How new Department of Labor guidelines will affect unpaid internships

In 2010, the U.S. Department of Labor (DOL) issued guidance limiting for-profit companies’ ability to have unpaid interns. However, courts increasingly rejected that stringent six-part test.

On January 5, 2018, the DOL’s Wage and Hour Division published its decision to adopt the “primary beneficiary” test for determining whether interns and students are employees under the Fair Labor Standards Act (FLSA).

“The Department of Labor is using the primary beneficiary test to conform to four Circuit Courts’ rulings adopting the same standard,” says Joseph Fluehr, an attorney at Semanoff Ormsby Greenberg & Torchia, LLC.

Smart Business spoke with Fluehr about the new FLSA guidelines, how employers will be impacted, and the importance of abiding by the new regulations.

What are the new guidelines for unpaid internships?

The FLSA requires that employees of for-profit employers are paid pursuant to minimum wage and overtime requirements. Previously, the DOL maintained a six-part test for determining whether a worker was properly labeled as an unpaid intern. However, the DOL’s new guidance follows the Second, Sixth, Ninth and Eleventh Circuit Courts’ decisions in providing for the examination of the ‘economic reality’ of the intern-employer relationship to determine which party is the ‘primary beneficiary’ of the relationship.

The seven factors, as stated by the DOL, include:

  1. The extent to which the intern and the employer clearly understand that there is no expectation of compensation. Any promise of compensation, express or implied, suggests that the intern is an employee — and vice versa.
  2. The extent to which the internship provides training that would be similar to that which would be given in an educational environment, including the clinical and other hands-on training provided by educational institutions.
  3. The extent to which the internship is tied to the intern’s formal education program by integrated coursework or the receipt of academic credit.
  4. The extent to which the internship accommodates the intern’s academic commitments by corresponding to the academic calendar.
  5. The extent to which the internship’s duration is limited to the period in which the internship provides the intern with beneficial learning.
  6. The extent to which the intern’s work complements, rather than displaces, the work of paid employees while providing significant educational benefits to the intern.
  7. The extent to which the intern and the employer understand that the internship is conducted without entitlement to a paid job at the conclusion of the internship.

How will employers be impacted?

The DOL’s adoption of the ‘primary beneficiary test’ has increased flexibility in determining who is properly labeled an intern. This increased flexibility aids employers in the fight to utilize unpaid interns. However, as no single factor is determinative, the DOL does not provide definitive guidance to for-profit employers, who should still ensure that an unpaid intern is, in fact, the ‘primary beneficiary’ of the relationship.

What should employers do to abide by the new guidelines?

Simply naming someone an unpaid intern will not survive a challenge to the intern’s status. The DOL’s guidelines suggest a balancing of the seven factors in determining whether the intern or the employer is the primary beneficiary of the relationship.

The most important take-away from the change by the DOL is that for-profit employers should ensure that the unpaid intern gets more out of the relationship than the employer. Therefore, employers should consult an attorney familiar with the relevant case law relied upon by the DOL as well as the provisions of the FLSA in reviewing their internship programs.

Insights Legal Affairs is brought to you by Semanoff Ormsby Greenberg & Torchia, LLC

Understand the differences between incentive, non-qualified stock options

There are two types of stock options: incentive stock options (ISOs) and non-qualified stock options (NSOs). A company may grant ISOs and NSOs to its employees, but ISOs cannot be granted to non-employees. Options that are granted to non-employee directors, contractors, consultants and advisors can only be NSOs.

“It’s important for a company’s senior management and directors to understand the differences between ISOs and NSOs to avoid unintended tax consequences,” says Jill M. Bellak, a member of Semanoff Ormsby Greenberg & Torchia, LLC.

Smart Business spoke to Bellak about the differences in the two types of options, and how to avoid missteps in granting options to employees and non-employees.

What are the legal requirements to qualify as an ISO?

ISOs must be granted through a written plan approved by a company’s stockholders and the plan must limit the number of option shares. The option exercise price must be no less than the fair market value of the shares on the grant date. If the grantee owns 10 percent or more of the company’s stock, the exercise price must be no less than 110 percent of the fair market value at the date of grant. An ISO must be granted within 10 years of the date the plan is adopted or the date of stockholder approval, whichever is earlier.

An ISO cannot be exercisable for more than 10 years after the grant date. If the option holder owns 10 percent or more of the company stock, the option cannot be exercisable for more than five years after the date of grant. ISOs may be granted only to a company employee who does not own more than 10 percent of the total combined voting power of the company’s stock on the date of grant. The value of vested shares may not exceed $100,000 in any calendar year.

How are ISOs treated for tax purposes?

Unlike NSOs, ISOs receive preferable tax treatment because an option holder will not normally realize any taxable income upon the grant or exercise of an ISO. The tax basis in the stock acquired upon exercise of an ISO equals the exercise price paid for the shares.

In order to qualify for capital gains treatment, the shares acquired upon the ISO being exercised must be held for more than one year from the purchase date and more than two years from grant date. If all conditions are met, the company has no withholding obligations upon exercise of the ISO.

How do NSOs differ from ISOs?

An NSO is any stock option that does not meet all of the requirements to be considered an ISO. NSOs may be granted to any employee, director, contractor, consultant or adviser of a company. There is no limitation on the number of options that may be granted, the exercise price or the term of an option. If the exercise price of an NSO is below the fair market value of the stock on the grant date, the NSO will be subject to section 409A of the Internal Revenue Code of 1986.

How are NSOs treated for tax purposes?

Upon exercise of an NSO, the option holder pays the exercise price and realizes income equal to the difference between the exercise price and the then-current fair market value of the underlying stock. This income is taxed as ordinary income and the company has an equivalent deduction for compensation expense equal to the amount of the spread. If the option holder is a company employee, the company must withhold and remit employee withholding taxes on the income.

When an NSO is exercised, the tax basis in the stock is its fair market value on the date of exercise. Upon a subsequent sale of the stock, the stockholder has a capital gain (or loss) equal to the difference between the tax basis and the subsequent sale price of the stock.

What is the applicability of Section 409A?

Section 409A of the Internal Revenue Code regulates the taxation of nonqualified deferred compensation. It treats ‘discounted’ stock options as deferred compensation subject to section 409A. Specifically, if a stock option is granted with an exercise price that is less than the fair market value of the stock on the grant date, the option will be treated as deferred compensation and will be subject to 409A, including imposition of a 20 percent additional excise tax.

Insights Legal Affairs is brought to you by Semanoff Ormsby Greenberg & Torchia, LLC

How to create and execute a family business succession plan

The one maxim that holds true for all business owners is that eventually they will be forced to exit their business — either on their own accord or involuntarily. For many, the next best thing to perpetual ownership is having their children assume control.

However, 80 percent of family businesses don’t transition to the second generation. And of the 20 percent that do succeed, 80 percent of those don’t make it to the third generation. Why is it so hard?

“It’s not only a complicated business transaction, but it’s highly emotional,” says Peter J. Smith, a Member at Semanoff Ormsby Greenberg & Torchia, LLC.

Smart Business spoke to Smith about the difficulties of family business succession planning and what steps can be taken to improve the likelihood of a successful transition.

Why are success rates for family business succession so low?

Because it’s family and there are so many emotional layers. You have parents coping with the thought of giving up control of the business they spent their entire lives creating and nurturing. For some, it is their entire identity.

The next generation may or may not see eye-to-eye on the future of the business or their place in it. There may be children who aren’t in the business, which must be addressed. And when it’s all done, mom and dad have to make sure the business survives and thrives so it can provide the cash flow they will need in retirement.

What can parents do to make their family business succession plan more likely to succeed?

Plan ahead. A smart business person might plan two to three years out to sell their business, so as to position the business for maximum value and a quick, smooth sale. The same is true for implementing a business succession plan. If possible, they should start planning the transition well in advance.

They also need to start training the next generation to take over. This takes time. They should approach it like they are developing and running a management training program for their children.

What if there isn’t time to adequately prepare or the next generation isn’t ready to take over?

If there isn’t time to adequately prepare, the owners should consider hiring an outside CEO to run the business for a period of time so they can take a step back and plan a transition in the future when everyone is ready. They might also put a board of directors in place that includes non-family members to help guide the business and provide objective advice.

What can the second generation do to make the transition a success?

Be objective and be patient. They need to realize that mom and dad aren’t as dumb as they think, they’re not as smart as they think and running a business is hard. They also need to openly and objectively evaluate what is in the best interest of the business and not necessarily just for them. The kids must understand that everything doesn’t always have to be equal to be fair. There will be certain things that make sense for the business, but don’t put everyone on equal footing. It’s important to realize that this is okay.

What if mom and dad are concerned about treating each of their children fairly and equally?

There are other ways to equalize the treatment of their children using business or non-business assets — through gifting, estate planning, or perhaps the business real estate or a vacation home, for example. They can also set up a trust or an LLC for family members not in the business to receive distributions from the business and/or hold a capital interest in the event the business is ever sold.

What should a business owner do if he or she is thinking about business succession planning?

Put a team together. Talk to your lawyer, accountant and financial advisor. If they’re not experienced in family business succession planning, then find ones who are. The right professionals can make all the difference in the world.

Insights Legal Affairs is brought to you by Semanoff Ormsby Greenberg & Torchia, LLC

What you don’t know about realty transfer tax could cost you

Anyone who has purchased real property in Pennsylvania knows that one of the highest costs paid at “closing” is realty transfer tax. In Pennsylvania, this tax is imposed by the Commonwealth and the counties upon the transfer of ownership of title to real estate located in the state, unless certain exceptions apply.

“What many people may not know is that the tax can also apply to the purchase of all or a significant portion of the ownership interests in a corporation, partnership or limited liability company that owns real estate,” says Catherine Marriott, a member of Semanoff Ormsby Greenberg & Torchia, LLC.

Smart Business spoke with Marriott about how realty transfer tax works, how it might apply to other real estate-related transactions, and the importance of hiring professionals to structure the most favorable terms.

How does realty transfer tax work?

The usual scenario is when a property is sold from a buyer to a seller in an arm’s length transaction. Upon the recording of the deed conveying the property, Pennsylvania and the county where the property is located collect a realty transfer tax based on the purchase price for the property. In that scenario, the realty transfer tax paid is equal to 2 percent of the purchase price, with 1 percent paid to the state and 1 percent paid to the county. The exception is Philadelphia, where the county tax is 3.1 percent. Buyers and sellers usually each pay half of the realty transfer tax assessed on the transaction.

Does the realty transfer tax apply to other real estate-related transactions?

Realty transfer tax can apply to certain transactions that involve the sale of all or a significant portion of a company that directly or indirectly owns title to real estate, even though a deed is not recorded in the transaction. If the company meets the definition of a ‘real estate company’ — essentially, a company that is primarily engaged in the business of holding, selling or leasing real estate and has real estate as a significant part of its assets — when all or a significant portion of the ownership interests in the company are sold, realty transfer tax may be imposed.

The rules for determining whether a company is a real estate company are complicated and vary in Pennsylvania and Philadelphia. If the company meets the definition and the transfer of enough of the company is completed, even over a period of years, the company is deemed an ‘acquired real estate company’ and the tax will be due.

How is the tax calculated when a real estate company becomes an acquired real estate company?

In Pennsylvania, the realty transfer tax assessed when a real estate company becomes an acquired real estate company is based on the computed value of the property. The computed value is the assessed value of the property multiplied by a factor issued by the Pennsylvania Department of Revenue for the county in which the property is located.

In Philadelphia, the realty transfer tax on such a transaction, assuming the sale is made at arm’s length, is based on the consideration paid for the interests in the company. This isn’t always simple to determine as the company may own other assets, and the buyer may pay cash, but may also assume debt of the company or purchase the interests subject to existing debt.

Can realty transfer tax be avoided or minimized?

The provisions of Pennsylvania and Philadelphia law relating to the transfers of interests in real estate companies are complicated. Transactions can be structured to legally avoid or minimize the realty transfer tax implications.

Potential sellers of real property or interests in companies that own real estate should consult with their legal and tax professionals before they commit to any terms in a transaction. Ideally, these professionals will be involved at the earliest possible stage of the transaction to structure the most favorable terms, from a business and tax perspective, before any verbal or written commitments are made.

Insights Legal Affairs is brought to you by Semanoff Ormsby Greenberg & Torchia, LLC

How to protect sensitive information in the workplace

Every business, no matter how large or how small, receives private data or information from employees, vendors and customers. It’s the business owner’s responsibility to keep this information private and protected. If private information is leaked or falls into the wrong hands, a business could be subject to major liabilities, penalties and embarrassment. The monetary and reputational costs could be staggering.

“It’s no understatement to say that every business needs to have a plan in place for keeping information safe and secure,” says Matthew Kelly, an intellectual property attorney and certified information privacy professional at Semanoff, Ormsby, Greenberg & Torchia, LLC. “Businesses also need to know what to do in the event of a breach.”

Smart Business spoke with Kelly about some of the ways businesses can protect sensitive information and how to best respond if that information is ever compromised.

How should a business begin developing an information management plan?

The first step is to identify what kind of information the business is receiving and whether there are any industry-specific laws that come into play. For example, the health care industry collects personal health information of patients and is subject to federal laws known as HIPAA and HITECH. There are also specific federal laws that cover the financial services industry, the credit card industry, the telecommunications industry, the marketing industry and laws that cover educational institutions. These laws will outline what is required or prohibited in the collection and use of information specific to the businesses in those industries.

Once the legal requirements are identified, business owners should assess how to best handle sensitive information within their organization in a way that’s cost-effective and administratively efficient. Encrypting data, using a dedicated server, limiting access to certain employees and creating a secure method of disposal of information are just some of the ways that a business can protect the data it collects.

Though much information is stored electronically these days, paper files still exist and should be shredded or burned when the time comes to dispose of them. If a business creates a privacy policy that it communicates to customers, it needs to be sure to live up to that policy.

Are there risks in allowing employees to use their personal devices at work?

Each employee’s device increases the possibility of a data breach if it is lost, stolen or hacked. It also increases the risk of theft or copying of information by employees. To addresses these issues, businesses are increasingly implementing Bring Your Own Device (BYOD) policies.

A good BYOD policy will communicate clearly how an employee’s device is to be used in the workplace and how company data is to be handled on those devices. At a minimum, each device should be password protected so that if it does get lost or stolen, a third party cannot access the data.

Some companies prohibit the taking of photographs at the workplace, especially when dealing with proprietary technology or trade secrets. Employees should also be made aware that any business information stored on those devices is company property, and that such information will be returned to the company or deleted when an employee leaves the company or is terminated.

How should a company proceed if there is a data breach?

Data breaches can be very damaging to a company’s reputation and very embarrassing. No company wants to let down its customers or appear incompetent in the handling of sensitive information. For this reason, most states have adopted laws requiring companies to notify customers, and sometimes law enforcement, as soon as commercially possible when data breaches of a certain nature occur.

For most states, the notification requirements will not be triggered unless there has been a material breach of personal information, such as a person’s name and social security number. Businesses that suspect a breach are expected to act quickly to determine whether a breach has actually occurred, the identity of the customers affected and how to secure the exposed data to prevent further damage.

Insights Legal Affairs is brought to you by Semanoff Ormsby Greenberg & Torchia, LLC

Medical marijuana: Issues surrounding its use in the workplace

Medical marijuana is no longer just an issue for employers in a few states. As marijuana use, both medicinal and recreational, continues to become legally accepted in the U.S., it may ultimately be removed as a Schedule I drug under the Controlled Substances Act.

If and when this occurs, Frank P. Spada, Jr., an attorney with Semanoff Ormsby Greenberg & Torchia, LLC, says employers will have a more difficult task of dealing with medicinal marijuana in the workplace.

“It is almost certain that employers, even in states with laws that don’t require employers to accommodate a medicinal user at work, will face challenges by attorneys who will seek to have the laws interpreted pursuant to these changing social attitudes,” he says.

Smart Business spoke with Spada about medicinal marijuana’s workplace impact.

How does medicinal use of marijuana affect the rights and obligations of employers?

Many of the states, including Pennsylvania, that have enacted medicinal marijuana laws prohibit discrimination against employees based on an individual’s status as a certified user of medical marijuana. Most of these states, including Pennsylvania and New Jersey, protect employers to some degree with provisions in their respective laws that prohibit marijuana use in the workplace. Pennsylvania, for example, does not require employers to accommodate the use of marijuana on the job or ‘when the employee’s conduct falls below the standard of care normally accepted for the position.’ It permits employers to discipline employees who ‘are under the influence’ of medicinal marijuana in the workplace and specifies that employers may prohibit employees from performing certain safety-sensitive positions while under the influence.

New Jersey’s law does not presently require an employer to accommodate medicinal marijuana use in the workplace, but there are two pending legislative proposals that, if ultimately enacted, would limit the adverse action that could be taken against an employee for medical marijuana use before establishing that an employee’s ability to perform the job is impaired.

How can it be established that an employee actually used marijuana in the workplace?

Standard urine tests that are universally used by employers do not establish that an individual is ‘impaired’ by or ‘under the influence’ of tetrahydrocannabinol (THC), the psychoactive chemical in marijuana. A urine test measures, in nanograms, the amount of THC metabolites in the body, which are byproducts produced by the chemical changes in the body to THC after marijuana is smoked or ingested. It does not measure the amount of THC that is in the body. Even if a urine test could identify a level of THC in an individual’s body at the time the test was taken, there is not a universal agreement on what level would constitute impairment. Unlike alcohol, where a blood alcohol concentration of 0.08 percent is considered legal intoxication in every state, there is no such legal limit of THC under federal or state law (The PA law does prohibit a patient from specific jobs when under the influence of more than 10 nanograms of active THC per milliliter of blood in serum). Complicating the matter even further is that the THC metabolites are unlike most drug metabolites, which are water-soluble and can be excreted rapidly from the body. THC metabolites are fat-soluble and exit the body slowly, which can result in a positive test on one day and a negative on the next. Such a situation makes it difficult, if not impossible, to determine through a urinalysis when an employee last smoked or ingested marijuana.

Can employers take action against an employee who has tested positive for marijuana?

The Americans With Disabilities Act does not require an employer to accommodate an employee who is a current user of drugs that are considered illegal under federal law. Therefore, an employer’s reference to the presence of ‘illegal drugs’ in its policy, at present, is still a legitimate basis to take an adverse employment action for a positive drug test for marijuana use. Employers should be careful that their policies do not state that an adverse employment action will be taken if an employee is found to be ‘impaired’ or ‘under the influence’ since establishing impairment or being under the influence cannot presently be determined for marijuana use through a urine test.

Insights Legal Affairs is brought to you by Semanoff Ormsby Greenberg & Torchia, LLC

How to use stock legends properly to prohibit unwanted transfers of shares

A legend is a statement on a stock certificate that notes restrictions on the transfer of the stock. A great deal of time and thought is put into preparing agreements among shareholders of closely-held companies, especially with regard to the transferability of share provisions. But if the final administrative step at the end is not taken, the restriction may be useless against a third party without knowledge of the restriction.

“Shareholders may agree to restrict the transfer of shares of a company’s stock, but if the restriction is not properly included on the stock certificate, the restriction on transfer could potentially be ineffective,” says Ashleigh M. Morales, an attorney with Semanoff Ormsby Greenberg & Torchia, LLC.

Smart Business spoke with Morales about stock legends and the impact of not properly including them on stock certificates.

Why is a legend important?

Typically, in privately held companies, shareholders will agree to restrict the transfer of stock in the bylaws, a shareholders’ agreement or a buy-sell agreement. Shareholders generally want to restrict the transfer of stock because they want a say in who will be running or owning the business with them. They may not want their fellow owners’ children, spouse or friends running the business with them in the event of an untimely death. In most situations, the other shareholders (or at least a majority of them) have to agree to the transfer of a shareholder’s shares.

What happens if the stock certificate does not include the legend?

Even if all the shareholders agree to a restriction on the transfer of shares, if a third party receives a stock certificate without a legend containing the restriction and without actual knowledge of the restriction, that third party may not be bound by the restriction and may become the owner of the shares against the will of the other shareholders.

Pennsylvania law provides that unless a restriction is noted conspicuously on the stock certificate a restriction will be deemed ineffective except against a person with actual knowledge of the restriction. The legend puts the world on notice that the restriction exists so someone cannot claim they were unaware of the restriction. Most shareholders’ agreements provide that a legend must be included on stock certificates and the legend on the stock certificate should match that language.

How might this affect a company?

Let’s say an owner dies and all of his property passes to his children. And his children find his stock certificates without any legend on them but the deceased owner had agreed to a restriction on the transfer of shares in the shareholders’ agreement. Assuming the children were unaware of the restriction, the restriction would be ineffective as to the children and they would become the owners of those shares. This is a result the deceased owner and his fellow business owners most likely did not intend. And it becomes an even bigger issue if the restriction allowed the company to redeem the shares at a value less than fair market since now the children could demand fair market value for the shares. This could come at a significant cost to the company or the other shareholders in terms of the price to be paid or litigation.

Do shares of a company have to be certificated?

Generally, Pennsylvania does not require shares to be certificated — a company’s Articles of Incorporation will provide whether the shares are certificated or uncertificated. If shares are uncertificated, the company is required to provide the owner of the shares with written notice of the information typically contained on the certificate, including any restrictions on transfer.

Are LLC interests certificated?

Interests in limited liability companies may also be certificated or uncertificated. If certificated, any restrictions on the transfer of a limited liability company interest should be handled like shares of a corporation.

Insights Legal Affairs is brought to you by Semanoff Ormsby Greenberg & Torchia, LLC

Treatment of inside salespeople under the Fair Labor Standards Act

The Fair Labor Standards Act (FLSA) establishes minimum wage, overtime pay, recordkeeping and child labor standards affecting full-time and part-time workers in the private sector and in federal, state and local governments. Nearly all employees are covered by the FLSA unless they qualify for one of the exemptions.

Smart Business spoke with Michael B. Dubin, a member with Semanoff Ormsby Greenberg & Torchia, LLC, about the FLSA, why inside salespeople are commonly misclassified as exempt and the consequences of failing to pay overtime to non-exempt employees.

How are salespeople treated under FLSA?

Outside salespeople are exempt from the overtime requirements under the FLSA while inside salespeople are generally non-exempt and are required to be paid overtime for all hours worked over 40 in a workweek.

To qualify for the outside sales exemption:

  1. The employee’s primary duty must be making sales or obtaining orders or contracts for services, or for the use of facilities for which consideration will be paid by the client or customer; and
  2. The employee must be customarily and regularly engaged away from the employer’s place of business. Any fixed site, whether home or office, used by a salesperson as a headquarters or for telephone solicitation of sales is considered one of the employer’s places of business.

Inside salespeople are those generally attempting to make sales over the telephone, internet or by mail. These employees are typically non-exempt and are eligible for overtime pay. However, in certain limited circumstances, an inside salesperson may be exempt under the ‘retail or service establishment exemption.’ To qualify for this exemption, an employer must demonstrate that:

  1. The employee works for a retail or service establishment;
  2. The employee’s regular rate of pay is at least one-and-a-half times the minimum wage; and
  3. More than half of the employee’s earnings in a representative period (not less than one month and not more than one year) are derived from commissions on goods or services.

A retail or service establishment is a business where 75 percent of its annual dollar volume of sales of goods or services (or both) is not for resale and is recognized as retail sales or services in the particular industry.

Why do employers misclassify salespeople?

Many employers see no distinction between outside salespeople and inside salespeople since both positions are selling goods or services. As a result, many employers misclassify inside salespeople as exempt employees. When made aware of the misclassification, these employers often ask if they can direct the inside salespeople to go on the road a couple of days a month so they can be characterized as outside salespeople exempt from overtime. The answer is no, because an outside salesperson must be ‘customarily and regularly’ engaged away from the employer’s place of business, which means greater than occasional, but less than constant. Therefore, this attempt to avoid paying overtime will be unsuccessful if challenged.

What is the penalty for failing to pay overtime under the FLSA?

If an employer fails to pay overtime under the FLSA, the employee has a private right of action and can seek any unpaid overtime going back two years from the date of filing the action. If the employee can prove the employer acted willfully in violating the FLSA, they may be entitled to overtime going back three years. The employee may also be entitled to liquidated damages, which can be up to the amount of the back overtime (it doubles the amount owed to the employee), as well as the recovery of attorneys’ fees incurred in the action.

To keep abreast of FLSA requirements, it is prudent to have an attorney experienced in FLSA conduct a wage and hour audit every few years. This process will allow the attorney to review all job descriptions, the actual duties performed and the FLSA classification of each position to determine whether any employees or group of employees are misclassified and to rectify any such misclassification.

Insights Legal Affairs is brought to you by Semanoff Ormsby Greenberg & Torchia, LLC

HIPPA and business agreements: what service providers need to know

Anyone who has been to a doctor’s office knows that the Health Insurance Portability Act (HIPAA) protects the confidentiality and security of identifiable patient health information (PHI). Yet, many businesses newly marketing services to the health care industry are not aware of the impact of HIPAA on their business.

“The relationship between health care providers and their service providers who handle PHI requires a written business associate agreement (BAA),” says Jules S. Henshell, Of Counsel at Semanoff Ormsby Greenberg & Torchia, LLC.

Smart Business spoke with Henshell about what to consider when signing a HIPAA business associate agreement.

Who is a business associate?

A business associate is any individual or entity that creates, receives, maintains or transmits PHI in the course of performing services on behalf of a HIPAA-covered entity. The HIPAA Omnibus Rule makes business associates of HIPAA-covered entities directly liable for violations of HIPAA and the Health Information Technology Act (HITECH).

What is a business associate agreement?

A business associate agreement is a written agreement, required by HIPAA, between a covered entity and a business associate that describes the rights and responsibilities of each party with respect to the handling of PHI, compliance with HIPAA and implementing regulations known as the HIPAA Omnibus Rule.

How can a company evaluate whether or not a proposed BAA is acceptable?

Certain elements of every BAA are required by law. Other terms are not expressly required. The latter are potentially negotiable. For example, HIPAA does not require that a business associate agree to indemnify a covered entity in the event of breach of PHI, but a covered entity may want such protection. Similarly, HIPAA requires that a business associate agree that the Secretary of Health and Human Services will have access to its books and records. HIPAA does not require that a BAA include such access by a covered entity, but a health care provider may want to audit HIPAA compliance by the business associate.

In addition to review of the terms proposed by the covered entity, the acceptability of a proposed BAA may turn on the following considerations:

  1. Determine if you are a business associate — Will you be creating, receiving or transmitting PHI in the course of performing services? If the services agreement does not entail handling PHI, there is no reason to sign a BAA.
  2. Consider your ability to comply with the BAA commitments — Do you have policies, procedures and safeguards for protecting privacy and security of PHI?
  3. Consider your bargaining power to negotiate — Is the covered entity willing to entertain discussion of the terms of the BAA not required by HIPAA? Contracting officers for large health systems may resist negotiation, but allow for direct discussion between their legal counsel and your lawyer.
  4. Consider whether you will be using a subcontractor to perform — Do you have a subcontractor agreement to ensure that your subcontractor complies with HIPAA? Does it include timeframes that enable you to meet breach notification deadlines in the proposed BAA?
  5. Consider your risk in the event of security breach of PHI.

What is at risk if a business associate violates HIPAA rules?

There are substantial civil monetary penalties for each HIPAA violation. Civil monetary payments totaling $22,855,300 were made to the Department of Health and Human Service’s Office of Civil Rights (OCR) to resolve HIPAA violations last year. In 2016, OCR also announced its first enforcement action directly against a business associate, Catholic Health Care Services of the Archdiocese of Philadelphia. The resolution agreement imposed a $650,000 monetary payment and a corrective action plan, signaling new focus on enforcement against business associates.

Such focus is likely to continue as OCR identifies business associates through ongoing audits of covered entities.

Insights Legal Affairs is brought to you by Semanoff Ormsby Greenberg & Torchia, LLC

How to protect your business against wage and hour lawsuits

A worrisome trend for businesses is the explosive growth of wage and hour lawsuits. The Department of Labor reports that it receives nearly 25,000 wage and hour related complaints per year, and the number of lawsuits brought against companies under the Fair Labor Standards Act (FLSA) continues to soar — wage and hour lawsuits against companies for violations of the FLSA have increased 456 percent since 1995. These lawsuits can be expensive to defend, extremely disruptive and often result in the payment of significant settlements.

“The popularity of these lawsuits is explained by the potential for recovery,” says Stephen C. Goldblum, a member at Semanoff Ormsby Greenberg & Torchia LLC. “Even a small wage and hour violation can result in large damages when the claim is brought on behalf of all similarly situated employees.”

Smart Business spoke with Goldblum about wage and hour violations and how companies can steer clear of them.

What types of claims are brought in wage and hour suits?

Although failure to pay overtime wages accounts for nearly 40 percent of wage and hour class action lawsuits, these suits can include a variety of other claims including: misclassification of employees, failure to pay for off-the-clock time, failure to pay for meal breaks, and failure to pay compensable time before and after a work shift. A burgeoning area of concern is the failure to pay employees for the use of email and mobile devices outside of working hours.

How can companies decrease the chance of a wage and hour suit?

An internal audit of wage and hour practices by expert outside counsel can identify and help prevent most violations of the law, thereby helping to avoid a lawsuit. The cost for such a review is substantially less than the fees to defend a single claim.

An effective wage and hour audit will include a thorough review of the company’s policies and practices, including a review of employee classifications, independent contractor relationships, timekeeping and payroll practices, employment policies, overtime calculations, and whether and to what extent managers are properly trained with respect to these issues. If violations are found, counsel can offer strategies to correct them and deal with any potential back pay obligations in ways that reduce the likelihood of litigation. After an effective audit, a company will know and understand any existing risks and can take steps to bring the company into compliance.

How important is it to review and revise wage and hour policies?

One of the most vital things a business can do is to periodically have its wage and hour policies reviewed by an attorney well-versed in this area of the law. For example, handbook policies that notify employees of the company’s expectations regarding off-the-clock work and meal and rest periods are a vital tool in defending wage and hour claims. Moreover, a clear policy that states smartphone use during off hours is only permitted with supervisory approval and must be recorded and reported immediately (i.e., within 72 hours) is recommended, as is a statement that ‘off-the clock work is prohibited.’ Employers should additionally ensure that time cards and electronic recording programs contain language that require employees to confirm that they have recorded all time worked. Finally, clearly articulated meal and rest period policies are now a necessity in employee handbooks.

How can companies implement effective time-keeping measures?

Employees and former employees often assert in class action lawsuits that the hours paid were not accurate because the hours were under-reported or not reported by the employee. To prevent this type of claim, ensure that time-keeping practices are well documented and that the reported time is verified by the employee. Best practices for accomplishing this include using a standard system to record all time, either electronically or with an actual punch-clock; having each nonexempt employee record, review and sign off on their time each pay period; implement a signed verification that the hours reported accurately include all time worked for the period; and training supervisors to monitor and review employees’ time records.

Insights Legal Affairs is brought to you by Semanoff Ormsby Greenberg & Torchia, LLC