Health Update - May 2014

In This Issue:

  • Litigation Arising from the Affordable Care Act: The Blessing and Curse of Interesting Times
  • Advancing the Academic Health System for the Future: Managing Population Health
  • Once More into the Breach, Dear Friends: CU and NYP Enter into Largest HIPAA Settlement to Date
  • Value-Based Contracting: New Payment Terms Have Emerged

Litigation Arising from the Affordable Care Act: The Blessing and Curse of Interesting Times

Author: Andrew Struve, Partner, Manatt, Phelps & Phillips, LLP

The Affordable Care Act (ACA) has brought the most sweeping changes to the healthcare delivery and payment systems in the United States since at least the Medicare Act of 1965, and probably even before that. Through its attempt to expand the rolls of the insured, it simultaneously, and perhaps in many instances unavoidably, created a sudden and drastic collection of changes that affect providers, patients and payers alike. Though these changes ultimately may result in increases to access to care, quality of care and cost savings, they also will likely bring years, if not decades, of litigation, as the marketplace and its participants realign under the new ACA paradigm.

We believe that most of the litigation, at least in the short term, will be disputes that stem from the new expectations and demands on patients, providers and payers. The current transformation in healthcare is not an easy situation for any of the stakeholders.

From a provider perspective, the operative question seems to be, “How do we adapt our financial model to provide quality care and still pay the bills?” Payers, in most instances health plans, find themselves squeezed by new regulatory requirements that expand coverage—including into areas that were never covered in the past—with the total elimination of the ability to medically underwrite their prospective membership. Patients, for their part, want coverage, especially if they haven’t had it in the past. But they also want access, value for their money and the ability to choose their doctors. In addition, they expect a meaningful care experience that they believe delivers on the promises the Administration made or, often, their own conception of what health insurance should provide and how it should function.

Many ACA Lawsuits Will Focus on Access to Care

Lawsuits almost always are born of nasty surprises, failed expectations, or some combination of the two. At least initially, lawsuits filed involving the ACA will be no different. Access to care will be the focus of many of them. It’s one thing to buy health insurance on an exchange but having insurance is meaningless unless there are providers who will accept it, who are geographically convenient, and who have the needed facilities and skills to treat the relevant medical conditions.

Already, the media has reported that newly insured patients are having trouble finding doctors in some areas and are receiving faulty information on which doctors are part of their new networks. In some instances, they also say that they are having some difficulty getting accurate information from their new plans.

We have heard reports of consumers purchasing insurance on the exchanges but finding that provider directories are either not available to them or are inaccurate. In other instances, newly insured patients are being introduced for the first time to newly formed “narrow networks.” Narrow networks are the result of payers attempting to keep costs down and, therefore, premiums affordable, by limiting the medical groups, hospitals and other providers who are “participating” or who are included as “preferred” providers. Further complicating the landscape, many of the newly insured never had private health coverage before and, therefore, are being introduced to an entirely new system--a system that itself is in the throes of change. Overall, again, the touchstone is access to care.

Finances Are in Flux, and Predictability Has Been Erased

The finances are now in flux as well. The traditional healthcare marketplace can be viewed as a triangular market, with economic interdependency between patients, payers and providers. Whatever you thought of the private healthcare market in the United States before implementation of the ACA, the market had achieved the maturity that enabled financial modeling to be undertaken with at least a reasonable degree of predictability. That predictability has been essentially erased by the dramatic changes to the private healthcare system.

Increasing the numbers of the insured is a good thing, but only if people can afford the coverage and only if they believe it meets their needs. Coverage isn’t worth anything if the insured cannot find willing providers to treat them, under their policies, in a timely manner. For that matter, insurance can’t be affordable if health plans are regulated into penury. And so on.

Moreover, the complexity of the new financial arrangements and combinations, such as Accountable Care Organizations, will create their own financial and clinical tugs-of-war among market participants, most likely over issues such as cost sharing, clinical and financial integration requirements, distribution of shared savings, validity of clinical practice guidelines, network adequacy, risk adjustment payment, and medical loss ratios. One could go on and on with the list of potential issues. Any market disruption causes financial tremors, and financial difficulties are lawsuit fertilizer, so to speak. Where there is financial uncertainty, the likelihood of lawsuits tends to grow.

Filling in the Blanks on What the ACA Requires

Finally, of course, there is the all-important question of what services the ACA requires. In some cases, there is much clarity that remains to be filled in around coverage. For example, “habilitative services” must be covered. Habilitative services are defined as medically necessary healthcare services and devices that assist individuals in partially or fully acquiring or improving skills and functioning and that are necessary to address a health condition, to the maximum extent practical. These services address the skills and abilities needed for individuals to function and interact with their environments.

Okay, but what does that really require payers to cover? One commentator suggested that, for juvenile diabetes patients, a stay in a summer diabetes-management camp might be required to be covered. Similarly, the ACA’s mental health parity requirement (and similar state laws) have already proven fertile producers of litigation—and provide another example of an area that may have traditionally been viewed as part of the governmental social services obligation but now is seen as an essential and required health insurance benefit. The upshot is that dispute is inevitable, until these (and many other) covered service requirements are fully defined.


These are exciting times to be in healthcare in the United States. Of course, at least in the short term, a lot of people may be forced, at least occasionally, to recall the old curse, “May you live in interesting times.” Manatt Health will monitor developments in ACA-related litigation and continue to keep you informed.

Advancing the Academic Health System for the Future: Managing Population Health

Author: Thomas Enders, Senior Managing Director, Manatt Health Solutions | Alex Morin, Senior Analyst, Manatt Health Solutions

Editor’s Note: Partnering with the Association of American Medical Colleges (AAMC) Advisory Panel for Healthcare, Manatt Health has produced a new report, “Advancing the Academic Health System for the Future.” The report focuses on eight primary themes developed from interviews with 13 institutions that are representatives of emerging leaders in clinical care. It serves as a real-world tool for assessing where institutions are today--and how they can move to a sustainable model for the future in a transformed healthcare environment. Below is a summary of the report’s seventh chapter on managing population health. To download a free copy of the full report, click here.

Population health requires engaging patients and populations in a broad range of services and activities to prevent disease, improve the long-term success of medical interventions, increase the overall health of a defined beneficiary set and, ultimately, enhance the health status of all the communities served. Those academic medical centers (AMCs) that have implemented population health characterize their approach as incorporating five characteristics:

  • Patient-centered, ensuring patients are engaged in the entire process of care and decisions are well informed, as well as recognizing the needs and preferences of diverse patients.

  • Community engaged, partnering with communities to identify and meet the needs of those they serve and measurably improve overall community health.

  • Primary care based, having patient-centered medical homes as foundational elements for patient engagement and using shared clinical information and protocols to link specialists, hospitalists, long-term care and nursing homes, and home- and community-based service providers. Specialty care medical homes are emerging as important vehicles for limiting care fragmentation in specific populations.

  • Health IT enabled, linking patients, caregivers and providers to health information to help prevent illness and manage care in a coordinated model, as well as to support targeted quality initiatives.

  • Academic, including residents, medical students and other health professional students in efforts to support patient health and identify research opportunities that may provide new approaches for improving health.

AMCs demonstrating a commitment to these objectives contrast sharply with those that focus almost exclusively on the highest acuity patients. That focus will remain a necessary but insufficient condition for success in the long term.

A particular challenge will be developing an ample network of primary care physicians and a community-focused system that can provide the comprehensive, longitudinal care chronic and elderly patients will require for decades. AMCs have always been a locus for complex and specialized care, but managing the health of individuals and populations across the entire continuum will be a new skill for many.

Managing an AMC’s Own Employees

Many systems begin by managing their own employees’ healthcare, allowing them to develop care management approaches, as well as to identify ways to improve outcomes and lower cost of care. They then can apply what they learn to create targeted products for nonemployee beneficiaries.

The University of Michigan Faculty Group Practice provides an example of this “employees first” approach through its participation in the Medicare Physician Group Practice (PGP) demonstration. The Faculty Group Practice built a complete care management system to address the entire disease spectrum.

In the first year, the Faculty Group Practice addressed common issues, such as missed appointments and incorrect use of medications, through a call-back program. In the second year, it focused on geriatric patients, expanding its presence into selected sub-acute care facilities. It also launched a palliative care service, expanded disease-specific registries and implemented IT tools to measure quality and cost performance. In the fourth year, it created a medical home infrastructure. By the conclusion of the fifth year, it was closely managing every high-risk group, including dual eligibles, frail elderly, at-risk patients in transition and patients needing palliative care. These initiatives earned the University of Michigan Faculty Group Practice the distinction of being the top performer in the PGP demonstration.

Partnering to Create a Networked Model

Some organizations are creating regional approaches, partnering with several systems across regions to care for large populations of patients. The University of Iowa has formed the University of Iowa Health Alliance to serve as an umbrella for numerous initiatives. Sharing and employing best practices across the network, the Alliance has statewide reach. Members can realize savings by sharing potential costs related to population health management. Alliance participants also have partnered to offer an insurance product on the state health exchange starting in October 2013.

Understanding that Information Technology is Fundamental

To achieve the goals of a population health model of care delivery, clinicians need access to sophisticated information management tools. AMC leaders must have complete insight into their organizations’ portfolio of clinical, administrative and financial data, linked together and used to drive high-quality, patient-centered care. Specific information management tools include:

  • Registries and population health management tools that offer point-of-care and back-office clinical decision support, as well as workflow applications to maximize intervention impact and patient management. Particularly important is the ability to assess individual and group health risk accurately and dynamically—and prepare interventions and case management accordingly.

  • Geo-mapping that supports community dialogue by linking claims data, emergency department and other use rates, crime statistics and additional relevant social and healthcare information to identify “hot spots” and target interventions.

  • Health information exchange technology that seamlessly integrates clinical and financial data from all sites of care.

  • Patient engagement tools and services that assist patients in active home care and support shared decision making in medical treatment scenarios.

  • Quality measurement and reporting that demonstrates outcomes to purchasers, as well as enhances clinical behavior around evidence-based guidelines and best practices.

  • Electronic health records that enable consistent, portable patient information across the entire patient network.

  • Advanced analytics that identify costly, at-risk patients, so proactive, specific interventions can be employed.

AMCs must create new organizational capabilities and training programs for clinicians and staff to leverage these tools fully. They also must develop the capacity to manage chronic diseases in low-cost settings in the community, empower patients to manage their diseases more effectively and equip them to prevent emergency room utilization and hospital admissions. While AMCs must improve patient safety initiatives, particularly in inpatient facilities, they also must engage more broadly in preventive medicine to an extent previously unseen in most AMC settings.

Deciding Whether to Build or Buy

Population health management capabilities require significant investment to secure the right technology and human capital, develop the correct processes, policies and procedures, and ensure practitioners have the necessary skill sets. Some AMCs will have sufficient size and scale to build these capabilities, leveraging existing resources and supplementing, where necessary.

For example, the University of Pittsburgh Medical Center (UPMC) has built a sophisticated population health management system using its own health plan. Its approach includes Health Information Exchange (HIE) and Electronic Medical Record (EMR) capabilities, a patented analytics and care management workflow platform, and investments in clinical infrastructure and processes that support standardized practices and policies to drive quality and efficiency. UPMC and the publicly traded Advisory Board have created a for-profit subsidiary, Evolent, to enhance and commercialize UPMC’s care management and population health capabilities.

Identifying the Implications for Leadership

AMCs must adopt a new paradigm of care delivery that expands beyond the core specialty care services market and incorporates population health capabilities. Payers will be seeking high-quality, cost-effective options for beneficiaries. They will place a premium on organizations that can deliver efficient, cost-effective, high-quality patient care for a defined population. Leadership considerations include:

  • An expectation that the health system of the future will be agile in identifying and segmenting populations by indicators, such as health status, socio-economic status and prevalent chronic conditions, as well as in defining care environments that meet the needs of each segment.

  • The ability to define a population of beneficiaries and work to develop population health capabilities, either internally or in partnership with other organizations.

  • The pursuit of a population health strategy that complements a focus on specialty care service development and improvement.

  • Sophisticated IT systems, skilled data analysts and health services researchers and physicians, trained to understand data and translate it into better care at the population level.

Once More into the Breach, Dear Friends: CU and NYP Enter into Largest HIPAA Settlement to Date

Authors: Robert Belfort, Partner, Healthcare Industry, Manatt, Phelps & Phillips, LLP | Michelle McGovern, Associate, Healthcare Industry, Manatt, Phelps & Phillips, LLP

In connection with a data breach that impacted approximately 6,800 individuals, two New York healthcare organizations have entered into the largest settlement agreement to date for potential violations of the Health Insurance Portability and Accountability Act (HIPAA). On May 7, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a settlement with New York and Presbyterian Hospital (NYP) and Columbia University (CU) for a combined total of $4.8 million in connection with a breach of patients’ electronic protected health information (ePHI) stored on the entities’ shared network.

Under a joint arrangement, CU faculty members serve as attending physicians at NYP, through an affiliation called the “New York Presbyterian Hospital/Columbia University Medical Center.” As a result of this arrangement, CU and NYP operate a shared data network (along with a shared firewall) that links CU with NYP patient information systems containing ePHI.

In September 2010, New York Presbyterian Hospital/Columbia University Medical Center submitted a joint breach report to OCR, after a CU physician attempted to deactivate a personally owned computer server on the organization’s network. Because the network lacked certain technical safeguards, the server’s deactivation caused ePHI (including patient status, vital signs, medications and laboratory results) to become generally accessible online. CU and NYP were initially informed of this breach after the partner of a former NYP patient found that patient’s information on the Internet.

OCR investigated the alleged breach and found that, in addition to the disclosure of ePHI, both CU and NYP failed to conduct an accurate, thorough risk analysis of all information technology equipment, applications and data systems using ePHI. Further, OCR found that both entities failed to implement appropriate security measures to reduce the risk of impermissible disclosure of ePHI on their networks. As a result, neither entity had developed an appropriate risk management plan to protect the security of ePHI.

Finally, OCR found that NYP did not have appropriate policies and procedures for authorizing access to databases containing patient information, and that the organization failed to comply with the policies that had been implemented for managing information access.

NYP paid a greater portion of the $4.8 million settlement agreement, totaling $3.3 million, and CU paid $1.5 million. Additionally, both entities entered into Corrective Action Plans (CAPs) with HHS, which will last for three years. The CAPs require each entity to (among other things) undertake a risk analysis, develop a risk management plan, revise policies and procedures on information access management and device and media controls, and develop a privacy and security awareness training program.

Joint Arrangements Mean Joint Liability

In connection with the investigation, OCR stressed that joint healthcare arrangements can result in liability for all covered entities involved. “When entities participate in joint compliance arrangements, they share the burden of addressing the risks to protected health information,” Christina Heide, OCR’s Acting Deputy Director of Health Information Privacy, said in a statement. “Our cases against NYP and CU should remind healthcare organizations of the need to make data security central to how they manage their information systems.”

The New York Presbyterian Hospital/Columbia University Medical Center settlement was finalized just one month after HHS announced separate settlements with Concentra Health Services and QCA Health Plan, Inc., in connection with compliance actions involving unencrypted laptop computers and other mobile devices. These settlements should remind all covered entities of the importance of ensuring that all ePHI is stored as dictated by the HIPAA Security Rule, as both settling a breach and implementing remedial measures can be costly.

Value-Based Contracting: New Payment Terms Have Emerged

Authors: Anne O. Karl, Associate, Manatt, Phelps & Phillips, LLP

Editor’s note: In a recent “Executive Insight” article, Manatt Health defines some of the emerging payment terms that can significantly affect the value of ACO arrangements. Key points are below. Click here to view the full article.  

Value-based contracts feature several new terms that can dramatically impact the value propositions of an ACO arrangement yet remain unfamiliar to most plans and providers. Shared Savings contracts, in particular, include novel payment terms that can significantly affect the financial performance of the parties.

First, Shared Savings contracts must define the threshold of savings or losses relative to the benchmark that triggers payments from one party to the other. Higher thresholds increase the likelihood that providers’ actions, rather than chance, caused the deviation in spending. Lower thresholds increase the chance that one party will be required to make payments to the other. In general, providers prefer lower shared savings thresholds and higher shared loss thresholds, while plans prefer the opposite.

Second, the total pool of savings or losses eligible for sharing will have a substantial impact on the overall contract value. Providers can be eligible to share in all the savings or losses—or only those that exceed the threshold. Sharing only in savings or losses that exceed the threshold will decrease the year-end payments between the parties.

Plans new to shared savings contracts may prefer sharing only in savings or losses that exceed the threshold to reduce variance in the plan’s performance. Decreasing the likely amount of shared savings or loss payments, however, may discourage providers from making the infrastructure investments needed to improve quality and coordination.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at:

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit
  • New Relic - For more information on New Relic cookies, please visit
  • Google Analytics - For more information on Google Analytics cookies, visit To opt-out of being tracked by Google Analytics across all websites visit This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at:

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.