Law Firm Conflicts, Continued

"Ex-Dewey Lawyer's Move Adds Wrench to Firm's Bankruptcy" --

• "The announcement earlier this week that onetime Dewey & LeBoeuf partner Stephen Best had moved from Brownstein Hyatt Farber & Schreck to Brown Rudnick has prompted a barbed email exchange between two lawyers representing clients with competing interests in now-defunct Dewey's bankruptcy proceeding."
• "Bassen contends that Brown Rudnick should be immediately disqualified from representing Dewey liquidation trustee Alan Jacobs in a settlement that affects his clients because Best, before working at Brown Rudnick, consulted with DiCarmine and Sanders on the issues now in question."
• "Jacobs and Brown Rudnick are pushing for court approval of a settlement reached by former chair Steven Davis, XL Specialty Insurance, and the bankruptcy estate that would see XL chip in $19 million to resolve mismanagement claims."
• "As Bassen explains in his letter, which is addressed to U.S. Bankruptcy Judge Martin Glenn, DiCarmine and Sanders consulted with Best "for several hours" in 2012 during a daylong meeting and in several separate conversations "regarding their employment at Dewey and the facts and circumstances that led to the firm winding up in this Court." According to Bassen, the conversations included "their defenses to and strategies regarding potential claims, including mismanagement claims" as well as potential claims not covered by XL and other insurers."
• "Brown Rudnick partner Edward Weisfelner explains in a three-page email that Bassen attached to his letter to Glenn why he believes there is "zero basis for disqualification here." Weisfelner says in the message that Best and Brown Rudnick created a complete ethical wall to prevent Best from seeing any Dewey-related documents and which prohibits lawyers working on the case from talking to him—and that the proposed settlement was filed with the court before Best even joined the firm."
• "Weisfelner also lashes out at Bassen in the email for what he says are a series of delay tactics the Hughes Hubbard lawyer has used to prevent the XL settlement from getting court approval. Despite the opposition to Bassen's claims, Brown Rudnick did agree to delay depositions of Bassen's clients that were scheduled to take place Thursday, according to the court filing."

Conflicts in the News (School & Sports Edition)

"Judge says defendants in Atlanta public schools cheating scandal must have separate lawyers" --

• "To avoid potential conflicts of interest, lawyers may not represent more than one of the 35 defendants in the case involving a cheating scandal in the Atlanta public schools, the judge in the case said Thursday."
• "The lawyers who appeared Thursday for the conflict of interest hearing represented a dozen clients in the case."
• "Fulton County Superior Court Judge Jerry Baxter said during a hearing for lawyers who already have been representing more than one client in the case that he was acting very cautiously because he doesn’t want to encounter any potential conflicts — even if none are immediately evident."
• "A Fulton County grand jury in March indicted 35 educators, including former Superintendent Beverly Hall, and accused them of involvement in a broad conspiracy to cheat, conceal cheating or retaliate against whistleblowers. Prosecutors say the educators were driven at least in part by bonuses for improved student performance."
• "Bob Rubin, who represents two former Atlanta Public Schools principals, said he was confident there was no conflict of interest between his clients, who he said worked at different schools and had never spoken or met each other prior to their indictment. Rubin has been working with his clients for more than a year, and forcing one of them to start over with a new lawyer now could hurt their defense, he argued. Three other lawyers who represent multiple clients made similar arguments. But Baxter denied all requests to reconsider his decision, saying all of the educators face a conspiracy charge implicating them in a coordinated scheme."

"Law firm hired to probe Rutgers basketball scandal quietly resigns over conflict" --

• "Nearly three weeks after Rutgers University hired a high-profile law firm to conduct an independent review of its basketball coaching scandal, the school named a new firm to the job today after the original investigators quietly resigned — citing a previously undisclosed conflict of interest."
• "The firm of Cahill Gordon & Reindel stepped aside Friday after it discovered a link to Connell Foley, the Roseland law firm Rutgers hired last fall to investigate claims basketball coach Mike Rice had physically and verbally abused players. Rutgers officials previously said Connell Foley gave them faulty advice."
• "'We discovered after the announcement of the engagement that the Connell Foley firm, which represented Cahill as local counsel in litigation in New Jersey, is the same firm that issued a report to Rutgers about the coach Rice allegations,' said Cahill Gordon spokeswoman Lynn Tellefsen."

Law Firm Insider Trading News & Allegations

In interesting update about the growth of the "political intelligence" industry and the potential for concern, as reported in recent stories via the Washington Post:

"SEC subpoenas firm, individuals in a case of leaked information" --

• "The Securities and Exchange Commission has issued subpoenas to a firm and individuals in connection with the leak last month of a federal funding decision that appeared to cause a surge in stock trading of several major health companies. The move deepens the government’s scrutiny of the growing 'political intelligence' industry, which has been thriving on delivering valuable information from Washington to investors. This relatively new breed of companies capitalizes on the fact that decisions made in Washington — whether a regulator blocking a big merger or a lawmaker tweaking legislation — can create opportunities for stock traders to make money."
• "The latest case emerged April 1 when Height Securities, a Washington-based stock brokerage firm, alerted its clients that the government would soon make a decision favoring private health insurers who participate in a Medicare program. The alert went out 18 minutes before the end of the trading day, sparking a surge in trading in the shares of several major health-care firms, including Humana and Aetna. The official government announcement was made after trading closed for the day."
• "On Wednesday, several people familiar with the probe confirmed that the SEC has subpoenaed a Height Securities analyst and Mark Hayes, a health-care lobbyist who advised the firm on legislative issues. Hayes’s law firm, Greenberg Traurig, was also subpoenaed by the SEC, according to the sources, who spoke on the condition of anonymity because the matter was under federal investigation. The SEC has conducted an interview with Hayes, who voluntarily submitted to four hours of questioning, these people said. The FBI was present at the meeting, suggesting that the Justice Department has taken a deep interest in the matter, one of the people said. A Justice Department spokesman declined to comment on an ongoing investigation."

"Greenberg Traurig law firm at the center of ‘political intelligence’ case" --

• "How the lobbyist, who works at the law firm Greenberg Traurig, stepped into this morass offers a window into what has become a routine and profitable practice at law firms and lobbying shops: In addition to their usual work, lobbyists share with financial firms the latest political tidbits they are gathering from sources, sending an e-mail here and there with the latest ‘political intelligence.’ The financial firms value the information because it can inform their investments."
• "Greenberg Traurig was not doing anything unusual for a law firm by sharing political insight with clients who have investment interests. But when that information then informs stock trading, the ethics can become murky. ‘The road to hell in this particular situation is not paved with clarity,’ said Stephen M. Ryan, head of the government strategies practice group at the law firm McDermott Will & Emery. ‘You wander into it.’"

New Playbook Disqualification Decisions

The always watchful Bill Freivogel notes two recent disqualification decisions where assertions of playbook knowledge where integral to the arguments at hand. (We've covered playbook debates, discussions and decisions several times, see here and here.)

• "Khani v. Ford Motor Co., 2013 Cal. App. LEXIS 320 (Cal. App. April 2, 2013).  Lawyer brought this action for the plaintiff under California's "lemon law."  Defendant moved to disqualify Lawyer because, between 2004 and 2007, Lawyer had represented Defendant in 150 lemon law cases.  The trial court granted the motion.  In this opinion the appellate court reversed.  In doing a playbook analysis the court felt that Defendant's evidence was 'bare-bones.'  Among other things, the court noted that this case involved a 2008 Lincoln Navigator and that Lawyer had not worked on any cases dealing with that vehicle.  The court also said that alleging that Lawyer's work for Defendant involved the same statute as that in this case was simply not enough to establish a substantial relationship." [Ed: See BNA for additional detail.]
• "Childress v. Trans Union, LLC, 2013 U.S. Dist. LEXIS 61360 (S.D. Ind. April 30, 2013).  The plaintiff's lawyer ("Lawyer") in this FCRA case previously represented the defendant in defending cases under the same provisions of that act.  Lawyer billed more than 4,200 hours in defending 250 such cases.  In a fact-intensive analysis the magistrate judge granted the defendant's motion to disqualify Lawyer.  In this opinion the district judge affirmed.  The opinion contains an interesting discussion of application of Indiana's Rule 1.9 and 'federal common law.'  Among other things, the court held that Comment [2] to Indiana's Rule 1.9 is not inconsistent with disqualification in this case.  (Indiana's Rule 1.9 and Comment [2] appear to be identical to MR 1.9 and its Comment [2].)"

Report from Recent Risk Roundtables in LA & SF

Last week, we held a Risk Roundtable series in Los Angeles and San Francisco. Many thanks to Sheppard Mullin and Sedgwick for hosting. The events featured lively discussions on risk issues ranging from law firm best practices for HIPAA compliance, strategic policies for information governance, new business intake and engagement management. Kathryn Hume, who manages and moderates the Risk Roundtable Program, sends this update:

• Dan, I'm pleased to report back a successful west coast Risk Roundtable series. Sheppard Mullin and Sedgwick generously agreed to host our group of risk managers and technology leaders. A special thanks to Steven Shock, Chief Technology Officer at Irell & Manella, who led a spirited discussion about the challenges of changing and successfully executing an information governance program. Attendees shared various opinions on email management, document management, records retention and disposition. 
• At both events, Adam Carlson, who recently joined the IntApp team as an information security expert and consultant, lead a discussion about best practices for HIPAA compliance in law firms. Drawing on his experience helping firms improve their compliance posture before the September 23 enforcement deadline, Adam advised firms to survey systems and practice groups to identify PHI, designate a privacy and security official, tag PHI during intake and develop an access control and activity monitoring strategy to meet key HIPAA privacy and security requirements. 
• Firms agreed that there remains cultural resistance to implementing a "minimum necessary" model for information access in law firm environments, even as regulations, state laws and clients push firms to restrict access to those who need it to do their work. To contain risk without entirely closing down systems, many firms choose to lock down their most sensitive and valuable information, while leaving less sensitive information available for general internal use. Risk and IT stakeholders agree that it is crucial that management foster a culture of risk awareness to change organizational habits and drive project success.
• Finally, we spent substantial time in our San Francisco meeting discussing engagement management and new business intake. Firms across the board reported that clients were demanding discounted rates, putting pressure on firms to budget matters on the front end to ensure profitability. In response, many firms are seeking to improve insights into matter pricing patterns so as to make informed decisions about engaging clients in the future. Firms are also revisiting intake to build processes and procedures lawyers endorse and comply with, both to improve data quality and decrease risk.

We're looking forward to our upcoming Roundtable in Toronto.

News & Updates: Conflicts, Information Security

"Greenberg Traurig Settles Heller Ehrman Suit for $4.9 Million" --

• "Greenberg Traurig LLP agreed to settle a malpractice suit with defunct law firm Heller Ehrman LLP for $4.9 million. Heller alleged that Greenberg had a conflict of interest when it was retained by the firm for the bankruptcy proceedings because the firm also represented Bank of America, which was the law firm’s lender and claimed an interest in its assets
• "Greenberg took the position that the claims were without merit, asserting that the scope of its engagement was narrower than alleged, according to court documents. The settlement was a result of mediation... It will be considered for approval before judge Dennis Montali on May 31."

The Daily Record has published: "Seven Tips for Better Law Firm Security" --

• "Corporations allocate significant time and money for protecting their digital intellectual property. If you have ever met an information security professional, you know that they take their jobs seriously."
• "Once possession of that data was transferred from ABC to the law firm, they became the custodian of that data. I would argue that they had a professional and ethical obligation to protect it."
• "Too often I see little thought or effort put towards protecting client data that is in the custody of law firms. Don’t simply take my word for it. In late 2011, representatives from New York’s top 200 were asked to meet with the FBI’s cyber division in New York City..."
• "Make security a priority. If the managing partner at the firm isn’t buying in to the security craze then you can bet no one below is either. Make it part of your company’s culture. Many big law firms are touting their security prowess to attract bigger clients. So putting security at the top of the list can also have the benefit of getting (or holding) clients. Security makes good business sense!"
• "One hundred percent security can never be achieved. The goal is not to be a soft target. Most hackers will move on to the next victim if they find your systems difficult to penetrate. Is your law firm doing all it can to safeguard client data?"

Do Law Firms Have the Right Compliance Measures in Place?

That's the question Corporate Counsel magazine is asking: "Looking for Top Law Firms' Compliance Programs." They report that they: "thought it would be enlightening to check out how top law firms handle compliance issues. But what it found was that either many firms don't have formal compliance programs, or else they don't want to share how they do it."

This story is interesting both because of its substance and because it's raising the profile of law firm compliance with its corporate law readers:

• "[Kenneth] Young, a member of the American Bar Association's law practice management section, said he has worked with law firms across the country. 'Candidly, I'm not seeing a lot of formal compliance efforts,' he said."
• "And it's not like law firms haven't had any compliance problems—e.g., lawyers charged with insider stock trading for using or leaking confidential client information... Such high-profile cases 'should be a wake-up call to law firms that robust compliance and ethics programs are as critical to their business as to their clients,' said Donna Boehme, a compliance consultant who writes the Compliance Strategist column for CorpCounsel.com."
• "Boehme also thinks law firms are missing a key chance to toot their own horns. 'It seems to me that a law firm that could boast of a robust approach to compliance and ethics would find that a significant competitive advantage,' she noted."
• "One compliance attorney who advises corporations, and who asked not to be named, said most law firms are not set up to enforce their own compliance. 'There are no hotlines or compliance officers or other types of mechanisms' like the ones that corporations are advised to employ, he said. The lawyer suggested that compliance is a piece that accounting firms have gotten right, while law firms have morphed into full-service, global companies without making compliance a priority. 'But the services are similar, and the risks are the same sort of risks," he noted. "It's crazy.'"

Corporate Counsel reached out to top five AmLaw firms by revenue for comment and received little on the record feedback:

• "Latham & Watkins chief operating officer LeeAnn Black also handed off to spokesman, Frank Pizzurro, who said, 'Latham will pass on discussing the compliance topic, but thanks for the outreach.'"

 

Ethics Opinion Updates

"Multiple Firm Practice Blessed By Ohio Ethics Opinion" --

• "Finding “substantial justification for a new perspective on  practice in multiple firms” and considering “the context of current rules and  modern practice,” the board concluded in Opinion  2013-1 that practice in multiple firms can occur in compliance with the  Rules of Professional Conduct."

"Client Identities, Legal Bills Can Be Disclosed, [Pennsylvania] High Court Says" --

• "The court set a fact-specific standard in determining that client identities are typically not privileged unless they would be coupled with information about what type of work the attorney has done on behalf of the client that, when disclosed together, would essentially disclose attorney-client communications. The Supreme Court determined, however, that previous disclosure that the attorney is representing a client in a grand jury investigation is not enough to protect the identity of the client."

And, for those embracing every avenue of our new social world: “Ohio Ethics Opinion states that lawyers may use text messages to solicit clients if all lawyer advertising rules are followed”

Clearing Conflicts & Disqualification Disputes

New updates and articles to share. First: "Fourth Circuit says no conflict of interest in law firm’s appointment" --

• "A federal appeals court has found no conflict of interest in a bankruptcy trustee’s appointment of a law firm that represented another party in a separate debt collection action against one of the bankrupt partnership at issue’s general partners."
• "On July 6, 2010, the bankruptcy court approved the trustee’s employment of his law firm – McNeer, Highland, McMunn and Varner – as special counsel. The law firm had also been representing Wells Fargo Bank in an unrelated action to collect an outstanding debt of $208,000 from Rahmi."
• "On April 1, 2011, Rahmi filed a Motion to Remove Trustee for Conflict of Interest based on the law firm’s involvement in both actions concerning him. The bankruptcy court denied the motion and Rahmi initially appealed to the district court, but then voluntarily dismissed the appeal."

And continuing developments following the disqualification in the matter of 3M and the state of Minnesota (covered previously). Bloomberg law reports:

• "But the issue is not yet settled: 'Covington & Burling LLP sought to overturn a judge's ruling disqualifying the firm from working for Minnesota on a lawsuit alleging 3M Co. polluted state waters.'"
• "'Disqualification of Covington would be a devastating and quite possible fatal blow to the state’s case,' Minnesota’s lawyers wrote in court filings."
• "The appeals panel included judges Randolph Peterson, Edward Cleary and John Smith, according to Lissa Finne, a spokeswoman for the court. The court has 90 days to issue an opinion."

Continuing the theme of local media picking up coverage of these issues, see the Star Tribune's coverage as well: "3M, Minnesota spar over ousted law firm."

Law Firm Information Security & Governance – ISO 27001 + Expert Opinion

We've commented previously on how several law firms are leveraging ISO 27001 certification as a competitive and business development asset. Via The Lawyer, comes another example: "Anderson Strathern awarded world’s highest accreditation for information protection and security" --

• "Scottish firm Anderson Strathern has announced that it has achieved the prestigious ISO 27001 certification across its entire business. ISO 27001 is the world’s highest accreditation for information protection and security, and is the only international benchmark for information security management verified by an independent audit."
• "'The security of our clients’ information is of paramount importance to us. Our clients include governments, commercial organisations, and private individuals whose most sensitive information has to be strictly safeguarded in accordance with world-class standards. ISO 27001 confirms that our clients' sensitive data is robustly secure,' said Andy Lothian, Managing Partner. 'We are committed to maximising the trust and confidence our clients have in our quality of service, our security capabilities and in our sustainability.'"

And, in the US, comes an article from the ABA Journal: "As more hackers target lawyers, here’s how to protect client data" --

• "Most major U.S. law firms have been victims of security breaches, and the unwelcome threats likely operated covertly for 8 to 9 months before they were discovered. For many firms, the first whiff of insidious action comes from a knock on the firm’s door by the FBI."
• "…the U.S. government labeled New York City’s 200 largest law firms 'the soft underbelly' of hundreds of corporate clients, two experts warned at an ABA Techshow session on data security for lawyers. Even midsize, boutique and solo firms are at risk…"
• "Updated ethics rules require lawyers to make reasonable efforts to make sure client data is secure. The new rules also require lawyers to be competent with technology or to hire someone who is. Judges will no longer buy arguments that tech and its threats are evolving too quickly for lawyers to keep up, Nelson said."

Law Firms + HIPAA Compliance – Could This Happen at Your Firm?

A reader sent word of a timely and relevant update, given the industry focus on complying with the new HIPAA requirements.

And while this story concerns a direct provider of health services and not a law firm, and is an example of (alleged) extreme malfeasance, it does highlight the risks and implications of making Protected Health Information (PHI) generally available to firm personnel and staff, particularly when enforcers put things under a microscope.

Worth noting, as material to the fact pattern are allegations of failing to implement security controls and monitoring – both explicitly required by the 2013 HIPAA Omnibus Rule. For more the complete story, see: "Health Data Theft Case Prompts Lawsuit - Suit Alleges Adventist Health Failed to Protect Information" --

• "The class action lawsuit, filed April 9 in the U.S. District Court in Orlando, Fla., alleges that 'Florida Hospital breached its statutory obligation and express promise by maintaining its patients' sensitive information in an electronic database that lacked crucial - and statutorily required - security measures and protocols, in addition to failing to adequately train and monitor its employees access to sensitive information.'"
• "The lawsuit alleges that Florida Hospital employees were "able to easily gain access to the sensitive information of thousands of patients across 22 campuses using nothing more than employer provided log-in credentials, even though they were not authorized to access such information."

Streamlining New Business Intake – Lewis Silkin Deploys IntApp Open

Lewis Silkin, a full service commercial firm based in London, has deployed IntApp Open as part of a strategic initiative to streamline new client review and accelerate new matter inception.

The firm partnered with IntApp on its new business acceptance initiative in 2012, joining an industry advisory consortium focused on identifying industry trends, responding to industry requirements and shaping an industry-changing approach to client and matter intake. 

On the choice to deploy IntApp Open, Lewis Silkin Director of IT & Operations, Jan Durant remarked:

• "We implemented our first IntApp product, Time Builder, two years ago and found IntApp great to work with – they are open, collaborative and highly responsive. IntApp products are first-rate – clever technology, slick user interface and straightforward delivery. Quite simply, IntApp are one of my favourite suppliers."

With market forces putting new pressures on firms to improve the way they engage new business, organizations are looking to increase the sophistication, efficiency and agility of their intake processes to better align client selection and terms of business with overall strategy, service models and internal policies.

IntApp UK Managing Director, Kaye Sycamore added:

• "We’re delighted to see the continuing adoption of IntApp Open by the legal community and are particularly pleased to highlight our collaboration with Lewis Silkin, an acknowledged IT innovator. Jan Durant has time and time again demonstrated a knack for identifying emerging trends and responding with winning technology approaches that deliver significant value and competitive advantage for her firm."

IntApp Open is a true new business intake application. It doesn’t require firms to wrestle with development or write a single line of custom code. It offers unique features, including a flexible business rules engine that enables effective management of practice-specific matter evaluation procedures and an integrated question library that provides visibility into the practices and insights developed by industry peers.

Visit IntApp.com to learn more about the philosophy behind the product and how it can simplify law firm new business intake.

Conflicts Allegations in the Public Eye

It’s been interesting to watch the public reaction to conflicts allegations regarding the appointment of a former law firm partner as Detroit’s emergency city manager, while his former firm providers services to the city. The evening news covered the issue and legal ethicists have opined "no conflict." Now a Detroit Free Press Columnist weighs in: "Don't be too quick to judge Jones Day Detroit contract" --

• "The temptation is to call it an outrageous conflict of interest… I get it. The connection, the relationship ... it all sounds a little hinky. But ask around, and you’ll find that legal experts don’t see anything wrong with this deal. Orr resigned from Jones Day after his appointment as emergency manager, which he wasn’t required to do. Oftentimes, legal ethics consider acknowledgment of a potential conflict, with all parties declaring themselves satisfied, as a remedy for any possible conflict."
• "Could this matter have been handled better? Sure. It’s the type of needlessly created controversy in which Snyder, state Treasurer Andy Dillon and Detroit Mayor Dave Bing sometimes seem to specialize. But the deal’s done now, and no one questions that Jones Day is eminently qualified to perform the work."

And in keeping with today's theme, another city government conflict issue covered by local media: "Delray Beach fires lobbying firm, nicely" --

• "Delray Beach no longer has ties to the law firm of Weiss, Handler & Cornwell. Mayor Cary Glickstein said the lobbyist firm the city hired in December also employs Sen. Joe Abruzzo, D-Wellington, who has launched an aggressive audit of the Delray Beach Community Redevelopment Agency — an action that may be perceived as a conflict of interest."
• "'If there's a perception of conflict, that's enough,' said Glickstein at a Tuesday special meeting scheduled to consider terminating the contract between the city and the law firm."
• "Glickstein then said he was uncomfortable with the city's relationship with the lobbying firm Abruzzo works for and ordered City Attorney Brian Shutt to bring the contract to the commission for review. But at Tuesday's meeting, Henry Handler, a principal of the firm, tendered the firm's resignation, saying he didn't want to create any kind of "awkwardness or potential distraction" for the city."

Report from Recent Roundtable Sessions (Atlanta, Houston & Philadelphia)

Last week, we held Risk Roundtable events in Atlanta, Houston and Philadelphia. Many thanks to Kilpatrick Townsend, Vinson & Elkins and Post & Schell for hosting. The events brought together speakers from multiple disciplines to address the three core aspects of a successful information security strategy: technology, people and processes. Kathryn Hume, who manages and moderates the Risk Roundtable Program, sends this update:

• Dan, I'm pleased to report back a successful Risk Roundtable series in multiple US firms. Kilpatrick Townsend, Vinson & Elkins and Post & Schell generously agreed to host our group of risk and technology leaders. A special thanks to Chris Ward, Director of Information Security at Vinson & Elkins, who gave an expert take on risk assessment protocol in law firm environments, and to Andrew Allison, Chief Compliance Officer at Post & Schell, P.C., who prepared material on his firm’s information security strategy.
• In Atlanta and Houston, Gina Buser and Joe Buser of Traveling Coaches joined us to discuss techniques and methodology for developing a security training initiative that can effectively change lawyer and staff behavior and foster firmwide security awareness. Firms in both cities were keenly interested in sharing best practices to mitigate risks arising from new technologies. To reduce risk and protect client confidentiality, multiple organizations are shifting from a system-centric security strategy to a data-centric security strategy, where confidential information is selectively locked down within the document management system to meet “need-to-know” access requirements required by clients and regulations.
• Firms across the country increasingly receive pressure from clients to implement stricter security controls. Firms are looking to their peers to set industry guidelines for satisfying audits in a way that does not compromise knowledge management and collaboration. Many firms report that client questions are becoming increasingly targeted: whereas firms previously had to check general yes/no answers on audit questionnaires, clients are now asking targeted questions like “how many people in your offices can potentially access my documents?”
• With the September 23 HIPAA Omnibus enforcement deadline looming, every firm that has a healthcare practice or a litigation practice that receives Protected Health Information (PHI) is taking swift steps to achieve compliance. We spent much time discussing what effective HIPAA compliance looks like in a law firm environment, focusing on how firms can identify incoming PHI during the new matter intake process, how firms can implement access control models to meet the “minimum necessary” standard of the Privacy Rule, and how firms are using activity monitoring tools to achieve compliance with the Security and Breach Notification Rules.
• Finally, in Philadelphia, Eric Mosca of InOutsource led a spirited debate about the choice to implement a centralized conflicts clearance process. Can firms entrust the entire conflicts process to a non-lawyer, administrative committee? Does this break professional responsibility standards as specified by the ABA model rules? Different firms have different responses and this is clearly an evolving area of disucssion.

We're looking forward to upcoming Roundtables scheduled in Los Angeles (April 30), San Francisco (May 1), London and Toronto.

New Risk Roundtables Set for UK and Canada

We're please to announce our upcoming UK Risk Roundtable session. Scheduled for Friday, May 17th, the topic is: "What do you need to know to implement "need-to-know" information security."

This briefing will provide a collaborative forum for Risk & Compliance and IT professionals to discuss how emerging information security concerns are forcing law firms to improve their defenses. Attendees will learn best practices for successfully implementing a “hybrid” security model, which restricts access to highly sensitive data within core systems to a need-to-know basis.

This one-hour session will provide practical advice for connecting a law firm’s ethical, client, and compliance requirements to everyday security practices. Topics will include:

• Drivers behind the shift from systems-based to content-based protection models
• Examples of security models employed at law firms around the world
• A stage-by-stage guideline – based on practical steps – for implementing a risk-based, content-centric protection model

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact info@riskroundtable.com for more details.

For past participants of Roundtable sessions in Canada, we have reserved June 19th for our next meeting in Toronto. Please save the date and watch this space for more information.

New Business Intake: IntApp Open Provides Law Firms with a Fresh Approach

Yesterday, IntApp announced the available of IntApp Open, a fresh approach to new business acceptance that replaces conventional "build it yourself" workflow software with an application specifically designed to streamline how new clients are evaluated and new matters are created.

Today, law firms face serious pressures to transform the way they evaluate and engage new business. Remaining competitive requires a simplified, refined and innovative approach to new business inception. This innovation must address not only how intake processes are designed and executed, but also how they are updated and adapted over time in response to changing needs, how individuals interact with the software used to administer them, and how the entire system enables management of the complete client engagement and matter lifecycle. In short, inception must evolve.

• "We looked at several software options to improve the way our firm evaluates and accepts new clients and matters before deciding to partner closely with IntApp," said Paul Caris, Chief Information Officer, Eversheds LLP. "We have been very impressed with the scope of functionality and product design IntApp delivers, and have found them to be a most responsive and straightforward vendor to work with."

IntApp Open is a true new business intake application. It doesn’t require firms to wrestle with development tools like Visual Studio and Windows Workflow, or write a single line of custom code. It doesn’t complicate process design and management by requiring the use of Visio, SharePoint or other third-party tools or plug-ins. And it doesn’t rely on a vendor services model that backs promises of “templates” and “ease of use” with a consulting team eager to design, build and bill for custom development and change orders (both during initial implementation and throughout the life of the project).

IntApp Open leverages input from an advisory group comprising law firms, insurance providers and other industry experts. This collaboration resulted in  unique features, including a flexible business rules engine that enables effective management of practice-specific matter evaluation procedures as well as conflicts clearance practices that may be centralized, distributed among lawyers and practice heads, or both, depending on firm preferences.

The product also includes an integrated question library that provides visibility into the practices, standards and insights developed by industry peers. And it delivers unique value for IT, with an architecture that simplifies change management, data integration and system automation.

• "We’ve been working closely with IntApp for many years to successfully address a variety of risk management challenges at our firm," said Ann Ostrander, Sr. Director of Loss Prevention, Kirkland & Ellis LLP. "We were pleased to expand that partnership and help support the evolution of IntApp Open because new business acceptance continues to top the list of law firm risk management concerns, and IntApp brings the right mix of experience, technology and skill to tackle this important challenge."

Visit IntApp.com to learn more about the philosophy behind the product and how it can simplify law firm new business intake.

LTN on HIPAA Compliance for Law Firms

Law Technology News invited Kathryn Hume (who's been on the road, moderating the latest round of Risk Roundtable meetings) and Pat Archbold (risk practice group head) at IntApp to weigh in on HIPAA: "2013 HIPAA Omnibus Rules Increase Risks for Law Firms" --

• "Important new rule changes to the Health Insurance Portability and Accountability Act of 1996 now force law firms that come into contact with protected health information to revisit internal policies and practices, and  enforce information security controls, protect confidential information, monitor workforce information access and track compliance."
• "Certain provisions of the Omnibus Rule, such as restrictions upon the marketing and sale of PHI, are unlikely to affect law firms. There are, however, three key portions of the new rule for which law firms will be held directly liable and to which they should pay the most attention."
• "To build compliance, law firms should revisit contractual agreements with covered entities and/or relevant subcontractors, educate lawyers and staff about the changes, and implement the information security policies and protocols required by the rules."
• "One clear place to start is to implement the access control and auditing technical safeguards required by the Security Rule. HHS tends to focus investigations on compliance with the minimum necessary standard, so firms should take steps to minimize possible disclosure within their firm systems. Still, compliance efforts may require a cultural adjustment in many firm environments, where lawyers and staff are often granted open access to client information to promote collaboration and knowledge management."
• "With the right access control security technology, however, firms can minimize the cultural impact of achieving compliance. Software that automates access control rights based upon business rules and regulatory needs can reduce the investment required to address culture shock and frustrations. Coupled with a directed effort to promote firmwide awareness of the changes, a reliable and intelligent access control tool is a solid step towards achieving full compliance."

For more information about how the new Omnibus rule impacts law firms and steps firms are taking achieve compliance featuring presentations from Hunton & Williams and industry security experts: http://j.mp/lfrHIPAA.

When Conflicts Allegations Make the Evening News (Update on Detroit Story)

More news regarding the situation in Detroit we covered previously. From ALM (h/t to Legal Ethics Forum) comes: "Ethics Experts: No Conflict in Jones Day's Detroit Role" --

• "The pending retention of Jones Day to help financially crippled Detroit as it attempts to stave off what would be the largest municipal bankruptcy in U.S. history is getting fresh scrutiny this week from local politicians, who claim that hiring the firm to advise the city may create conflicts of interest given the recent appointment of former Jones Day restructuring partner Kevyn Orr to serve as the city's emergency manager."
• "'People can raise objections if they want, but that doesn't make them true,' says the spokesman, Bill Nowling, who adds that Orr went to 'great lengths' to separate himself from discussions with Detroit while still at Jones Day and that the contract has been negotiated exclusively with the mayor's office."
• "A trio of ethics experts contacted by The Am Law Daily Wednesday agreed that Orr's ties to Jones Day do not by themselves create a conflict of interest and that the city's decision to employ a firm that Orr is familiar with and knows to be experienced in restructuring work is a smart one."

What's fascinating about this story is that it made the local news, under its "CITY IN CRISIS" banner. Again, illustrating yesterday's theme that external perceptions are important to weigh in such matters, in addition to professional and ethical considerations.

One doesn't often see these issues covered with headline banners. Here's a video of the segment:

For more local coverage on this, see also the Detroit Free Press.

Alleged Law Firm Political Conflicts

In Connectcticut the Journal Inquirer published an editorial which highlights how appearances matter, regardless of what professional rules and regulations permit: "Law firm’s lobbying compromises Cafero" --

• "When a member of a law firm, a former speaker of the state House of Representatives, is paid to lobby the General Assembly and the House Republican minority leader is also a member of that law firm and they both proclaim that this is not a conflict of interest — and apparently the state Ethics Committees agrees — we are living in a world of make-believe."
• "If that former House speaker, Thomas Ritter, of the Hartford law firm Brown Rudnick, a prominent Democrat, lobbies his law partner, Norwalk Rep. Lawrence Cafero, the House Republican minority leader, and Cafero happens to agree with Ritter’s requests on behalf of one of the firm’s clients and goes on to support legislation benefiting that client, then any claim by Brown Rudnick, Cafero, or Ritter that they are impartial is absurd."
• "Apparently belief that even the appearance of conflict of interest should be avoided in government has died out in Connecticut. If Cafero and Ritter are both paid by the law firm and the law firm is lobbying for clients before the legislature, members of the law firm who remain in the legislature are compromised."

Information Security & Screening as Enablers of Law Firm Business Development and Growth

LeClairRyan, a corporate law and litigation firm with offices across the United States, leverages IntApp Wall Builder as an important part of a business development strategy designed to support the acquisition of high-value clients and lateral hires to its growing firm.

Said LeClairRyan Director of Conflicts Resolution and Client Intake, Lisa Womack:

• "We made a strategic decision to purchase Wall Builder to prepare our firm to respond to client concerns about ethical screens and confidentiality. In addition to enhancing client service, Wall Builder frequently contributes to our ability to take on important lateral hires when effective screens are necessary."

LeClairRyan also uses Wall Builder to help manage how contract lawyers access internal information. The firm occasionally engages contract lawyers to meet spikes in client demand in a cost-effective manner, but found that providing contractors with access to unrelated client information and firm work product created potential ethical concerns. Blocking access, moreover, created significant administrative burdens.

Wall Builder’s isolation barriers let LeClairRyan easily restrict contractors from accessing material otherwise generally open to partners, associates and staff. The net result is that contractors only see information for the matters they’re assigned to, enabling the firm to manage contract resources more effectively.

Pat Archbold, Head of IntApp's Risk Practice Group added:
"We’re very pleased to highlight LeClairRyan’s success with Wall Builder. In leveraging the product to support its business development objectives, the firm is demonstrating a commitment to client care and strategic growth that many peer firms seek to emulate."

For more information, see the official news release.

Mad about Data Privacy, Compliance and Risk Management

The long awaited return of Mad Men last night has inspired a good amount of creative reflection and activity -- and not just by your loyal risk editor, who once hosted Mad Men-themed Halloween party. Though rumaki, sampled that evening by the brave, has not stuck around as a modern culinary staple, Morgan Lewis partner Ryan McConnell, and associate Charlotte Simon, have offered a relevant and timely reference, more suitable for this blog. Via Law Technology News: "Don Draper of 'Mad Men', Data Privacy Compliance Role Model" --

• "As companies design privacy compliance programs to protect against data breaches and the unintended use of personal data, each year countries revise privacy legal requirements and increase enforcement."
• "Don Draper says, 'Change is neither good nor bad, it simply is.' Draper's advice is spot-on for data privacy compliance, because data privacy compliance programs have the same key components as all programs designed to effectively address compliance risks on a variety of topics, such as trade controls or anticorruption. The evolving focus of data privacy isn't inherently positive or negative, but the targets do and will keep changing."
• "While there is no 'one size fits all' privacy program, an effective privacy compliance program has the buy-in of business leaders and key individuals in the organization — such as HR and IT professionals — and appropriate division of responsibility for the success of the program. A privacy compliance program is built on a framework that ensures employee and other sensitive data is only used and transferred for legitimate business purposes and retained for appropriate periods of time. Such a program also includes comprehensive data management procedures and sets forth written policy and IT security measures to limit access and use of protected information."
• "Finally, Draper always does the hard work when it comes to protecting secrets. Your company's privacy program should have mechanisms for auditing data collection, use, and transfers, and clear protocols for responding to data breaches or unintended uses... Just like government-mandated airbags and cigarette warning labels eventually became the standard for addressing the kinds risks faced by our heroes in Mad Men, privacy regulations are here to stay."

As regulations like the recent HIPAA rule changes raise the requirements and stakes for law firms, organizations are taking additional steps to limit their exposure. (Of course, long time readers will recognize that these cyclical, repeating patterns -- and agree that carousel-like nostalgia for simpler times does little to obviate the need to respond to evolving challenges.)

And for those who've had enough pop culture references, see also, from LTN: "Four Threats to Confidential Data on Mobile Devices."

Conflicts Waiver & Law Firm Disqualification News

Via BNA comes a story about another interesting disqualification: "Dormant Role as Patent Counsel Gets Firm Disqualified in Infringement Action" --

• "A law firm is disqualified from representing a plaintiff in a patent infringement action against a company because the firm did not clearly end its quiescent role as the company's patent opinion counsel before filing suit, the U.S. District Court for the District of Delaware held March 4 (Parallel Iron LLC v. Adobe Systems Inc., D. Del., No. 12-874-RGA, 3/4/13)."
• "Adobe moved to disqualify Russ August & Kabat, Parallel Iron's lead counsel, on the ground that the firm faced a concurrent conflict of interest because it was serving as Adobe's opinion counsel at the time Parallel Iron filed suit. RAK never represented Adobe in litigation; rather; the firm's alleged conflict was grounded in three engagements in which RAK partner Marc A. Fenster prepared opinion letters for Adobe."
• "RAK contended that each opinion letter was a discrete engagement with an agreed-upon budget, and that its relationship with Adobe ended with the final conference call. Fenster said that when he delivered the final opinion letters to Adobe, he asked if any additional work was needed or requested, and Adobe said no."
• "The history between the firm and the company made it reasonable for the company to expect that their attorney-client relationship was ongoing even though no active matters were underway, Judge Richard G. Andrews reasoned."

And from the prolific Bill Freivogel comes another two cases regarding waivers:

In re Stagliano, 2013 N.J. LEXIS 194 (N.J. March 13, 2013) --

• "In this order the court reprimanded Lawyer for violating New Jersey's version of MR 1.7. This is the only state ethics rule, of which we are aware, that specifically prohibits a governmental unit from waiving a current client conflict. Lawyer represented a municipality while at the same time assisting persons with whom he was affiliated in acquiring tax delinquent properties. This was all done with the knowledge of municipality officials. The facts are in the decision of the N.J. Disciplinary Review Board, Docket No. DRB 12-226, decided December 20, 2012."

Sharma v. VW Credit, Inc., 2013 U.S. Dist. LEXIS 38859 (C.D. Cal. March 20, 2013) --

• "The defendant waited sixteen months to file a motion to disqualify. In this opinion the court denied the motion. The court was not persuaded by the fact that the defendant had been making noises about the conflict for a year. The court did find that the plaintiff was prejudiced by the delay because deadlines were running."

Law Firm Conflicts Charges in the News

Several stories of alleged conflicts in the news:

"Latham & Watkins faces conflict charge in antitrust class action" --

• "Latham & Watkins is facing conflict of interest allegations from a former client that is seeking to keep the firm out of one of the biggest pending antitrust class actions."
• "Since last summer, Latham has been defending Union Pacific Railroad Company in the case, which alleges a conspiracy among railroad companies to impose artificially high fuel surcharges on customers."
• "But Oxbow Carbon & Minerals LLC and a number of related entities, which have been Latham clients, have moved to disqualify the law firm from the case. Oxbow, which has filed its own antitrust lawsuit against Union Pacific over surcharges, has argued in court papers filed last month that Latham's representation of Union Pacific in the class action 'presents a classic conflict of interest situation.'"

"Law firm's role in Detroit's financial recovery questioned" --

• "Global law firm Jones Day could have a crucial — and perhaps lucrative — role in the fight to save Detroit from insolvency, prompting concerns about possible conflicts in the emotional debate about the city's restructuring."
• "Jones Day was retained by the city to serve as its restructuring attorney three days before one of its partners, Kevyn Orr, was appointed emergency manager by Gov. Rick Snyder. The firm is expected to work closely with Orr to renegotiate Detroit's nearly $15 billion in long-term debt."
• "Orr resigned from Jones Day the day after his March 14 appointment. He told The Detroit News that bankruptcy trustees typically hire their own law firms and argued that partnering with Jones Day will help because of its expertise in restructurings."
• "Critics question both the timing of the deal and relationship to Orr. Troy attorney Ben Gonek said Michigan has several qualified firms that could do the work for less money… 'The question is: Is he using his position to generate money for his old firm?' Gonek asked."

"CBA and Gadens at centre of conflict of interest dispute in federal court"--

• "CBA and Gadens law firm Sydney-based barrister are at the centre of major conflict of interest allegations by an aggrieved bank customer, according to News Ltd."
• "Geoff Shannon, who is locked in a legal battle with the CBA’s BankWest over the collapse of his property development company, claims he was cross-examined in the federal court last month by a barrister who had acted for him in related matters in 2010."
• "According to Shannon, the barrister had confidential information relating to his personal and business affairs, telling reporters the barrister’s sister worked at the law firm he was using."

New Roundtable Meetings Set for Los Angeles & San Francisco (Joining Atlanta, Philly & Houston Sessions)

We've announced locations and dates for two more Risk Roundtable sessions. This particular series of sessions is focused specifically on information governance and security, and will aim to discuss the following questions:

• What technologies can firms adopt to manage risk without compromising collaboration?
• What processes and policies should firms implement to comply with client mandates and government regulations?
• What techniques can risk stakeholders adopt to foster security and risk awareness amidst lawyers and staff while preserving firm values and culture?

Sessions are currently scheduled for:

• Atlanta, April 9th
• Houston, April 10th
• Philadelphia, April 11th
• Los Angeles, April 30th
• San Francisco, May 1st

To read summaries from past events, visit: RiskRountable.com.

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact info@riskroundtable.com for more details.

Risk News: Patents, Conflicts and Advanced Waivers

New updates of interest. Via Bill Frievogel comes:

Philadelphia Bar Association Ethics Opinion 2012-11 (issued Jan, 2013) -- "Co. A, a client of Law Firm, asks Law Firm to write an opinion letter to Co. B stating that Co. A's product does not infringe Co. B's patent. Co. B is a client of Law Firm on matters unrelated to the product. In this opinion the committee held that writing the opinion would be directly adverse to Co. B. The committee cited Va. Op. 1774 (2003) and Andrew Corp. v. Beverly Mfg. Co., 415 F. Supp. 2d 919 (N.D. Ill. 2006), the only authorities known to us on this subject."

Galderma Labs., L.P. v. Actavis Mid Atl. LLC, 2013 U.S. Dist. LEXIS 24171 (N.D. Tex. Feb. 21, 2013) -- "This is a patent infringement case. Law Firm represents Defendant. At the time this case was filed, Law Firm was doing employment work for Plaintiff. Plaintiff's in-house general counsel had signed an advanced waiver agreeing that Law Firm could take on unrelated matters adverse to Plaintiff. Plaintiff moved to disqualify Law Firm in this case. In this opinion the court denied the motion. The opinion is a comprehensive discussion of many of the authorities dealing with advance waivers. Most significantly, the court specifically disagreed with a contrary holding with very similar circumstances in Celgene Corp. v. KV Pharm. Co., 2008 U.S. Dist. LEXIS 58735 (D.N.J. July 29, 2008)."

Additionally, our friends at the Legal Ethics Forum hosted interesting discussion on the advance conflicts waivers piece we posted last week. See the complete thread for more detail --

• John Steele: "...I've seen some of the OCGs get more and more expansive and have wondered when the case law and ethics opinions would start looking at how far they can go... I have an intuition that at some point the OCG restrictions are troubling from the point of view of creating other conflicts, reducing independence, and being agreements that the two parties don't really intend to live up to. I'd agree that the first line of resistance to any over reaching OCGs should be the law firms refusing to sign them."
• Stephen Gillers: "Or the opposite. The OCG can make the demand because the firm wants the business, often because there's a lot of it. So the firm agrees. Who would decline to be outside GC for Apple if the condition was never to work for a competitor on anything so long as Apple was a client? Anyway, even if the OCG does not request the restriction but then firm begins to represent a competitor, the OCG can let it be known that the company is prepared to change counsel and the reason. The firm will quickly view the competitor's work as a business conflict, assuming it did not anticipate that at the outset."

Ethical Walls (Information Barriers) and "Commercial/Business" Conflicts

A reader sent word of an interesting story of the use of ethical walls/information barriers in a non-ethical, business/commercial conflicts scenario:

"Ithaca-Valiant legal fees near £1.5m as Herbies, Pinsents erect Chinese walls" --

• "CMS Cameron McKenna and Herbert Smith Freehills (HSF) are the chief recipients of nearly £1.5m in fees from a £203m energy takeover that saw two law firms put up Chinese walls to prevent potential conflicts."
• "Pinsent Masons advised Ithaca on banking arrangements, putting forward Edinburgh partner Iain Macaulay. He worked on the other side of a Chinese wall from Glasgow corporate partner Rosalie Chadwick, who led the firm’s due diligence role for Valiant. Ithaca’s UK headquarters are in Aberdeen."
• "The barrier was put up as an extra precaution to avoid what could have been perceived as a commercial conflict, but the fact that Pinsents was not Valiant’s main corporate adviser meant the risk of improper practice was low."
• "Valiant’s main corporate adviser was HSF, which also put up a Chinese wall due to a dual role for the target and Ithaca’s lenders... HSF was able to take the double role after negotiating the Chinese wall with Valiant and the banks. It took most of the £860,000 fees paid by Valiant, with some going to Bennett Jones, the Canadian counsel to the company."

Law Firm Conflicts & Disqualification Attempts

Several recent conflicts stories of note:

"Steptoe & Johnson beats disqualification request made by Verizon" --

• "The law firm Steptoe & Johnson won’t be disqualified from representing a group of former Verizon workers in class action lawsuits against the company... Verizon had argued that Rector’s previous representation of two plaintiffs and his intent to use evidence filed under seal during their lawsuits on subsequent lawsuits presented a conflict of interest."
• "'At issue are the obligations imposed upon Steptoe by the agreed protective orders and confidential settlement agreements entered in the Rowh and Radcliff cases,' Davis wrote... 'However, Verizon has not demonstrated that Steptoe has violated either of these provisions, and the terms of these documents simply do not restrict Steptoe’s representation of subsequent clients in substantially related matters... Neither do they prohibit Steptoe, in the current litigation, from requesting the same information through discovery that Verizon disclosed in the prior cases or from obtaining a new protective order to protect this information once it has been disclosed within the confines of the case.'"

"Lawyer at Phoenix Sinclair inquiry found in conflict" --

• "A Winnipeg law firm could be on the hook for costs associated with the latest delay in the Phoenix Sinclair inquiry. The inquiry was put back on hold Tuesday morning after commissioner Ted Hughes ruled on lawyer Kris Saxberg's conflict of interest."
• "On Tuesday morning, Hughes blamed Saxberg and his law firm, D'Arcy Deacon, for not taking a good look at the client load to determine possible conflicts... Hughes said Saxberg created the conflict by taking so many retainers, and the inquiry will consider billing the law firm for costs arising from the conflict and its delays."

"Law firm is disqualified for impermissible concurrent conflict of interest" --

• "Defendant moved to disqualify plaintiff’s lead counsel asserting, inter alia, that, at the time litigation was initiated, plaintiff’s counsel was serving as defendant’s opinion counsel. The motion was granted. The six-year history between defendant and plaintiff’s counsel wherein three opinion letters were prepared was sufficient to instill in defendant a reasonable belief that it would not be sued absent some sort of prior notice terminating the attorney-client relationship."

Advance Conflict Waivers: Opinions & News

A few interesting waiver related stories in the news:

"Advance Conflicts Waiver in Retainer Allows Firm to Represent One Client Against Another" --

• "A general, open-ended advance waiver of future conflicts in a law firm's retainer agreement with a sophisticated client represented by in-house counsel makes it permissible for the firm to represent the client's opponent in unrelated litigation, the U.S. District Court for the Northern District of Texas concluded Feb. 22, denying a disqualification motion (Galderma Laboratories LP v. Actavis Mid Atlantic LLC, N.D. Tex., No. 3:12-cv-2038-K, 2/22/13)."
• "Three types of disclosure by the law firm support a finding that the broad waiver language in the engagement letter provided enough information to allow the client to provide informed consent, he ruled."
• "In analyzing the conflicts issue, Kinkeade chose to apply the national standards as embodied in the Model Rules, which prohibit lawyers from representing a current client's opponent even in unrelated matters except with the client's informed consent, rather than Texas's more permissive conflicts rules, which allow firms to oppose current clients in most unrelated matters without having to obtain the client's informed consent."

"It’s Not Easy to Limit Representation So That Another Client Will Waive Conflict" --

• "Outside counsel for a corporate client may not freely go along with restrictions that the company wants to impose as a condition of waiving conflicts of interest involving the lawyer's other clients, according to a Jan. 28 opinion from the Michigan bar's ethics committee (Michigan State Bar Comm. on Professional and Judicial Ethics, Informal Op. RI-358, 1/28/13)."
• "The lawyer must not agree to a limitation the corporate client demands if it would preclude her from disclosing to the other client information necessary to pursue the objectives of the representation, the committee made clear."
• "The opinion sets out a multiple-step process for lawyers to follow in determining whether they can limit a prospective or current client's representation to accommodate another client's conditions for granting a conflict waiver."

HIPAA for Law Firms -- Webinar Recording Now Online

For those who missed the live presentation and panel discussion, we have a recording of our recent webinar on HIPAA for Law Firms.

The 2013 HIPAA Omnibus Rule raises the stakes for firms. Under the new rules, firms that interact with protected health information (PHI) are directly liable for compliance with the entire HIPAA Security Rule and select provisions of the Privacy Rule.
In this session, a panel that included speakers from Hunton & Williams and Carlson & Wolf reviewed how firms can best respond. Topics included:

• Analysis of key regulation changes that impact law firms
• Explanation of HIPAA Security Rule requirements
• Overview of breach notification requirements
• Assessment of penalties for non-compliance
• Overview of technologies available to remediate compliance gaps
• Best practices for information security

Upcoming Risk Roundtable Events: Atlanta, Houston, Philadelphia, San Francisco

We've announced locations and dates for several upcoming Risk Roundtable sessions. This particular series of sessions is focused specifically on information governance and security, and will aim to discuss the following questions:

• What technologies can firms adopt to manage risk without compromising collaboration?
• What processes and policies should firms implement to comply with client mandates and government regulations?
• What techniques can risk stakeholders adopt to foster security and risk awareness amidst lawyers and staff while preserving firm values and culture?

Sessions are currently scheduled for:

• Atlanta, April 9th
• Houston, April 10th
• Philadelphia, April 11th
• San Francisco, May 1st 

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact info@riskroundtable.com for more details.

Reminder: New HIPAA Rule Impact on Law Firms

Our webinar this week features a panel that will review recent HIPAA rule updates that create new requirements for law firms. If your firm provides services to the healthcare or insurance industry, or has practices that manage qualified protected health information, this session is for you.

The 2013 HIPAA Omnibus Rule raises the stakes for law firms. Under the new regulations, firms that interact with protected health information (PHI) are directly liable for compliance with the entire HIPAA Security Rule and select provisions of the Privacy Rule.

Our speakers will review how key rule changes affect law firms and how law firms can best respond. Topics will include:

• Analysis of key regulation changes that impact law firms
• Explanation of HIPAA Security Rule requirements
• Overview of breach notification requirements
• Assessment of penalties for non-compliance
• Overview of technologies available to remediate compliance gaps
• Best practices for information security

Speakers:
We're pleased to feature several speakers, including Lisa Sotto from Hunton & Williams, who has been rated as the #1 privacy expert for three consecutive years by Computerworld magazine.

Date: Wednesday, March 13
Time: 9 am Pacific / 12 pm Eastern
Duration: 75 minutes

CLE CREDIT: As a certified as a CLE approved educator by the State Bar of California, we are able to provide California certificates to attendees upon request. (Attendees are responsible for confirming CLE reciprocity in their particular jurisdiction. We are happy to provide additional information required to receive credit outside of California, bttendees are responsible for researching and identifying information for their local jurisdictions and filing any necessary paperwork.)

Attendance is by invitation only. For more information, please contact: info@riskroundtable.com.

Professional Responsibility & Rule Setting

Hat tip to John Steele at the Legal Ethics Forum for calling out a few artilces of interest:

Douglas R. Richmond: "Watching Over, Watching Out: Lawyers' Responsibilities for Nonlawyer Assistants" --

• "Lawyers depend on the support of many different non-lawyer assistants in order to practice successfully. Unfortunately, these assistants sometimes err and are occasionally guilty of deliberate misconduct. Either way, courts and professional authorities may hold the employing or supervising lawyers responsible under Model Rule of Professional Conduct 5.3 and state analogs, as well as tort and agency law principles."
• "But if lawyers’ supervisory responsibilities for their non-lawyer assistants seem obvious, it is also true that lawyers all too often fail in them — or perhaps fail to appreciate or recognize them until it is too late. "
• "Moreover, despite the importance of lay assistants in the practice of law and the many cases in which lawyers have been disciplined under Rule 5.3 for failing to supervise assistants, scholarship on lawyers’ related duties is scarce. Lawyers and courts alike suffer from the resulting lack of guidance on key issues."
• "This Article is intended to remedy that deficiency. In doing so, it carefully maps the contours of lawyers’ supervisory duties in this context and analyzes several issues that regularly ensnare practicing lawyers or which present special challenges."
• "Importantly, the Article explains why lawyers who fail in their supervisory duties must be disciplined on that basis rather than being held vicariously liable for assistants’ misconduct. This is an enormously important issue in practice and, regrettably, one that some state supreme courts miss."

Stephen Gillers, "How to Make Rules for Lawyers: The Professional Responsibility of the Legal Profession" --

• "Using diverse lawyer regulatory issues that have arisen in the ABA, courts, and other venues across the last forty years, this Article examines in detail the methodology and styles of argumentation that lawyers use to support or defeat change. Regulatory issues addressed include non-lawyer ownership of law firms, fee-sharing with non-lawyers, collaborative law, and a requirement that fee agreements with clients be in writing, Recommendations for improvement in the process of rule making are offered."

And finally: "Do you ‘get’ OFR?" --

• "A number of positives are revealed in a recent survey conducted by the Solicitors Regulation Authority. Most notably, a year after the implementation of outcomes-focused regulation (OFR) and perhaps understandably, firms’ attitudes are shifting towards greater levels of acceptance as they increase their experience of working with the new regime of regulation."
• "Measuring the impact of OFR on firms, released last week, found that 50% of respondents felt ‘favourable’ about OFR, a welcome increase on the previous year’s 36%. However, that still leaves the other 50% to be convinced."

Report from Sydney Risk Roundtable

Last week, we held our inaugural Australian Risk Roundtable meeting in Sydney, Australia. Many thanks to K&L Gates for hosting. Pat Archbold, Head of IntApp’s Risk Practice, delivered a presentation about emerging challenges firms around the world are facing with respect to information security, risk management and compliance. He sends this update:

• Dan -- I’m pleased to report back a successful Risk Roundtable session in Sydney, Australia. K&L Gates was generous enough to host a very large and active group of risk management and technology leaders. This is the first time we’ve held a session in Australia, and we look forward to charting local risk trends and developing future programs here.
• The group agreed that while firms are successfully managing information security issues today, these issues are quickly becoming more challenging to deal with. Many attending firms are looking to improve their information security processes and strategies in response to increasing pressure from clients.
• There was a good deal of discussion around evolving anti-money laundering (AML) requirements, file reviews and information retention. One participant mentioned that his firm is seeing an increasing number of Outside Counsel Guidelines (OCGs) that conflict with existing firm policies, spurring active discussion around how to remedy the variance between standard and specific procedures.
• Finally, we had a quick discussion about the conflicts process as a whole, and focused on how to modify the intake process to obtain more comprehensive matter information at matter inception.

Our co-host, Dion Cusack, Corporate Services Manager with K&L Gates sends notes as well:

• It was a pleasure to co-host with IntApp colleagues from other firms around Australia to discuss the commitment we all share in improving the quality of legal advice and service we provide our clients, while at the same time minimising the risks to our own firms.
• As the discussion evolved it was evident that we all face similar challenges and issues in the mitigation of risk. Some of the issues are not new, for example conflicts, document management and retention strategies, staff supervision and performance, which continue remain high on the risk registers of most firms. While at the same time, there are significant new and emerging risks that all law firms will need to be proactive in managing.
• As Pat mentioned information security is an emerging issue, which in my view should be high on the risk register of all law firms. Law firms today process greater amounts of information both internally and externally than ever before. Firms create, use, disseminate, edit, store, retrieve and secure information in so many different ways, using a variety of systems, processes and devices, while at the same time the nature of work is changing and becoming more flexible and mobile. This creates greater vulnerabilities to both client and firm information, which consequently attaches a diversity of reputational, financial or operational impacts if not managed effectively. From the discussion there was acknowledgment that a more sophisticated response to the management of information security is now required.

Recent Ethics Opinions (Law Firm Conflicts, Cloud Storage, and Other Clouds...)

[h/t to the Professional Responsibility blog for highlighting several updates] --

Illinois State Bar Association's Board of Governors issued three opinions, including:

• Opinion No. 13-02: Arbitration and Mediation; Conflict of Interest; and Multiple Representation -- A lawyer ordinarily represents a partnership as an entity for conflicts of interest purposes. Where a lawyer has represented a partnership and all individual partners in various matters in a common representation, and one partner subsequently files an arbitration matter against another partner, whether the lawyer may represent the defending partner with informed consent will depend on the circumstances. Similarly, whether the lawyer can continue to represent the partnership or any of the partners in other matters with informed consent will depend on the circumstances.

Florida issues opinion on lawyer use of cloud sources to store confidential information:

• Summary: "Generally approving of other States’ previous advisory opinions regarding this matter, the Florida’s proposed opinion focuses on an attorney’s duty to perform due diligence in investigating a vendor’s “terms and conditions” prior to storing sensitive client information on that vendor’s cloud computing service. Notably, the Committee reiterates New York’s recommendation to limit the use of cloud computing services to vendors who contractually agree to preserve confidentiality and security."

Connecticut Bar association issues ethics opinion on medical marijuana --

• Summary: "The Connecticut Bar Association ethics committee has issued an informal opinion saying that lawyers can help businesses that want to cultivate marijuana for distribution to chronically ill patients navigate the regulatory process for obtaining a state license."