RSS Feed LinkedIn Instagram Twitter Facebook
FMG Law Blog Line

Archive for February, 2017

Cancellation vs. Expiration: The Subtle Distinction and Why it Matters

Posted on: February 14th, 2017

By: Connor M. Bateman

In most jurisdictions, insurers must adhere to a detailed set of statutory provisions when cancelling or refusing to renew certain types of insurance policies. Most notably, insurers are often charged with delivering or mailing a written notification to the insured providing clear and unequivocal notice that the insurance coverage at issue is ending. Even slight deviations from the statutory requirements governing such notices will likely vitiate the cancellation or nonrenewal and cause coverage under the policy to remain in place.

Although the law typically requires strict compliance with these provisions, there is an important distinction between cases where an insurer cancels a policy and cases where the policy simply expires by its own terms due to the insured’s failure to remit his or her premium payment. In the latter case, an insurer is not bound by the notice requirements in place for cancellations. The same distinction exists between cases where an insurer refuses to renew a policy and cases where the coverage simply lapses.

For example, say that an insurance company issues a standard residential fire insurance policy for a one year effective term. The insured consistently makes timely premium payments for five years and renews his coverage at the end of each term by paying the renewal premium. On the sixth year, however, the insured fails to pay the minimum balance required to renew his coverage and the policy expires at the end of that term. Although insurers are normally required to provide written notification of an impending nonrenewal, many courts have determined that this requirement only applies to cases where the insurer is unwilling to renew an insurance policy. In other words, the statutory notice provisions are generally inapplicable to situations where a policy is not renewed because of nonpayment of premium by the insured. Thus, in the above example, the insurer would have no obligation to notify the insurer that the policy was set to expire.

This distinction may prove crucial in cases where a loss occurs after the policy expires, and the insured insists that coverage should be afforded due to the insurer’s failure to abide by the statutory notice provisions. Although it is important for insurers to carefully follow the statutory guidelines when cancelling policies, insurers should also be aware of the distinction between instances where the termination of coverage is due to the expiration of the risk insured by the policy.

Deadline Approaching for Small Breach Notification

Posted on: February 14th, 2017

By: Jeremy W. Rogers

HIPAA covered entities, which are health care providers, health plans, and health care clearinghouses, are required to report “small’ data breaches of unsecured, unprotected health information by March 1, 2017. Covered entities must report these breaches, defined as a breach that involves fewer than 500 individuals, to the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”).  This deadline applies to breaches that were discovered in 2016, and the deadline is fast approaching.

In the past, while it should never have been treated as such, some covered entities may have looked at the small breach reporting deadline as not terribly important. Events over the past several months should have changed this attitude to a great degree and emphasized the importance the OCR places on timely reporting.

First, in August, 2016, the OCR announced an important change in emphasis toward breaches affecting fewer than 500 individuals. At the time of the announcement, the OCR, through its regional offices, began an initiative to more widely investigate such breaches.  The regional offices retained discretion on prioritizing which small breaches to investigate, but the directive set forth was that each office was to increase its efforts to identify and obtain corrective action to address entity and systemic noncompliance through more widespread investigation of small breaches.

Second, in the first resolution agreement announced in 2017, one covered entity agreed to settle potential violations of the HIPAA breach notification rules. This case was the first HIPAA enforcement action for untimely breach notification and resulted in a settlement approaching $500,000.00 in addition to implementation of a corrective action plan.  While the case did not involve untimely reporting of small breaches (the covered entity failed to timely report breaches affecting more than 500 individuals), it does illustrate quite nicely just how important the OCR believes timely reporting to be.

It should be noted, although not applicable for 2017, that a covered entity is not required to wait until the deadline to report breaches and, in many instances, should consider reporting them closer to the date of discovery. A breach is considered “discovered” on the date when any workforce member or agent of the covered entity gains direct knowledge of the breach.  Also, a covered entity is considered to have “discovered” the breach if it would have gained direct knowledge through the exercise of reasonable diligence.  This means a covered entity cannot simply put its head in the sand and claim it did not have knowledge.

With the foregoing information, it is clear that timely reporting of small breaches is imperative. To that end, covered entities must pay particular attention to the approaching March 1, 2017 deadline.

The FMG Data Security & Privacy team is available to help covered entities investigate potential data breaches and comply with all notification and reporting requirements under HIPAA.

Don’t Be a Phishing Victim: IRS Warns of Email Scam This Tax Season

Posted on: February 13th, 2017

By: David Cole

It’s tax season again and the cyber criminals are back at it. According to the IRS, last year’s W-2 spear-phishing scam has returned and is currently making its way across the nation. The IRS and state tax authorities have issued a new alert advising HR and payroll departments to beware of phony emails intended to steal employees’ personal information in their W-2 forms.  The phony emails generally appear to be from a senior executive in the company, like the CEO or CFO, and are sent to a company payroll officer or HR employee. The email requests a PDF or list of employee W-2 forms for the tax year. Those forms contain employee names, SSNs, and income information – all of the information a cybercriminal needs to file a fraudulent tax return and collect the return.

The Federal Bureau of Investigation (FBI) has been tracking the financial impact of scams like this. In June 2016, the FBI estimated that cybercriminals had stolen nearly $3.1 billion from more than 22,000 victims of these types of schemes. Now, the IRS says it is receiving new notifications that last year’s email scam for W-2 records is underway for a second time. The IRS urges company payroll officials to double check any executive-level or unusual requests for lists of W-2 forms or SSNs.

To help you be aware, the following are some of the details that may be contained in the emails:

  • Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
  • Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
  • I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

These incidents not only create headaches and worry for employees, but they also constitute data breaches reportable under state law because personal information has been exposed to an unauthorized individual and the risk of identity theft is high. Last year’s incidents also resulted in class action lawsuits by employees against some of the victimized companies.

The challenge in guarding against this scam is that the emails look legitimate. The header of the email may look exactly as you would expect, mirroring the company fonts and signature blocks, and containing the actual email address of the spoofed executive in the “From:” line. Often, the return email address won’t be visible until after the reply is sent unless the user specifically expands the address field. If you look carefully, it is likely that the domain name is a few characters different from the company’s actual domain name, such as substituting the number “1” for the letter “l” or replacing a “.org” with a “.com”.

Businesses should train employees—and particularly HR and payroll employees who handle sensitive information—to be wary of email requests like this from company executives. Make them aware of this scam and ones like it, and teach them to be skeptical. A good practice is to require that the employee obtain verbal authorization, preferably in person, from the requesting person to verify that the request is legitimate before sending any response. Your company’s IT department also should be monitoring for phishing trends and remaining on the alert for suspicious outgoing activity, including large files or attachments.

The FMG Data Security & Privacy team is here to help with employee training or preparing a plan to respond to an incident.

The Fate of REAXX

Posted on: February 13th, 2017

By: Daniel A. Nicholson

Per a January 27th ruling, the International Trade Commission (ITC) has ordered Customs to exclude “Bosch Reaxx table saws, and cartridges for those saws, from entering the United States” and issued a Cease and Desist letter to Robert Bosch Tool Corp. that Bosch must “cease and desist from conducting any of the following activities in the United States: importing, selling, marketing, advertising, distributing, transferring (except for exportation), and soliciting United States agents or distributors for imported [Reaxx] table saws.”[1]

A Brief Recap As we have reported before, flesh-detecting injury-mitigation technology like SawStop’s may become the industry standard for table saws in the future. Bosch developed its own flesh-detecting technology and implemented it in the REAXX table saw marketed for the U.S. and Canada (where it will still be available). SawStop, currently the only major manufacturer of such technology in the United States, filed suit against Bosch for patent infringement in July of 2015. Bosch moved forward with the release of the saw late last year during the litigation proceedings.

On November 17, 2016 the ITC, after reviewing the legal arguments of both Bosch and SawStop, put the public on notice that it would not review the initial determination by an Administrative Law Judge that ruled Bosch had infringed on two SawStop patents and would review the ALJ’s recommended remedy. On January 27, 2017, after several extensions, the ITC ultimately ruled in favor of SawStop by issuing a Limited Exclusion Order to U.S. Customs and Border Protection, and a Cease and Desist Order to Bosch. The Commission, coming to this conclusion after “having reviewed the record in this investigation, including the written submissions of the parties,”[2] makes these decisions based on public policy: public health and welfare, competitive conditions in the United States economy, competitive production, the United States consumer, and foreign relations.

The decision of the ITC will now move to the United States Trade Representative (USTR), as delegated by the President, who must approve or disapprove the ITC’s final decision in sixty (60) days. The USTR rarely goes against the ITC, having disapproved of the ITC’s determination once in nearly 30 years. During this sixty (60) day period the REAXX saws will most likely still be on sale, as Bosch is allowed to import and sell the saw and cartridges under bond which the ITC set at 0%.

What the Ruling Means for You According to the Cease and Desist order the expiration of the REAXX ban will be February 1, 2022. We spoke to Bosch to clear up a misconception some may have in the industry that the cartridges will not be available due to the ITC ruling; that is not the case. Owners of REAXX table saws will still be able to purchase cartridges and have their saws serviced indefinitely because the cartridges are produced in the U.S. – so if you own one, or are thinking of buying one within the 60 day period, you are safe to continue using it and purchase one without worry that it will eventually become inoperable or obsolete.

Here’s Bosch’s official response regarding the ruling:

Robert Bosch Tool Corp. is disappointed with the ITC’s decision. We are now in the 60-day presidential review period, in which we hope the president will review the facts of the case and then veto this exclusion order.

Bosch maintains that development of its professional table saw product respects other companies’ patents and represents a new and unique technology in the construction market. It is disappointing that a competitor is continuing its campaign to stop the sale of REAXX technology to consumers.

We believe that advanced REAXX safety technology does not violate any competitor’s intellectual property rights. The patents asserted against REAXX are based on applications filed more than 15 years ago; Bosch does not believe they apply to REAXX technology. In addition, Bosch believes that if the U.S. Patent and Trademark Office had complete information, it would not have issued certain patents in the first place.

It is our firm belief that the development, marketing and distribution of the REAXX Jobsite Table Saw is completely separate and distinct from anything other brands or manufacturers are doing.

At Bosch, safety is a priority. We will work to defend consumers’ rights to buy our products.

For any questions, please contact Daniel Nicholson at [email protected].

To view the original online article, click here.

Eleventh Circuit Finds that Officers are Entitled to Qualified Immunity in Fourth Amendment Flashbang Lawsuit Handled by FMG

Posted on: February 8th, 2017

By: Wayne Melnick and A. Ali Sabzevari

Attorneys at Freeman Mathis & Gary, LLP recently obtained a favorable ruling for officers in a Section 1983 lawsuit wherein a woman alleged that she was injured by a flashbang allegedly thrown through her bedroom window and into the room where she was sleeping. 

Judge William Pryor Jr. writing for the Eleventh Circuit held that deploying a flashbang into a dark room occupied by two sleeping individuals without first performing a visual inspection violates the Fourth Amendment. The Eleventh Circuit nevertheless found that the officers are entitled to qualified immunity because they did not violate clearly established law.  

“This is an important opinion because it is a matter of first impression in the Eleventh Circuit,” said the winning lawyer who argued the case before the Eleventh Circuit, Wayne Melnick of Freeman Mathis & Gary. “Courts around the nation–federal and state–are split regarding the application of immunity in cases involving flashbang usage.” Melnick and A. Ali Sabzevari of FMG successfully defended the officers obtaining summary judgment at the trial court level and the affirmance on appeal. 

While the Eleventh Circuit certainly could have declined to reach the issue of whether there was a constitutional violation, the Eleventh Circuit opted not to and sent a message to the law enforcement community that if an officer deploys a flashbang into a dark room occupied by sleeping individuals, without first visually inspecting the room, that officer’s action constitutes excessive force in violation of the Fourth Amendment. All municipalities that utilize flashbangs for less-than-lethal force are strongly recommended to review this new opinion and advise their officers regarding same.

If you would like a copy of the opinion or have any questions, please contact Wayne S. Melnick at [email protected] or A. Ali Sabzevari at [email protected].