The following article was co-written by my Health Care Department colleagues Sal Rotella and Bill Conaboy. Thanks guys!

Rick

On March 13, 2012 – almost 30 months after becoming one of the first entities to self-report a breach under the Health Information Technology for Economic and Clinical Health (HITECH) Act – BlueCross BlueShield of Tennessee (BCBST) agreed to pay the Department of Health and Human Services (HHS) a record setting $1.5 million civil monetary penalty (CMP) for failing to safeguard protected health information (PHI).

The HITECH Act and HIPAA Enforcement

HHS adopted the interim final rule for HITECH’s breach notification requirement only a few weeks before the BCBST breach. The final rule requires covered entities to notify HHS following a breach of unsecured PHI. If a breach affects 500 or more individuals, the covered entity must report the breach electronically “without reasonable delay and in no case later than 60 days from discovery of the breach.”

Read the rest of this entry »

The following article was first published by our colleague Michael Schmidt on his blog, Social Media Employment Law Blog. It is part of our continuing effort to keep Cyberinquirer readers on top of decisions relevant to Social Media in the context of litigation. Thanks for the reprint, Mike.

Two weeks ago, I discussed the California case of PhoneDog v. Kravitz, where an employee, who used a company Twitter account as part of his job duties, left the company and continued to use the same Twitter account and tweet to the same followers. The (former) employee claimed that he had the right to continue tweeting, and PhoneDog responded that he was barking up the wrong tree (best I could do at the moment). As I mentioned in my last post, the court had denied the employee’s attempt to dismiss the entire case at inception, and allowed the company to amend its complaint to provide more specificity on some of its claims. Time for an update.

Read the rest of this entry »

The following article, written by my colleague Nicole Moody, first appeared in the Chicago Daily Law Bulletin. Thanks to Nicole for allowing us to republish it here.

Rick Bortnick

Many of us have been there. Sipping our morning coffee, signing into our Facebook accounts, waiting to see what notifications will greet us. We are intrigued to see that we have a friend request.  Who could it be? An acquaintance from the past? A new colleague who we met at work? Whoever it is, we know that by accepting the request we will be granted access into this individual’s life and will know more about them in five minutes than we would know in a lifetime of small talk.

Due to the use of usernames and passwords, there is a belief that information shared on Facebook is confidential unless publicly shared. However, courts around the country are now addressing just how private this information really is.

In cases nationwide, litigants are asking courts to grant unfettered access to other parties’ Facebook or other social media accounts. Inevitably, in the age of status updates and hashtags, poking and friending, the lines between public and private information have become blurred. This trend has become increasingly prevalent in the insurance industry as insurance companies have realized the usefulness of social media in litigation. 

Read the rest of this entry »

The following article was first published by our colleague Michael Schmidt on his blog, Social Media Employment Law Blog. It is part of our continuing effort to keep Cyberinquirer readers on top of decisions relevant to Social Media in the context of litigation. Thanks for the reprint, Mike.

What would you do if your employee continued to use your company’s Twitter account after he stopped working for you?

What if your (former) employee claimed that he, not your company, actually owned the rights to the Twitter followers?

Ever thought about it?

I have posted several times about how social media has not created new causes of action, but rather has provided a new application for traditional claims. One of the areas that I surmised would develop in time was the interplay between social media and post-employment competition and trade secret rights. According to two new decisions, that time has apparently come.

In PhoneDog v. Kravitz (Northern District of California), the company gave its employee (Kravitz) use of a Twitter account as part of his employment. Kravitz tweeted information to promote the company’s services, and generated approximately 17,000 followers. Kravitz left the company, and, while he changed the account “handle”, he continued to use the same account to tweet to the same followers. PhoneDog sued Kravitz for continuing to use the Twitter account, claiming that the “compilation of subscribers and the password used to access the account” constituted company trade secrets. Valuing each of the 17,000 followers at $2.50, the company sought damages of $340,000 for “stealing” each of those followers for 8 months.

Read the rest of this entry »

The ABA has issued a formal ethics opinion that provides guidance to lawyers whose clients use an employer’s email account to send or receive email from counsel.  In Formal Opinion 11-459, the Standing Committee on Ethics and Professional Responsibility urges lawyers to warn their clients that the confidentiality of electronic communications may be jeopardized if the employer or other third party, such as a hotel or library, has the potential to access email or other correspondence hosted on the third party’s computer system.

When clients use an employer’s computer, smartphone or other telecommunications device, or an employer’s email account, the employer may be able to obtain access to the communications and take advantage of that opportunity in various contexts, such as when the client is engaged in an employment dispute or when the employer is responding to a subpoena or document discovery in litigation.

Read the rest of this entry »

It has become common practice for lawyers to mine social media pages of parties and witnesses for discovery purposes. The posts and photos may show a party to be lying about the extent of his or her claimed injury or disability, or they could undermine or support other claims. Facebook and other social media sites also have become fertile ground for cutting edge ethical questions posed to state Bar ethics committees.

In a recent ethics opinion issued by the San Diego County Bar Association, a lawyer asked if it was proper to “friend” request high-ranking employees of a company the lawyer was suing on behalf of a former employee pursuing a wrongful discharge case. The lawyer believed that these high-ranking employees were dissatisfied with the company and likely had been posting negative information on their social media pages that were accessible only to those persons who had been accepted as “friends”.

Read the rest of this entry »

On January 20, 2011, a federal class action lawsuit was filed against MySpace in the United States District Court for the Eastern District of New York. If successful, this new lawsuit could have dramatic implications for social networking sites and their users. Either way, it provides another opportunity to make a couple of privacy-related points for employers.

The MySpace lawsuit was filed on behalf of all former and current users of MySpace, who seek damages for the alleged improper and voluntary disclosure of personal and private information and data in response to foreign court search warrants without the knowledge or authorization of the MySpace users. The class alleges that search warrants issued by state judges for certain information have no force and effect when they are issued to MySpace’s California headquarters from other states, but that MySpace nevertheless provided responsive information and data voluntarily.

Read the rest of this entry »

A “trend” is generally defined as a general course, drift or prevailing tendency.   In the battle between the potential privacy rights of a social networking site user and the desire of a lawsuit party to have full access to the private portions of that user’s profile, the trend favoring full and unfettered access has become clearer with a decision just issued by the Pennsylvania Court of Common Pleas in the case of McMillen v. Hummingbird Speedway, Inc.

In McMillen, the plaintiff was injured during a stock car race, and sued for damages after being rear-ended during a cooling down lap.   He alleged significant physical injuries and overall loss of general health and vitality, as well as an “inability to enjoy certain pleasures of life.” During the lawsuit, the defendants requested that plaintiff identify the name of all sites to which he belonged, and to identify his user name(s), login name(s), and passwords. Plaintiff responded by stating that he belonged to Facebook and MySpace, but he refused to give the other requested information based on confidentiality and privacy grounds.

Read the rest of this entry »

Your employee is being paid millions of dollars each year to perform his job. Right in the middle of today’s tasks, as he is about to receive instruction from his supervisor, your employee takes out his cell phone and posts a “tweet” on his feelings about his performance to all of his friends who have signed up to follow his twitter board. Would you have a problem with that?

At least two employers did. News surfaced last week that Eric Mangini, head coach of the NFL’s Cleveland Browns, has threatened to fine players for tweeting about events at training camp, and particularly during team meetings. This on the heels of the well-publicized action taken last year by the NBA’s Milwaukee Bucks. In that case, Bucks forward Charlie Villanueva apparently posted a message to his Twitter feed from his cell phone when he went into the locker room at halftime of a basketball game against the Boston Celtics. According to reports, the tweet that was posted from Villanueva’s “CV31” screen name read: “In da locker room, snuck to post my twitt. We’re playing the Celtics, tie ball game at da half. Coach wants more toughness. I gotta step up.”

Read the rest of this entry »

One of the difficult things to predict with regard to the use of social media in the employment setting continues to be the extent to which traditional legal claims apply equally to new social media outlets.   We continue to advise employers that it is imperative to ensure that care is also taken to create policies and train employees on the use of social media in and out of the office setting, and not to let the informality and ease of the Internet lull employers into a false sense of security.   On July 22, 2010, a New York Supreme Court Judge applied the tort of defamation to statements on Facebook in a case that offers an important message to employers.

The case of Finkel v. Dauber (New York Supreme Court, Nassau County) centered on statements posted by a Facebook group known as “90 Cents Short of a Dollar.” Plaintiff alleged that she was defamed by the group’s postings that stated “unbeknownst to many, [plaintiff] acquired AIDS while on a cruise to Africa” and then “persisted to screw a baboon which caused the epidemic to spread.”   The postings further defamed plaintiff, she alleged, by stating “[w]hile in Africa she was seen fucking a horse.”   And other intelligent banter.

Read the rest of this entry »