Working From Home as a Reasonable Accommodation Under the ADA: Credeur v. State of Louisiana

Laura Gerdes Long

By Laura Gerdes Long



Co-authored by Laura Gerdes Long and Katherine M. Flett

In today’s hyper-connected society, there are an increasing number of employers who have instituted policies permitting their employees to work from home in certain circumstances. The U.S. Court of Appeals for the Fifth Circuit, however, held that is not the case for litigation attorneys.  In-office attendance is an “essential duty” for a litigation attorney in the context of the American with Disabilities Act (ADA).”

Renee Credeur, a litigation attorney working in the Attorney General’s office in Louisiana was granted a temporary accommodation to work from home following a kidney transplant. After approximately six months, her supervisor denied her continuing request to work from home and Credeur filed a lawsuit alleging, among other claims, failure to accommodate under the ADA. The District Court for the Middle District of Louisiana granted summary judgment in favor of the Attorney General’s office and Credeur appealed. Continue reading »

EEOC: Discrimination Based on Sexual Orientation and Gender Identity is Prohibited

Laura Gerdes Long

By Laura Gerdes Long



In its list of protections against discrimination, Title VII of the Civil Rights Act of 1964 does not explicitly include sexual orientation or gender identity. However, the Equal Employment Opportunity Commission (EEOC) interprets the statute’s sex discrimination provision as prohibiting discrimination against employees on the basis of sexual orientation and gender identity.

As its legal basis for concluding that sexual orientation and gender identity are covered by Title VII, the EEOC uses Supreme Court case Price Waterhouse v. Hopkins, which holds employment actions motivated by gender stereotyping are unlawful sex discrimination, along with more recent court decisions(Chavez v. Credit Nation Auto Sales, L.L.C.; Baker v. Aetna Life Ins., et al.; Fabian v. Hosp. of Central Conn; Lewis v. High Point Regional Health Sys.; Hively v. Ivy Tech Cmty. Coll. of Indiana). Although Congress has not amended Title VII to specifically include sexual orientation and gender identity as protected, the EEOC has applied existing Title VII precedents to sex discrimination claims raised by LGBT individuals. The EEOC states these protections apply regardless of any contrary state or local laws; however, the Missouri Court of Appeals appears unfazed. Continue reading »

Statutory Changes in Missouri Lead to Blue Skies Ahead for Insurance Companies Facing Bad Faith Set-Ups and Collateral Source Rule Issues

Laura Gerdes Long

By Laura Gerdes Long



Recent legislation signed by Missouri Governor Eric Greitens is expected to promise procedural relief from bad faith set-ups in Missouri as well as provide clarity regarding the collateral source rule.

New Legislation Affecting Bad Faith Set-Ups

Section 537.065 of the Missouri Revised Statutes allows claimants and insureds to contract to limit recovery to insurance coverage. This statute is unique to Missouri, as no other states have established such a practice by statute. Typically, the insured, while knowing that he will not be held personally responsible, agrees to either settle the claim or to not legally oppose the tort victim’s prosecution of the claim at trial. Post-trial the insurer is limited to disputing only the legal conclusion of whether coverage existed and usually barred from re-litigating any other aspect of the suit. These agreements are often used to pressure the insurance company into providing a defense where there may not be coverage or to pay policy limits on questionable claims.  They are also used as schemes whereby insureds and claimants work in concert to obtain coverage and create inflated damage awards at uncontested bench trials.

Effective August 28, 2017, Missouri House Bills 339 and 714 repeal section 537.065 and enact a new section 537.058, as well as a revised section 537.065 (as signed by Gov. Greitens). The new law will help curb the abuses associated with section 537.065 agreements by allowing insurers to intervene in underlying lawsuits. By participating in the underlying lawsuit, the insurer will be able to present a more accurate picture on liability, damages, and coverage issues. The bills further provide that an insured cannot enter into such a settlement agreement with a claimant if the insurer is providing the insured a defense without reservation, under the reasoning that an insured should not be allowed to enter into an unauthorized settlement agreement if an insurer defends without qualification. When an insurer defends under the policy, the insurer is fulfilling its policy obligations and should expect the insured to comply with its corresponding policy obligations, including the duty to cooperate and refusal to pay provisions.  As such, section 537.065, as amended, adds the following procedural protections: Continue reading »

Uncertainty Leads to Proposed Easing of Wellness Program Regulations

Laura Gerdes Long

By Laura Gerdes Long



Co-authored by Laura Gerdes Long and Katherine M. Flett

In response to many complaints about the trials and tribulations employers face when initiating a compliant wellness program due to the inconsistent requirements of HIPAA, EEOC, GINA, and the ADA, Congress has taken some corrective steps.  The House of Representatives reintroduced H.R. 1189, and the Senate reintroduced their own version of the bill, S.620.

The stated purpose of H.R. 1189 is to “clarify rules relating to nondiscriminatory employer wellness programs as such programs relate to premium discounts, rebates, or modifications to otherwise applicable cost sharing under group health plans.”  The bill declares that a workplace wellness program, by offering a reward to participants, does not violate the ADA or GINA, as long as the program complies with Public Health Service Act requirements.  These requirements can be found in 42 U.S.C. § 2705(j).

The bill also deems the collection of information about a family member’s manifested disease or disorder not an unlawful acquisition of genetic information with respect to another family member participating in a workplace wellness program. Continue reading »

New EEOC Rules Complicate Task of Designing a Compliant Employer Wellness Program

Laura Gerdes Long

By Laura Gerdes Long



 

 

Co-authored by Laura Gerdes Long and Katherine M. Flett

In 2016, after years of twists and turns, backs and forths, the Equal Employment Opportunity Commission (EEOC) issued final rules that went into effect in January 2017 and apply to all employer group health insurance plans that offer wellness programs.

The final rules follow the EEOC’s 2015 publication of two rules under the Americans with Disabilities Act (ADA) and Genetic Information Non-Discrimination Act (GINA) to address whether an employer offering an incentive to employees to provide health information would effectively render the program “involuntary” and consequently discriminating under the ADA.

In October 2016 AARP filed a challenge arguing that the requirements were arbitrary and capricious under the Administrative Procedures Act (APA) as having incentives that render the disclosure of GINA- and ADA-protected information involuntary and disclosure in violation of law. That challenge was rejected in the District Court of the District of Columbia, which ruled the information required by the regulations is not public disclosure and employers are statutorily forbidden from using it to discriminate against employees.

Categories of Employer Wellness Programs

Employer wellness programs generally fall into two categories: participatory programs and health-contingent programs. Participatory programs offer financial incentive for employee participation, but do not require the employee to satisfy any health-related condition to receive the incentive. Examples of this program include reimbursing for gym memberships and offering health education classes.

On the other hand, health-contingent programs generally require the employee to satisfy a health-related standard to obtain a reward. Within the category of health-contingent programs, there are two sub-groups:  activity-only programs and outcome-based programs. Activity-only programs require the employee to participate, but not to attain or maintain a specific health outcome.  Examples of activity-only programs include rewards for high step-counts and dieting. Outcome-based programs require the employee to attain a specific health goal, such as quitting smoking or lowering one’s body mass index (BMI).

Requirements for Health-Contingent Programs Under the ACA, GINA, and ADA Challenged by AARP

Prior to the new EEOC rules, employers sponsoring wellness programs were required to comply with the Affordable Care Act (ACA), ADA and GINA. Continue reading »

The Intersection of HIPAA and Cloud Storage

Laura Gerdes Long

By Laura Gerdes Long



Co-authored by Laura Gerdes Long and Katherine M. Flett

Our ever-evolving technological society is raising new questions about how to reconcile complex health data protection laws with cloud storage.  Storage of data in the “cloud” allows users to store, maintain, and manage data remotely on the internet.  Its advantages include accessibility of the cloud-stored data from any location via the internet, emergency back-up capacity, and even cost savings.  An online search for HIPAA-compliant cloud storage companies reveals that there is no shortage of companies who advertise their “HIPAA-compliant cloud services.”  It is important to remember that working with a company who claims their cloud storage “is HIPAA compliant,” does not excuse you from meeting HIPAA requirements.  Due diligence is required when selecting such a company and entering into appropriate contractual arrangements with the companies.

The Department of Health and Human Services’ Office for Civil Rights (“OCR”) is responsible for overseeing protection of sensitive health data under the Health Insurance Portability and Accountability Act, as amended (“HIPAA”). OCR issued guidance on October 6, 2016, explaining how to safeguard electronic health information protected by HIPAA in today’s widespread cloud networking environment.

HIPAA applies to “covered entities,” and this article will focus on one such covered entity, the health care provider.  Most health care providers do not perform all of their health care functions by themselves and instead often use a range of services offered by others, called “business associates” under HIPAA.  Health care providers are permitted to disclose protected health information (“PHI”) to these business associates (“BA”) as long as they obtain satisfactory assurances that the BA will use the information only for the purposes for which it was engaged by the health care provider, will safeguard the information from misuse, and will help the health care provider comply with some of the health care provider’s duties under HIPAA, through the execution of business associate agreements.

Continue reading »

HIPAA Non-Compliance Results in Largest Single-Entity Settlement to Date

Laura Gerdes Long

By Laura Gerdes Long



Co-authored by Laura Gerdes Long and Katherine M. Flett

On August 4, 2016, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) entered into a settlement agreement with Advocate Health Care Center (Advocate) in which Advocate agreed to pay $5.5 million to settle multiple violations of the Health Insurance Portability and Accountability Act (HIPAA).  This is the largest HIPAA settlement against a single entity to date, and according to OCR, is due to the severity of the violations and the length of time that those violations continued.

According to OCR’s press release, OCR began its investigation of Advocate in 2013, after Advocate submitted three breach notification reports relating to three separate instances of breach of unsecured electronic protected health information (ePHI).  The combined breaches resulted in unsecured access to over four million patients’ information. Continue reading »

Another State Rules That Patients Can Sue For Negligence for Violating HIPAA Regulations

Laura Gerdes Long

By Laura Gerdes Long



The Connecticut Supreme Court has now joined Missouri, West Virginia and North Carolina in rulings connecting HIPAA with negligence lawsuits by patients.

In a case of first impression in Connecticut, the state’s Supreme Court ruled that a patient can sue a medical office for HIPAA negligence if it violates the patient’s privacy when improperly releasing the medical records to a third party. There is no dispute that HIPAA does not create a private cause of action. Increasingly, however, HIPAA can provide the standard of care for a medical office in how it releases confidential medical records and can be found negligent if it releases such medical records contrary to the requirements of the HIPAA regulations. Continue reading »

Hacked Hospital Network Includes Outstate Missouri Hospitals

Laura Gerdes Long

By Laura Gerdes Long



4.5M Records Stolen, HIPAA violation

In June 2014, hackers in China used high-end, sophisticated malware to launch criminal cyber-attacks to access patient information from a national hospital system. Community Health Systems, Inc. (“CHS”), operates 206 hospitals across the U.S. in 29 states, including four located in Missouri (Kennett, Kirksville, Moberly, and Poplar Bluff). The breached data is considered protected health information under the Health Insurance Portability and Accountability Act (“HIPAA”).

In a filing with the U.S. Securities and Exchange Commission, CHS said the attacker was an “Advanced Persistent Threat” group which bypassed CHS’ security measures, successfully copying and transferring certain data outside CHS. Although CHS has confirmed that this data did not include patient credit card, medical, or clinical information, the breach does include patient names, addresses, birth dates, telephone numbers and Social Security numbers. CHS has been working closely with federal law enforcement authorities in connection with their investigation and potential prosecution of those determined to be responsible for this attack.

Under various state and federal laws, CHS is obligated to notify affected patients. The Department of Health and Human Services provides a web page describing the breach notification requirements of covered entities to effected individuals, the Secretary of Health and Human Services, and, in certain circumstances, to the media. Continue reading »

Mizzou Story Highlights Tension Between Doctor-Patient Privilege and Protecting the Patient

Laura Gerdes Long

By Laura Gerdes Long



A story concerning the death of a female athlete by suicide, her alleged rape, and the role played by the university she attended in the tragic facts has placed the issue of patient confidentiality squarely in the headlines.  The story highlights the care that must be taken to protect a patient’s ability to speak candidly and honestly to his or her medical provider without fear that such information will be divulged to anyone else without the patient’s permission.

The female student athlete had committed suicide in 2011, approximately 16 months after her alleged rape in 2010 by another student athlete at the school.  According to an email posted to Mizzou’s website on January 24, 2014, an ESPN producer of “Outside the Lines” wanted to know if University of Missouri officials planned to investigate or notify law enforcement about the alleged rape.  Just hours before publishing the story, the ESPN producer asked university officials: Continue reading »