Spam Spam Spam Spam Spam Spam Baked Beans and Spam

December 13th, 2011

“18″ year old virgins have recently found online resellers of non-prescription viagra for Magic Jack users that want cheap ski vacations that need health insurance, iPads and Dyson vacuum cleaners at rock bottom, knock off prices!  And all of these thousands of emails have been sent to my account online so that I can help a gentleman from Nigeria move $55 million in money from an African bank account into the U.S. and I can charge a humble $5 million fee to help.  I just need to send my social security number, credit card numbers, street address, and a sample of my signature to a person I’ve never met by email, deposit the bogus cashier’s check in my trust account, and then immediately write a check off the account the next day, well before the bogus check is returned by the collecting bank.

I feel as though I have ended up in the 21st century Monty Python skit about the restaurant that only seems to have “spam” on the menu.  I hear this problem continues, with more than 70% of all email amounting to spam, according to a 2011 article from Symantec (though there was a time that more than 90% of email was spam, so there has been some improvement since those dark days in 2009).  Progress has been made with some service providers that have waged a counter war against spam.  Gmail, for example, group-sources and marks messages as spam based on all messages identified by users as spam across the gmail platform.  This is a surprisingly effective strategy.  My experience has been that there are few false positives.

Previously, email systems were implemented that would check if a message was sent from a known, blacklisted IP address based on a series of independently maintained blacklist databases on the internet.  There have also been other improvements in the background, including the use of special DNS entries, and email gateways that pre-filter messages before reaching the mail server (Symantec had a product it had acquired from Brightmail; Google Apps includes a single-domain license for Postini, which is also generally effective at cutting down spam).  Spam messages often include phishing links, virus-laden email attachments, and other nefarious attacks on users.  Reducing spam makes sense for service providers that are paying, ultimately, for the bandwidth and storage space to process and deliver this junk to users.  We clearly have a way to go to reduce this problem for users.  Until then, if you need male enhancement medicine, are missing out on a $1,000 transfer to your bank account, want to help a political refugee move his family fortune to the U.S., need a usurious student loan, or want to work from home – I’m your guy!

Post to Twitter Tweet This Post

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Posted in Information Security, News, Technology | No Comments »

Affordable Care Act Legal Challenges

November 16th, 2011

The Affordable Care Act (ACA) was passed into law in 2010.  This 906 page tome makes a substantial number of changes to the national health care law, but much attention has been focused on the individual health care mandate which is found in section 5000A (codified at 26 U.S.C. 5000A) of the law.  This section requires that “an applicable individual shall for each month beginning after 2013 ensure that the individual, and any dependent of the individual who is an applicable individual, is covered under minimum essential coverage for such month.”  If that applicable individual does not have “minimum essential coverage,” that person is subject to a penalty which cannot exceed 300% of $750 ($95 in 2014 and $350 in 2015), or $2,250 in 2016, and which will increase based on a cost of living adjustment in subsequent years.

People are not happy about this requirement to either buy health insurance or face a penalty at tax time that could eat up a family’s federal tax refund.  At least some people are not happy as there have been at least four different challenges to the Affordable Care Act filed in federal court which have made there way up the various federal circuit courts where these cases were filed.  In three of these cases, the administration (defending the constitutionality of the law) was the winner, but in the 11th circuit, the challengers of the law won (in the sense that the court in that case decided to not dismiss their challenge to the law).

In the U.S. today, we generally take for granted that Congress can legislate as it believes it should, and the average person most likely does not think much about whether an act of Congress is constitutional.  However, in our system of government, the Congress is empowered to legislate pursuant to specific enumerated powers found in the Constitution.  The one in play in this case is the interstate commerce clause, which is found in Article I, section 8, clause 3 of the Constitution.  This clause permits Congress to regulate activities that affect commerce between states.  Section 1501 of the ACA discusses how the individual insurance mandate is related to interstate commerce.  There are a number of findings written into the law where Congress has identified:

  • how important health care, as an industry is, to the nation ($2.5 trillion in GDP);
  • that this insurance requirement will add millions of new consumers to the health insurance market across the country;
  • that half of all personal bankruptcies are caused, in part, by medical expenses (which presumably could have been avoided if the medical issue was covered by health insurance); and
  • people don’t buy health insurance when they are healthy, which causes adverse selection in the existing health insurance pool, driving up insurance costs for everyone that does buy insurance.

The challengers to this particular section of the law essentially are arguing that Congress has exceeded its authority in trying to mandate that individuals buy health insurance.  The idea that powers not enumerated to the Congress are reserved to the individual states and the citizens of the country is discussed in the Tenth Amendment and in the history surrounding the nation’s adoption of our Constitution in the late 18th century.  If individuals that purchase health insurance are not impacting interstate commerce, Congress arguably exceeded its authority.

There are Supreme Court decisions that have investigated the limits of the commerce clause.  Federal legislation based on the commerce clause probably hit its high water mark over the buying and selling of wheat in the 1940′s in a case cited as Wickard v. Filburn, 317 U.S. 111 (1942).  In Wickard, the plaintiff had sought injunctive relief against the secretary of the department of Agriculture to prevent the collection of a tax against him for growing more wheat than permitted by federal law which set, at the time, quotas for the amount of wheat a farmer might grow.  The plaintiff alleged that Congress’ attempt at regulating the amount of wheat that a farmer might grow and consume on the farm exceeded its authority to regulate interstate commerce, as this wheat for local use was not in the commerce between states, and could only indirectly affect such commerce.  The Court rejected this argument.

The market for wheat, at the time of Wickard, exceeded any single state in the union.  According to the Court, every state, but one, grew wheat, and all states consumed it.  The market the Congress attempted to regulate was, therefore, a national and not a local one.  That Congress had the authority to regulate such a market was, from the Court’s perspective, squarely found in the Constitution.  “The stimulation of commerce is a use of the regulatory function quite as definitely as prohibitions or restrictions thereon. This record leaves us in no doubt that Congress may properly have considered that wheat consumed on the farm where grown, if wholly outside the scheme of regulation, would have a substantial effect in defeating and obstructing its purpose to stimulate trade therein at increased prices.”  Id. at 129.

Since Wickard, there has been some retreat from the relatively expansive view of the regulation of interstate commerce by Congress.  Notably, the Court indicated that a federal law aimed at criminalizing the possession of a firearm on a school campus exceeded Congress’ power.  See U.S. v. Lopez, 514 U.S. 549 (1995).  However, a divided Court decided more recently that the regulation of controlled substances, even when these drugs are only used locally as in the case of medical marijuana, may still be properly regulated by the federal government pursuant to the commerce clause.  See Gonzales v. Raich, 545 U.S. 1 (2005).

The Court today faces a number of challenges to ACA which share a commerce clause challenge as to the requirement that citizens buy health insurance or face a tax penalty annually.  To claim that health care, a $2.5 trillion market within the U.S., is not a national market, simply cannot pass the giggle test.  To further claim that making people buy health care or face a penalty, in light of the fact that most health care costs are paid for by insurance, exceeds the authority of Congress also does not pass the same test.  To the contrary – the act of not buying insurance inherently means that the risk pool for those with insurance is smaller, and therefore, increases the cost of insurance to those that carry it, plainly and directly impacts the national health care market.  If there ever was an example of local activity impacting a national industry, this would be it, given that there are between 30 and 40 million people who are uninsured in the U.S.  The challenge made, then, to ACA on this ground is to just misunderstand what Congress is supposed to be doing, and misstates an entire body of law on the enumerated powers of Congress.

Post to Twitter Tweet This Post

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Posted in Constitutional Law, News | No Comments »

Maryland 2011 LLC Act amendments

June 23rd, 2011

The Maryland General Assembly recently amended our limited liability company statute. Here is a nicely written summary of the changes to the statute courtesy of the Maryland State Bar Association: click here.

 

Post to Twitter Tweet This Post

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Posted in News | No Comments »

Stolen Personal Information

April 27th, 2011

Hackers continue to steal data from companies the world over, with a recent victim in Sony.  In that case, Sony apparently delayed reporting the loss to the 77 million users whose data was compromised, including dates of birth and possibly credit card numbers.

In late March, Epsilon reported that hackers had stolen the names and email addresses of individuals who receive business newsletters from Epsilon’s clients, which include a number of well known companies such as Best Buy and Robert Half International.  Considering that Epsilon delivers over 40 billion emails a year for its clients, the chances have gone up of improved, targeted phishing attacks as a result of this breach, particularly for banking customers of banks that have used Epsilon for email marketing.

There should be no surprise that the regulatory penalties for data breaches continues to escalate.  Security breach notification procedures were codified into the 2009 ARRA legislation for health care providers.  ARRA Health Tech Initiatives Section 13402 of the ARRA legislation (on page 17 of the linked pdf file) puts the responsibility on a covered entity to notify its customers of a data breach where unauthorized access is gained to “unsecured” protected health information.  In laymen’s terms, “unsecured” PHI is data that is not encrypted.  So, for example, a typical relational database stores its data in physical files on a computer hard drive or array.  Some database systems encrypt these files so that you could not just open up the file in notepad and read its contents.  If a hacker were to gain physical access to the server where these files were located, he or she might not be able to read them without further access (for example, with an administrator-level username and password to directly query the database).  Notification to patients would not likely be required in this circumstance if you could show the hacker gained physical access but not database-level access.

Does your database encrypt its stored data files?  Not all database software, and not all versions of specific database software, provide for native encryption.  For example, the data files of your Microsoft Access database are not likely to be encrypted.  For performance reasons, data files for MS SQL Server databases may also not be encrypted.  But, even if your database file is encrypted, if the administrator password to the database itself is blank or easy to guess (like “admin”), you may still have trouble brewing back at the server room.

Here is a list published by HHS of data breaches reported to it under ARRA’s notification requirements.  Do you see your physician on this list?  If things continue, you may sooner rather than later!

Post to Twitter Tweet This Post

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Posted in Information Security, News, Technology | No Comments »

China Registrar Scam

April 21st, 2011

I received this email today for my domain name, faithatlaw.com.  Allegedly, another company wants to register my domain name as a .cn and .asia domain.  I can’t imagine that there are actually people in China that would be that interested in a Maryland attorney’s web site (maybe the same people looking to hire me to enforce a Maryland judgment for $800,000 against some poor ex-husband, but in reality are trying to scam my attorney trust account).  However, you will note that the real China domain name registration center is CNNIC, and the registrar listed below, ygnetworkltd.com, is not listed on CNNIC’s list of authorized registrars.  So, this is almost certainly a scam.  I might have my lawyer send them a cease and desist letter!

Dear Manager:

This email is from China domain name registration center, which mainly deal with the domain name registration and dispute internationally in China and Asia.  On April 18th 2011, We received HAITONG  company’s application that they are registering the name ” faithatlaw ” as their Internet Keyword and ” faithatlaw .cn “、” faithatlaw .com.cn ” 、” faithatlaw .asia “domain names etc.., It is China and ASIA domain names. But after auditing we found the brand name been used by your company. As the domain name registrar in China, it is our duty to notice you, so I am sending you this Email to check. According to the principle in China, your company is the owner of the trademark, In our auditing time we can keep the domain names safe for you firstly, but our audit period is limited, if you object the third party application these domain names and need to protect the brand in china and Asia by yourself, please let the responsible officer contact us as soon as possible. Thank you!

Best Regards,

John
Oversea marketing manager
Office: +86(0)21 6191 8696
Mobile: +86 1366152 9704
Fax: +86(0)21 6191 8697
web: www.ygnetworkltd.com

Post to Twitter Tweet This Post

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Posted in News, Technology, Trademarks | No Comments »

Social Media and Searching for Attorneys

March 26th, 2011

The ABA Journal recently posted an article on a survey conducted by Harris of adults to determine how they would find a lawyer.  The days of yore when people used the yellow pages to find an attorney have apparently turned over: today, those same people are browsing the web.  That might be because some cities in the U.S. have banned or are thinking about banning the delivery of the old yellow phone book to try and save some trees.  Not surprisingly, however, the most common referral source for an attorney are friends and family, followed by a satisfied former client that calls you again for legal help (these two were the clear leaders for referral sources).

So, should lawyers throw away their Facebook, Twitter, and blog accounts?  The Harris survey indicated that a lower percentage of survey respondents were somewhat likely to look at these sources to check out an attorney (20% or less).  That’s about the same as the number of relationships that start online, according to match.com, if you believe the ads.  Interestingly, respondents to the survey were more likely to look at “innovative websites.”  Of course, that makes more sense.  Twitter is not a legal matching or legal news or even a lawyers-only web service.  But my web site is all about my firm.  Avvo.com is a directory of lawyers and doctors.  When you think of lawyers, I would imagine that Twitter is not the first online resource that pops into your head.

Bottom line: integrate your twitter and facebook fan pages into your web site.  Google is becoming the new phone book for online referrals, and if you don’t show up in the first couple of pages of results, you are less likely to be found by a prospective client.

Post to Twitter Tweet This Post

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Posted in News, Technology | No Comments »

Who Is A “Meaningful EHR User”

March 23rd, 2011

You may have heard that the government is giving money away to encourage doctors to start using electronic health records (EHR) in the U.S.  For “eligible providers,” that is true if the provider (a) uses a certified-EHR, (b) in a “meaningful” way, (c) by a certain date (approximately 2015), and (d) is eligible under the Medicare or Medicaid program based on makeup of the provider’s patient panel.  So, I guess that is sort-of giving away money.

The point of providing money to eligible providers is that EHR technology is expensive to acquire, implement, and maintain.  In fact, that is probably true of most computer technology (ever had to call a computer guy to remove a virus from your computer?  I think they are starting to charge as much per hour as lawyers!)  In addition, while eliminating paper systems undoubtedly saves some money to a practice in the longer term, but at least in the short term, these savings will not be seen in physician budgets.  So it helps if Uncle Sam pitches in some taxpayer dollars to get things started.  In this case, several billion over the next five or six years for the early adopters out there.

Certification

But, just spending some money on a computer system is not enough to qualify for these incentive payments.  A provider must use a “certified” EHR.  Only certain EHR’s are certified.  The list is available online here.  There are a number of organizations, like CCHIT, that act as certifiers of EHR systems.  These certifiers evaluate EHR software packages to determine if they have the minimum technology and functionality to be useful for practicing providers.  So, if you hire your IT-savvy son-in-law to write you a database to keep track of patient copays, you probably won’t be able to get those incentive payments!

“Eligible Provider”

Have a certified system?  Great.  But are you eligible under the program to receive the incentive payments?  That depends.  There are two basic tracks towards eligibility: Medicare and Medicaid.  You can obtain incentive payments under the Medicare program if you are a physician (including doctor of medicine, dental surgery, podiatric medicine, optometry, or a chiropractor) 45 CFR 495.100.  However, be careful.  If you are a physician, the amount that you can receive in incentive payments is a percentage of your total allowable Medicare charges, up to $15,000 for the first year, and less for the subsequent years.  So, if you have three Medicare patients that you see for $500 of allowable services a year, don’t expect a very large incentive check from the Medicare program.  See 45 CFR 495.102(a).

The other track is through the Medicaid program.  More providers are eligible under the Medicaid program, including physicians, dentists, certified midwives, nurse practitioners, and physician assistants (that lead a rural health center).  In order to receive incentive payments, the provider must have a patient panel where at least 30% of their patients are Medicaid recipients (20% for pediatricians), or the provider practices at a federally qualified health center and has a patient panel of at least 30% are “needy individuals” (which are both uninsured and Medicaid-eligible patients).  See 45 CFR 495.302.

Meaningful Use

You have a certified EHR system and you are the kind of provider that can participate under Medicaid or Medicare.  Great!  But are you a “meaningful user” as defined by the relevant regulations?  Well, that requires more effort on your part.  Namely, you need to meet the objectives that are described in more detail in 495.6.  For eligible providers, you have fifteen objectives listed in 495.6(d) that are “core” or required objectives to be met.  In addition, you must also meet five of the ten possible “menu” objectives that are listed in 495.6(e).  If that seems like a lot, well, you might be right.  And this list comprises the “stage 1″ objectives.  Stage 2 and Stage 3 objectives are currently on the drawing board, and are anticipated to become the meaningful use objectives starting in 2013 and 2015, respectively.

Can it be done?  With some effort.

Note: there are different rules for hospitals as compared to providers that work in an outpatient setting.  You can read the complete regulations here (sans the comments and explanations): EHR Final Rule no comments.

Post to Twitter Tweet This Post

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Posted in EHR, News, Technology | No Comments »

Proposed Stage 2 Meaningful Use Guidelines

March 23rd, 2011

The Health Information Technology Policy Committee (HITPC) published for comment its recommendations for stage 2 and stage 3 meaningful use guidelines in order for health care providers that are using a certified electronic health record to continue to receive incentive payments throughout the full five/six years of the incentive program.  A copy of these recommendations are here: MU Stage 2-3.

The Stage 1 final regulations were published last year.  Depending on the track and facility type, (whether through Medicare or Medicaid, and whether you are an eligible provider or eligible hospital), there are a number of “core” and “menu” requirements that must be met for an organization or individual provider to receive incentive payments for the first 2-3 years of the incentive program.  HITPC’s proposal would define the additional requirements that must be achieved by providers/hospitals in order to receive the balance of the incentive payments that are available.

In some cases, stage 2 and 3 goals are for the same thing (such as electronic prescribing), but the target is higher to achieve the goal (for example, in stage 1, an eligible provider is supposed to send prescriptions electronically at least 40% of the time, while stage 2 and stage 3 proposed goals are 50% and 80% respectively).  In other cases, HITPC has suggested that a “menu” requirement transition to a mandatory or “core” requirement for stage 2.  An example is the patient reminder that is on the stage 1 menu list for eligible providers at § 495.6(e)(4).  If patient reminders become a “core” or required objective, providers today should probably plan to try to comply with this menu item now if feasible, particularly if this is easier to implement as part of the core EHR package.

There are also some proposed new objectives for stage 2 and 3, such as the goal that 30% of patients have at least one electronic note in the EHR (which, if the practice has implemented the system in 2011, by definition, all patients seen would have one or more electronic notes in the system).

A simple google search on these proposals will turn up many comments and criticisms of these proposed stage 2 and stage 3 objectives.  Importantly, for those practices that wait until 2013 or later to implement an EHR, these practices will have to comply with the then-current meaningful use stage immediately to be considered a “meaningful EHR user” under section 495.6.  See § 495.314.  Based on the present HITPC recommendation, waiting to implement an EHR will make it harder to be a “meaningful EHR user” as compared to those practices that have implemented this year and have had a chance to work out the bugs with the system and their workflows.

Post to Twitter Tweet This Post

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Posted in EHR, News, Technology | No Comments »

Health IT Investments in the US Health System

March 23rd, 2011

The federal government, through passage of legislation in 2009 as part of the American Recovery and Reinvestment Act (ARRA), has provided capital incentives for qualifying providers through the federal Medicare and state Medicaid programs who implement certified electronic health records systems in the coming years.  Over the next five or six years, the ARRA program will authorize literally billions of dollars in incentive payments to health care providers that can demonstrate “meaningful use” at each of the three regulatory stages as set by the Centers for Medicaid and Medicare (CMS).

Interestingly, while we are reasonably sure of some of the health care delivery problems today (such as medication errors, duplicate lab tests that are ordered by different providers, lack of coordinated care between various providers), there is less data on what impact EHR technology has on these problems.  This is in part because of the still relatively low adoption rates of EHRs throughout the U.S.  However, as reported here, a literature review of 154 articles published on health IT adoption indicated that most of the time, improvements have been attained by practices adopting an EHR.  These improvements include increased “access to care, patient satisfaction, efficiency, and effectiveness of care.”

The longer term effects of EHR technology are still to be seen on patient care, particularly as overall adoption rates increase among health care providers.

Post to Twitter Tweet This Post

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Posted in News | No Comments »

Technology Presentation for Solo Attorneys

November 17th, 2010

The following is the presentation from Friday’s MSBA conference for Small and Solo firms.  These slides are for a “survey” or “101″ course on technology for attorneys getting started in practice.

Law Tech Tools

Post to Twitter Tweet This Post

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Posted in News, Technology | No Comments »

« Older Entries