Yes, but be careful! There is no denying that the use of social media sites such as Facebook, Twitter and LinkedIn has exploded. The explosion includes both personal and business use of social media. It also includes use that is beneficial to employers and use that can be very damaging. Unfortunately, the influx of employment lawsuits that have followed the explosion have had limited practical value in guiding employees and employers on the permissible use and oversight of social media in the workplace. While many questions remain, the California State Legislature's recent enactment regulating employer use of social media does provide some guidance.
California Labor Code section 980 was enacted to prevent employers from (1) requesting an employee disclose usernames or passwords for personal social media accounts; (2) requiring an employee to access his or her personal social media in the presence of the employer; or (3) requiring an employee to divulge any personal social media to the employer. Applicants are protected in the same way as employees. The new statute, coupled with existing privacy laws, limits what employers may monitor when it comes to the personal social media of employees and applicants.
Definition Of Social Media
In what appears to be an effort to account for the ever increasing development of new social media, the new statute broadly defines social media as an "electronic service or account, or electronic content, including, but not limited to, videos, still photographs, blogs, video blogs, podcasts, instant and text messages, e-mail, online services or accounts, or internet web site profiles or locations."
Most employers know they must maintain accurate records showing the specific time when nonexempt employees begin and end each work period. This requirement includes ensuring that the in and out times for meal periods and split shifts are also accurately kept. Although many employers still use handwritten timecards or punch machines to meet the recordkeeping requirements, an increasingly large number have moved to electronic timekeeping systems such as a card swipe, keypad entry or computer login. In addition to simplifying the act of timekeeping and the calculation of the hours worked for payroll, more sophisticated systems produce state-of-the-art reports and can be extremely helpful in defending against wage claims.
Regardless of the timekeeping system used, a large number of employers round employees' actual recorded time up or down to determine the hours to be paid. Unfortunately, many engage in the practice without a full understanding of the legal ramifications.
Under a 50-year-old federal regulation, employers have been permitted to round the recorded starting and stopping times of nonexempt employees to the nearest 5 minutes, or to the nearest one-tenth or one-quarter of an hour as long as the rounding does not result over time in the failure to compensate employees properly for all the time they work. The California labor commissioner has long followed this same rule in interpreting state law. Until recently, however, the California courts had not ruled on the practice of rounding.
In an attempt to simplify the ever-confusing Workers' Compensation world in the great State of California, our legislative branch drafted SB 863 in 2012. With the stroke of his pen, Governor Brown enacted sweeping legislation, with effective and varying start dates for various provisions of the new law. However, with varying start dates comes confusion regarding various provisions. A spinal surgery request is one of the areas which appears to have a problem with the implementation date of July 1, 2013.
Effective January 1, 2013, provisions under Labor Code § 4062(b) pertaining to the spinal surgery second opinion process have been eliminated from the Labor Code. Overall, this is a positive result for the Defendant from SB 863. The new independent medical review (IMR) process kicks in on July 1, 2013, for dates of injury prior to January 1, 2013. However, a new question has surfaced as a result of this substantial change. How do we address spinal surgery requests for dates of injury prior to January 1, 2013?
The new regulations and the Labor Code conflict in their guidance. Labor Code § 4062 (b) reads: "For injuries on or after 1/1/2013 and for UR decisions communicated on or after 7/1/2013, regardless of date of injury, all employee objections to utilization review disputes under Lab Code § 4610 are resolved only IMR pursuant to 4610.5 and not through the QME process." Simple enough. Yet with the provisions of Labor Code § 4610.5 regarding the IMR process not starting until July 1, 2013, we have a sizeable gap of six months where the parties are seemingly unable to participate in a second opinion process as well as the independent medical review process.
Causing even more confusion is the second half of Labor Code § 4062(b) which reads: "For injuries on or after 1/1/2013 and for objections to diagnosis of treatment recommendations within the MPN, regardless of the date of injury, all employee objections to diagnosis or treatment recommendations within the MPN are also resolved only through independent medical review pursuant to § 4610.5."
Curiously, this seems to imply that the independent medical review process is the method which should be used, since a request for spinal surgery is clearly a request for care. Further, the process is to be implemented "regardless of the date of injury." That being said, we must note that the objections must come from care within the medical provider network (if applicable). Further, it appears that this section refers only to "employee" (not employer) objections.
Health plans, their insurers, employer and other sponsors, and business associates have work to do. Health care providers, health plans, health care clearinghouses and their business associates will need to review and update their policies and practices for handling and disclosing personally identifiable health care information ("PHI") in response to the omnibus restatement of the Department of Health & Human Services ("HHS") Office of Civil Rights ("OCR") of its regulations (the " 2013 Regulations") implementing the Privacy and Security Rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Rulemaking announced January 17, 2013 may be viewed here.
Since 2003, HIPAA generally has required that health care providers, health plans, health care clearinghouses and their business associates ("Covered Entities") restrict and safeguard individually identifiable health care information ("PHI") of individuals and afford other protections to individuals that are the subject of that information. The 2013 Regulations published today complete the implementation of changes to HIPAA that Congress enacted when it passed the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 as well as make other changes to the prior regulations that the Office of Civil Rights found desirable based on its experience administering and enforcing the law over the past decade.
Since passage of the HITECH Act, Office of Civil Rights officials have warned Covered Entities to expect an omnibus restatement of its original regulations. While the Office of Civil Rights had issued certain regulations implementing some of the HITECH Act changes, it waited to publish certain regulations necessary to implement other HITECH Act changes until it could complete a more comprehensive restatement of its previously published HIPAA regulations to reflect both the HITECH Act amendments and other refinements to its HIPAA Rules. The 2013 Regulations published today fulfill that promise by restating the Office of Civil Rights' HIPAA Regulations to reflect the HITECH Act Amendments and other changes and clarifications to OCR's interpretation and enforcement of HIPAA.
Employees sometimes drive to work,
And then they find a parking spot,
Sometimes on a busy street,
Sometimes in a parking lot,
But injuries can still occur,
Between their cars and the front door,
And who will pay for slips and falls,
Will always be the Judge's call.
Such is the nursery rhyme sung to children of applicants' attorneys and defense lawyers in the dark and murky world of California workers' compensation.
This issue came up recently while I was having lunch with my brother-in-law, Jasper. Jasper had been doing well recently in the wheelbarrow industry, and wanted to expand his operations from his garage to a real factory. He invited me to lunch to present me with some exciting investment opportunities in the wheelbarrow industry. Currently, Jasper had his eye set on one location in particular because it came with a parking lot.
His plan was to set up a series of obstacles in the parking lot, in the hopes that the employee with poor agility and balance would sustain injury outside his factory and shield him from workers' compensation liability. Thus, only the workers that could swim faster than sharks, swing over quicksand pits, and tightrope over mine fields would actually make it to work.
Without getting into issues of serious and willful misconduct, for those readers out there that aren't Jasper, when you're facing a claim of injury in or near a parking lot, are you on the hook? Let's start with the basics.
Properly encrypt and protected electronic protected health information (ePHI) on laptops and in other mediums!
That's the clear message of the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) in its announcement of its first settlement under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule involving a breach of ePHI of fewer than 500 individuals by a HIPAA-covered entity, Hospice of North Idaho (HONI).
The settlement shows that the Office of Civil Rights stands ready to penalize these healthcare providers, health plans, healthcare clearinghouses and their business associates (covered entities) when their failure to properly secure and protect ePHI on laptops or in other systems results in a breach of ePHI even when the breach affects fewer than 500 individuals.
HIPAA Security & Breach Notification For ePHI
Under the originally enacted requirements of HIPAA, covered entities and their business associates are required to restrict the use, access and disclosure of protected health information and establish and administer various other policies and safeguards in relation to protected health information. Additionally, the Security Rules require specific encryption and other safeguards when covered entities collect, create, use, access, retain or disclose ePHI.
The Health Information Technology for Economic and Clinical Health (HITECH) Act amended HIPAA, among other things to tighten certain HIPAA requirements, expand its provisions to directly apply to business associates, as well as covered entities and to impose specific breach notification requirements. The HITECH Act Breach Notification Rule requires covered entities to report an impermissible use or disclosure of protected health information, or a "breach," of 500 individuals or more (Large Breach) to the Secretary of HHS and the media within 60 days after the discovery of the breach. Smaller breaches affecting less than 500 individuals (Small Breach) must be reported to the Secretary on an annual basis.
Since the Breach Notification Rule took effect, the Office of Civil Rights' announced policy has been to investigate all Large Breaches and such investigations have resulted in settlements or other corrective action in relation to various Large Breaches. Until now, however, the Office of Civil Rights has not made public any resolution agreements requiring settlement payments involving any Small Breaches.
Hospice Of North Idaho Settlement
On January 2, 2013, the Office of Civil Rights announced that Hospice of North Idaho will pay the Office of Civil Rights $50,000 to settle potential HIPAA violations that occurred in connection with the theft of an unencrypted laptop computer containing ePHI. The Hospice of North Idaho settlement is the first settlement involving a breach of ePHI affecting fewer than 500 individuals. Read the full HONI Resolution Agreement here.
The Office of Civil Rights opened an investigation after Hospice of North Idaho reported to the Department of Health and Human Services that an unencrypted laptop computer containing ePHI of 441 patients had been stolen in June 2010. Hospice of North Idaho team members regularly use laptops containing ePHI in their field work.
Over the course of the investigation, the Office of Civil Rights discovered that Hospice of North Idaho had not conducted a risk analysis to safeguard ePHI or have in place policies or procedures to address mobile device security as required by the HIPAA Security Rule. Since the June 2010 theft, Hospice of North Idaho has taken extensive additional steps to improve their HIPAA Privacy and Security compliance program.
SB 863 was signed by California's Governor back in October but with an official start date of January 1, 2013. For that reason and just because I don't trust either the legislature or the courts to change their minds, I thought I would wait until now to start talking about what is good, what is bad and what is downright ugly.
Let's Start With A Good...
In 1917, the first Industrial Accident and Safety Act went into effect. There were lots of pieces, but one that has endured the test of time is the one that allows an injured employee to choose to be treated by his own consulting or attending physician, at the employee's own expense. The current version of that section is now Labor Code Section 4605 (until 1/1/2013). In my mind, it has been used, or should I say abused, over the past years with an ongoing controversy over this section and what it really means.
There are two major issues surrounding this section of the code. The first has been the question of who is really responsible to pay the bill. The second is whether or not the non-Medical Provider Network doctors' reports are admissible in court. Well, thanks to an energetic applicants' attorney (A/A) named Mendoza, both of these issues became ripe for the courts with the recent 2012 Valdez case.
First, I must note that there was a viable Medical Provider Network in place at the time of the injury. The employee initially went to the carrier's Medical Provider Network doctor, but he also self-procured his own, non-Medical Provider Network doctor.
The carrier objected on the basis that the Medical Provider Network controlled all medical treatment. However, the trial judge admitted and relied totally on the report of the self-procured, non-Medical Provider Network doctor in making his decision as to compensability and the amount that would be due the injured employee. This matter was then taken up by the Workers' Compensation Appeals Board who reversed the trial judge not once but twice.
However, Mr. Valdez' attorney was not letting go so easily. So the matter was then taken up by the Court of Appeals who agreed with the Workers' Compensation Appeals Board. Mr. Mendoza was still not satisfied and took the matter to the California Supreme Court for consideration. The matter has been accepted by the Supreme Court and we await their decision which I predict will be in our favor.
September's National Labor Relations Board (NLRB) order requiring the buyer of a California nursing home to pay approximately $1.25 million in backpay and interest, rehire 50 employees and recognize the seller's union reminds buyers of union-organized businesses of some of the significant risks of mishandling union-related obligations in merger and acquisition, bankruptcy and other corporate transactions under the National Labor Relations Act (NLRA) and other federal labor laws.
Buyer's Obligations To Honor Seller's Collective Bargaining Obligations
Under the National Labor Relations Act, new owners of a union facility that are "successors" of the seller generally must recognize and bargain with the existing union if "the bargaining unit remains unchanged and a majority of employees hired by the new employer were represented by a recently certified bargaining agent." See National Labor Relations Board v. Burns Sec. Servs., 406 U.S. 272, 281 (1972).
In assembling its workforce, a successor employer also generally "may not refuse to hire the predecessor's employees solely because they were represented by a union or to avoid having to recognize a union." U.S. Marine Corp., 293 National Labor Relations Board 669, 670 (1989), enfd., 944 F.2d 1305 (7th Cir. 1991).
Nasaky, Inc. National Labor Relations Board Order
September's National Labor Relations Board Order requires Nasaky, Inc., the buyer of the Yuba Skilled Nursing Center in Yuba City, California, to recognize and honor collective bargaining obligations that the seller Nazareth Enterprises owed before the sale and rehire and pay backpay and interest to make whole 50 of the seller's former employees who the National Labor Relations Board determined Nasaky, Inc. wrongfully refused to hire when it took over the facility from the prior owner, Nazareth Enterprises.
Before Nasaky, Inc. bought the nursing home, many of the employees at the nursing home were represented by the Service Employees International Union, United Healthcare Workers West (Union). After Nasaky, Inc. agreed to buy the facility but before it took control of its operations, Nasaky, Inc. advertised in the media for new workers to staff the facility and told existing employees at the facility that they must reapply to have a chance of keeping their jobs under the new ownership.
When Nasaky, Inc. took operating control of the facility, facility operations continued as before with the same patients receiving the same services. The main difference was the workforce. The new staff included 90 employees in erstwhile bargaining unit positions, of which forty were former employees of the predecessor employer and fifty were newcomers. Nasaky, Inc. then took the position that the change in the workforce excused it from responsibility for recognizing or bargaining with the union or honoring the collective bargaining agreement between the union and seller Nazareth Enterprises.
When the union demanded that Nasaky, Inc. recognize the union and honor the union's collective bargaining agreement with Nazareth Enterprises, Nasaky, Inc. refused. Instead, Nasaky, Inc. notified the union that it would not allow the union on its premises, would not honor the union's collective bargaining agreement with the seller, and did not accept any of the predecessor's terms and conditions of employment. The union then filed charges with the National Labor Relations Board, charging that Nazareth Enterprises had breached its obligations as a successor under the National Labor Relations Act.
After National Labor Relations Board Regional Director Joseph F. Frankl agreed and issued a complaint, California Administrative Law Judge Gerald Etchingham found all the allegations true based on a two-day hearing. He rejected all of Nasaky's explanations for why it declined to hire most of those who had worked for the previous employer. See the Administrative Law Judge Decision. Since Nasaky, Inc did not file exceptions, the National Labor Relations Board ordered Nasaky, Inc. immediately to recognize and bargain with the union, hire the former employees and make them whole. The amount of backpay and interest is expected to approximate $1.25 million.
This is Part 5 of a five-part series on legal barriers to implementing international providers into Medical Provider Networks for workers' compensation. Previous articles in the series can be found here: Part 1, Part 2, Part 3, and Part 4.
Medical Malpractice And Liability Laws
One major criticism of medical tourism is the lack of legal remedy for patients claiming injury from medical malpractice.91 Medical malpractice and liability laws in foreign countries are not as strict as laws in the U.S.92 Awards for malpractice are generally not as generous either as those in the U.S.93 Physicians overseas do not typically have the same amount of malpractice insurance as their American counterparts.94 And the threshold for determining malpractice is higher outside the U.S.95 Limited recourse through the court systems of many countries is a problem, and the right to sue may not exist for injured patients.96 In India, even though the court system is similar to that in the U.S., medical malpractice awards are rare and never reach the multi-million dollar amount common in U.S. court systems.97
Before recognizing a suit, an American court must have personal jurisdiction over a foreign provider.98 The issue of personal jurisdiction over the foreign provider is a difficult burden for anyone initiating a suit.99 U.S. courts are reluctant to assert personal jurisdiction over physicians who are not residents of the U.S. and do not practice in the forum state.100 Minimum contacts sufficient to exercise personal jurisdiction could be difficult to establish over a physician who performed a harmful procedure outside of the forum state.101 If a U.S. court does find evidence to support personal jurisdiction, the case could be dismissed on the grounds of forum no conveniens (not suitable to the forum).102 If the case is not dismissed, then choice of law conflicts arises.103 104 If a court recognizes a valid claim against a defendant, it is likely the defendant will be successful challenging the location of the suit.105 Most jurisdictions would apply the laws of the country where the malpractice occurred, decreasing the likelihood of a finding of malpractice, and a reduction of damages.106
Patient Privacy And Medical Record Laws (Including HIPAA)
In recent years, the U.S. health care industry has outsourced the processing and interpretation of x-rays and other medical records to countries such as India,107 where the data entry costs are less than half of those in the U.S.108 Half of the $20 billion medical transcription industry is outsourced.109 This is due to the fact that information technology is not a core competency of the health care industry and has proven itself to be a prime candidate for outsourcing. Other tasks such as billing, coding, data-clearing, claims processing, and electronic records data processing and storage also are outsourced.110
One example of a task that is outsourced to India, and that pertains to the workers' compensation industry is the outsourcing of the initial processing of medical bills for health care claims that are later determined to be workers compensation claims. A company this author had contact with in 2008 conducts subrogation recovery on those medical bills paid by their health care clients when injured workers present their employer's health care insurance card at time of treatment, and does not inform staff that he was injured on the job. The provider bills the health insurer, rather than his employer's workers' compensation carrier. The subrogation company, working on a pilot project for the NYS Workers' Compensation Board under the Health Insurers' Match Program (HIMP), outsources the initial processing of the medical bills for health care claims to an office they have contracted with in Gurgaon, India.
Since much of the current business of medical tourism is conducted through facilitators, or medical tourism brokers, as mentioned in Part 1 of this series, they must conform to national or state legislation that governs the privacy and confidentiality of medical records and patient information. The locations in which they are located should bind them to the laws of that jurisdiction, and therefore, they would have to conform to the Health Insurance Portability and Accountability Act (HIPAA) regarding privacy of medical records.111
HIPAA privacy applies to a limited subset of health care entities.112 Those "covered entities" include health plans, health care providers, and health care clearinghouses that process nonstandard information. "Business associates" of covered entities are organizations that perform certain functions or activities on behalf of, or provide certain services to, a covered entity. Examples of functions or activities include claims processing, data analysis, utilization review, and billing. Their services are limited to legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services.113
HIPAA rules are strict, and health plans in the U.S. must follow them even for services provided abroad. However, they are not applicable to foreign hospitals and doctors. Business Associate agreements under HIPAA should be placed with offshore vendors, and vendors should have their contracts with hospitals and other providers conform to HIPAA standards.114
Out of the Frying Pan And Into The Fire — Jumping Into SB 863
As we look toward 2013, one thing is certain — it will be a year of change for California workers' compensation. With the passing of the hotly debated reform legislation, SB 863, which takes effect on January 1, 2013, proponents are hopeful that the changes will have a positive impact on the current state of California's workers' compensation system. While SB 863 was drafted to reform the workers' compensation system, its intent is different than that of SB 899, legislation passed in 2004. SB 899 revamped and reduced workers' compensation benefits. SB 863 increases benefits to the injured employees while decreasing system costs by improving efficiency and eliminating "waste" in the form of excessive medical and legal costs.
There is no question that SB 863 addresses key issues that have been on the forefront of debate following the implementation of SB 899, many of which are positive for both employers and injured employees. While most agree that reform was needed, the net effect that the SB 863 changes will have on California insurance rates is also hotly debated because of other factors that need to be considered including carrier loss ratios and economic factors. While the regulations are still being drafted, the following summarizes some of the highlights, possible challenges and the potential impact on California workers' compensation rates.
While successfully addressing a number of failings in the workers' compensation system, it is widely accepted that one of the failings that SB 863 will address is one of the unintended results of the implementation of SB 899 in 2004 — that permanent disability rates provided inadequate compensation to some injured employees. The SB 863 legislation:
- Increases permanent disability payouts over a 2-year period with annual adjustments
- Eliminates "add-ons" to permanent disability, including sleep disorder and sexual dysfunction, though psych will be allowed for catastrophic injury or violent workplace incident
- Addresses Diminished Future Earnings Capacity (DFEC) via a standard multiplier to the permanent disability rating formula
- Creates a Return to Work Program for those injured employees whose permanent disability is disproportionately low for their loss of earnings capacity
- Caps the Supplemental Job Displacement Benefit (SJDB) at $6,000 — currently at $10,000
The increases in permanent disability benefits are expected to cost $310M next year and almost double in 2014. However, the elimination of some of the add-ons to permanent disability and changes to the impact of diminished future earnings capacity under the Ogilvie case are expected to save $210M per year. The Return to Work Program will be funded through employer assessments at a cost of $120M per year.