse drugs or alcohol are unclear, the American Nurses Association estimates that 1 in 10 nurses experience drug or alcohol addiction. These figures and medical professional’s ready access to narcotics, demands healthcare employers’ attention.

Some unique issues facing healthcare employers are as follows.

  • Healthcare professionals with knowledge of narcotics and its side effects are often more adept at hiding substance abuse at work. Without a policy and program to appropriately identify and test for drug or alcohol use at work, many instances of substance abuse go unnoticed or unaddressed.
  • When a healthcare practitioner is suspected of drug or alcohol use at work, there are serious potential ramifications–not just for the practitioner’s employment, but his or her licensure or medical privileges as well.
  • Drug and alcohol abuse amongst healthcare workers can significantly contribute to increased risk management concerns. Unlike liability issues facing non-healthcare employers, those in the industry have to consider the impact and liability vis-à-vis patient care.
  • The line between workplace drug and alcohol issues is often blurred with the employer’s regular patient care practice. Meaning, when a supervisor (who happens to be a practitioner) identifies potential drug or alcohol abuse, that supervisor often views the situation through his or her medical practitioner lens and not that of a manager. This blurring of roles can lead to “diagnosing an employee” as opposed to merely identifying potential grounds for an employee drug or alcohol test.
  • Similarly, even when there are grounds to require an employee to submit to a drug or alcohol test, the drug testing is often done on-site, as opposed to having a third party vendor involved. Outside of the industry, drug test results remain confidential in the hands of the vendor and human resources. Within the industry, often times, colleagues (especially those conducting the testing) gain access to this otherwise confidential information.

To combat these unique challenges, healthcare employers should get ahead of the issues and consider the following:

  • Review policies and programs to identify what type of drug and alcohol testing makes sense for your operations. A healthcare employer focused on addiction treatment may take a very different approach to addressing drug and alcohol issues in the workplace than a skilled nursing facility.
  • Think about whether merely conducting pre-employment testing is sufficient and implement programs to identify and address drug and alcohol abuse in the workplace, keeping in mind that each state has unique requirements that may limit when you can test an employee.
  • Proactively implement internal measures to limit the potential for “employee diagnosis.” One way to accomplish this is to train supervisors and human resource professionals on the difference between diagnosing individuals with drug or alcohol issues versus merely identifying factors that may be grounds for employee drug and alcohol testing.
  • Consider whether proper confidentiality measures, in addition to those under HIPAA, are in place when employee drug testing is conducted in-house. There may be occasions where having a third party vendor conduct the testing makes more sense.
  • Ensure appropriate resources are available to employees who self-disclose substance abuse issues. While self-disclosure is not an automatic excuse from discipline, employees who proactively disclose substance abuse problems may be entitled to additional protections under the Americans with Disabilities Act and should be directed to appropriate resources. In many cases, states have physician and nurse health programs specifically designed to address these types of issues whereby practitioners who voluntarily identify a problem and participate in the program may avoid certain formal complaints or disciplinary measures from the state’s medical and nursing boards.

To learn more about how the firm can assist with proactive measures to address these workplace drug and alcohol issues facing the healthcare industry, please contact your Jackson Lewis attorney.

Cost-Benefit Analysis 101 for Healthcare Providers

Healthcare entities (and their business associates) face stiff financial penalties for breaches resulting from the internal operations of the healthcare provider: $150,000 for a lost, unencrypted flash drive, $750,000 for sending an administrative service provider PHI without a signed BAA, and $2.5 million for a stolen laptop, just to name a few. Our colleagues in the Workplace Privacy, Data Management & Security practice group offer details about the risks healthcare providers face and the costs of ignoring compliance obligations. You can read it here.

Affirmative Action Training May Be Your Best Friend

Many hospitals and healthcare facilities are federal contractors. Jackson Lewis regularly provides specialized assistance in developing and implementing affirmative action plans (AAPs). Some of the specific services we offer include:

  • Identifying pertinent labor market areas and analyzing census-related statistical data
  • Providing sample plan texts, notices, letters and policy statements
  • Preparing utilization and availability analyses
  • Conducting impact ratio and compensation analyses

To help covered employers understand their affirmative action obligations and the procedure for plan development, we train management so they can understand the company’s obligations and their role in affirmative action. We defend clients against the imposition of citations and allegations of discrimination in connection with audits by the OFCCP and in related litigation brought on the OFCCP’s behalf by the Solicitor’s office of the U.S. Department of Labor.

We also prepare AAPs for, and defend against, audits by state and local affirmative action agencies. To identify and resolve potential adverse impacts and compensation disparity discrimination liability, we perform highly-specialized vulnerability audits. For federal contractors and non-federal contractors alike, we advise on implementing lawful diversity initiatives and voluntary AAPs, set-aside, and vendor and franchisee preference programs; counsel on affirmative action coverage issues; and conduct preventive analyses during downsizing.

Navigating the Waters of Late Age Physician Testing

Rheumatologist Ephraim Engleman practiced medicine until he died at age 104 in 2015. Although Dr. Engleman’s story is atypical, as our colleagues who attended the American Health Lawyers Association’s 2018 Physicians and Hospitals Law Institute reported, and the Association of American Medicine Medical College’s November 2017 State Physician Workforce Data Report confirms, an increasing number of physicians are choosing to work past traditional retirement age. Today, nearly one-third of all physicians in the United States are over the age of 60.

While senior physicians can be an invaluable resource to the medical community, this demographic shift poses a number of challenges for health systems and hospitals, especially as medical practice acquisition and physician employment remains strong. One such challenge is ensuring late age physicians remain mentally and physically capable of providing safe, up-to-date care. To address this issue, a growing number of health systems and hospitals have adopted policies requiring older physicians to undergo cognitive and physical testing. Also, the American Medical Association’s Council on Medical Education is working on developing standards for age-based evaluation.

Although many healthcare employers are exploring late age testing as one means to ensure quality care, employers must be careful not to run afoul of the Age Discrimination in Employment Act (ADEA), the Americans with Disabilities Act (ADA), and related state laws when implementing this testing. There is uncertainty here because courts have yet to weigh in on their application to physician age-based testing policies.

The ADEA restricts an employer’s ability to make age-related employment decisions unless the employer can establish that age is a “bona fide occupational qualification” (BFOQ). This generally means the employer must show there exists a trait that precludes safe and efficient job performance that cannot be ascertained by means other than knowing the employee’s age and that it is appropriate to treat all employees of a certain age the same because it is “impossible or highly impractical” to deal with older employees on an individualized basis.

At first blush, it may appear that a blanket late age physician policy would easily pass BFOQ scrutiny. After all, patient safety is at stake. However, rulings by courts examining age-based testing policies in other professions create some doubt as to how late age physician testing will fare under judicial review. For example, in the airline industry, courts have found mandatory retirement age policies pass BFOQ muster as to pilots, but not flight attendants; and in another case, a court found the New York City Transit Authority’s policy of requiring certain individuals over the age of 40 to have an EKG did not satisfy the requirements for a BFOQ.

Applying the reasoning from these and other decisions regarding BFOQ, a court may find that because physicians’ duties vary widely by practice area, a per se physician testing policy is discriminatory. However, employers may have a stronger argument if they apply late age testing to a subset of physicians, i.e., to neurosurgeons versus a family medicine practitioners.

While the ADEA presents certain challenges, employers concerned about the competence of specific physicians (regardless of age) are not without recourse under the ADA. For example, employers may make disability-related inquiries or require that an employee undergo a medical examination when the employer has a reasonable belief that an employee cannot perform the essential functions of the job or poses a direct threat due to a medical condition.

Of course, this is not the end of the inquiry because an employer must remember that if it learns a physician has a disability, in most circumstances, there will be a subsequent obligation to engage in the interactive process with the physician to determine whether there is a reasonable accommodation that will allow the physician to perform the essential functions of his or her job. Towards these ends, stay tuned for a future post where we will examine special considerations to keep in mind when engaging in the interactive process with licensed healthcare professionals.

#TimesUp for the Healthcare Industry? Not If You Use the Frenzy to Make Meaningful Culture Change

As #MeToo and #TimesUp initiatives sweep the nation, the healthcare industry should pay attention.

Recent nationwide media attention on sexual harassment in healthcare, coupled with stressful work environments, means healthcare employers have their share of workplace issues. However, healthcare employers have a unique opportunity to make meaningful culture change happen now – both in the context of sexual harassment and beyond. So what can employers do?

  • Use this national dialogue to make your company the employer of choice. Engage leadership in a discussion about how and why your organization can benefit from this movement. If there is ever a time to demand professionalism in all aspects of the workplace, from the operating room to caregiver interactions, it is now.
  • Get out into the field. Cascade down the message that your organization is focused on a renewed culture.
  • Do not limit #MeToo discussions to employee-employee interactions. Broaden the discussion to include harassment between patients and employees and general workplace culture.
  • Use the #MeToo movement to drive home basic respect and courtesy in the workplace. If you raise your voice, you lose the battle. If you raise your voice or otherwise behave poorly and someone has it on tape, you may lose your job.
  • Lead from the top. Create an environment where employees know that if they have concerns, those concerns will be addressed in a respectful and thorough manner. Do not brush concerns under the rug. Be a leader in proactive culture setting.
  • Use this movement to enhance the patient experience. Taking these steps to engage your workforce and train across all levels will enhance the patient experience.
  • Use this movement to enhance the manager’s experience. Strong managers are approachable, patient, and good communicators. Encourage effective, early performance management so managers free up their time to build a culture of good performers.
  • Retaining the “best of the best” workforce is critical to patient care services and the ability to compete in an industry full of change. Top providers, clinicians, nurses, and researchers demand a positive workplace environment.
  • Provide physicians with strong management tools. Unlike other industries, healthcare employers often face non-traditional supervisory issues where physicians and other practitioners do not consider themselves a “supervisor” but, when it comes to harassment in the workplace, they may be viewed that way under the law.

While the laws regarding workplace harassment have not changed, the sheer number of those who speak out, the volume with which they do it, and the audience they reach is changed forever. Get ahead of this movement.

To learn more about the firm’s healthcare industry team and specifics about how we can help you address the speak out evolution or work towards cultural change, including our Engage MD™ model aimed at revamping physician management practices, please contact your Jackson Lewis attorney.

Top 7 Legal Challenges Facing Physicians and Hospitals

The American Health Lawyers Association’s 2018 Physicians and Hospitals Law Institute in New Orleans focused on the legal challenges faced by physicians and hospitals. Here are the Jackson Lewis Healthcare Industry Team’s “Top 7” takeaways from the attorneys who attended the conference:

  1. Healthcare and labor & employment law are hot. According to Law360, Labor & Employment, Data Privacy & Cybersecurity, and Health Care are three of the top four hottest practice areas for 2018. For the first time in history, healthcare has surpassed manufacturing and retail to become the largest source of jobs in the U.S.
  2. Hospital and health care system transactions and partnerships are on the rise. The U.S. Department of Health & Human Services’ Agency for Healthcare Research and Quality reports at least 69.7 percent of U.S. hospitals are part of health care systems. Consolidations continue to draw great scrutiny from the Federal Trade Commission.
  3. Qui tam cases are on the rise and companies are starting to use the False Claims Act to gain competitive edge. According to the Department of Justice, $2.4 billion of the $3.7 billion in settlements and judgments it recovered from False Claims Act cases in fiscal year 2017 involved the health care industry, including drug companies, hospitals, pharmacies, laboratories, and physicians. This is the eighth consecutive year that the Department’s civil health care fraud settlements and judgments have exceeded $2 billion. In at least one recent lawsuit, the relator was a competitor medical supply manufacture.
  4. The use of Advanced Practitioner Professionals to supplement direct physician involvement is on the rise in hospital and ambulatory settings. This has created legal and ethical issues, particularly for hospitals and health care facilities that must comply with the laws of multiple states.
  5. HIPAA compliance and enforcement is getting more expensive, but now healthcare providers also have to worry about attacks on internet-connected devices. Ransomware attacks on healthcare providers are on the rise. As a result, the Food & Drug Administration has issued guidance and webinars to address the management of cybersecurity in medical devices.
  6. The number of practicing physicians older than 55 is increasing. Some hospitals require doctors over a certain age to undergo periodic physical and cognitive exams, which can lead to age and disability discrimination claims. These exams address only some of the issues presented by the aging physician population. For example, an 84-year-old New Hampshire physician recently lost her license to practice medicine because she did not know how to use a computer and kept handwritten patient records instead.
  7. The law is catching up with telemedicine. According to the Center for Connected Health Policy, in the 2017 legislative session, 44 states introduced more than 200 telehealth-related pieces of legislation. No two states are alike in how telehealth is defined and regulated, which has created a confusing environment for Medicaid reimbursement, licensing and prescribing, among other issues.