Health Update - November 2015

In This Issue:

  • Best Practices for Using Social Media in Healthcare: Maximizing Impact, Mitigating Risk
  • Building on Year One 1095-A Form Success: Marketplaces' Recommendations for Future Tax Seasons
  • FTC Issues Guidance on Active Supervision of State Regulatory Boards Amid New Litigation Activity
  • What Constitutes an "Investigation" Triggering a Peer Review Body's HCQIA Duty to Report a Subsequent Resignation?
  • A Second Chance to Benefit from "The Connected Patient: Using Digital Health in Care Management."

Best Practices for Using Social Media in Healthcare: Maximizing Impact, Mitigating Risk

Authors: Jon Glaudemans, Managing Director, Manatt Health Solutions | Linda Goldstein, Partner, Chair, Advertising, Marketing and Media Division

Editor's note: In a generation more likely to seek health information online than see a doctor, social media is playing an increasingly critical role in healthcare decisions. Today more than 40% of consumers say that the information they read in social media affects how they deal with their health1—and two-thirds of doctors use social media for professional purposes.2

With statistics like these, it's not surprising that a growing number of healthcare entities are incorporating social media into their communication plans. In the article below, Manatt reveals how you can effectively harness social media's power to reach and influence your target audiences—and what you can do to minimize the risks that often can accompany an active social media presence. The article is based on our webinar for Bloomberg BNA, "Best Practices for Using Social Media in Healthcare: Maximizing Impact, Mitigating Risk." If you missed the program, click here to view it free, on demand, and here to download a free copy of the presentation.

_________________________________

Part I: Maximizing Impact

Social media has become a shorthand designation for person-to-person information shared using a wide variety of online and digital platforms, such as Facebook, Twitter, Pinterest, Tumblr and LinkedIn. Most started as desktop applications, but all have experienced dramatic growth in their transition to mobile platforms.

Social media applications originally were designed to allow individuals to create self-defined networks of friends or like-minded strangers and share information, stories, links and pictures. As social media became more prevalent in the late 2000s, commercial interest exploded. Companies saw social media as another channel to deliver their messages to their audiences.

The problem is that very few social media users want to hear "corporate messages" and certainly don't consider themselves an "audience." Therefore, they weren't attentive to companies' early efforts to engage in this space. The core attribute of social media—user-defined networks of relationships—requires a fundamentally different way of engaging.

11 Keys to Success

Companies are not the sole source of trusted information on social media. In fact, most of the information that people rely on comes from friends, colleagues and in some cases organizations that they have self-selected to join their social networks. Research shows that 41% of users say social media would influence their choice of a doctor or hospital—and 9 out of 10 18- to 24-year olds would trust medical information others shared on social media. It's important to remember that those 18- to 24-year olds are tomorrow's patients, members and employees.

Clearly, social media is an essential communications tool, but one that requires a different dynamic and different skill set than traditional media. There are 11 keys to social media success that we will discuss in this article:

1. Connect the dots.

2. Have a plan.

3. Tell a story.

4. Answer the question.

5. Get in shape.

6. Take a risk.

7. Trust the team.

8. Listen and learn.

9. Seize the day.

10. Guard your flank.

11. Revise, revise, revise.

1. Connect the Dots

Every healthcare organization has a series of mission-critical communities, including patients, caregivers and employees, as well as local, state and national stakeholders and leaders. Each community has its own unique infrastructure and culture. The active support of these mission-critical communities is fundamental to every organization's long-term success.

The relationship between these communities and healthcare organizations is shifting. Each person may belong to many communities. Each considers him- or herself unique and will resist being treated as part of an "audience." To garner the loyalty of these people whose active support is vital, organizations must engage with them on their terms and with their agreement.

It's important to recognize that these communities overlap. For example, in delivery systems, nurses and doctors can become patients. Patients may be donors. Caregivers may play community leadership roles. For managed care organizations, as well as for pharma and device manufacturers, patients may learn of organizations through their physicians or a wide array of patient-focused third-party organizations. Social media quickly exposes any disconnects in what these overlapping communities are hearing. Therefore, it's crucial to have one cohesive social media strategy to protect against delivering mixed messages to mission-critical communities.

2. Have a Plan

Design a campaign to engage the hearts and minds of mission-critical communities. Develop a message platform that is the core theme of your organization's mission. In a political context, it was compassionate conservatism for President Bush, hope and change for President Obama. For healthcare organizations, it can be trust, quality, convenience or mission focus.

Many organizations develop their message platforms using a simple two-by-two box of us versus them. How would we describe ourselves? How would we describe our competition or our mission-critical communities? How does our mission-critical community describe itself? And how does that mission-critical community view us? This approach is fundamental to developing a message platform for social media because ultimately it becomes the guidepost to engaging in conversation with mission-critical communities.

We recommend forming a multistakeholder governance approach to developing a social media strategy across various communities. When creating a message platform, make sure to include all parts of the organization. The goal is to engage people, not audiences. Therefore, it's very important to understand what's happening from the outside in among your communities.

3. Tell a Story

The best campaigns are stories. Social media users are engaged in a continuous conversation with their networks of self-identified friends and relationships. Most folks are just listening. Some are posting to the community, looking to share something they found. Others react to the conversation, commenting on a post or a tweet. But whether listening, talking or reacting, social media is a conversation, not a message. If organizations simply view social media as a place to deliver a message—a different version of a newspaper or magazine—they won't last long.

The challenge is to enter the conversation and begin to shape it gradually and consistently with the values of the people on the other end in a way that mirrors the organization's message platform. It's critical to frame the conversation in an authentic voice that mirrors how people actually talk to one another.

Use the rule of thirds. A third of the time, talk across platforms about brand awareness. A third of the time, focus on the community's interests. And last, a third of the time, engage individuals in that community on a more personal level.

4. Answer the Question

Answer any questions. Don't simply send a link or direct people to another page. Make it easy for people to find a doctor, make an appointment or learn about a treatment.

5. Get in Shape

Engaging mission-critical communities in conversation is a new skill. Get teams in shape. There's no substitute for practice. Anyone playing an active role in social media strategy needs to have a hands-on appreciation for social media. This is not something that can be delegated. Each person on the team needs to listen through these new channels.

You gain credibility when senior leadership is actively engaged. Research shows that 82% of consumers are more likely to trust a company whose CEO is on social media—yet only 30% of Fortune 500 CEOs are on social media.

6. Take a Risk

Making the leap from the old world of messages delivered to audiences to engaging in conversation is a big jump. But it's critical to start. Because as risky as social media can be, the bigger risk is not to engage.

7. Trust the Team

As organizations develop or redesign their social media, they need to trust their digital natives. The most compelling conversation-based strategies will come from colleagues who grew up with podcasts, posts and tweets.

Organizations should recruit their social media teams from their current staff. Employees know their organization's culture, products and services better than anyone. Every organization has a lot of social media users among its employees with a deep understanding of the new environment. But don't give them the keys to the car without reminding them of traffic rules. Have explicit social media policies in place, and ensure they are well understood and widely disseminated.

8. Listen and Learn

A critical part of any state-of-the-art social media strategy is the combined art of listening and learning. It's important that your strategy includes continuously scanning the environment. Best-in-class organizations have established formal listening posts. Listen to what people are saying to learn how to engage in the conversation—and, more importantly, determine needed changes in business processes.

In addition, watch what people are searching for on Google. That's just one of the diagnostic tools that can give organizations a heads-up they can use to refine and reshape conversations. It's good to get "likes" on homepages and retweets of tweets, but it may be more important to engage with communities on their terms and in their networks.

It's also critical to consider the value of participation and outward engagement. Don't make community members always come to you. Engage them in conversations about their choice of hospitals, health plans and products. Consider the experience of the Mayo Clinic. The average number of listeners to Mayo's podcasts jumped by 76,000 in a single month after it started using social media.

It's important to remember that listening alone isn't enough. Organizations need to be prepared to change based on what they learn. For example, a hospital in the Midwest picked up repeated complaints being retweeted about long wait times. The administrator was able to not only identify the issue but to resolve it. On the other side of the coin, organizations need to find ways to reinforce the positive feedback they hear on social media.

9. Seize the Day

To be an authentic voice in the conversation, organizations must be present in the constant focus groups that are being conducted online. There's no room for delay.

Consider the time the lights went out during the Super Bowl a few years ago. A team of people at Oreo reacted in the moment and tweeted out the message that "You can still dunk in the dark." It immediately got 15,000 retweets and 20,000 likes on Facebook. That's just one example of how an organization reacting quickly to a change in circumstance can bring its brand to the forefront.

UCLA Health's live-tweeting and Vining an entire brain surgery while the patient played guitar is another great example. The event formed an incredibly positive impression on many levels. People came away perceiving UCLA Health as technology-savvy, committed to its artist patient and medically sophisticated.

The key thing to remember is that time is the enemy in social media. Just 18 minutes after an initial tweet, half the retweets are done. The half-life for Facebook is 30 minutes and for YouTube is 7.4 hours. Organizations that can't act in the moment get lost in the conversation.

10. Guard Your Flank

Social media is not a risk-free environment. Don't assume that because a tweet's half-life is 7 minutes, it's gone from the record after that. It's there forever. Use the coffee shop test. Anything not appropriate to talk about in a conversation over a cup of coffee in the hospital cafeteria or corporate lunchroom shouldn't be talked about online.

There will be things that can't be anticipated—from data breaches to malicious comments. Have a tested crisis management plan in place, and retest it quarterly, so people don't fall out of practice.

11. Revise, Revise, Revise

Social media plans are good for about three months before either technology or the conversations being monitored significantly change. Failing to adapt plans will mean conversations get stale, understanding of the prevalent technology becomes out of date and organizations lose the credibility they gained over time.

Part II: Mitigating Risk

While there are risks associated with social media in any industry, regulatory constraints mean risks are heightened in the healthcare industry. With proper policies, training and monitoring, however, there's no reason that healthcare organizations can't use social media as effectively as others.

The Context in Healthcare

There are obviously many ways in which the healthcare industry is using social media, from sharing new research to discussing new technologies and treatments. Increasingly, social media is the way healthcare organizations and professionals are communicating with patients and marketing their brands. In this article, our primary focus will be on the risks associated with the marketing and branding space.

Legal Risks: HIPAA and Other State Privacy Laws

Potential violations of the Health Insurance Portability and Accountability Act (HIPAA) and other state privacy laws was for many years one of the primary reasons the healthcare industry was slower than some others to embrace social media. The nature of social media creates significant risks of violating HIPAA and state privacy regulations.

HIPAA prohibits disclosing any individually identifiable health information transmitted or maintained in any form or medium, including social media platforms. The prohibition covers any information that can be used to identify a patient and that relates to his or her physical or mental health condition or the provision of healthcare, even if the person is not identified by name. Organizations are responsible for disclosure of this information by their employees.

The informality and fast-paced nature of social networking sites create substantial potential for mistakes. There are many ways that people are identifiable on social media, even when their names are not shared, such as through a Facebook profile picture. People erroneously assume they're not triggering HIPAA because a patient's name is not being used. But in fact, most of the ways people are identified in social media would fit within the HIPAA trigger.

For example, at a Rhode Island hospital, an emergency room doctor posted information about a trauma patient on Facebook. The name of the patient wasn't included, but the doctor provided enough information for the patient to be identifiable in the community. That was sufficient to trigger a HIPAA violation. At that time the hospital did not have a social media policy in place.

There also was a case involving a paramedic posting details about a rape victim on his MySpace page. Again, the patient wasn't mentioned by name, but there was enough information to allow identification by the community. The paramedic's employer was fined for his actions.

In fact, there are numerous examples of medical professionals being fined for posting information about medical procedures without disclosing the patient's name. Perhaps one of the most egregious cases involved a nurse in Portland who posted pictures of a car accident victim's buttocks on Facebook. Because of its severity, people in the community knew about the accident and therefore could identify the patient. The nurse was sent to jail and permanently banned both from being in the nursing industry and using social media sites.

What are the themes shared across these cases? In each instance, though the patient's name wasn't provided, there was enough information for the community to identify the person. In addition, in all these cases the problems arose from the actions of employees—often posting information on their own social media pages. It's critical to remember that organizations are responsible when their employees disclose information.

Most HIPAA violations that occur over social media are based on a common set of misconceptions. Common mistakes in social media include:

  • The mistaken belief that communication is private and accessible only by the intended recipient.
  • The mistaken belief that the content of posts has been deleted and is no longer accessible. Remember…on social media everything is permanent.
  • The mistaken belief that if the site is private (i.e., limited to select recipients) the disclosure of patient information is harmless.
  • The mistaken belief that there is no breach if the patient's name is not disclosed.
  • The mistaken belief by employees that disclosure on their own personal social media networks is not actionable.

Legal and Ethical Risks

Social media also poses legal and ethical risks that are unique to the healthcare industry. There is a fine line between sharing information and providing medical advice. Because social media is based on personal interactions, there is the increased danger of inadvertently offering medical guidance to patients or prospective patients. Other risks include:

  • Creating the chance for claims of operating without a license if patients are located in another state. With social media, there is no way to know where people are when they are communicating with you.
  • Failing to provide the necessary disclosures. Character limitations on platforms such as Twitter make it difficult to disclose the required information.
  • Breaching confidentiality laws and creating ethical issues. Some of the most common social media interactions—such as friending or Googling patients—can raise ethics questions and breach privacy laws.

AMA Guidelines

The American Medical Association (AMA) has issued guidelines on social media usage that are valuable to keep in mind:

  • Be cognizant of standards of patient privacy and confidentiality. Don't post sensitive patient information online or transmit it without appropriate protection.
  • Use privacy settings to safeguard personal information, but understand that privacy settings are not absolute.
  • Maintain the appropriate boundaries of the patient-physician relationship, just as in any other context.
  • Report unprofessional postings to the appropriate authorities.
  • Do not post any identifiable information about clients, patients or affiliate care providers.
  • Avoid searches on people that you relate with professionally.
  • Create separate professional and business pages in social media. Keep personal content distinct. (Manatt would add the caveat to remember that posting information about patients or treatments on one's personal page could still raise privacy and HIPAA violations.)

Marketing and Branding Risks: FTC Testimonial and Endorsement Guides

The Federal Trade Commission (FTC)—the primary agency that regulates all advertising and marketing communications—has set a regulatory framework for any use of social media for advertising or marketing purposes. While there is no specific statute on point, the FTC's Testimonial and Endorsement Guides are the most significant sources of regulatory guidance. Any time an organization engages "social media influencers" on its behalf or presents testimonials, its communications are subject to the FTC Testimonial and Endorsement Guides. There are four provisions of the Guides that have gotten organizations into trouble.

1. Any connection between the endorser (including bloggers or any social influencers) and the advertiser must be disclosed.

2. The advertiser is responsible for making sure that those disclosures are made throughout the social media universe.

3. The advertiser is also responsible for any claims made by the endorser.

4. The advertiser must be able to independently substantiate claims made through testimonials.

In the last year, the FTC's views have become increasingly restrictive in three areas. The first is what constitutes an endorsement, the second is what constitutes material connection, and the third is how to disclose those connections adequately when they exist.

The increasing restrictions started with an action that the FTC brought several years ago against Ann Taylor. Ann Taylor invited bloggers to a fashion show. Those who attended received a goody bag and entry into a mystery gift card drawing worth up to $500 at Loft. Many bloggers went home and blogged about the fashion show and their reactions—but did not mention the fact that they had gotten the gifts from Ann Taylor. The FTC's position was that not mentioning the gifts was a violation of the FTC's Testimonial Guide, and it was Ann Taylor's responsibility to make sure that the bloggers made those disclosures.

The FTC brought a similar case against Hyundai, when Hyundai's media agency offered gift cards to bloggers. Hyundai was running a Super Bowl promotion, and all the bloggers were doing was generating buzz about the promotion—not even Hyundai's cars. But again, the bloggers failed to disclose receipt of the gift card. The FTC did not require Hyundai to enter into a consent decree. In this case as well as in the Ann Taylor case, the FTC did something called a closing letter which said, "we're not going to make you sign a consent order, but we're going to let the world know that you did something wrong."

The only reason the FTC did not take formal action is that the promotion had been done by an individual at the media agency, not by a Hyundai employee. In addition, both Hyundai and its social media agency had social media policies in place that prohibited what happened.

In the most extreme case, the FTC brought an action against Cole Haan for a sweepstakes promotion asking people to pin pictures of Cole Haan shoes, as well as destinations to which they would like to travel. People who pinned pictures received an entry into a sweepstakes. The FTC took the position that the mere act of pinning constituted an endorsement, and a sweepstakes entry was a "material connection that had to be disclosed." In other words, Cole Haan needed to make sure that consumers disclosed that they were pinning pictures, because they were hoping to win a prize.

FTC Testimonial and Endorsement Guides: Key Lessons Learned

These cases may seem trivial, but they teach some important lessons:

  • The most common social media task can constitute an endorsement, even if the person isn't expressing an opinion or belief. For example, if a hospital asks new mothers to post pictures with their babies to show positive experiences in the neonatal unit, the mere act of posting would constitute an endorsement.
  • Any incentive, no matter how nominal, could be considered material.
  • Advertisers can be held liable for claims made by endorsers.
  • Advertisers can be held liable for failure of endorsers to disclose material connections—such as if they received something for the endorsement.
  • Advertisers must have a social media policy in place for employees and advocates. That is one of the first things the FTC will look to—and it can make the difference between a slap on the wrist and a full-blown enforcement action.
  • Make sure PR agencies know the rules. Most FTC cases resulted from PR agency activities.
  • Make sure to have robust monitoring procedures in place. Failure to monitor can be a violation.

NOTE: Subsequent to the webinars, the FTC released answers to questions people are asking about the Guides in the form of FAQs which may be found here. Through the FAQs, the Federal Trade Commission has taken a "deeper dive" into forms of social media promotion that were in their infancy just a few years ago. We discuss them in detail here.

Disclosures in Social Media

Many social media platforms have tight space constraints. The FTC does not accept the lack of space as an excuse for failing to make necessary disclosures—and it wants to see those disclosures as close as possible to the triggering claims. Disclosure at the bottom of a page, requiring consumers to scroll, could be a problem. The FTC does not consider scroll bars a "sufficiently effective visual cue."

The FTC also is taking a more restrictive view of hyperlinks. It's important that hyperlinks be clearly labeled, so consumers know exactly what kind of information they contain. The FTC does not like generic names for hyperlinks. Avoid hyperlinks entirely for health or safety information, as well as when information is integral to the claim.

When disclosing that an ad or post is sponsored, the common practice in social media is to use hashtag sponsor or hashtag ad. Be aware that the FTC doesn't like abbreviations like hashtag "spon." They prefer full words to ensure consumers understand—so spell out "sponsor."

User-Generated Content

User-generated content poses risks of liability for copyright infringement and trademark infringement, as well as for libel and defamation. If organizations are using people's names and likenesses, there could be a risk of privacy/publicity violations. If claims are being made, there's the added risk of false product claims. The good news is that there are ways to mitigate these risks. In addition, there are two relevant safe harbors:

  • The Digital Millennium Copyright Act (DMCA), providing immunity for copyright infringement, as long as safe harbor requirements are met. DMCA requires that there is not actual knowledge the material is infringing. If something is infringing on its face, it must be taken down. In addition, there must be provisions for people to notify the organization if any material is infringing—and procedures for taking it down immediately. Finally, there can be no financial benefit from the infringing activity.
  • The Communications Decency Act, providing immunity for defamation, torts, Lanham Act, privacy and publicity, as long as the organization is not a "content provider." Organizations cannot participate, in whole or in part, in creating the content or they could lose immunity. Don't modify content or provide samples or templates.

The best protection is to include strong content submission guidelines that prohibit use of third-party infringing works, third-party marks, photos or likenesses without required releases, and offensive/defamatory works.

Reusing Third-Party Social Media Content

What if an organization wants to repost or retweet a positive comment? The rules of engagement are very different when retweeting for marketing purposes than for personal reasons. Just because a platform allows sharing doesn't necessarily mean it's all right to use the content for marketing purposes.

First, organizations reusing content become publishers of that content, so they lose the benefits of the safe harbors discussed earlier. Second, an organization that retweets people's profiles and pictures is using their names and likenesses without their consent. Remember that terms of use do not override legal protections against unauthorized use for commercial purposes.

The Big Risk: Reputational Damage

The risk of reputational damage has many potential sources. Damage can come from unauthorized employee conduct, negative conversations that consumers or others initiate, or an organization's own social media conversations that get out of control.

A good example is a recent McDonald's campaign called McDStories. McDonald's intended to receive stories about what people love about McDonald's. Instead, people hijacked the hashtag and applied it to share negative stories. McDonald's had to pull the campaign within two hours of launching—but people continued to post with the branded hashtag. Even though McDonald's pulled down the campaign, it couldn't stop the conversation.

McDonald's provides a cautionary tale. Be sure to think through a hashtag before launching—and understand its potential to go viral. Realize that once a brand launches the campaign, the audience controls it.

The risk of reputational damage in the healthcare industry is perhaps even higher than others. In the healthcare environment, it can be harder to defend against negative comments because of concerns about violating confidential information or someone's rights of privacy or publicity. To mitigate risk, have a strong social media policy in place, train staff thoroughly, moderate and monitor conversations, and create a risk management team.

A Guide to Effective Social Media Policies

To be effective, social media policies should be directed both to social influencers and employees. In addition, they should be simple and written in clear, understandable language. They also should include a set of key elements, including:

  • Who can access social media from an organization's network.
  • Instructions on proper activations of network settings.
  • Inappropriate uses of social media on an organization's network and personal social media sites.
  • Examples of inappropriate conduct. This is particularly important for healthcare organizations, because it may not be obvious what constitutes protected healthcare information (PHI).
  • Prohibitions against disclosing confidential information.
  • Risks of copyright/trademark and other intellectual property violations.
  • Prohibitions against defamatory or harassing conduct.
  • Consequences of inappropriate use.
  • Incorporation of privacy and other conduct policies.
  • Responsibilities of employees on their social media sites.
  • Notification that employees are at personal risk for civil liability.

When crafting policies, it's important to balance restrictions on employees' social media activities against National Labor Relations Board (NLRB) considerations. The NLRB has taken action against companies whose social media policies have been so broad that they could have theoretically prohibited employees from talking about working conditions or wages.

In addition to strong policies, implement a comprehensive training program to be sure employees fully understand all requirements, prohibitions and consequences. Consider a "certification" program for those authorized to use social media on behalf of the organization. Finally, remember to monitor conversations and engage moderators to review content prior to posting.

An On-Call Crisis Management Team

A crisis management team should be on call, if unexpected problems arise. There are four keys to effective crisis management:

  • Always be credible, honest and transparent. Often the cover-up is worse than the crime. Return phone calls, and insist on a free flow of accurate information.
  • Do no harm. Admit mistakes quickly—and be careful about undertaking any action that might create legal exposure.
  • Disclose, disclose, disclose, and always get—and stay—ahead of the news. It's better for organizations to put bad news out themselves.
  • Keep the organization's head held high. Social media problems happen every day. In most cases, the companies haven't done anything wrong. State the facts and move forward.

Conclusion

Social media is a core communication tool for organizations today. It poses exciting opportunities to participate in meaningful conversations with your audiences. Particularly in healthcare, it also can present significant risks. Make sure to have clear social media policies and training programs in place and work closely with counsel and an experienced crisis management team to ensure a full understanding of any potential legal or reputational pitfalls and how to avoid them.

1Source: MediaBistro

2Source: EMR Thoughts

Building on Year One 1095-A Form Success: Marketplaces' Recommendations for Future Tax Seasons

Authors: Elizabeth Osius, Manager, Manatt Health Solutions | Jocelyn Guyer, Director, Manatt Health Solutions | Joel Ario, Managing Director, Manatt Health Solutions

Editor's note: Beginning with tax year 2014, all health insurance marketplaces—both federally facilitated and state-based—were required to report information about Qualified Health Plan (QHP) enrollment to all enrollees through Form 1095-A, which was developed by the Internal Revenue Service (IRS) and used by enrollees to fill out new tax forms. While some feared that the new challenges with generating, distributing and using the 1095-A form would evoke memories of the Affordable Care Act's (ACA's) difficult first open enrollment period, the state-based marketplaces (SBMs) and federally facilitated marketplace (FFM) primarily executed their reporting requirements to enrollees successfully. The IRS also helped to ensure this first tax season went smoothly by providing consumers flexibility in filing their tax returns, permitting consumers not to refile with late corrected forms, and encouraging consumers to request filing extensions.

Through the support of the Robert Wood Johnson Foundation's State Health Reform Assistance Network, Manatt Health facilitated a workgroup of SBMs leading up to and during the 2014 tax season to discuss implementation challenges and solutions. Based on those workgroups and follow-up interviews with marketplace officials in California, Colorado, the District of Columbia, Kentucky and New York, Manatt Health produced a new issue brief, summarized below, examining the practical strategies learned this year to ease implementation of the 1095-A forms in the future. Click here to download a free PDF of the full issue brief.

_________________________________

Ensuring Data Integrity and Reconciliation Between Carriers and States

The 1095-A forms are used in the process of claiming and reconciling the premium tax credit, making it critical that they accurately reflect enrollees' coverage status and tax credits received or owed. To ensure the integrity of the data provided on their forms, all marketplaces engaged in a data integrity reconciliation process with QHP carriers to verify that the data in their systems matched the data in the carriers' systems. Most marketplaces relied on carriers for this data because carriers collect enrollees' premiums and therefore are responsible for providing timely and accurate information to the marketplaces.

All states reported the need for an extensive data exchange and quality assurance process with carriers and have continued cleaning the 2014 data well into 2015, such that the two coverage years' data integrity efforts are now overlapping. Marketplace officials noted that the greatest discrepancy with carriers' data was due to not receiving an effectuation, termination or cancellation transaction from the carrier, leading the systems to show different coverage start and end dates or enrollment status. Since premium tax credits are based in part on the number of months for which someone is enrolled in a qualified health plan, the start and end dates of coverage can directly affect the size of someone's credit. Interviewees also acknowledged that this year's data was impacted by the technical challenges encountered as they and carriers launched the marketplaces for the first time.

States had the following recommendations regarding data integrity reconciliation:

  • Establish an ongoing, proactive strategy for checking data integrity. Conduct reconciliation with carriers:

    1. On an ongoing basis throughout the year;

    2. In an extensive effort well in advance of generating and distributing the forms; and

    3. Throughout the tax season after original 1095-A forms have been distributed.

  • Plan to continue reconciliation with carriers beyond the end of the tax season.
  • Prepare for insurance carriers to be occupied with their new reporting obligations under the ACA in tax year 2015. A number of marketplaces noted that carriers will be newly implementing Form 1095-B and may have more limited capacity to work with marketplaces on 1095-A forms.

Generating and Distributing Form 1095-A

Marketplaces were required to generate and distribute a high volume of 1095-A forms by the end of January 2015. All states highlighted the need to prepare early for such a large mailing, requiring that their cover letters be finalized well ahead of the mailing. Marketplace officials agreed, however, that the cover letter included was an important tool for ensuring consumers understood what the 1095-A form was and how to use it. Most marketplaces both mailed the form to a physical address and posted a PDF version online to an individual's account (or, in D.C.'s case, through a separate login).

Many states noted that a high volume of returned mail hampered their efforts to reach enrollees efficiently. California instituted a manual process to call consumers and request an updated mailing address.

States had the following recommendations regarding generating and distributing Form 1095-A:

  • Conduct extensive testing on the production of Form 1095-A, develop batch tests and reach out to contacts at the IRS, as needed.
  • Plan well in advance for a massive mailing effort, including finalizing cover letter language early and cleaning physical addresses on file—throughout the year and in advance of the mailing.
  • Institute a process as automated as possible for correcting addresses on returned mail and resending it to the updated addresses.
  • To reduce consumer requests for duplicate copies of Form 1095-A, provide access to forms through the mail and online. Consider leveraging existing resources to establish a secure portal for providing consumers with electronic copies of their forms.

Tackling Errors and the Correction Process

In the event an error was identified on a form already sent to an enrollee, marketplaces were required to issue a corrected 1095-A form. While marketplaces sent some corrected forms in response to errors identified by enrollees, more commonly, marketplaces sent corrected forms because they received updated enrollment information from carriers after the original 1095-A form had been sent to a recipient. Marketplaces also sometimes identified errors produced by their IT systems. The most common reasons a 1095-A form needed to be revised included:

  • Errors associated with start dates, termination dates, and number of months (or which months) the enrollee was covered. In particular, marketplaces noted that enrollees in a "grace period" for non-payment of their premiums required corrections to their termination dates due to their retroactive terminations.
  • Cancelled policies. Marketplaces noted that they were required to send "voided" 1095-A forms to some enrollees who, after receiving the original 1095-A form, claimed never to have been enrolled in coverage.
  • Incorrect advance premium tax credit (APTC) information.

Most states required people to submit a paper form or call the marketplace's call center to request a correction. Several marketplaces expressed interest in developing a more consumer-friendly process for requesting corrections in the future.

Most marketplaces relied on carriers to review and validate requested corrections. Generally, marketplaces worked in tandem with and relied heavily on carriers as part of the correction process. It therefore behooved states to delineate clear responsibilities regarding which entity's data would be used to address a consumer's requested correction and how to share information or documentation when needed.

States' recommendations regarding errors and the correction process include:

  • Begin planning for the correction process, as early as possible, considering staff and IT infrastructure required to accept corrections, verify information with carriers, approve corrections and produce a corrected form in as timely a manner as possible.
  • Build close relationships with carriers, and establish a defined hierarchy for marketplace and carrier data, as well as a clear process between the two entities to resolve discrepancies.
  • Permit enrollees to submit corrections through a variety of means, including online forms.
  • Set up a real-time system to document and analyze requests for corrections during the tax season, allowing the marketplace to identify trends in required corrections and any systemic errors that could inform future efforts to ensure data integrity.

Providing Consumer Assistance

Because 2014 was the first year of marketplace coverage, officials anticipated extensive consumer confusion for the first tax season and a high need for consumer education. Particularly problematic in early 2015 was the overlap between the end of the 2015 open enrollment period (which concluded on February 15, 2015), marketplaces' distribution of the 1095-A form (approximately the end of January) and a standard peak in the tax filing season when many people tend to submit their tax forms (mid-February). This confluence of factors created a period of uniquely high need for consumer assistance to address both open enrollment and tax filing questions simultaneously. For the upcoming tax season, the confusion will be reduced because the 2016 open enrollment period ends on January 31, 2016.

To account for the anticipated confusion, marketplaces prepared various types of consumer assistance, including sending a cover letter with consumer-friendly instructions, training navigators and assistors, engaging with the nation's tax preparers, and, in particular, relying heavily on their call centers. Most marketplaces trained a dedicated set of call center representatives and some set up a separate phone number specifically for 1095-A questions.

States recommended the following strategies to provider consumer assistance through call centers:

  • Train a dedicated unit within the call center to assist consumers with more complicated 1095-A questions, but educate all representatives so basic questions can be answered by any representative.
  • Increase staffing in anticipation of a high volume of calls, particularly as the 1095-A forms are distributed and at peak filing times. Despite the smaller overlap between the open enrollment period and tax filing, many officials projected increased confusion next year due to the addition of the 1095-B and 1095-C forms.
  • Track the volume of calls specific to 1095-A forms and review call logs to identify common sources of confusion or error. Use this information to update training materials and for communications with carriers.
  • Provide a simple, online "benchmark plan look-up tool" that enables enrollees who must fill in their benchmark plan information to access it easily.

In addition to utilizing their call centers, marketplaces adopted an affirmative approach to managing consumer questions and confusion about the 1095-A form, relying on a diverse mixture of strategies they credit with reducing the volume of 1095-A calls. States recommended the following key consumer assistance strategies:

  • Send "watch the mail" and "alert" notifications prior to distributing the form.
  • Develop "frequently asked questions" to help consumers through potential areas of confusion.
  • Dedicate a page online to 1095-As.
  • Conduct outreach to and training for the tax preparation community.

States also instituted a variety of other strategies to address consumers' questions:

  • Training all consumer assistors and stakeholders.
  • Including a cover letter with the 1095-A form, describing what the form was and how to use it.
  • Engaging on social media, such as posting updates and explanations on the marketplace's Facebook page.

Establishing Partnerships with Federal Agencies

In addition to providing 1095-A forms to enrollees, marketplaces were required to report enrollment information through monthly and annual data transfers, primarily to the IRS though secondarily to the Centers for Medicare and Medicaid Services (CMS). To prepare states for the reporting requirements and address any new issues, the IRS conducted biweekly workshops with SBMs. Interviewers reported the workshops were very informative and praised the IRS staff for their timely responses and flexibility in developing solutions to challenges. While states had much less need to interact with CMS, they also indicated CMS was available as necessary.

States identified the following areas where improvements could benefit their planning and processes:

  • Communicating changes in IRS policy that directly affect marketplace enrollees.
  • Providing clarity on outstanding areas of uncertainty, such as issues related to the SHOP marketplaces that the IRS had not yet addressed.
  • Aligning technical requirements across agencies, so states can efficiently prepare one transaction for both the IRS and CMS.
  • Providing greater accessibility to IRS notices and procedures, such as receiving updates from the IRS on planned correspondence with tax filers that might trigger calls to the marketplace call center.

States outlined the following requests and recommendations to strengthen their relationship with the IRS and/or CMS and to clarify outstanding questions:

  • For IRS and CMS:

    1. Provide timely, clear, written communication of changes in policy or processes during the tax season.

    2. Jointly update and provide in consolidated and written guidance all policy and technical requirements that were developed and communicated during the 2014 tax season.

    3. Align technical reporting requirements to enable efficient state data transfers.

  • For IRS:

    1. Provide marketplaces with copies of the consumer communications sent to 1095-A form recipients.

    2. Dedicate additional resources and possibly a phone line to consumers with 1095 forms and/or provide marketplace consumer assistance representatives.

Implications for Future Tax Seasons

The rollout of 1095-A was another "first-ever" challenge for marketplaces. In the process, they identified important lessons for assisting marketplaces in the future, as well as the issuers, state and federal agencies, employers and others now charged with issuing the new IRS forms needed to administer the individual shared responsibility requirement and the large employer responsibility requirement. For those newly charged with distributing ACA reporting forms, the key lessons applicable to all 1095 reporting include:

  • Prepare as early as possible, allowing significant time to test technology, data integrity and communications strategies, as well as to develop relationships with partners.
  • Adopt a proactive strategy to check and verify data well in advance of when the forms must be sent.
  • Anticipate the need for a corrections process, including identifying errors, alerting consumers, creating a mechanism for consumers to see corrections, resolving data disputes and educating consumers about how to respond if they receive a corrected form.
  • Prepare for consumers' calls and questions, including taking proactive steps to reduce questions by sending clear and specific cover letters, providing training to appropriate staff, and developing relationships with the tax preparation community.
  • Prepare for the IRS adopting policy changes, if critical to allow for a successful filing season.
  • Establish a "best practices" network or other forums for sharing strategies. (In the marketplace context, the Robert Wood Johnson Foundation's State Health Reform Assistance Network was one of the few sources for SBMs to share notes, training materials and other tools to ease the implementation of the 1095-A reporting process.)
  • Anticipate new challenges associated with consumers receiving multiple forms (such as if they are enrolled in Medicare and Medicaid or have switched from marketplace to Medicaid coverage over the year).
  • Understand the unique challenges and opportunities for Medicaid and Children's Health Insurance Program (CHIP) agencies.

Conclusion

While not without challenges, marketplaces were able to fulfill their obligation to provide consumers with the data needed to receive and reconcile premium tax credits for the first time in the 2014 tax season. They succeeded using a range of practical strategies that emphasized educating consumers, preparing technically, anticipating issues, developing contingency plans, and working collaboratively.

FTC Issues Guidance on Active Supervision of State Regulatory Boards Amid New Litigation Activity

Authors: Lisl Dunlop, Partner, Litigation | Ashley Antler, Associate, Healthcare Industry | Shoshana Speiser, Associate, Litigation

On October 13, 2015, the Federal Trade Commission (FTC) released guidance regarding the level of state supervision required for state regulatory boards to receive immunity from antitrust claims.1 This guidance comes on the heels of the U.S. Supreme Court's ruling in the North Carolina State Board of Dental Examiners case earlier this year, holding that when a controlling number of state board members are active market participants, such boards will not be immune from the antitrust laws under the "state action" defense unless they are "actively supervised" by the state.2 (For a discussion of this decision, please see our June Health Update.) Since the Supreme Court's ruling, several new antitrust cases have been initiated against state licensing boards, making the FTC's guidance very timely.

Summary of FTC Guidance

In response to requests for advice from state officials regarding antitrust compliance for state licensing boards, the FTC Staff guidance addresses:

  • When a state regulatory board requires active supervision to invoke the state action defense; and
  • The factors relevant to determining whether the active supervision requirement is satisfied, including examples of sufficient and insufficient state supervision.

When State Supervision Is Required

In requiring active state supervision, the Supreme Court's decision in the North Carolina State Board of Dental Examiners case focused on whether the state regulatory board included a controlling number of "active market participants." The FTC provides guidance on who is an "active market participant" in the occupation regulated by the board.

The guidance defines the term broadly as a person who is licensed by the board or provides any service that is subject to the board's regulatory authority. It is not a defense to antitrust scrutiny that board members are not directly or personally affected by a particular restraint. Board members who are not currently practicing the regulated occupation and board members who do not perform the particular service that is subject to a given restraint may still be considered "active market participants" for state action purposes. Further, the method of selecting board members, such as by appointment or election, has no bearing on who is considered an active market participant.

The guidance also clarifies that the supervision requirement will apply where active market participants constitute a controlling number, and not necessarily a numerical majority, of actual decision makers. This issue is fact-specific and will be determined on a case-by-case basis. The FTC will consider such factors as the regulatory board's structure, the rules governing its exercise of authority, and whether the active market participant board members have veto power over the board's regulatory decisions.

Factors Considered by the FTC in Assessing Supervision

The guidance also outlines factors the FTC will consider in determining whether the "active supervision" requirement is satisfied. These include whether the supervisor has:

  • Obtained necessary information to evaluate the recommended restraint by collecting data, conducting public hearings, soliciting and reviewing public comments, investigating market conditions, and reviewing documentary evidence, as applicable;
  • Evaluated the substantive merits of the recommended action and assessed whether it complies with standards established by the state legislature; and
  • Issued a written decision regarding the recommended restraint, explaining the reasons for the decision.

By way of example, the FTC describes that a state board regulation restricting the performance of teeth whitening services to licensed dentists in order to further the state's policy of protecting the health and welfare of its citizens and promoting competition is actively supervised where the supervising agency:

  • Was designated by the state legislature to review and approve the state board's recommended regulations prior to them becoming effective;
  • Provided notice of the regulations and an opportunity to be heard to interested and affected persons;
  • Took steps necessary for proper evaluation of the recommended regulation;
  • Assessed whether the recommended regulation aligns with state policy; and
  • Issued a written decision, explaining its rationale.

The FTC guidance also sets out examples of inadequate supervision, such as: simply having a state official serve ex officio as a member of the regulatory board with full voting rights, but without authority to disapprove of anticompetitive acts that are inconsistent with state policy; where a state official provides advice to the regulatory board on an ongoing basis; or where an independent state agency merely performs a cursory review and perfunctorily approves a board's recommendations.

Significance of FTC Guidance in Light of Recent Litigation Activity

Because the state action defense analysis is fact-specific, compliance with the FTC guidance does not guarantee antitrust immunity. Conversely, failure to comply with the guidance does not necessarily indicate that state action immunity is inapplicable. When state action immunity does not apply, boards may, of course, assert other defenses generally available to antitrust defendants.

Nonetheless, the FTC's guidance serves as a helpful guidepost, particularly amid a recent flurry of antitrust lawsuits against state licensing boards. In the healthcare field, for example, cases are currently pending against the Texas Medical Board3 and the North Carolina Acupuncture Licensing Board.4 These cases may be harbingers of future litigation activity since many states' health-related professional boards may be composed of a controlling number of actively practicing members. The FTC's guidance is particularly relevant to these boards, which may face heightened litigation risks in the wake of the Supreme Court's decision.

1FTC Staff Guidance on Active Supervision of State Regulatory Boards Controlled by Market Participants (Oct. 2015), available at: https://www.ftc.gov/system/files/attachments/competition-policy-guidance/active_supervision_of_state_boards.pdf.

2North Carolina State Bd. of Dental Exam'rs v. FTC, 135 S. Ct. 1101 (2015).

3Teladoc, Inc., et al. v. Texas Med. Bd., et al., No. 15-343 (W.D. Tex. Apr. 29, 2015).

4Henry, et al. v. North Carolina Acupuncture Licensing Bd., et al., No. 15-831 (M.D.N.C. Oct. 7, 2015).

What Constitutes an "Investigation" Triggering a Peer Review Body's HCQIA Duty to Report a Subsequent Resignation?

Author: Colin M. McGrath, Associate, Litigation

When a physician resigns his or her clinical privileges during the course of a healthcare entity's1 investigation into the physician's competence or professional conduct, the Healthcare Quality Improvement Act (HCQIA) requires the entity to report the resignation to the National Practitioner Data Bank (NPDB), operated by the Department of Health and Human Services (HHS). 42 U.S.C. §§ 11133(a)(1)(B)(i), 11134(b); 45 C.F.R. § 60.12(a)(1)(ii). The term "investigation," however, is undefined under HCQIA and its implementing regulations, and until recently has received little attention from the courts. A recent decision from the United States District Court for the District of Columbia provides much-needed judicial guidance into when an "investigation" begins, and adds authority to the HHS's interpretation provided in the NPDB Guidebook.

In Doe v. Rogers, No. 1:12-cv-01229 (D.D.C., June 17, 2015, order unsealed October 9, 2015), the physician plaintiff had removed part of a patient's fallopian tube by mistake, and in response the hospital immediately began gathering all necessary documentation regarding the erroneous procedure, conferred with hospital executives, met with other physicians who were involved, reported the incident to the state health department, and organized a team to conduct a root cause analysis.

The physician resigned his clinical privileges shortly thereafter, and the hospital submitted an Adverse Action Report to the NPDB concerning the physician's resignation during a pending investigation. After the HHS and the NPDB rejected the physician's challenges to the report, the physician sued the HHS's Secretary and the NPDB for damages, claiming that the report was improper because there was no evidence that he was under investigation by the hospital when he submitted his resignation.

The District Court, recognizing that Congress left the term "investigation" undefined under HCQIA, looked to the common meaning of the term (defined in the dictionary as a "systematic examination") and found the actions taken by the hospital between the time of the surgical procedure and the physician resigning his privileges to be "fundamental characteristics of an 'investigation.'" Accordingly, there was sufficient evidence to support the conclusion that the HHS Secretary's determination that an investigation had commenced was "rationally conceived."

The court also noted, in a footnote, that the most recent revised version of the NPDB Guidebook "contains a more fulsome explanation" of how the HHS interprets the term "investigation," and includes the following language: "if a formal, targeted process is used when issues related to a specific practitioner's professional conduct are identified, this is considered an investigation for the purposes of reporting to the NPDB." The court did not consider this language in its analysis because it was not in effect when the relevant events took place, but even so, the NPDB Guidebook does not explain what is meant by a "formal, targeted process." Thus, the court's analysis remains a useful and significant interpretation of the term "investigation," even under the latest revised version of the NPDB Guidebook.

Given that entities that engage in formal peer review are obligated to report a physician's resignation of his or her clinical privileges during a pending investigation to the NPDB, this decision provides helpful guidance as to when such an investigation has commenced. Specifically, an "investigation" is more likely to have commenced if the entity has already done some or all of the following regarding the procedure/incident:

1) Gathered the necessary documentation;

2) Conferred with hospital executives;

3) Met with other physicians who were involved;

4) Reported the incident to the state health department; and/or,

5) Organized a team to conduct a root cause analysis.

In sum, entities should ensure that there is a process in place to quickly initiate these actions, or at least some of them, following a problematic procedure or incident involving a physician. Doing so will help to protect the entity's decision to file a report should the physician resign during the pendency of the investigation and then later attempt to challenge the report.

1HCQIA defines "health care entity" ("entity") as: (i) a hospital licensed to provide health care services in the state in which it is located; (ii) an entity (including a health maintenance organization or group medical practice) that provides health care services and follows a formal peer review process for the purpose of furthering quality health care; and (iii) a professional society (or committee thereof) of physicians or licensed health care practitioners that follows a formal peer review process for the purpose of furthering quality health care. 42 U.S.C. § 11151(4)(A).

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP
Contact
more
less

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at www.jdsupra.com) (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at privacy@jdsupra.com.

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to privacy@jdsupra.com. We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to privacy@jdsupra.com.

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at: privacy@jdsupra.com.

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at www.jdsupra.com) (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit legal.hubspot.com/privacy-policy.
  • New Relic - For more information on New Relic cookies, please visit www.newrelic.com/privacy.
  • Google Analytics - For more information on Google Analytics cookies, visit www.google.com/policies. To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout. This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit http://www.aboutcookies.org which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at: privacy@jdsupra.com.

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.