Blog

Recent Blog Posts

  • Tuesday’s decision by Judge Richard Leon of the U.S. District Court for the District of Columbia categorically approving the merger of AT&T and Time Warner, without imposing any conditions or limitations and rejecting granting a stay for appeal purposes, will, unless blocked if there is an appeal, open the way for a series of pending vertical merger deals. A “vertical merger” is a merger of two companies that do not compete and that are at different levels of the product or... More
  • The National Institute of Standards and Technology (“NIST) has announced that it will be seeking industry input on developing “use cases” for its framework of cybersecurity standards related to patient imaging devices. NIST, a component of the Department of Commerce, is the agency assigned to the development and promulgation of policies, guidelines and regulations dealing with cybersecurity standards and best practices.  NIST claims that its cybersecurity program promotes innovation and competitiveness by advancing measurement science, standards, and related technology in... More
  • Last week’s “WannaCry” worldwide Ransomware attack was particularly targeted against international health organizations. Though the attack was thwarted not without a little good luck and less financial loss that might have been predicted, it unsurprisingly triggered responses from U.S. government agencies including the Department of Homeland Security (DHS) and, with specific reference to health care providers, the Office of Civil Rights (OCR) of the Department of Health & Human Services (HHS). It also is no surprise that these government agencies... More
  • Surprisingly amidst the Federal Bureau of Investigation (FBI) uproar, President Trump today signed an executive order addressing cybersecurity for the federal government and critical infrastructure, along with international coordination and cyber deterrence. The substance of the order, which is about to be made public, comes from various press releases and interviews with administration officials. The order is composed of three sections on cybersecurity and IT modernization within the federal government, protecting critical infrastructure, and establishing a cyber deterrence policy and... More
  • Executive Order Delay Trumps Administration Policy Development President Trump’s first hundred days did not produce the event that most people in the cybersecurity community expected – a Presidential Executive Order supplanting or supplementing the Obama administration’s cyber policy – but that doesn’t mean that this period has been uneventful, particularly for those in the health care space. The events of the period have cautioned us not to look for an imminent Executive Order. While White House cybersecurity coordinator Robert Joyce recently stated... More
  • Both the Department of Justice and the Department of Health and Human Services Inspector General have long urged (and in many cases, mandated through settlements that include Corporate Integrity Agreements and through court judgments) that health care organizations have “top-down” compliance programs with vigorous board of directors implementation and oversight. Governmental reach only increased with the publication by DoJ of the so-called Yates Memorandum, which focused government enforcers on potential individual liability for corporate management and directors in fraud cases.... More
  • Frequently, parties in both civil and criminal cases where fraud or corporate misconduct is being alleged attempt to defend themselves by arguing that they lacked unlawful intent because they relied upon the advice of counsel. Such an assertion instantly raises two fundamental questions:  1) what advice did the party’s attorney actually give?;  and 2) what facts and circumstances did the party disclose, or fail to disclose, in order to obtain that opinion?  It is well understood that raising an advice... More
  • The Information Sharing and Analysis Organization-Standards Organization (ISAO-SO) was set up under the aegis of the Department of Homeland Security pursuant to a Presidential Executive Order intended to foster threat vector sharing among private entities and with the government. ISAOs are proliferating in many critical infrastructure fields, including health care, where cybersecurity and data privacy are particularly sensitive issues given HIPAA requirements and disproportionate industry human and systems vulnerabilities.  Therefore, in advising their companies’ management, general counsel and others  might... More
  • The U.S. Supreme Court has rendered a unanimous decision in the hotly-awaited False Claims Act case of Universal Health Services v. United States ex rel. Escobar.  This case squarely presented the issue of whether liability may be based on the so-called “implied false certification” theory.  Universal Health Service’s (“UHS) problem originated when it was discovered that its contractor’s employees who were providing mental health services and medication were not actually licensed to do so. The relator and government alleged that... More
  • Stuart Gerson Today, the U.S. Supreme Court decided (6-2, with Kennedy writing for the majority and  Ginsburg and Sotomayor dissenting) the case of Gobeille v. Liberty Mutual Insurance Co.  The matter before the Court involved Vermont law requiring certain entities, including health insurers, to report payments relating to health care claims and other information relating to health care services to a state agency for compilation in an all-inclusive health care database.  In an important victory for pre-emption advocates, the Court held that... More