On January 21, 2021, the Department of Health and Human Services (HHS) published proposed modifications to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH).

The proposed rule is part of HHS’ Regulatory Sprint to Coordinated Care, which seeks to promote value-based healthcare by examining federal regulations that impede efforts among healthcare providers and health plans to better coordinate care for patients. Specifically, HHS aims to amend the regulations implemented pursuant to HIPAA and HITECH where the rules present barriers to coordinated care and case management or where they otherwise impose burdens on covered entities that do not increase individuals’ privacy protections.

lock 0 [Converted]

On successive days last week, the Department of Justice (DOJ) unveiled enforcement actions against international cybercriminal organizations that utilized ransomware to infect computer systems and then extort payment, often in the form of cryptocurrency, from victims worldwide.  First, the Criminal Division’s Computer Crime and Intellectual Property Section and the U.S. Attorney’s Office for the Middle District of Florida announced the unsealing of charges against a Canadian national for his alleged involvement in the ransomware scheme known as NetWalker that generated tens of millions of dollars from businesses, public entities, and individuals whose computer databases were encrypted and rendered useless, pending satisfaction of a ransom demand.  The following day, the U.S. Attorney’s Office for the Middle District of North Carolina and the Criminal Division’s Computer Crime and Intellectual Property Section revealed their participation in a multinational enforcement operation that disrupted and dismantled Emotet, a botnet that utilized malware, including ransomware, to target critical infrastructure in the United States and abroad.  These actions highlight U.S. law enforcement’s increased focus on preventing ransomware attacks, which in the future will rely on both traditional collaboration among international law enforcement agencies and reporting from private entities over which the government exercises regulatory control.

Fraud has reached epidemic levels in the UK and should be seen as a national security issue, says think tank the Royal United Services Institute (RUSI) in a paper published last week[1]. It is the crime to which UK citizens are most likely to fall victim[2]. Its impact on the private sector has consequences for both the stability of individual companies and the broader reputation of the UK as a place to do business.

85% of reported fraud in 2019/2020 was cyber enabled[3] fraud[4]. With limited in person interaction due to the pandemic, and increasing levels of remote working, this figure is expected to increase in the coming year. Cyber fraud is a constantly evolving area with perpetrators adapting their methods as new technologies become available. Common examples of cybercrime are denial of service (DoS), botnet, phishing, and ransomware attacks.

SEC v. GPB Capital Holdings, LLC, et al. was filed in the Eastern District of New York on February 4, 2021 by the SEC, alleging violations of federal law in connection with the defendants’ investment business, which allegedly raised over $1.7 billion from more than 17,000 investors. Specifically, the complaint alleges that the defendants violated the Investment Advisers Act, the Securities Act, and the Exchange Act, along with corresponding regulations.

Health Enterprise Partners (HEP) has announced it has completed an investment in Aware Recovery Care.

Aware Recovery Care, based in Wallingford, Conn., is a provider of in-home mental health and substance use disorder services in Connecticut, New Hampshire, Maine, Florida and Massachusetts. The company provides what it describes as the “full continuum of home-based

As discussed in a prior McGuireWoods alert, the U.S. Department of Health and Human Services (HHS) published final rules that significantly amend the Physician Self-Referral Law (Stark Law), the federal Anti-Kickback Statute (AKS) and the Civil Monetary Penalties Law. The final rules discussed in this alert were originally given a Jan. 19, 2021, effective

February 3, 2021 – Rotstain v. Mendez, 2021 WL 359989 (5th Cir.)

On February 3, 2021, the United States Court of Appeals for the Fifth Circuit issued an opinion in Rotstain v. Mendez, holding in part that a receiver had standing to bring claims on behalf of investors in connection with a Ponzi scheme.

In the context of denying a motion to intervene, Rotstain clarified that receivers and their assignees have standing to bring claims on behalf of investors when the investors’ claims are against alleged conspirators for conduct in furtherance of that scheme and are derivative of and dependent on the claims of the receivership estate.

Overview

Consolidated financial account reports can offer a broad – all-encompassing — view of customers’ investments regardless of where the assets are held and may even include non-securities assets. Customers often demand them and firms and financial advisers provide them. FINRA has had these types of communications to customers on its radar screen for years.

Equally, on FINRA’s radar screen for years has been the need to supervise regulatory functions outsourced to third party vendors. FINRA has frequently reminded firms that outsourcing regulatory functions does not relieve the firm of its compliance obligations and that firms must supervise the outsourced activity.