Monday, December 10, 2012

HIPAA for Law Firms - The Stakes are Getting Higher

With over 25 years of experience, the legal consultants at Carlson & Wolf know a thing or two about law firm information security and risk -- one partner is a lawyer, the other a former chief security officer.

Last week they kicked off a series of articles about impending updates to HIPAA/HITECH rules, with the bold proclamation: "We are entering a new era of HIPAA enforcement where law firms will find themselves in the crosshairs of regulators.":
  • "Legal professionals generally know that HIPAA is a federal health care law, but few understand how HIPAA privacy/security requirements impact law firms.  For firms subject to HIPAA, distributed responsibility for compliance adds to the challenge of meeting a complex set of requirements.  But fulfilling those requirements has suddenly become much more critical, given that the federal government will soon exercise its expanded enforcement powers pursuant to the HITECH Act.  Specifically, the federal government will enforce HIPAA directly against law firms.  With penalties for noncompliance at potentially six or seven figures, meeting HIPAA regulations has never been more important for law firms."
Read more at: "Law Firms and HIPAA Round One: Compliance via Contract," which provides general background on some of the issues at hand:
  • "Few will be surprised to hear that law firms were not the intended regulatory target of the original 1996 HIPAA legislation... In 1999, the federal agency responsible for issuing HIPAA regulations--the US Department of Health and Human Services (HHS)--recognized that CEs outsource a variety of operational functions to third parties (like law firms) and may need to disclose protected health information (PHI) to those third parties. While such outsourcing is perfectly legitimate, when HHS issued the Final Privacy Rule in 2000, it took steps to ensure that third parties providing services to CEs would be obligated to protect PHI."
  • "While signing a Business Associate Agreement before the HITECH Act did not directly expose firms to regulatory enforcement, firms were liable to their CEs if they breached provisions of their BAAs. A firm with a health care practice that failed to protect PHI in a reasonable manner would likely experience difficulty attracting new health care clients. However, as we’ll see in our next post the landscape changed dramatically with the HITECH Act, and firms under BAAs must now agree to comply with the entire Security Rule."

Wednesday, December 5, 2012

Conflicts of Interest + Interesting Conflicts

As many are customers of Autonomy, many law firms are following the recent allegations of impropriety connected with HP acquisition of the company with great interest. Interesting news on the potential conflicts front --
"In Autonomy Debacle, HP Turns to Morgan Lewis" --
  • "But in 2011 during the ill-fated acquisition of Autonomy, Morgan Lewis did not represent HP, a valuable and long-time client. Instead, Morgan Lewis served as an adviser to Autonomy, helping secure approval of the deal from antitrust regulators."
  • "That could raise a sticky set of conflicts for HP and Morgan Lewis as the company prepares to launch and defend an onslaught of legal actions related to HP's recent announcement it would write down $8.8 billion related to the problem-plagued deal."
  • "Rory Little, a law professor at UC-Hastings and ethics expert, said transactional lawyers tend to downplay conflicts of interest because everyone is working toward the same goal of striking a deal. 'Silicon Valley has never understood that conflicts rules applied to lawyers in transactions. It's all been on a handshake and trust,' he added. 'But something can always go sour. That's the reason you're not supposed to represent both sides in a transaction.'"
  • "Regardless of how Morgan Lewis crafted its engagement letter with Autonomy, there is no such thing as 'limited' representation of a client, Little said. 'It's like limited pregnancy. They either represent the client or they don't.'"
Here's one that has to be read to be believed (free registration required for full article) -- "Dallas judge boots Bickel & Brewer from multimillion-dollar lawsuit" --
  • "A Dallas judge has booted Bickel & Brewer from a big-dollar international lawsuit, after accusations that the law firm and its Chilean co-counsel paid a witness for insider information.
  • "The case has been fiercely argued by two of Dallas’ premier trial lawyers for more than four years. Legal fees and expenses for the two sides have likely exceeded $1 million. There have been allegations back and forth of witness bribery, withholding of evidence and fabrication of testimony."
  • "Among the allegations was that Bickel & Brewer offered to pay $1 million over three years to a former executive for the Chilean company for inside, privileged information about the case."
  • "In a 26-page ruling, Cortez [State District Judge] said 'there is without question a genuine threat' that Bickel & Brewer lawyers have knowledge of confidential documents and privileged information that give the law firm an unfair and improper advantage in the litigation. The judge, however, denied requests by defense lawyers to financially sanction Bickel & Brewer."

Tuesday, December 4, 2012

Risk News: Conflicts and Screening Updates

Via Bill Frievogel -- FP Genetic Inc. v. Lizee, 2012 SKQB 453 (CanLII) (Q.B. Sask. Nov. 2, 2012) --
  • "While at the defendants' law firm, Lawyer worked on this case.  Lawyer moved to the plaintiff's firm, and that firm set up a screen.  The defendants moved to disqualify the plaintiff's firm.  In this opinion, relying upon the plaintiff's firm's compliance with the screening provisions of the Saskatchewan Rules, denied the motion."
In-laws -- An interesting view of the role conflicts play in shaping law firm mergers and international expansion --
  • "There may be perfectly sensible reasons for Britain’s Norton Rose and U.S.-based Fulbright & Jaworski to join forces and for SNR Denton, headquartered in London and Washington, to seek a three-way tie up with French and Canadian peers. Cross-border deals can help lawyers serve companies increasingly going global. But culture, pay and client conflicts are tough to manage. The danger is sacrificing quality for scale."
  • "It’s not surprising, then, that some of the most successful law firms resist expansion. New York-based Paul, Weiss, Rifkind, Wharton & Garrison, for instance, has only 50 of 620 lawyers working outside the United States."

Cuts for Detroit to balance losses -- City mayor faces call to change firms:
  • "The next 30 or so days likely will show just how dire Detroit's fiscal plight is as Mayor Dave Bing's office pores over plans to make up millions of dollars in bond money the city failed to get from the state."
  • "Some on the council consider it a conflict of interest because Miller Canfield wrote milestone agreements in Bing's reform program."
  • "'If (Miller Canfield) were representing the state and the interests of the state does not conform to the interests of the city that has to be worked through.' Bernstein said all sides may need to reach some kind of accord as to the role Miller Canfield would play in advising Bing."
  • "But Council President Charles Pugh would prefer Bing select a different law firm."

Monday, December 3, 2012

Lateral Lawyer Movement (The What, Why & How)

On the risk front, we tend to look at laterals operationally -- how to identify and address conflicts, how to streamline lawyer on-boarding.

Here's a look at the issues and drivers underlying the entire process written by a lawyer recruiting firm: "Partners in Practice: Anatomy of a Lateral Move" [Part 1] [Part 2]. It provides interesting context regarding the various factors in play motivating lawyers and firms engaged in lateral activity:
  • "Each year, about one in 20 partners faces a lateral move. The process can seem irrational and daunting, especially to first-timers. Having gone through a lateral move myself, and overseen the hiring of numerous laterals as a managing partner, I’m more familiar with this arcane ritual than most. Now, after 10 years as a recruiter guiding dozens of candidates through the process, I offer an 'anatomy' of a lateral move."
  • "Bill had worked with a marquee high-tech client over the last decade, which constituted about three-quarters of his portable business. The client had followed Bill through several moves, but its conflicts policies necessitated the moves. So while the heft of the marquee client and its loyalty to Bill mitigated the diversification issue, a number of firms would likely shy away from hiring him because of definite or potential conflicts with his showcase client..."