As Varnum’s government investigations team has previously discussed, the COVID-era Paycheck Protection Program (PPP) resulted in millions of businesses receiving emergency loans. The PPP’s hurried implementation, coupled with confusion among recipients over eligibility requirements, created an environment ripe for both fraud and the issuance of loans to ineligible recipients. Over the past few years, the Department of Justice (DOJ) has focused on fraud by among other things, opening civil investigations under the False Claims Act and bringing criminal charges against PPP loan recipients who misused loan proceeds on luxury items. But recently, the DOJ has shifted its focus to a new category of PPP recipients: social clubs that may have been technically ineligible for the loans they received.
The opportunity for improper loans to social clubs comes about because of a technical wrinkle in how Congress wrote the American Rescue Plan Act of 2021. In this Act, Congress made social clubs (i.e. golf clubs, tennis clubs, yacht clubs) organized under 26 U.S.C. § 501(c)(7) eligible for PPP loans. However, Congress incorporated an agency regulation that prohibited loans to “private clubs and businesses which limited the numbers of memberships for reasons other than capacity.” Accordingly, social clubs that limit their membership for a reason other than capacity may be ineligible for PPP loans.
In recent months, the DOJ has issued Civil Investigation Demands (CIDs) to clubs that it believes might not have been eligible for PPP loans. Commonly, CIDs are issued following a whistleblower tip or the filing of a Qui Tam lawsuit, which is a lawsuit filed by an individual “on behalf of the United States” alleging that the United States was defrauded. The focus of the United States’ current investigation is on country clubs in Florida. These CIDs are demands for documents and interrogatory answers and often relate to employment records, income statements, the membership admission process, prospective members’ applications, the club’s governance, and membership information. CIDs are expansive and the government can use the club’s answer in future civil or criminal proceedings.
Given the DOJ’s new focus, clubs should review their PPP paperwork now and consult with an attorney to determine whether their loan was properly issued. If the clubs find technical violations, proactively approaching the government through counsel may be beneficial. If a club receives a CID, it should immediately contact an attorney to begin preparing the appropriate response.
If you have received a CID or would like more information about PPP loan eligibility and enforcement issues, contact a member of Varnum’s government investigation team.
In the realm of family law, arbitration and mediation offer alternative pathways to resolving disputes outside of the courtroom. However, key distinctions exist between these two processes. This advisory will delve deeper into the legal nuances of each option.
View a printer friendly version of the comparison chart.
Controlling law
Arbitration
MCL 600.5071 Parties to an action for divorce, annulment, separate maintenance, child support, custody, or parenting time, or to a post-judgment proceeding related to such an action, may stipulate to binding arbitration by a signed agreement that specifically provides for an award with respect to one or more of the following issues:
real and personal propertychild custodychild support, subject to the restrictions and requirements in other law and court rule as provided in this actparenting timespousal supportcosts, expenses, and attorney feesenforceability of prenuptial and postnuptial agreementsallocation of the parties’ responsibility for debt as between the partiesother contested domestic relations matters
Mediation
MCR 2.410 All civil cases are subject to alternative dispute resolution (ADR) processes unless otherwise provided by statute or court rule. MCR 2.410(C) states that, at any time, after consultation with the parties, the court may order that a case be submitted to an appropriate ADR process. MCR 2.411 This rule applies to cases that the court refers to mediation as provided in MCR 2.410.
What is it?
Arbitration
Arbitration is a process in which a dispute is submitted, by agreement of the parties, to one or more arbitrators, who make a binding decision on the dispute.
Mediation
Mediation is a process in which a neutral third party facilitates communication between parties, assists in identifying issues, and helps explore solutions to promote a mutually acceptable settlement. A mediator has no authoritative decision-making power. MCR 2.411(A)(2).
Who can participate?
Arbitration
Arbitration may be heard by a single arbitrator or by a panel of three arbitrators. The court must appoint an arbitrator agreed to by the parties if the arbitrator is qualified under MCL 600.5070 (2) and consents to the appointment. The court may not appoint an arbitrator under MCL 600.5070 et seq. unless the individual meets all the following qualifications:
is an attorney in good standing with the State Bar of Michigan
has practiced as an attorney for not less than five years before the appointment and has demonstrated expertise in the area of domestic relations law
has received training in the dynamics of domestic violence and in handling domestic relations matters that have a history of domestic violence. MCL 600.5073(2).
Mediation
The parties may stipulate to the selection of a mediator. A mediator selected by agreement of the parties need not meet the qualifications in MCR 2.411(F). MCR 2.411(B)(1). If the order referring the case to mediator does not specify a mediator, the order must set the date by which the parties are to have conferred on the selection of a mediator. MCR 2.411 (B)(2). If the parties do not advise the ADR clerk of the mediator agreed on by that date, the court must appoint one as provided in MCR 2.411(B)(3).
What is the procedure?
Arbitration
As soon as practicable after the appointment of the arbitrator, the parties and attorneys must meet with the arbitrator to consider all of the following:
scope of the issues submitteddate, time, and place of the hearing witnessesschedule for exchange of expert reports or summary of expert testimonyexhibits, documents, or other information each party considers applicable and material to the case and a schedule for production or exchange of that information.
MCL 600.5076. The arbitrator must issue the written award on each issue within 60 days after either the end of the hearing or, if requested by the arbitrator, after receipt of proposed findings of fact and conclusions of law. An arbitrator under this chapter retains jurisdiction to correct errors or omissions in an award until the court confirms the award. Within 14 days after the award is issued, a party to the arbitration may file a motion to correct errors or omissions. The other party may respond within 14 days after the motion is filed. The arbitrator must issue a decision on the motion within 14 days after receipt of a response or, if a response is not filed, within 14 days after the response period expires. MCL 600.5078.
Mediation
Although not required by authority, practitioners typically submit a brief that outlines their perspective on the issues at bar in advance of the mediation. This serves as a tool that allows the mediator to organize an effective approach to resolving the issues. The mediator must meet with counsel and the parties, explain the mediation process, and then proceed with the process. The mediator must discuss with the parties and counsel, if any, the facts and issues involved. The mediation will continue until a settlement is reached, the mediator determines that a settlement is not likely to be reached, the end of the first mediation session, or a time agreed to by the parties. Additional sessions may be held as long as it appears that the process may result in settlement of a case. MCR 2.411(C)(2). The mediator must advise the court of the completion of mediation within seven days after completion, stating only the date of completion, who participated, whether settlement was reached, and whether further ADR proceedings are contemplated. MCR 2.411(C)(3).
Is the procedure confidential?
Arbitration
Except as provided by MCL 600.5077, court rule, or other arbitration agreement, a record may not be made of an arbitration hearing. An arbitrator may make a record to be used only by the arbitrator to aid in reaching the decision. A record must be made of the portion of a hearing that concerns child support, custody, or parenting time in the same manner required by the Michigan Court Rules for the record of a witness’s testimony in a deposition. MCL 600.5077
Mediation
Confidentiality in the mediation process is governed by MCR 2.412. Mediation communications are confidential. They are not subject to discovery, are not admissible in a proceeding, and may not be disclosed to anyone other than mediation participants except as provided in MCR 2.412(D). MCR 2.412(C).
Is the award enforceable?
Arbitration
The circuit court must enforce an arbitrator’s award or other order issued under the Revised Judicature Act in the same manner as an order issued by the circuit court. A party may make a motion to the circuit court to enforce an arbitrator’s award or order. MCL 600.5079(1). An appeal from an arbitration award that the circuit court confirms, vacated, modifies, or corrects must be taken in the same manner as from an order or judgment in other civil actions. MCL 600.5082.
Mediation
Mediation agreements are binding and enforceable once executed by the parties involved. If the case is settled through mediation, within 21 days the attorneys must prepare and submit to the court the appropriate documents to conclude the case. MCR 2.411(C)(4).
In the aftermath of a catastrophic event, such as the Francis Scott Key Bridge collapse, the immediate focus rightfully rests upon the human toll and the urgent need for rescue, recovery, and support. However, amidst these pressing humanitarian concerns, it is important to recognize the concurrent commercial implications that arise from such tragedies. The disruption to shipping and logistics triggered by this disaster requires careful attention, as businesses grapple with the practical challenges and legal complexities of navigating force majeure clauses.
Understanding Force Majeure Provisions
Force majeure clauses are designed to allocate responsibility for events beyond a party’s control, excusing performance when such events delay or prevent it. Whether a shortage of parts due to shipping delays resulting from a port closure warrant invoking a force majeure clause depends on contractual language and specific circumstances. In the absence of such a clause, jurisdictional laws or common law principles may offer similar remedies.
Force majeure clauses vary widely in content and scope. Some enumerate specific qualifying events, while others adopt a broader approach encompassing any uncontrollable event. Given this variability, it is crucial for suppliers to seek legal guidance to assess the language of specific force majeure provisions.
Legal Considerations in Michigan
In Michigan, the defense of impossibility is narrowly recognized, particularly under the Michigan Commercial Code (MCC), which acknowledges the defense of impracticability concerning the sale of goods. Impracticability may excuse delayed or non-delivery of goods due to compliance with regulations or unforeseeable events. However, suppliers may not always rely on this defense, especially if the contract imposes greater obligations on them.
Notice Requirements
Invoking force majeure typically requires providing notice to the unaffected party, with varying requirements across contracts. Some contracts mandate notice within a specified timeframe from the event’s occurrence, while others stipulate prompt notification without specific timelines. Notices may need to detail the expected consequences and duration of the force majeure event, and failure to adhere to notice requirements can jeopardize a party’s claim.
Given the unpredictable impact of events like the Francis Scott Key Bridge collapse in Baltimore on supply chains, some suppliers may choose to issue proactive force majeure notices, acknowledging evolving disruptions and their implications for contract performance.
Mitigation Obligations
Even when an event falls under a contract’s force majeure provision, the affected party must take reasonable steps to mitigate foreseeable consequences. Failure to do so may undermine a force majeure claim, particularly if alternative means of fulfilling obligations were available.
Conclusion
It seems unlikely that a court would reject a force majeure argument for a surprisingly shocking event such as a container ship running into the Francis Scott Key Bridge. However, one should be aware that the inclusion of a force majeure clause in a Supply Agreement does not automatically mean if a catastrophic event occurs that your performance is excused.
The details of the event and the language of the force majeure clause can greatly impact your performance as well as the required performance your vendor/customer. If a supplier finds itself in a position where it is difficult to meet contractual obligations due to lack of a required product, it may be time to review supply contracts to understand its rights under a force majeure clause or other legal protections.
On March 6, 2024, the FBI’s Internet Crime Complaint Center (IC3) released its Internet Crime Report for 2023. The report offers key insights into the cyberthreat landscape based upon aggregated data from complaints reported during the last calendar year. As with prior IC3 annual reports, the 2023 report reveals alarming increases in both the frequency and financial impact of online fraud perpetrated by cybercriminals and nation-states against individuals, businesses, government agencies, and public infrastructure.
What is the IC3?
Established in May 2000, the IC3 operates an online portal (www.ic3.gov) to receive complaints from the general public on a wide array of internet-facilitated crimes. The IC3 analyzes and disseminates intelligence from the portal for investigative and law enforcement purposes, and also uses the data to promote awareness through public service announcements, industry alerts, and annual reports.
Total Complaints Reported in 2023
In 2023, the IC3 received 880,418 complaints with total reported losses of $12.5 billion. The number of complaints in 2023 increased nearly 10% from 2022, and over 88% compared to 2019. Total reported losses in 2023 rose nearly 22% from 2022, and over 257% since 2019.
Source: IC3 2023 Internet Crime Report
Most Frequently Reported Crime Types in 2023
As with 2019-2022, by far the most frequently reported crime in 2023 was “phishing/spoofing,” which the IC3 defines as “[t]he use of unsolicited email, text messages, and telephone calls purportedly from a legitimate company requesting personal, financial, and/or login credentials.” Phishing accounted for approximately 34% of all complaints reported, followed by personal data breach, non-payment/non-delivery, extortion, and tech support scams.
Reported Monetary Losses in 2023
The highest reported losses in 2023 were, by far, attributable to “investment scams,” with losses of $4.57 billion, up 38% from 2022. Investment fraud with reference to cryptocurrency accounted for over 86% of these losses. The IC3 defines an “investment” scam as a “[d]eceptive practice that induces investors to make purchases based on false information. These scams usually offer those targeted large returns with minimal risk. (Retirement, 401K, Ponzi, Pyramid, etc.).” The IC3 issued several public service announcements on these threats in 2023, with particular emphasis on cryptocurrency investment schemes.
Source: IC3 2023 Internet Crime Report
Complaints involving business email compromise (BEC) accounted for the second-highest total losses in 2023—over $2.9 billion, up 7.5% from 2022. The IC3 describes BEC as “a sophisticated scam targeting both businesses and individuals performing transfers of funds. The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.” According to the report, BEC scams have historically involved compromised vendor emails, requests for W-2 information, targeting of the real estate sector, and requests for large amounts of gift cards, but have increasingly used custodial accounts held at financial institutions for cryptocurrency exchanges or third-party payment processors. The IC3 recommends two-factor or multi-factor authentication and careful scrutiny of email communications as best practices to combat BEC.
Complaints of government impersonation and tech and customer support scams accounted for reported losses of over $1.3 billion in 2023. Such scams heavily target older adults. Individuals over the age of 60 accounted for 40% of these complaints and 58% of the losses.
Ransomware complaints were also prevalent in 2023, affecting 14 of 16 critical infrastructure sectors, most notably the healthcare and public health, critical manufacturing, government facilities, information technology, and financial services sectors.
Geographic Breakdown of Reported Complaints in 2023
California led all states in both complaints (77,271) and losses ($2.16 billion), followed by Texas (47,305 complaints, $1.022 billion losses) and Florida (41,061 complaints, $874.7 million losses). Complaints also poured in from outside the United States, including 288,355 complaints from the United Kingdom, 6,061 from Canada, and 3,405 from India.
IC3 Recovery Asset Team
The report touts the IC3’s Recovery Asset Team (RAT). Established in February 2018, RAT interfaces with financial institutions and assists FBI field offices with the freezing of domestic funds transfers using a tool known as a Financial Fraud Kill Chain (FFKC). An FFKC is a process used to recover international wire transfers of at least $50,000.00 within 72 hours after the wire has occurred, where a SWIFT recall notice has been initiated. In 2023, RAT initiated FFKCs on 3,008 reported incidents with potential losses at stake of $758.05 million. Of these, monetary holds were successfully placed on $538.39 million—a 71% success rate. However, the funds successfully frozen by RAT amount to just 4.3% of total reported losses in 2023, underscoring the substantial obstacles faced by law enforcement in effectively combatting cyberthreats.
IC3 Appeals for Increased Public Reporting
The IC3 assesses that these statistics are actually a “conservative” depiction of cybercrime in 2023. To support this, the IC3 notes anecdotally that the FBI infiltrated the Hive ransomware group’s infrastructure and determined that only 20% of Hive’s victims had reported to law enforcement. Thus, in addition to promoting two-factor or multi-factor authentication and best practices in handling email communications, the IC3 urges increased public reporting as the best defense against the rising tide of cyberthreats, stating:
“The information submitted to the IC3 can be impactful in the individual complaints, but it is most impactful in the aggregate. That is, when the individual complaints are combined with other data, it allows the FBI to connect complaints, investigate reported crimes, track trends and threats, and, in some cases, even freeze stolen funds. Just as importantly, the IC3 shares reports of crime throughout its vast network of FBI field offices and law enforcement partners, strengthening our nation’s collective response both locally and nationally.
To promote public awareness and as part of its prevention mission, the IC3 aggregates the submitted data and produces an annual report on the trends impacting the public as well as routinely providing intelligence reports about trends. The success of these efforts is directly related to the quality of the data submitted by the public through the www.ic3.gov interface. Their efforts help the IC3, and the FBI better protect their fellow citizens.”
If you or your business have been victimized by an internet-facilitated crime and are seeking to recover misappropriated funds, every moment is critical. IMMEDIATELY notify all financial institutions involved in the relevant transactions, file a complaint at www.ic3.gov, contact your nearest FBI field office, and contact local law enforcement.
Being on the wrong side of ERISA and Internal Revenue Code requirements creates one headache after another. To prevent common errors, you need to make sure your plan document satisfies these requirements, but you also need to make sure you are following the terms of your plan document. Here are some common errors and helpful tips for avoiding them.
1. Plan Documents: A simple error with a big impact.
Make sure your plan has the required documentation. This seems simple and it can be, but it is also one of the most common errors. Your plan documents must comply with ERISA and Internal Revenue Code requirements. For example, you must sign and date the plan document, sign and date any amendments, adopt amendments in the way your plan requires, and disclose your Summary Plan Description (SPD) to participants and beneficiaries as required by law.
2. Eligibility: Wait, was Jim eligible to participate last year?
Errors about who is eligible to participate, and when they begin participation, are also common. Your plan document defines eligibility, so refer to it often and avoid late enrollment of eligible participants. Plan documents often also exclude certain employees, either because they are covered by another plan or because they simply are not eligible. For instance, seasonal and temporary employees are often excluded from retirement plans, and union employees sometimes have separate plans to reflect the terms of their collective bargaining agreement. You need to correctly and consistently apply these exclusions.
3. Timing is Everything: Making contributions.
Plan documents usually set forth the deadlines by which contributions must be made. These deadlines may vary depending on the type of contribution (for instance, employee elective deferrals must be deposited as soon as reasonably possible, whereas employer contributions may have a later deadline). Contributions deposited after the deadline are deemed to be late. Making late contributions, or otherwise failing to make consistently timely contributions, may require corrections that include government filings, self-correction and additional contributions for lost earnings. To avoid errors, determine with your payroll provider how early you can reasonably make contributions and set procedures to help ensure deposits are consistently made by that date.
4. Loans: Write down the rules and follow them.
401(k) plans may allow participants to take loans but aren’t required to offer loans. If they do, the loan procedures must be in writing. The plan administrator (or the loan administrator, if separate) should always follow the written procedures, especially with regard to repayment terms, the maximum number of loans, and the terms and process for taking loans. Failure to follow the loan procedures or other failures involving loan payments may often require correction.
The importance of documentation cannot be overstated. Fiduciaries for retirement plans are entrusted with certain responsibilities for plan participants and beneficiaries, and with great fiduciary duties come great potential liabilities! Fulfilling these responsibilities is only part of the obligation. How fiduciaries meet these responsibilities matters, as does documenting compliance with the fiduciary duties. Documentation provides a clear picture of how decisions are made and why—it provides rationale at the time of the decision and can help prevent later speculation by those not part of the process. It also helps avoid the risk that a fiduciary will comply with fiduciary duties in the moment but will be unable to prove it when a claim is made.
These are only some common errors we see in retirement plans. Often, preventing these errors is simple, and preventative measures are easier to take than corrective steps. If you have any questions about compliance, how to correct these errors and others, or other employee benefits matters, please contact your Varnum Employee Benefits team.
On March 1, 2024, the federal judge presiding over the lone case testing the validity of the Corporate Transparency Act (CTA) struck down the CTA as unconstitutional. As we have explained, through the CTA, Congress imposed mandatory reporting obligations on certain companies operating in the United States, in an effort to enhance corporate transparency and combat financial crime. Specifically, the CTA, which took effect on January 1, 2024, requires a wide range of companies to provide personal information about their beneficial owners and company applicants to the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN). More than 32.5 million existing entities are expected to be subject to the CTA, and approximately 5 million new entities are expected to join that number each year. By mid-February, approximately a half million reports had been filed under the CTA according to FinCEN.
The CTA’s enforceability is now in doubt. In National Small Business United d/b/a National Small Business Association v. Yellen, the Honorable Liles C. Burke of the United States District Court for the Northern District of Alabama held that the CTA exceeded Congress’s authority to regulate interstate commerce, and that the CTA was not necessary to the proper exercise of Congress’ power to regulate foreign affairs or its taxing power. The Court issued a declaratory judgment—stating that the CTA is unconstitutional—and enjoined the federal government from enforcing the CTA’s reporting requirements against the plaintiffs in that litigation. A nationwide injunction, which would have raised its own enforceability concerns, was not included in the Court’s ruling.
The Court focused on three aspects of the CTA. First, the Court highlighted that the CTA imposes requirements on corporate formation, which is traditionally left to state governments as matters of internal state law. Second, the Court observed that the CTA applies to corporate entities even if the entity conducts purely intrastate commercial activities or no commercial activities at all. Third, the Court concluded that the CTA’s disclosure requirements could not be justified as a data-collection tool for tax officials as that would raise the specter of “unfettered legislative power.”
What the Decision Means for Entities Subject to the CTA
The Court’s decision creates uncertainty on entities’ ongoing obligations under the CTA. Although the Court purported to limit its injunction to the parties in the litigation before it, the lead plaintiff in the suit is the National Small Business Association (NSBA). In its opinion, the Court held that the NSBA had associational standing to sue on behalf of its members. Based on precedent, this means the Court’s injunction likely benefits all of the NSBA’s over 65,000 members. If so, the government is prevented from enforcing the CTA’s reporting requirements against any entity that is a member of the NSBA.
Regardless of membership in the NSBA, however, the Court’s declaratory judgment that the CTA is unconstitutional also raises serious doubts about the government’s ability to enforce the CTA’s reporting requirements. This could amount to a de facto moratorium on CTA enforcement, depending on the government’s view of the decision.
What Happens Next
The government will likely appeal this decision, but the Court’s injunction and declaration will remain in effect unless a stay is granted. To receive a stay, the government will first likely need to file a motion in the district court, which will consider (1) how likely it is that the government will succeed on appeal; (2) whether the government will be irreparably harmed without a stay; (3) whether a stay will injure other parties interested in the litigation; and (4) whether a stay would benefit the public interest. If the district court denies a stay, the government will be able to seek a stay from the Atlanta-based United States Court of Appeals for the Eleventh Circuit.
The government has 60 days to appeal, though it will likely file its appeal sooner given the grant of an injunction and decision’s far-reaching consequences. The grant or denial of stay should be resolved in the coming weeks, but the timing of any final decision from the Court of Appeals is uncertain. In 2023, the median time for the Eleventh Circuit to resolve a case was over 9 months. However, the key deadline by which tens of millions of companies otherwise must file their initial report under the CTA is January 1, 2025.
Varnum’s Corporate Transparency Act Task Force will monitor all developments in National Small Business United. Contact any member of Varnum’s CTA Taskforce, or your Varnum attorney to learn more.
The Health Insurance Portability and Accountability Act (HIPAA) contains Standards for the Privacy of Individually Identifiable Health Information (Privacy Rule). The Privacy Rule applies to covered entities (i.e., (i) a health plan; (ii) a health care clearinghouse; and (iii) a health care provider who transmits any health information in electronic form in connection with a transaction for which DHHS has adopted standards). More specifically, the Privacy Rule broadly establishes national standards to protect individuals’ protected health information (PHI), by requiring certain safeguards, setting limits and conditions on the uses and disclosures of PHI, as well as giving individuals rights over their PHI.
PHI is defined as individually identifiable health information (IIHI) that is:
(i) transmitted by electronic media;
(ii) maintained by electronic media; or
(iii) transmitted or maintained in any other form or medium.
In January 2021, the Department of Health and Human Services (DHHS) issued a Notice of Proposed Rulemaking (NPRM) which proposes to modify the Privacy Rule. According to DHHS, the NPRM sought to modify HIPAA’s Privacy Rule to support individuals’ engagement in their health care, remove barriers to coordinated care, and decrease regulatory burdens on the health care industry. The NPRM estimated that the total savings from the proposed reform would be roughly $3.2 billion over five years.
NPRM Spotlight: Proposed Changes to the Right of Individuals to Access Their PHI
Of the nine different sections contained in the NPRM, the most extensive proposed changes involve changes to an individual’s right to access their PHI. These proposed changes include:
1. Adding definitions for electronic health record (EHR) and personal health application
The NPRM defines an EHR as “an electronic record of health-related information on an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff.” Further, the NPRM proposes to define personal health application as “an electronic application used by an individual to access health information about that individual in electronic form, which can be drawn from multiple sources, provided that such information is managed, shared, and controlled by or primarily for the individual, and not by or primarily for a covered entity or another party such as the application developer.” As stated in the NPRM, these proposed definitions would clarify the proposed modifications to the right of access.
2. Strengthening the access right to inspect and obtain copies of PHI
DHHS proposes to enable individuals to use personal resources, such as taking notes, videos, and photographs, to view and capture PHI in a designated record set. These proposed changes are seen as a way to eliminate “persistent barriers” that individuals face when trying to inspect and/or obtain copies of their PHI.
3. Modifying the implementation requirements for requests for access and timely action in response to requests for access
Requests for access: The NPRM prohibits a covered entity from imposing unreasonable measures on an individual exercising the right of access that create a barrier to or unreasonably delay the individual from obtaining access.
Timeliness: The NPRM requires that access be provided “as soon as practicable,” but in no case later than 15 calendar days after receipt of the request, with the possibility of one 15 calendar-day extension.
4. Addressing the form of access
When a covered entity offers a summary in lieu of access, the covered entity must inform the individual that they retain the right to obtain a copy of the requested PHI if they do not agree to receive the summary.
5. Addressing the individual access right to direct copies of PHI to third parties
The NPRM creates a separate set of provisions for the right to direct copies of PHI to a third party.
6. Adjusting permitted fees for access to PHI and ePHI
DHHS plans to change the access fee provisions of the Privacy Rules to establish a fee structure with elements based on the type of access request.
7. Notice of access and authorization fees
DHHS proposes to add additional regulations requiring covered entities to provide advance notice of approximate fees for copies of PHI requested under the access right and with an individual’s valid authorization.
Impact of HIPAA Privacy Rule Update: Covered Entities
A final rule implementing these proposed changes to the Privacy Rule has not yet been announced. However, the final rule is expected to be posted in 2024. Although the proposed HIPAA Privacy Rule updates aim to relieve the administrative burden imposed on covered entities, in the short term, it undoubtedly will cause significant work for covered entities seeking to comply with these updates. To comply, covered entities will likely incur costs, update various policies and procedures, and also update workforce member training.
Interested parties are encouraged to contact Varnum’s Health Care Team for assistance navigating and complying with the evolving HIPAA Privacy Rules.
State Attorneys General Allege NCAA’s NIL Regulations Violate Federal Antitrust Law
The Tennessee and Virginia attorneys general (AGs) filed a joint lawsuit alleging the NCAA’s NIL regulations violate federal antitrust law. In a press release published by Virginia’s attorney general, he stated that both Virginia and Tennessee “allege that the NCAA’s restrictions on the ability of current and future student-athletes to negotiate and benefit from their…[NIL] rights violate federal antitrust law and is harmful to current and future student-athletes.” The lawsuit comes just one day after it was reported that the University of Tennessee is under NCAA investigation for potential NIL violations.
The current lawsuit also comes roughly three years after the Supreme Court’s Alston decision, which held that the NCAA could no longer prohibit college athletes from earning compensation from their NIL. Following this decision, the NCAA announced interim NIL policies (which remain in effect), in addition to various states and universities that have also enacted their own NIL regulations. Both Tennessee and Virginia’s state legislature enacted their own respective NIL regulations, and both generally provide that the states have an interest in protecting prospective and current college athletes’ NIL opportunities. The states’ NIL statutes also expressly prohibit athletic associations, including the NCAA, from “interfering with athletes’ ability to earn NIL compensation.”
The lawsuit alleges “the NCAA is thumbing its nose at the law. After allowing NIL licensing to emerge nationwide, the NCAA is trying to stop that market from functioning.” The lawsuit also points to a recent NCAA proposal which permits current athletes to pursue NIL compensation, but bans prospective college athletes from discussing potential NIL opportunities until they enroll at the university. The AGs claim that by “prohibiting such interactions, the NCAA’s current approach restricts competition among schools and third parties (often NIL ‘collectives’) to arrange the best NIL opportunities for prospective athletes.”
As laid out in the complaint, the AGs assert that the “NCAA has started enforcing rules that unfairly restrict how athletes can commercially use their [NIL]…at a critical juncture in the recruiting calendar.” Currently, Florida State University, the University of Florida, and the University of Tennessee are all under NCAA investigation for potential NIL violations. The AGs assert that the NCAA’s NIL “anticompetitive restrictions violate the Sherman Act, harm the States and the welfare of their athletes, and should be declared unlawful and enjoined.” Importantly, the AGs asked the court for a temporary restraining order and preliminary injunction that would prohibit the NCAA from enforcing its NIL recruiting rules. A decision is expected in the coming days.
The lawsuit also comes at a time when NCAA President Charlie Baker and other interested parties have pleaded with federal lawmakers to enact federal NIL legislation, which would provide an antitrust exemption allowing the NCAA to govern without being sued for alleged antitrust violations. However, Congress has yet to act.
Interested parties should contact Varnum’s NIL Practice Team to ensure they are in compliance with applicable (and potentially changing) NCAA, state, and institutional regulations.
The link you have selected will redirect you to a third-party website located on another server. We are offering the link for your convenience. Varnum has no responsibility for any external websites and makes no express or implied warranties about any external websites.
Please be aware that contacting us via e-mail does not create an attorney-client relationship between you and the firm. Do not send confidential information to the firm until you have spoken with one of our attorneys and receive authorization to send such materials.
