On Tuesday, April 30, the Associated Press reported that the Drug Enforcement Administration (DEA), will move to reclassify marijuana from a Schedule I drug to a Schedule III drug.  DEA’s move comes several months after the Department of Health and Human Services (HHS) recommended to DEA (pdf) that marijuana be rescheduled under the Controlled Substances Act (CSA). What Does It Mean To Reschedule a Drug? Under the CSA, drugs are classified into five schedules based on the drug’s acceptable medical uses and the drug’s abuse or dependency potential.  A drug’s abuse or dependency potent ..read more

On April 23, 2024, the Department of Labor (DOL) released its highly anticipated final rule regarding overtime pay eligibility. The new rule, which goes into effect on July 1, 2024, significantly raises the salary thresholds for the so-called “white collar” or “EAP” exemptions, as well as the highly-compensated employee exemption. Once it is fully implemented, the regulation is expected to extend eligibility for overtime pay to approximately 4 million workers when they work more than 40 hours per week. Executive, Administrative, and Professional Employee Exemption An employee may be exempt fro ..read more

“Harassment, both in-person and online, remains a serious issue in America’s workplaces. The EEOC’s updated guidance on harassment is a comprehensive resource that brings together best practices for preventing and remedying harassment and clarifies recent developments in the law.” –Charlotte A. Burrows, EEOC Chair On April 29, 2024, the U.S. Equal Employment Opportunity Commission (EEOC) published its updated guidance on harassment in the workplace, “Enforcement Guidance on Harassment in the Workplace.” The new guidance updates and replaces EEOC’s previous guidance documents issued between 1 ..read more

The U.S. Department of Health and Human Services, Office of Civil Rights (OCR) recently updated its controversial, year-old guidance document on the use of online tracking technologies by healthcare providers and other HIPAA-regulated entities. Our analysis of the original guidance document may be found here. The updated guidance comes in the wake of a lawsuit filed by the American Hospital Association (AHA) against HHS-OCR challenging the agency’s position that the use of standard third-party web technologies that capture IP addresses on healthcare organizations’ public-facing webpages violat ..read more

Where Knowing Is Only Half the Battle Last week, the EPA announced a landmark policy change regarding the intersection and overlap of criminal and civil investigations/enforcement actions. EPA’s new policy represents one of the most dramatic and important changes in EPA enforcement policy in decades. The new Strategic Civil-Criminal Enforcement Policy (pdf) supersedes the 2019 Civil-Criminal Enforcement Coordination Policy and regional screening guidance issued in 1990, but reinforces the still-applicable 2007 OECA Parallel Proceedings Policy (pdf). EPA’s Strategic Civil-Criminal Enforcement P ..read more

Every national election cycle, we are reminded that presidential administrations drive the trajectory of white-collar civil and criminal enforcement priorities.[1] Halfway through President Biden’s first term, in 2022, Attorney General Merrick Garland announced, “I have . . . seen the Justice Department’s interest in prosecuting corporate crime wax and wane over time. Today, it is waxing again.” Two years later, has the Attorney General’s predictions manifested? The answer is a resounding “yes.” As part of Garland’s Department of Justice (DOJ), over the past three years, the department has tak ..read more

The Corporate Transparency Act (CTA) went into effect on January 1, 2024, creating a national beneficial owner database to be used in combating money laundering,  by requiring companies to report information about their beneficial ownership to the Financial Crimes Enforcement Network (FinCEN), a part of the U.S. Treasury Department. Who Must File Reports with FinCEN? Reporting Companies are required to file with FinCEN.  A “Reporting Company” is any nonexempt corporation, limited liability company, or similar entity that is (i) created by a filing with a federal, state, or tribal gov ..read more

The United States Department of Defense (“DoD”) recently published its Defense Industrial Base Cybersecurity Strategy 2024. For context, the DIB is comprised of more than 100,000 domestic and foreign companies or organizations that perform “research and development, design, production, delivery, and maintenance of DoD systems, subsystems, and components or parts, as well as those who provide software and other critical services to meet U.S. defense requirements,” according to the strategy document. The primary mission of the DIB cybersecurity strategy is to “ensure the generation, reliability ..read more

Principal Liz Heddleston was recently interviewed by HCPro for a story published on April 8, 2024, discussing the rising threat of ransomware attacks for healthcare providers. The story highlights lessons learned from a ransomware attack on a Maryland-based behavioral health practice that exposed the data of more than 14,000 patients, resulting in a recent monetary settlement between the practice and the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR). The incident – and the settlement that followed – serves as a reminder for healthcare providers about the imp ..read more

Despite the four-year mark since the world was forced into remote and hybrid work due to the COVID-19 pandemic, the challenges for business leaders in navigating these environments persist. The risks are numerous. In an article on April 8, 2024, in Risk & Insurance, Beth Waller, principal and chair of our Cybersecurity & Data Privacy practice, shares her insights on the cyber challenges that accompany new technologies. “More companies also are looking to leverage AI technologies to enhance efficiency, and cyber threat actors are following suit,” Beth told Risk & Insurance in an int ..read more