ftc Archives - Medical Association of the State of Alabama

FTC’s Non-Compete Ban Blocked by Federal Judge

Posted by Mallory Camerio on August 21, 2024

By: H. Carlton Hilson, Amy Jordan Wilkes, and Gabriell Jeffreys, Burr & Forman LLC

On August 20, 2024, a federal judge in Texas blocked a Federal Trade Commission (FTC) final rule from taking effect that would effectively ban most employee non-compete agreements. The rule, which was set to take effect on September 4, 2024, would have prevented employers from entering into or enforcing non-compete agreements with the vast majority of employees and required employers to provide written notice to current and former employees that their non-compete agreements are no longer valid.

The court’s 27-page opinion blocking the rule concluded that the “FTC lacks statutory authority to promulgate the Non-Compete Rule and that the Rule is arbitrary and capricious.”
Specifically:
– The FTC exceeded its statutory authority in promulgating the Non-Compete Rule because it lacks substantive rulemaking authority with respect to unfair methods of competition; and
– The rule is arbitrary and capricious because “it is unreasonably overbroad without a reasonable explanation[;]” “is based on inconsistent and flawed empirical evidence, fails to consider the positive benefits of non-compete agreements, and disregards the substantial body of evidence supporting these agreements[;]” and “the FTC failed to sufficiently address alternatives to issuing the rule.”

Ultimately, the court “set aside” the Non-Compete Rule because it determined the FTC’s promulgation of the rule was an unlawful agency action, which means the rule will not be enforced or take effect on September 4, 2024 as anticipated.

Although the Non-Compete Rule has been set aside, the FTC has indicated it is considering a potential appeal and reminded employers that the decision does not prevent the FTC from addressing non-compete agreements through case-by-case enforcement actions. Thus, employee non-compete agreements will still face increased scrutiny. Accordingly, employers should undertake a careful of review of their non-compete agreements and other agreements containing restrictive covenants to ensure they are compliant with applicable federal and state law.

H. Carlton Hilson, Amy Jordan Wilkes and Gabrielle Jeffreys are Partners at Burr & Forman LLP.

Tags: ftc, Non-compete

Posted in: Legal Watch, MVP

Phishing Schemes Can Paralyze Your Medical Practice

Posted by admin on April 5, 2018

“Phishing” occurs when emails are sent to individuals or entities in an attempt to fraudulently gain access to personal information or introduce malware into the computer system. These emails are often disguised to look familiar to the recipient. The perpetrator may disguise their communication to appear to be from a colleague, family member or friend. They may also attest to be from a reputable source, like your bank, PayPal or other legitimate websites. They request that you click on a link or open an attachment. Fraudulent links will generally request that you update your information by entering your username or password. Some may ask for other types of personal information like address, date of birth, social security number or credit card information. Fraudulent attachments may contain malware, the most common being ransomware, which has had a significant impact on the health care industry.

What Is “Spear Phishing”?

Spear phishing is a specific kind of phishing that customizes its attack to specific individuals. For instance, the perpetrator may study an individual’s social media profiles and send them an email that appears to be from a co-worker or organization that they belong to. Just as with normal phishing exercises, the goal is for the target individual to click on a fraudulent link or attachment that will either provide the perpetrator with personal information or provide an opportunity to introduce malware into their computer system.

How Are Phishing Schemes Impacting Health Care Entities?

The threat of phishing activities to health care entities has steadily increased. Perpetrators are learning that the types of identifying information that health care entities attain and maintain are the exact types of identifiers they need to participate in a wide range of fraudulent activity from filing false tax returns to credit card fraud. These identifiers include data that health care professionals work with daily, like date of birth, social security numbers and health plan information.

When health care professionals fall victim to these phishing schemes it can threaten their entire organization. With the widespread use of Electronic Medical Records (EMRs), compliance professionals are seeing ransomware attacks on the rise as entity administrators attempt to recover their vital data.

Reduce Your Risk

Ensure that your entity has a clear and documented policy which addresses how employees should handle email communications. Some entities forbid accessing personal emails on work equipment while others set specific parameters. Your entity should determine the process that works best for your workforce and enforce that policy.
Train your staff on how they can identify phishing schemes and educate them on the threat that these schemes pose to your organization.
Ask your Information Technology (IT) personnel to send phishing emails to employees to test the number of employees who fall for phishing schemes after training.
Consider purchasing cyber insurance to protect your entity in the event of an attack.

Identify Phishing Activity

Often these fraudulent emails will have email links that are misspelled. For example, instead of customerservice@regionsbank.com, it may have customerservic@reggionsbank.com. Those variations are small and often overlooked.
Be careful about the information that you share on social media. Try not to post personal information like your address, phone number and birth date.
Be suspicious about sites that attempt to redirect you to other similar looking websites.
If you think an email looks suspicious, contact your supervisor or HIPAA Security Officer so that it can be investigated properly.

Report Phishing Attempts

If you believe that you or someone that you know may have been the victim of a phishing attempt, there are a number of authorities that receive these reports and act to minimize their impact.

You may file a report with the Federal Trade Commission (FTC). Reports can be sent electronically at FTC.gov/complaint.
Reports can be made to APWG at reportphishing@apwg.org. This is an anti-phishing workgroup that analyzes and fights cybercrimes.
Always notify your IT support staff or your HIPAA Security Officer when you believe that you have received a fraudulent email so that they can investigate the email and take action to minimize the threat.

If you have questions regarding phishing and malware, or if you believe that it is time to update your entity’s policies and procedures, please consult a health care compliance expert.

Article contributed by Samarria Dunson, J.D., CHC, CHPC, attorney/principal of Dunson Group, LLC, a health care compliance consulting and law firm in Montgomery, Alabama. Find more of Ms. Dunson’s contributions on her partnership page.

Tags: EMR, fraud, ftc, IT, link, paypal, phish, ransom, ransomware, technology

Posted in: HIPAA