Employers who are classified as covered entities under HIPAA are required to report any 2018 breach of protected health information that affected fewer than 500 individuals (also known as a small breach) by March 1, 2019. This current breach notification requirement arises from amendments made to HIPAA under the Health Information Technology for Economic and Clinical Health (HITECH) Act, as finalized in 2013. HIPAA defines a covered entity as either (1)  a group health plan, (2) a health care clearinghouse, or (3) a health care provider who electronically transmits any protected health information.  A covered entity may be an individual, an institution, or an organization.

Background

Under applicable rules, a breach is defined as an impermissible use or disclosure under the HIPAA Privacy Rule that compromises the security or privacy of the protected health information. Some exceptions apply, so that not all incidents will rise to the level of a breach. Still, an impermissible use or disclosure of protected health information is generally presumed to be a breach unless the covered entity demonstrates that there is a low probability that the protected health information has been compromised based on a risk assessment of several specified factors.

Notification Requirement

Upon the occurrence of a confirmed (or in some cases, suspected) breach, the affected individuals must be provided with detailed notification letters without unreasonable delay and no later than 60 days after the discovery of the breach. While the covered entity, most often, provides the required notifications, the final rules permit the delegation of reporting duties to a business associate.

A HIPAA breach also triggers an obligation to notify the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS).

• When a breach affects 500 or more individuals, the reporting entity must notify OCR contemporaneously with the notification to individuals (and must also notify local media outlets).
• Where a breach affects fewer than 500 individuals (also known as a small breach), however, a reporting entity must maintain a log or other documentation of all breaches occurring during the year, and annually report all such breaches no later than 60 days after the end of that calendar year.

For a small breach occurring any time in 2018, the deadline to report that breach to OCR is March 1, 2019.

Small Breach Reporting Details

A reporting entity is not required to wait until the March 1 deadline to report a small breach. Small breaches may be reported as early as contemporaneously with the occurrence of the breach. Regardless of timing, all small breaches must be reported to OCR in the same manner. Specifically a reporting entity must report the breaches online through the OCR’s “Breach Portal.”

Note that even when a covered entity delegates the reporting function to a business associate, the covered entity retains ultimate legal responsibility for proper reporting. Accordingly, covered entities who delegate reporting may want to require proof of timely reporting.

Be aware that, while the reporting entity may report all small breaches on a single date, each separate breach incident will require a separate submission. Instead of simply uploading a log of breach incidents occurring in the prior year, the reporting entity must complete a six-section questionnaire to provide: (1) general information; (2) identification of the covered entity, business associate, and relevant contact information; (3) the nature of the breach; (4) a summary of related notices provided and actions taken; (5) an attestation, and; (6) a summary. Multiple fields must be completed within each of these six sections. The HIPAA status of a reporting party (as either a HIPAA covered entity or a business associate) must be indicated on the “Contact” tab of the online filing form.

The online reporting form also requires the reporting entity to indicate the level of pre-breach HIPAA compliance status, including whether or not HIPAA Privacy Rule safeguards and HIPAA Security Rule safeguards were in place.

Because filing the breach notice can be time-consuming, parties tasked with reporting 2018 small HIPAA breaches of unsecured protected health information are advised to gather and prepare the content to be reported before actually logging on to the OCR Breach Portal. Because any changes or updates to the submitted information must be entered as a separate entry, it is preferable to ensure that each submission is fully accurate. Moreover, because the content of Breach Notifications to OCR can form the basis for a future OCR investigation and enforcement action, it is advisable to have legal counsel review content prior to submission.

In addition to ensuring that 2018 breaches affecting fewer than 500 individuals are reported by March 1, covered entities and business associates should continue to ensure that HIPAA Policies and Procedures, as well as the applicable administrative, physical and technical safeguards are up to date and periodically reviewed.

On January 29, 2019, the Wisconsin Supreme Court ruled in favor of our client, Park Bank, in a case of first impression in Wisconsin. In Koss Corp. v. Park Bank, 2019 WI 7, Koss Corp. sued Park Bank alleging that Park Bank acted in bad faith under the Uniform Fiduciaries Act (“UFA”) in failing to detect an embezzlement being conducted by one of Koss’s employees, Sue Sachdeva. Ms. Sachdeva embezzled $34 million from Koss Corp. over a 12-year period. The embezzlement was the largest embezzlement in Wisconsin history, and the ninth largest embezzlement in U.S. history.

Koss Corp. had some of its bank accounts at Park Bank, which Ms. Sachdeva used to embezzle $17 million from Koss Corp. by use of cashier’s checks she obtained from those accounts, which she used to pay her creditors for personal items such as jewelry, clothing and travel. Ms. Sachdeva was ultimately caught by an American Express employee, was criminally charged for her actions, and was sentenced to 11 years in prison.

After six years of litigation, the trial court granted Park Bank’s motion for summary judgment in 2016, ruling that the evidence did not support Koss Corp.’s claim that Park Bank acted in bad faith.

On December 12, 2017, the Wisconsin Court of Appeals affirmed that ruling.

On January 29, 2019, the Wisconsin Supreme Court affirmed the Wisconsin Court of Appeals’ decision in a 2-3-2 decision, with five Justices voting to affirm. The Court held that, to establish bad faith under the UFA, a bank must have acted dishonestly. The Court held that “[b]ad faith requires some evidence of bank dishonesty such as a bank willfully failing to further investigate compelling and obvious known facts that suggest fiduciary misconduct because of a deliberate desire to evade knowledge of fiduciary misconduct.” Decision at ¶ 55. In so ruling, the Court recognized several foundational principles that form the framework for analyzing a bank’s conduct when bad faith under the UFA is alleged:

First, bad faith is reviewed on a transaction by transaction basis, such that the facts known to each individual bank employee are not aggregated to form collective knowledge of the bank. Second, whether a bank acted in bad faith is determined at the time of the breach of fiduciary duty, not by looking back at transactions that occurred many months earlier.

             Third, bad faith is an intentional tort; negligence by a bank is insufficient to show bad faith. Fourth, considerations of bad faith require analyses of a bank’s actions to determine its subjective intent.

Id. at ¶¶ 52, 53.

In applying these foundational principles to the facts of the case, the Court held that “[w]hile discovery was extensive and conducted for years, no proof has been proffered from which a factfinder could find that any Park Bank transaction was not honestly done.” Id. at ¶ 71.

Our firm is proud to have represented Park Bank in this case, and pleased that all of the courts to have considered the matter — the trial court, the Wisconsin Court of Appeals, and the Wisconsin Supreme Court — all held that Park Bank has no liability to Koss Corp. in this matter.

Park Bank was represented by Dean Laing, Greg Lyons and Joe Newbold of our firm. Koss Corp. was represented by Michael Avenatti of California.

Newsletter Article Highlights:

• Even the Brightest Minds Can Suffer from Dementia
• Terms and Conditions: How Sellers Can Avoid Getting Injured in a “Battle of the Forms”
• The Need for Succession Planning
• Should I Use E-Verify or Not?
• How Much Should a Trustee Be Paid?

Pleased to Announce:

• OCHDL Attorneys Argue Three Cases Before WI Supreme Court
• Congratulations to Our Attorneys Listed in the 2018 Edition of Super Lawyers

Click the image below to read more.

(This is second of our 11-part series of articles based on our book The Art, Science and Law of Business Succession Planning. Complimentary copies are available to the clients and friends of the firm.)

“Why do I need succession planning?”

“Can’t I just hand my business over to my children?”

“Why can’t I just leave the business to someone in my will?”

As a law firm focused on helping business owners plan for the succession of their businesses, we hear these questions, and others like them, all the time. We understand. After spending decades dealing with all the details of a successful family business, the last thing many business owners want to do is handle more details. When the time comes, they wish they could just wave a wand, instantly transfer their company to someone else, and not think about it anymore.

Unfortunately, that’s not how it works. Until you’ve actually completed the transfer of your business to someone else, the details of the exchange are yours to deal with— and if you don’t spell out the transition clearly, you leave the door open for unexpected results.

Think of it this way: You’ve put years into building this business. You’ve invested time, money, blood, sweat and tears, and that investment is now paying off. Your business provides well for your family, and you want it to continue doing so for many years to come, long after you retire, long after you pass away. For this to happen, at some point you must give control of the business to a successor, whether a family member or an outsider.

The only way to do this safely is through succession planning. Isn’t your investment worth protecting through the vulnerabilities of succession, even if it means a few more details along the way?

Succession Planning Is a Process, Not an Event

Many people think of transferring a business as a one-and-done event. In reality, effective succession planning begins years before the transfer actually occurs (hence the “planning” part). Once the plan is in place, as your life and business evolve, you may need to make updates and changes to the plan, until the time comes to pass the business to your successor.

Challenges Involved with Succession Planning

Succession planning can be challenging; there are often a few difficulties along the way. That is why we advise business owners to begin thinking about, and planning for, succession as early as possible. There are two basic reasons why succession planning can be difficult:

1. You must attempt to predict future events with as much accuracy as possible. Of course, none of us can know the future; we can only predict it. Succession planning requires you to predict you’ll be ready to retire at a given age, for example, and your successor will be prepared to take over management or ownership of the business when you’re ready to transfer it. You’ll also need to anticipate as many variables as possible. What happens in the event of a health crisis, a natural disaster or a financial hit? What happens if your appointed successor dies? What happens if a successor divorces and remarries? A good succession plan forecasts one outcome, but it remains flexible to account for other possible outcomes, as well. Developing a succession plan that achieves this balance requires careful forethought and attention to detail.
2. In a family owned business, you must account for emotions and attitudes, not just facts and figures. Everyone associated with the business will present some sort of emotional variable, and every decision you make concerning your business may touch on those emotions. You must take into account the emotions of close and extended family members, as well as the emotions of your employees and associates who must work under new management or owners. Even your own emotions will come into play as you weigh these decisions.

Succession Planning Involves Multiple Layers

For most business owners, ”succession” involves more than just handing the reins to someone else. You’ll need to address questions of ownership and management of the company, both of which may occur at different times:
Ownership succession planning usually intertwines with your estate planning, because your business is part of your estate.

Management succession planning addresses who will run the company when you step down–whether it’s a family member, a key employee or someone else.

You can see how quickly succession can become complicated and convoluted. A well-constructed plan can avert many of these complications before they derail the process and give you peace of mind, knowing you have “the bases covered”.

O’Neil, Cannon, Hollman, DeJong and Laing S.C. has received notification from Martindale-Hubbell that Attorney Kelly M. Spott has received a Martindale-Hubbell® Peer Review Rating^TM.

Kelly was given an “AV” rating from her peers–the highest rating–which means that she was deemed to have very high professional ethics and preeminent legal ability. Only lawyers with the highest ethical standards and professional ability receive a Martindale-Hubbell Peer Review Rating of AV.

Martindale-Hubbell conducts secure online Peer Review Ratings surveys of lawyers across multiple jurisdictions and geographic locations, in similar areas of practice as the lawyer being rated. Reviewers are instructed to assess their colleagues’ general ethical standards and legal ability in a specific area of practice.

The Martindale-Hubbell® Peer Review Ratings™ help buyers of legal services identify, evaluate and select the most appropriate lawyer for a specific task at hand. The confidentiality, objectivity and complete independence of the ratings process are what have made the program a unique and credible evaluation tool for members of the legal profession. The legal community values the accuracy of lawyer peer review ratings because they are determined by their peers – the people who are best suited to assess the legal ability and professional ethics of their colleague.

Grant Killoran and Christa Wittenberg of O’Neil, Cannon, Hollman, DeJong and Laing’s Litigation Practice Group recently presented at the State Bar of Wisconsin’s “Annual Constitutional Law Symposium 2018” in Pewaukee, Wisconsin.

Attorney Killoran was the Chair of the Symposium and authored an article and presented at the seminar on “The Current State of the Second Amendment.” Attorney Wittenberg authored an article and presented at the seminar on “Freedom from Litigation: Personal Jurisdiction and Sovereign Immunity.”

Attorneys Killoran and Wittenberg presented along with attorneys and professors from around Wisconsin and the country on various constitutional topics and issues.

Grant is a shareholder with the law firm and is the Chair of its Litigation Practice Group. He has significant and diverse trial experience representing clients in Wisconsin State and Federal Courts, and courts around the country, focusing on complex business, health care and employment law disputes. Grant also devotes a portion of his practice to arts and entertainment law, with an emphasis on the music industry.

Christa is a member of the Litigation Practice Group. She assists businesses and individuals with prosecuting and defending a variety of civil litigation matters, including complex contract disputes, trademark and copyright claims, inheritance disputes, class actions, personal injury cases, and fraud and conspiracy claims. As a former federal district court law clerk, Christa is intimately familiar with litigation and procedures in federal court. She has also litigated matters in state court, as well as resolved cases through mediation prior to litigation. Christa is well-versed in a wide range of legal issues, and especially enjoys litigating cases with disputes involving personal and subject-matter jurisdiction, testamentary capacity and undue influence, constitutional law, debt collection laws, contract formation and enforcement, and procedural and evidentiary rules.

In the spirit of the holiday season, the attorneys and staff at O’Neil Cannon recently collected items to be donated to The Women’s Center in Waukesha. The mission of the Women’s Center is to “provide safety, shelter, and support to empower all impacted by domestic abuse, sexual violence, child abuse, and trafficking.”

The services offered by The Women’s Center include emergency shelter for abused families, transitional living, counseling, child abuse prevention programming, legal advocacy and employment counseling. It also provides Hispanic outreach, community education programs, information and referral services, and a 24-hour hotline. If you are interested in donating or learning more about this amazing community organization, you can visit here to find more information.

Best wishes for the holiday season.

On November 29, 2018 Dean Laing spoke on the topic of “Procedural Issues in Litigation” at a seminar presented by the State Bar of Wisconsin on “Trending Topics in Business Litigation 2018.” The panel consisted of some of the top civil litigators in Wisconsin, and the seminar was very well attended. Mr. Laing spoke on various subjects, including the use of errata sheets following depositions, sequestration of persons from depositions, and use of general objections in discovery responses.

Mr. Laing has been a speaker at over 30 legal seminars, authored over 40 journal articles and book chapters, and been involved as counsel in over 75 published/reported decisions. Over the years, Mr. Laing has received numerous recognitions for his legal work, including being selected four times as one of the “Top 10 Lawyers” in Wisconsin by Super Lawyers; three times as “Lawyer of the Year in Wisconsin” by The Best Lawyers in America; and one time as a “Leader in the Law” by the Wisconsin Law Journal.

Mr. Laing can be reached at 414-276-5000 or dean.laing@wilaw.com.

O’Neil, Cannon, Hollman, DeJong and Laing S.C. has been awarded recertification in Meritas, a global alliance of independent business law firms. O’Neil, Cannon, Hollman, DeJong and Laing S.C. joined Meritas in 2012 and, as a condition of its membership, is required to successfully complete recertification every three years.

Meritas is the only law firm alliance with an established and comprehensive means of monitoring the quality of its member firms—a process that saves clients time validating law firm credentials and experience. Meritas membership is selective and by invitation only. Firms are regularly assessed and recertified for the breadth of their practice expertise and client satisfaction. The organization’s extensive due diligence process ensures that only firms meeting the tenets of Meritas’ unique Quality Assurance Program are allowed to maintain membership. Firm performance and quality feedback are reflected in a Satisfaction Index score, which is made available online.

“We greatly appreciate the many benefits of being a  member of the Meritas network and look forward to continuing our relationship with Meritas for years to come,” said Pete Faust, a member of the Board of Directors at O’Neil, Cannon, Hollman, DeJong and Laing S.C. “Meritas’ Quality Assurance Program is not just valuable for our clients seeking legal expertise around the world; it also provides us with a framework to consistently monitor and enhance the quality of our services.”

The recertification process includes exacting self-assessment, peer review by other law firms and client feedback. It examines such factors as timeliness and quality of a firm’s client service, professional conduct and adherence to Meritas policies including acknowledgment of Meritas firm or client correspondence within 24 hours.

“Businesses trust the Meritas alliance of law firms for top-tier quality, convenience, consistency and value,” said Tanna Moore, president and CEO of Meritas. “O’Neil, Cannon, Hollman, DeJong and Laing S.C. has demonstrated its commitment to world-class client service, and therefore has successfully earned its recertification in Meritas.”

Attorneys from O’Neil Cannon argued three cases before the Wisconsin Supreme Court this Fall term.

On September 7, 2018, Dean Laing argued the case of Koss Corporation v. Park Bank, Appeal No. 2016AP636, which involves the issue of a bank’s liability under the Uniform Fiduciaries Act.

On November 7, 2018, Mr. Laing argued the case of J. Steven Tikalsky v. Terry Stevens, Appeal No. 2017AP170, which involves the issue of the circumstances under which a constructive trust can be imposed against an innocent party.

A law firm having three arguments before the Wisconsin Supreme Court in a two-month period is a rare feat. O’Neil Cannon is appreciative of the opportunity.