Social Marketing & Liability

Similar documents
By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions

HIPAA BUSINESS ASSOCIATE AGREEMENT

Regulatory Update with a Touch of HIPAA

HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI

BUSINESS ASSOCIATE AGREEMENT. Recitals

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS

Social Media and Implications Related to Insurance Operations. Richard J. Fidei, Esq. and Timothy F. Stanfield, Esq.

BUSINESS ASSOCIATE AGREEMENT

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

HIPAA Security Rule Compliance

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

BUSINESS ASSOCIATE AGREEMENT

The Impact of HIPAA and HITECH

HIPAA BUSINESS ASSOCIATE AGREEMENT

Medical Privacy Version Standard. Business Associate Agreement. 1. Definitions

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Business Associates 10230

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

MaxMD 2200 Fletcher Ave. 5 th Floor Fort Lee, NJ (201) support@max.md Page 1of 10

HIPAA BUSINESS ASSOCIATE AGREEMENT

Disclaimer: Template Business Associate Agreement (45 C.F.R )

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

Building Trust and Confidence in Healthcare Information. How TrustNet Helps

SAMPLE BUSINESS ASSOCIATE AGREEMENT

Please print the attached document, sign and return to or contact Erica Van Treese, Account Manager, Provider Relations &

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box Portland, OR Fax

Adding Cloud Solutions to Customer Contracts Robert J. Scott

Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates

HIPAA OMNIBUS RULE: EXPANDED COMPLIANCE REQUIREMENTS

AGREEMENT. Solicitor Without Per Diem Compensation

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

Title Insurance and Settlement Company Best Practices. American Land Title Association

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

BUSINESS ASSOCIATE AGREEMENT RECITALS

My Docs Online HIPAA Compliance

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, :15pm 3:30pm

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

University Healthcare Physicians Compliance and Privacy Policy

TERMS OF USE. Last Updated: October 8, 2015

Covered California. Terms and Conditions of Use

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT

Am I a Business Associate? Do I want to be a Business Associate? What are my obligations?

BUSINESS ASSOCIATE AGREEMENT

Model Business Associate Agreement

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

The Institute of Professional Practice, Inc. Business Associate Agreement

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

YU General Guidelines for Use of Social Media

Business Associates, HITECH & the Omnibus HIPAA Final Rule

SaaS. Business Associate Agreement

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Business Associate Agreement

Overview of the HIPAA Security Rule

DRAFT BUSINESS ASSOCIATES AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

GUIDANCE FOR MANAGING THIRD-PARTY RISK

BUSINESS ASSOCIATE AGREEMENT Tribal Contract

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

Keeping a Finger on the Pulse of Social Media in Healthcare: Understanding Evolving Roles and Risks

CATHOLIC SOCIAL SERVICES BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

A s a covered entity or business associate, you have

Sample Business Associate Agreement (4. Other Bus. Assoc., Version )

WellDyneRxWEST Customer (TPA, Broker, Consultant, Group Health Plan, and other).

CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS

OCR UPDATE Breach Notification Rule & Business Associates (BA)

BUSINESS ASSOCIATE AGREEMENT

HIPAA Violations Incur Multi-Million Dollar Penalties

This form may not be modified without prior approval from the Department of Justice.

HIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN. Stewart C. Miller & Co., Inc. (Business Associate) AND

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act

Business Associate Agreement Involving the Access to Protected Health Information

Iowa County Government Social Media Use Policy

VMware vcloud Air HIPAA Matrix

HIPAA and Mental Health Privacy:

BUSINESS ASSOCIATE AGREEMENT

Healthcare Payment Processing: Managing Data Security and Privacy Risks

BUSINESS ASSOCIATE AGREEMENT

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

Business Associate Agreement (BAA) Guidance

BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM RECITALS

Chris Bennington, Esq., INCompliance Consulting Shannon DeBra, Esq., Bricker & Eckler LLP Victoria Norton, R.N., J.D., M.B.A.

what your business needs to do about the new HIPAA rules

HIPAA Compliance: Are you prepared for the new regulatory changes?

Business Associates Agreement

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist.

Business Associate Agreement

Data Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015

HIPAA BUSINESS ASSOCIATE AGREEMENT

Transcription:

Social Marketing & Liability Fred E. Karlinsky, Esq. Co-Chair, Insurance Regulatory & Transactions Practice Shareholder, Greenberg Traurig Louisiana Insurers Conference Insurance Compliance Seminar August 6, 2015 GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2014 Greenberg Traurig, LLP. All rights reserved.

Disclaimer The information in this presentation is intended to provide a general overview of the issues contained herein and is not intended, nor should it be construed, to provide specific legal or regulatory guidance or advice. If you have any questions or issues of a specific nature, you should consult with appropriate legal or regulatory counsel to review the specific circumstances involved. 2

Agenda > General Overview > Marketing Compliance Issues > Data Collection 3

Part One General Overview 4

Use Statistics > Usage continues to grow and change 73% of online adults use social networking sites 64% of users visit social sites at least once per day More and more users are accessing via mobile vs. computer 5

Primary Platforms Cheat sheet? 6

Primary Platforms 7

Most Commonly Used by Marketers 8

Legal Challenges > Social Media blurs our personal and professional lives Most sites encourage sharing of personal information Difficult to separate work from personal events Expectation to share many details of our lives, both personal and professional > Ethical issues: Social media interactions with clients Friend your clients? Establishing appropriate boundaries for professional relationships 9

Regulatory and Legal Issues > Sources of law: State Law and Federal Law National Association of Insurance Commissioners (NAIC) 10

State and Federal Law > The states are the primary insurance regulators State laws effect social media use Advertising/marketing laws Customer information use, handling, storage, etc. > Federal laws often mandate that the states adopt laws implementing certain standards Gramm Leach Bliley Act Health Insurance Portability and Accountability Act Health Information Technology for Economic and Clinical Health Act Trademark 11

NAIC > NAIC has adopted several Model Laws and Regulations: Unfair trade practices Advertising and marketing 2012 NAIC White Paper The Use of Social Media in Insurance > The White Paper focuses on the following key points: Insurance company and producer uses of social media Regulatory and compliance issues associated with the use of social media Guidance for addressing identified regulatory and compliance issues 12

Part Two Marketing Compliance Issues 13

Benefits of Social Media According to Marketers: 14

Objectives and Strategy > Social media is an incredible opportunity to humanize an insurance company s brand > As such, these companies want to translate their brand to social media: Define its personality and voice Develop guidelines for how, when and what topics you will engage in for social media What matters to your customers 15

Advertising > Promoted posts/tweets in Facebook, Instagram and Twitter help their brand get more visibility in news feeds > Able to geo-target, get hyper local Set audience requirements (gender, age, interests) > Set budget and duration 16

Examples of Social Media Advertising > Likes for Donations to Charities > Retweet positive messages > Farmville > Youtube Channel 17

Advertisement Defined > Information that is: Designed to create public interest in insurance, an insurer, or a producer or Induce the public to purchase, increase, modify, reinstate, or retain an insurance policy 18

Advertising Compliance > State advertising laws apply to electronic marketing the same way they apply to traditional forms of advertising Statutes may specifically provide for this, or laws may be interpreted to include electronic communications > Social media advertising can transcend state borders Creates additional issues 19

Advertising Compliance: Florida > The Florida Office of Insurance Regulation definition of advertisement includes communications containing any assertion, representation, or statement with respect to the business of insurance Excludes material not meant for public dissemination and communications with policyholders not meant to encourage renewal or expansion of coverage 20

Advertising Compliance: Louisiana > Material designed to create public interest... or to induce the public to purchase, increase, modify, reinstate, borrow on, surrender, replace, or retain a policy Excludes communications or materials used within the organization and not intended for dissemination to the public 21

Liability > The party responsible for traditional advertising content is easy to identify > Social media posts can be anonymous Difficult to identify the party responsible for such content > Competing theories related to identifying the party responsible for social media content: Adoption and Entanglement Theories Communication Decency Act of 1996 22

Liability > Adoption Theory Social media hosts can be found responsible for third party content if the host re-posts or forwards the content from their own social media platform Can also include the failure to remove content > Entanglement Theory An entity can be considered responsible for third party content if the entity was involved in the development of the content 23

Liability > Communications Decency Act of 1996 Subject to certain conditions, provides that internet users cannot be found liable for the posts of third parties Meant to promote development of the internet > Difficult to reconcile the Adoption and Entanglement Theories with the Communications Decency Act 24

Liability > Adoption Theory Tested: Swift v. Zynga Game Network, Inc. Rebecca Swift seeks to hold Facebook and Zynga liable for content produced by a third party offered in connection with Zynga games accessed through Facebook Filed in 2009, the class action lawsuit is still ongoing 25

Producer Content > Insurers can be liable for the posts of appointed agents The insurer is responsible for the posts of appointed agents that are attributed to the insurer The insurer is not responsible for posts not attributed to it > Social media policies should recognize and define these issues 26

Social Media Policies > Social media policies provide guidelines to mitigate risks associated with the use of social media platforms All employees should be familiar with the policy > Social media policies should include: Prohibitions on revealing confidential or proprietary information Disclaimers when necessary Guidance on the use of company logos or trademarks Respect for copyright, privacy, fair use, financial disclosure, and other applicable laws 27

Social Media Policies > Policies should broadly define what electronic communications are covered by the policy Should cover all hardware, software and communications activity > Employees participating in social media for business purposes should be appropriately trained and supervised Prohibit employees from engaging in business communications that are not subject to the company s supervision > Employees should have separate business and personal accounts 28

Social Media Policies > Set meaningful limits on who may engage in what activity during work hours on company systems > Require employees to identify themselves Employees should make clear that the opinions they express are their own, and not those of the company > Prohibit discriminatory or harassing posts > Instruct employees not to endorse company products until the message has been reviewed and approved 29

Social Media Policies > Keep creativity in check Do not sacrifice content for fanfare > Prohibit individual communications on wall postings > Do not be lazy with grammar and spelling > Do not friend strangers > When necessary, submit content for prior approval with state regulators > Acknowledge and respond to consumer complaints > Maintain compliant record retention policies 30

Producer Policies > Compliance professionals should ensure that personnel communicating on behalf of the company are licensed when necessary Establish controls over who may respond to social media posts Monitor producers, venders and other partners linked to social media sites to ensure compliance > Many states require that marketing be conducted in the insurer s name Social media accounts must satisfy this requirement 31

Agent Agreements > Insurers should enter into agreements with their agents to: Provide for prior approval for advertisements Define approved content Provide for training on website and social media maintenance and tools > Review agreements with agents to ensure they contain compliance responsibility, prior approval and hold harmless provisions Contracts should clearly define the rights and obligations of each party with regards to social media use 32

Crisis Planning > The speed and reach of social media mean that crises WILL happen There is little time to react Reining things in is difficult > Identify a response team and establish a plan of action before a crisis occurs 33

Records Retention > Most states require maintenance of records of advertisements disseminated to the public > Maintenance of records of social media content is not as simple as maintenance of traditional advertisements Social media sites change constantly 34

Records Retention > It is unclear whether just an initial post must be retained, or whether the initial post and all responses must be retained > Users of social media may have to retain content posted by third parties > Retaining posts made and received on personal electronic devices should be considered 35

Part Three Data Collection & Data Breaches 36

Social Data > There is little privacy on social media Individuals can control who sees their social media pages, but not who markets to them > This data is useful to marketers More targeted advertising Measure social media performance Learn what is important to customers > Collecting customer information carries risks The company becomes liable for unauthorized release of personal information 37

Sources of Law > Gramm Leach Bliley Act (GLBA) > Health Insurance Portability and Accountability Act (HIPAA) Health Information Technology for Economic and Clinical Health Act (HITECH) > State standards 38

Gramm Leach Bliley > Deals with the use and disclosure of consumers nonpublic personal information (NPI) NPI is individual s personally identifiable information collected in connection with providing an insurance product or service, unless the information is publicly available > Prohibits disclosure of a consumer s information to nonaffiliated third parties unless certain requirements are met 39

State Enforcement > GLBA requires the states to enact legislation implementing the GLBA privacy protection provisions > State insurance regulators enforce its provisions > Variation between the states 40

NAIC Model 673 > 2002: the NAIC adopted Model 673, Standards for Safeguarding Customer Information Advises states on how to implement GLBA > Establishes standards for developing and implementing administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information 41

HIPAA > HIPAA provides guidelines for disclosure of patient health information Applies to covered entities and their business associates > Covered entities: A health plan A health care clearinghouse A health care provider who transmits any health information in electronic form in connection with certain transactions > Business associates of covered entities: Entities that, on behalf of a covered entity, assist with activities involving the disclosure of individually identifiable health information Includes agents 42

HIPAA > Nonpublic personal health information (PHI): Identifies an individual who is the subject of the information; or Reasonable basis to believe that the information could be used to identify an individual > Security Rule > Privacy Rule 43

HITECH > When there is a data breach, HITECH requires health care providers and other HIPAA covered entities to promptly notify affected individuals, the Secretary of Health and Human Services (HHS), and in some cases the media Annual reporting requirements to HHS > Provides a safe harbor for following the guidelines to secure information 44

HIPAA/HITECH Example > Data breach with in a hospital system resulted in $4.8M HIPAA settlements > Breach was caused when a physician employed by the hospital, who developed applications for the hospital attempted to deactivate a personally-owned computer server on the network containing patient ephi. > Because of a lack of technical safeguards, deactivation of the server resulted in ephi being accessible on internet search engines. 45

Notification of Data Breach > Almost every state has laws that govern notification of security breaches Must notify affected parties of the breach > Know what not and when to disclose > Safe harbor laws 46

Notification: Louisiana > Database Security Breach Notification Law > Notification Trigger requires a risk of harm analysis No reasonable likelihood of harm to customers Only applies if information was not encrypted or redacted > Notice to Citizens and to Attorney General Received within 10 days of notice to citizens > Permits a private cause of action 47

Notification: Florida > The Florida Information Protection Act of 2014 took effect on July 1, 2014 Imposes requirements on covered entities that experience data breaches It is more stringent than previous Florida laws > Applies to any commercial entity that uses personal information Also covers third-party agents who process personal information on behalf of a covered entity > Generally, covered entities must provide notice to the Department of Legal Affairs and the affected individuals within 30 days of discovering the breach Safe harbor for encrypted data 48

Record Disposal > Under the Uniform Electronic Transactions Act (UETA), if a law requires retention of a record, the record may be stored electronically > How long to retain records? The more you have, the more you can lose > Laws on disposal, redaction, destruction of records 49

Key Points > Must determine how much personally identifiable information will be collected about insureds and potential insured through social media platforms > Privacy policies are critical for insurance entities Set forth the terms by which the company will handle personal information collected from consumers Needed to comply with applicable law 50

Questions? 51

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information