Murtha Cullina LLP

A reminder to Connecticut employers: generally speaking, questions about an applicant’s salary history are prohibited as of January 1, 2019. As I detailed in an earlier post, Connecticut has joined the growing number of states restricting what employers may ask applicants about salary history. While salary history inquiries are now generally prohibited, there are two important exceptions that are discussed in my earlier blog post. I encourage Connecticut employers to review employment applications…
For many years, the plaintiffs’ bar has been very active in bringing class action litigation against public companies immediately after the announcement of adverse news concerning a company, which many times triggers a decline in the company’s stock price.  Since at least the Yahoo data breach in 2013 (which led to a settled SEC enforcement action and a recently-settled class action lawsuit), plaintiffs’ lawyers have been increasingly drawn to using data breach problems to allege…
A Colorado Hospital reached an $111,400 settlement with the Office for Civil Rights (“OCR”) for failing to terminate a former employee’s access to electronic protected health information.  OCR’s investigation uncovered that the hospital impermissibly disclosed electronic protected health information of over 500 individuals to the former employee because it failed to terminate that employee’s access.  Additionally, OCR found that the hospital impermissibly disclosed information to Google Calendar, without a business associate agreement.  There are two…
The Request for Information on Modifying HIPAA Rules to Improve Coordinated Care is slated for publication in the federal register tomorrow.  The Department of Health and Human Services’ Office for Civil Rights (OCR) issued an advance copy of the RFI yesterday.  Specifically, “OCR seeks information on the provisions of the HIPAA Rules that may present obstacles to, or place unnecessary burdens on, the ability of covered entities and business associates to conduct care coordination and/or…
Parents frequently transfer their ownership interests in a family-owned business to their children. This is usually done in connection with an owner’s estate planning or as part of an orderly succession of the business’ management.  But what happens if an owner transfers his or her business interests in order to place the business assets or interests out of the reach of that owner’s creditors?  In that case, the transfer may be avoided as a fraudulent…
On Monday, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a $125,000 settlement with a three-physician allergy practice in Connecticut for HIPAA Privacy Rule violations.  According to OCR’s press release and corrective action plan, a physician responded to a reporter’s questions about the allergy practice turning away a patient with a service animal.  While the allergy practice had HIPAA policies and procedures in place, the involved physician did not…
CMS recently sent a proposed request for information (RFI) to the Federal Office of Management and Budget (OMB) for review.  The RFI would seek feedback on whether provisions of HIPAA present barriers or otherwise discourage coordination of care among providers, payors and patients.  The RFI also seeks feedback on whether HIPAA “impede[s] the transformation to value-based health care without providing commensurate privacy or security protections. . . .”  Importantly, the RFI seems to acknowledge some…
Owners of family-owned businesses sometimes enter into agreements between each other for the purchase and sale of shares in the business.  Ideally, these agreements are negotiated, documented and implemented in a way that each party is satisfied with the result – e.g., one owner acquires additional shares while the other owner receives the agreed-to cash value for the shares and exits the business.  But sometimes one party (often the seller) will claim that the deal…
In the age of the data breach, lawyers and law firms have a lot in common with comic book superheroes: they are locked in a relentless battle against a cunning, ever-changing threat. This past week, Foley & Lardner experienced a “cyber event,” adding its name to the list of cyber attack victims which, according to Bloomberg Law, includes DLA Piper, Cravath, Swaine & Moore, Weil, Gotshal & Manges, over one third of small and…