Protecting Privilege — New Rule 502 mitigates the risk of inadvertent e-discovery disclosures

By Michael Kozubek

Published in the 2/1/2009 Issue of Inside Counsel.

Privilege review has been a major culprit in the skyrocketing cost of e-discovery. With hundreds of thousands of documents subject to discovery in numerous cases, attorney-client communications and work-product information frequently end up in the hands of the opposing party. Because the production of privileged documents during discovery waives the privilege, discovery teams scour through documents trying to ensure nothing slips through that could damage their case. Still, with the volume of electronically stored information, inadvertent disclosure is almost inevitable, with potentially devastating results.

“Cases have been lost in part because of inadvertent disclosures,” says Bobby Balachandran, CEO of Exterro, a legal hold and workflow software provider.

But that risk diminished when Rule 502 of the Federal Rules of Evidence (FRE 502), originally drafted by the Judicial Conference Committee on Rules of Practice and Procedure, recently became law. The new rule is designed to mitigate the expense of privilege review while protecting companies from potentially large liabilities arising from inadvertent disclosures of privileged communication.

The rule provides that privilege is not waived when privileged communications are inadvertently disclosed, provided the holder of the privilege took “reasonable steps” to prevent disclosure and to rectify the error.

Litigators celebrated the enactment of FRE 502 while warning that it is not a panacea and does not remove the need for sound e-discovery management practices.

“The new rule is welcome news for litigants,” says David Lender, a partner at Weil, Gotshal and Manges. “An inadvertent production will not result in the waiver of the privilege as long as reasonable steps are taken to preserve the privilege before production.”

Continue reading

Advertisements

CVS Pays $2.25 Million and Toughens Practices to Settle HIPAA Privacy Case

The U.S. Department of Health and Human Services and the Federal Trade Commission today announced that CVS, the nation’s largest retail pharmacy chain, will pay the U.S. government a $2.25 million settlement and take corrective action to ensure it does not violate the privacy of its millions of patients when disposing of patient information such as identifying information on pill bottle labels.  The settlement, which applies to all of CVS’s more than 6,000 retail pharmacies, follows an extensive investigation by the HHS Office for Civil Rights (OCR) for potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule.

In a coordinated action, CVS Caremark Corp., the parent company of the pharmacy chain, also signed a consent order with the FTC to settle potential violations of the FTC Act. OCR, which enforces the Privacy Rule, opened its investigation of CVS pharmacy compliance with the Privacy Rule after media reports alleged that patient information maintained by the pharmacy chain was being disposed of in industrial trash containers outside selected stores that were not secure and could be accessed by the public.

At the same time, the FTC opened an investigation of CVS. OCR and the FTC conducted their investigations jointly. This is the first instance in which OCR has coordinated investigation and resolution of a case with the FTC. “OCR is committed to strong enforcement of the HIPAA Privacy Rule to protect patients’ rights to privacy of their health information. We hope that this agreement will spur other health organizations to examine and improve their privacy protections for patient information during the disposal process,” said Robinsue Frohboese, acting director of OCR. “Such safeguards will benefit consumers everywhere.”

The Privacy Rule requires health plans, health care clearinghouses and most health care providers (covered entities), including most pharmacies, to safeguard the privacy of patient information, including such information during its disposal. Among other issues, the reviews by OCR and the FTC indicated that: * CVS failed to implement adequate policies and procedures to appropriately safeguard patient information during the disposal process; and * CVS failed to adequately train employees on how to dispose of such information properly. Under the HHS resolution agreement, CVS agreed to pay a $2.25 million resolution amount and implement a robust corrective action plan that requires Privacy Rule compliant policies and procedures for safeguarding patient information during disposal, employee training and employee sanctions for noncompliance.

HHS and FTC also will require CVS to actively monitor its compliance with the resolution agreement and FTC consent order. The monitoring requirement specifies that CVS must engage a qualified independent third party to conduct assessments of CVS compliance and render reports to the federal agencies. The HHS corrective action plan will be in place for three years; the FTC requires monitoring for 20 years.

The HHS Resolution Agreement and Corrective Action Plan can be found on the OCR Web site at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/cvsresagrcap.pdf. OCR has posted new FAQs that address the HIPAA Privacy Rule requirements for disposal of protected health information.

They can be found on the OCR Web site at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/disposalfaqs.pdf.

Information about the FTC Consent Order agreement is available at http://www.ftc.gov .

Feds Set Sights on ‘Gatekeepers’ in Fraud Investigations

Joe Palazzolo
Legal Times

Federal law enforcement officials said Wednesday they are targeting lawyers, mortgage brokers, real estate brokers and other “gatekeepers” who perpetrated fraud that contributed to the current economic crisis — a clear warning shot as the federal government is pumping billions of dollars into the financial sector.

“They have the most to lose, they’re the most likely to flip, and they make the best examples,” said Neil Barofsky, the special inspector general for the Troubled Assets Relief Program, during a congressional hearing on fraud enforcement. Senate Judiciary Committee Chairman Patrick Leahy, D-Vt., was even more blunt: “I want to see these people prosecuted,” he said. “Frankly, I want to see them go to jail.” The hearing was meant to underscore the need for more law enforcement resources amid an upsurge in mortgage and corporate fraud investigations.

Leahy and Sen. Charles Grassley, R-Iowa, have introduced a bill that would expand the scope of federal fraud laws and provide funding for more prosecutors and investigators. FBI Deputy Director John Pistole told the committee that mortgage fraud investigations nearly doubled in the last two years to more than 1,600 in 2008. The bureau, he said, has more than 530 corporate fraud investigations open, including 38 directly related to the current financial crisis.

Pistole said he could see that number potentially rising into the hundreds. But federal law enforcers could do much more with additional resources, he said, pointing to the Justice Department’s successes in the wake of the savings-and-loan crisis of the 1980s. At the time, 1,000 agents and forensic investigators and dozens of federal prosecutors were devoted to the effort, which produced more than 600 convictions and $130 million in restitution. Compared to the $160 million lost during the S&L crisis, the current situation is far more dire, with financial institutions globally reducing their assets by more than $1 trillion.  But the Justice Department’s focus on national security has diminished the fraud ranks.

Pistole said 240 agents, supplemented by investigators from other agencies, are working on fraud cases stemming from the economic crisis. Rita Glavin, acting head of the Justice Department’s Criminal Division, said the department was in discussions with Barofsky about how best to handle criminal referrals and prosecutions when his office uncovers wrongdoing. She also said the Justice Department’s fraud section had created a mortgage fraud working group, with a collection of other enforcement agencies. Sen. Sheldon Whitehouse, D-R.I., asked Glavin whether DOJ had any designs for a nationwide mortgage fraud taskforce. Then-Attorney General Michael Mukasey repeatedly rejected the idea, saying individual U.S. Attorneys’ Offices were better equipped to handle the work. Glavin said the department was studying the issue. “No decision has been made with respect to that,” she said.

Tough Times for Corporate Legal Departments

Lexakos asked law department leaders again about their concerns, priorities and resource allocation plans for 2009. This year’s benchmarking survey covers reporting metrics, outsource planning for IP and litigation, budget pressures, e-discovery, privilege waiver management in relation to new Federal Evidence Rule 502, and other compliance priorities.

In 2007 and 2008, Compliance Week, the leading publication and information service on corporate governance, risk and compliance, chose Lexakos as a conduit for gathering and analyzing compliance needs across all industries

On February 3, 2009, Compliance Week featured the results from Lexakos’ most recent strategic planning survey, with over 230 corporations participating. In addition to highlighting Lexakos’ relevance in the compliance arena, this coverage gives Lexakos an exclusive perspective of hundreds of companies’ needs and practices.   Here is an excerpt:

The new study of corporate law departments confirms what most general counsels already know: 2009 is going to be a rough year.

Forty percent of legal departments expect a decrease in their overall operating budget for 2009, compared to only 8 percent last year. At the same time, however, litigation activity is rising—particularly for the financial sector, besieged by investors unhappy with the sub-prime mortgage meltdown and victims of the Bernard Madoff Ponzi scheme.

Wolf “Even though budgets are being tightened, litigation is going up,” says Rick Wolf, CEO of the consulting firm Lexakos, which conducted the survey. “What it suggests to me is that they’re being asked to do more with less.”

David Cohen, co-chair of the e-discovery analysis and technology group at the law firm K&L Gates, has observed similar trends. “Corporate law departments are facing two realities. The first reality is that litigation does not go away in troubling economic times, and the cost of that litigation tends to go up, not down, every year,” he says. “General counsel are left on the horns of a dilemma: how to cut litigation costs in the face of no decrease in litigation, and often increasing e-discovery demands.”

Those pressures should lead in-house legal departments to prune back the volume of work they leave to outside law firms by doing more work themselves. But law departments are now under their own pressure to cut back on staff. “The result of all of that, paradoxically, is that lawyers are stretched even more thinly than they have been in the past, making it difficult to bring more work in house,” Cohen says.

As a result, law departments are getting more creative in how they cut costs and managing themselves more efficiently, Wolf says. For example, only 32 percent of law departments last year used a centralized litigation group; that number jumped to 49 percent for 2009. And while only 20 percent of respondents last year said their legal departments had a strategic plan for the year, that number soared to 57 percent this year.

Compliance Week ran a similar feature article on the Lexakos 2008 Strategic Planning Survey titled “Records Management: A Governance Crisis?”

For a copy contact information@lexakos.com.