There is No Conspiring with a Squatter

Image credit: alphaspirit / 123RF Stock Photo
Image credit: alphaspirit / 123RF Stock Photo

The internet is the new Wild West. Courts have repeatedly refused to enter into the fray of arbitrating disputes involving the internet. If entities secure a URL address or domain name using your name, you may be left without a remedy. This situation happens in franchising. Either third party entities or even franchisees within the system register or secure a URL using the name of the franchisor or franchise system. Franchisors are often left without recourse; powerless to take down the URL.

Listen to one novel approach taken by a business attempting to protect its name and presence on the internet. Petroleum National Berhad, an oil company based in Malaysia and owner of the Petronas trademark, sued Godaddy.com, Inc. for contributory cybersquatting based upon a third party’s use of the Godaddy.com’s domain forwarding service. Godaddy.com’s domain forwarding services allows registrant of a URL or domain name to automatically and seamlessly forward internet traffic from one domain website to another website. In this case a third party registrant owner of the domain “petronastower.net” and “petronastowers.net” employed Godaddy.com’s domain forwarding services to forward traffic to “camfunchat.com,” an adult website.

Both the US government and the Malysian government contacted Godaddy.com on behalf of Petroleum National Berhad. To no avail, Godaddy.com refused to take action against the third party owner of “petronastower.net.” The stance case of PETRONAS V. GODADDY.COM ensued. Court action like the governments’ efforts, however, proved unsuccessful. The court in the case held there is no such thing as contributory cybersquatting. The law simply does not provide for a contributory claim under the cybersquatting laws. So for now [I have not confirmed this] all internet traffic to “petronastower.net” shall continued to be forward to the adult website, “camfunchat.com.”

Note, however, the court’s decision in this case is not universal. Courts in other cases have upheld a cause of action for contributory cybersquatting, including a case in California involving Verizon, a case in Washington involving Microsoft and a case in Michigan involving Ford Motor Company.

So what should franchisors do? Here are 3 suggestions:

1. Google your franchise system name often to see if your name is being used. Consider setting up Google alert that will tell you when your name is being used.

2. Include a provision in your franchise agreement that franchisees are not permitted to register or establish a URL address or domain name using the franchise name and enforce this prohibition.

3. Address trademark issues when they arise. Allowing time to pass without addressing issues will result in diminished enforceability.

 

 

 

 

Malware Attack Results in a Huge HIPAA Breach

bigstock-Isolated-Hand-Holding-Tablet-43568956 “I opened it up and I read this and just got furious. I don’t have words for it right now.” That is what one patient of UW Medicine and Haborview Medical Center told KomoNews.com in regards to receiving notice that her medical records had fallen victim to a malware attack.

Pursuant to the HIPAA Rules, patients must be notified if a breach occurs, which affects their medical records. The HIPAA Rules defines a breach as “an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual.

Listen to the video to learn more about HIPAA breach notification requirements:

The reported malware attack occurred when an UW Medicine and Haborview Medical Center employee opened an email attachment that contained a malware. The malware took over the employee’s computer that contained patient information including patients’ names, dates of birth, home address, phone numbers, dates of service, medical records numbers and social security numbers. The reported breach affected 90,000 patient records.

Microsoft’s Safety & Security Center defines malware as “any kind of unwanted software that is installed without consent.”

Malware can replicate, spread automatically, and compromise and harm your computer. In addition to viruses, malware includes trojans, spyware, adwords, worms, and many others.

Stay posted. Look for our upcoming blog regarding Malware and Virus FAQs.

 

 

Franchise Brokers-A Referral Source outside the System

A keyboard with a key reading franchise - business concept

Recently on our blog we completed a series based on the Franchise and Business Opportunity Project of the North American Security Administrators Association, Inc. [NASAA] purposed Multi-Unit Commentary [“Commentary”]. The goal of the commentary was to provide conformity and uniformity with the ever growing presence of the multi-unit arrangements within the franchise industry.

While franchise brokers are not within the scope of the Commentary, the Commentary does provide an aside regarding Franchise Brokers. Franchise Brokers are included in the substance of the Commentary because, in the words of the Commentary, Franchise Brokers do not sign a franchise agreement. As also noted Franchise Brokers are not employees of the Franchisor. They are independent sales agents. A Franchise Broker may solicit prospective franchisees for one franchisor, but most typically a Franchise Broker solicits a portfolio of franchise opportunities.

A Franchise Broker is dissimilar from a subfranchise and area representative in that the Franchise Broker does not pay the Franchisor for the right to solicit prospective franchisees. Akin to the subfranchise and area representative, however, the Franchise Broker does receive a commission or a portion of the initial franchise fee in exchange for soliciting prospective franchisees.

Let’s take a look at some disclosure and state registration issues related to Franchise Brokers.

Does your system work with franchise brokers?  Are you a franchise broker?  Tell use about your experience.

3 FAQ About HIPAA Compliance

iStock_000016268292Small FAQ1. I heard that the first step to HIPAA compliance is a risk analysis. What kinds of risks do I have to consider in the analysis? When completing a HIPAA risk analysis, you need to consider the following threats:

• Natural threats such as floods, earthquakes, and tornadoes

• Environmental threats such as power failures and chemical or liquid leakage

• Intentional and illegal threats such as eavesdropping, snooping, fraud, theft, and vandalism

• Accidental threats such as input errors and failures to update software

• External threats such as malicious cracking, demon dialing, and viruses

2. If we use email, patient portals, file sharing, and shared office calendars, do we need to implement HIPAA Security Safeguard for these programs and applications? Yes, if you store, transmit, input, or access client information via email, patient portals, file sharing, or shared office calendars, these programs and applications along with the devices that employ these programs and applications, including desktop computers, servers, tablets, laptops and smart phones, must be built-into your HIPAA compliance program.

3. What types of HIPAA training do I have to provide to my staff? As part of your HIPAA compliance program, you must provide initial training to your existing staff and any new staff members regarding your office’s HIPAA policies and procedures. In addition, you must provide ongoing annual training and security reminders to your staff.

Have other questions about HIPAA compliance?  Let’s us know your questions!

Franchise Area Representative-Third in a Series

bigstock-Franchise-opportunities-concep-40612081

Franchise Area Representatives, is the third in our series on franchise multi-unit series. The Franchise and Business Opportunity Project of the North American Security Administrators Association, Inc. [NASAA] posted, in consultation with the Federal Trade Commission [FTC], Multi-Unit Commentary [“Commentary”] for public comment. This series is based on the NASAA Commentary.

As recognized by the NASAA comment:

These structures [Area Developer, Subfranchise, and Area Representative] are not mutually exclusive; that is, a franchisor may use just 1 structure or may use a combination of 2 or 3 structures. There are no universally accepted terms for these structures within the franchise industry. The terms used to describe the structures in different franchise systems, and in different laws and regulations, vary widely.

Previously on our blog we discussed Area Developers and Subfranchisors. Click here to see our post on Area Developers and Subfranchisors.

Today we are going to discuss Area Representative. Under an Area Representative arrangement, a person or entity pays the franchisor for the right to sell unit franchise to prospective buyers or to provide significant support to the unit franchisees. The Area Representatives, the Subfranchisor, usually receives a portion of the initial franchisee fee and royalty fees paid by the unit franchisees.

This is the graphic depiction provided in the Commentary:

Pages from www.nasaa.org_wp-content_uploads_2013_10_Proposed-Franchise-Multi-Unit-CommentaryAR

 

Here are some FAQ about Area Representatives and franchise disclosures included in the NASSA commentary.

Next, look for our blog on Franchise Brokers!

Hey, Did You Know What Medication Suzy is Taking?

Image credit: artisticco / 123RF Stock Photo
Image credit: artisticco / 123RF Stock Photo

 

A Behind the Desk report published by a union advocacy group, Change to Win, alleges major HIPAA privacy and security violations against Walgreen’s new pharmacy model. The new model is called “Well Experience.” Walgreens has implemented the Well Experience model in 20 states. The goal of Well Experience is to “make pharmacists more accessible to patients and broaden the focus of the pharmacy by expanding services Walgreens can offer in its drug stores, such as vaccinations and acute and primary care.”

Sound like a good idea? Many retailers are trying innovative approaches to medicine. Kroger has the Little Clinic. CVS has the Minute Clinic. So, what it the issue? The Behind the Desk reports:

In 80 percent of stores visited, patients’ protected health information was left unattended on or near the pharmacist’s desk, and

In 46 percent of stores visited, prescription medication was left unattended.

Pharmacists were observed leaving active computer screens unattended on 11 visits. In some cases, patient information was clearly visible on the screen.

Pharmacists sometimes had sensitive conversations about patients at the desk, including telephone calls with doctors and third parties…

On 10 percent of visits, iPads were left unattended on the pharmacist’s desk.

To see pictures of the Well Experience model and read the full Behind the Desk report click here.

HIPAA does not require that providers, health plans, and business associates preclude all incidental disclosures, but medical providers, health plans and business associates are required to implement reasonable safeguards to prevent incidental disclosure of protected health information.

The Department of Health and Human Services on its website, Understanding HIPAA for Covered Entities and Business Associates says it this way: A covered entity must have in place appropriate administrative, technical, and physical safeguards that protect against uses and disclosures not permitted by the Privacy Rule, as well as limiting incidental uses or disclosures. See 45 CFR 164.530(c). It is not expected that a covered entity’s safeguards guarantee the privacy of protected health information from any and all potential risks.

Listen to the video to learn some of the things you can do to safeguard against incidental disclosures of protected health information or PHI.

Share some of the HIPAA privacy and security challenges and solutions that you implemented in your office or workplace!

Subfranchise- what is it?

businessman holding a touchpad pc and surfing in the social netw

 

The world of franchising has become layered with complexity. In every franchise system there is always a franchisor that grants the license and owns the trademark. There is always a franchisee that uses the trademark and operates the franchise location or unit. But there may be many layers in between. There could be subfranchises, area developers, and representatives.

What is a Subfranchise? What is an Area Developer? What is an Area Representative? How are they the same? How are they different? The 3 concepts are somewhat fungible and there is much confusion about the overlap and the differences. Recognizing this, the Franchise and Business Opportunity Project of the North American Security Administrators Association, Inc. [NASAA] post consultation with the Federal Trade Commission [FTC] has published Multi-Unit Commentary [“Commentary”] for public comment.

In the words of the Commentary:

These structures [Area Developer, Subfranchise, and Area Representative] are not mutually exclusive; that is, a franchisor may use just 1 structure or may use a combination of 2 or 3 structures. There are no universally accepted terms for these structures within the franchise industry. The terms used to describe the structures in different franchise systems, and in different laws and regulations, vary widely.

Previously on our blog we discussed Area Developers. Click here to see our post on Area Developers.

Today we are going to discuss Subfranchises. The Commentary defines Subfranchisor as: a person [or entity] that is granted, for consideration paid to the franchisor, the right to grant unit franchises to third parties, generally within a delineated geographic area. So in essence, within a defined geographic area, the Subfranchisor steps in the shoes of the franchisor. The Subfranchisor is given some portion of the initial franchise and royalty fee paid by the franchisee. The franchisee, under the subfranchisee model, is referred to as the Subfranchisee.

Now, you may be saying: ‘I have never heard the word Subfranchisor.’ You are not alone. This term is rarely used in the industry. Subfranchisees are typically referred to as master franchisees or regional franchisors.

This is the graphic depiction provided in the Commentary:

www.nasaa.org_wp-content_uploads_2013_10_Proposed-Franchise-subs-Commentary_Page_03

So how disclosure issues handled under a subfranchising relationship?  Take a listen.

Again, let’s keep things in prospective. The Commentary has not been adopted. It is only being published for public comment. The Commentary may change, be modified, or redrafted after public comment. The Commentary is not intended to override Federal Franchise Disclosure Laws.

Look for our Post on Area Representatives.

 

The Anatomy of a HIPAA Business Associate Agreement.

Image credit: Spectral / 123RF Stock Photo
Image credit: Spectral / 123RF Stock Photo

 

So, by this time business associates should have signed the updated BAA [business associate agreements]. The deadline to sign the new business associate agreement was September 23rd. Did you read the agreement? Do you know what it says? It is an agreement; so what is everyone agreeing to? Have business associates asked you what the agreement means?

 

Here is a general overview of the required provisions of business associate agreements. What provisions are included in the business associate agreement is governed by the HIPAA Rule. HIPAA says that covered medical providers, health plans, and clearinghouses must enter into business associate agreements with the service providers that use protected health information to perform services on their behalf. So, for example, if you hire someone or some entity to handle your billing, you’re a covered entity, and persons you hired are privy to protected health information as part of performing the billing services, a business associate agreement must be signed.

The HIPAA doesn’t just say sign any agreement. It says sign an agreement with these obligations. The Department of Health and Human Services has published sample provisions that must be included in the business associate agreement. The sample language can be integrated in your business associate agreement or you can draft your own language, but set obligations must be included. And, if you want, you can add your own provisions in addition to the required provisions. That is fine too.

What are the required provisions? The provisions cover 3 major obligations.

 

1. Facilitation of Patient Rights: Business Associates must cooperate with facilitating patient’s HIPAA privacy rights including:

• Receiving an accounting of protected health information disclosures

• Amending protected health information

• Authorizing and retracting authorization of protected health information disclosures

 

2. Completing and Implementing a Risk Analysis, Policies, and Procedures: Business Associates must implement the safeguards, policies, and procedures. Just like medical providers, medical plans, and clearinghouses, Business Associates have to conform and comply with the HIPAA Rules.

 

3. Reporting Breaches and Liability: Business Associates are responsible, liable, and must report breaches just like medical providers, health plans, and clearinghouses.

 

In summary business associates are not in with both feet. Business Associates must comply and are liable under HIPAA just like medical providers, health plans, and clearinghouses. Have questions about who is a Business Associate, when a Business Associate Agreement needs to be signed or if you are liable for your Business Associates? Watch the video:

;

Want more information? Need compliance help? Contact us.

 

Franchise Area Developers: It is the Happening Thing.

What is an Area Developer? What is a Subfranchise? What is an Area Representative? How are they the same? How are they different? The 3 concepts are somewhat fungible and there is much confusion about the overlap and the differences. Recognizing this, the Franchise and Business Opportunity Project of the North American Security Administrators Association, Inc. [NASAA] post consultation with the Federal Trade Commission [FTC] has published Multi-Unit Commentary [“Commentary”] for public comment.

In the words of the Commentary:

These structures [Area Developer, Subfranchise, and Area Representative] are not mutually exclusive; that is, a franchisor may use just 1 structure or may use a combination of 2 or 3 structures. There are no universally accepted terms for these structures within the franchise industry. The terms used to describe the structures in different franchise systems, and in different laws and regulations, vary widely.

So let’s start with the Area Developer. Here’s the definition provided in the Commentary: An Area Developer is an agreement where the franchisor grants a right to open multiple franchise units in a designated time period in a designated area. An area development agreement itself does not itself grant a right to operate a franchise unit. Area Developer has many different aliases. Area Developers are sometimes called master franchisee, multi-unit developers, and regional developer. The nomenclature changes and are used interchangeably.

This is the graphic depiction provided in the Commentary:

 Pages from www.nasaa.org_wp-content_uploads_2013_10_Proposed-Franchise-Multi-Unit-Commentary

 In addition to defining Area Developer, the Commentary some great FAQs with insights and watch-outs for people looking to buy a franchise and franchisors.  Take a listen:

;

Now let’s keep things in prospective. The Commentary has not been adopted. It is only being published for public comment. The Commentary may change, be modified, or redrafted after public comment. The Commentary is not intended to override Federal Franchise Disclosure Laws.

Look for our Post on Subfranchise.

%d bloggers like this: