Tag Archive for: tahlia clement

HIPAA Safe Harbor Bill | Tahlia Clement

The HIPAA Safe Harbor Bill: A New Incentive for Organizations to Prioritize Security

HIPAA Safe Harbor Bill | Tahlia Clement

On January 5, 2021, the President signed H.R. 7898, The HIPAA Safe Harbor Bill, into law. This new legislation amends the HITECH act to require the Department of Health and Human Services (HHS) to incentivize best-practice cybersecurity for meeting HIPAA requirements.

Previously, organizations that experienced cyberattacks were subject to HIPAA enforcement actions that included severe penalties and fines despite such organization’s cybersecurity practices.  Now, H.R. 7898 specifically requires that HHS evaluate whether the organization is using recognized security practices by reviewing the previous 12 months when calculating fines or penalties based on a cyberattack. However, the law also expressly states that it does not give HHS the authority to increase fines or even the extent of an audit when an organization is found to be out of compliance with recognized security practices.

According to the law, “the Term ‘recognized security practices’ means the standards, guidelines, best practices, methodologies, procedures, and processes developed under…the NIST Act, the approaches promulgated under… the Cybersecurity Act of 2015, and other programs and processes that address cybersecurity and that are developed, recognized, or promulgated through regulations under other statutory authorities.”

This new law is important since the healthcare industry continues to be the most impacted sector when it comes to cyberattacks. The healthcare industry accounted for 79 percent of all reported data breaches from January to November 2020, and attacks against healthcare organizations increased overall by 45 percent between November 2020 and January 2021. In addition, HIPAA violation fines can range from $100 per violation all the way up to $59,522 per violation. Since these fines are calculated on a “per violation” basis, in 2020 the fines imposed ranged from $3,500 to $6,850,000, with multiple fines imposed totaling over $1,000,000.

A recent example is when University of Texas M.D. Anderson Cancer Center was fined $4,300,000 for violations of the HIPAA and HITECH Act. However, on January 14, 2021 the United States Court of Appeals for the Fifth Circuit vacated the fine stating that it was “arbitrary, capricious, and otherwise unlawful.” The Court held that HIPAA does not require entities to use “bulletproof protection” and instead held that M.D. Anderson had adopted sufficient security practices. This case shows that even courts are now looking at security practices when determining if a HIPAA violation fine is reasonable.

For more information about your entity’s cybersecurity risks and HIPAA compliance, reach out to one of FGHW’s healthcare attorneys. Our attorneys have extensive experience with reviewing and analyzing HIPAA and cybersecurity practices to determine if they comply with recognized security practices under the new law. If your cybersecurity practices are not up to the new standards, FGHW’s attorneys can assist in implementing practices that are compliant.

Dallas Attorney Tahlia Clement

Tahlia Clement’s primary practice areas are marketing, advertising and promotions law, health law, internet law, and general business transactions. Tahlia graduated from SMU Dedman School of Law and holds a B.A. in journalism and mass communications from Arizona State University.

Dallas Paid Sick Leave Ordinance

Dallas Paid Sick Leave Ordinance Struck Down

Dallas Paid Sick Leave Ordinance

Penalties associated with a City of Dallas sick leave ordinance that was rolled out last August were scheduled to become effective on April 1, 2020. The penalties have been the subject of much discussion since the striking down of a similar Austin ordinance and the subsequent filing of a federal lawsuit seeking to prohibit enforcement of the Dallas ordinance. U.S. District Judge Sean Jordan put an end to the suspense by issuing an injunction on March 30, 2020, which struck down the ordinance as unenforceable and prohibited the City from issuing penalties.

The ordinance would have required Dallas employers to provide paid sick leave for most employees. In particular, the ordinance mandated the payment of one hour of sick leave for every thirty hours worked by employees who were employed for at least eighty hours in a year. Small businesses of five or fewer employees were not required to comply until August 2021, and businesses with fifteen or fewer employees could cap paid sick leave at forty-eight hours a year. Independent contractors and government employees were excluded.

The decision was not unexpected given the decision of the Austin Court of Appeals concerning the City of Austin’s sick leave ordinance. Judge Jordan largely agreed with the analysis of the Austin court, determining among other things that the ordinance violated Texas’ minimum wage laws.

The issue now goes back to the Dallas City Council to decide whether to appeal the ruling or to prepare a revised ordinance.  In the era of COVID-19, it will be interesting to see what the Council does next. If you have any questions about this ruling or any other employment matter, please feel free to contact our employment law department for assistance.

Tahlia Clement

Tahlia Clement’s primary practice areas are marketing, advertising and promotions law, health law, internet law, and general business transactions. Tahlia graduated from SMU Dedman School of Law and holds a B.A. in journalism and mass communications from Arizona State University.

Wanna Be An Influencer? A Legal Guide to Social Media

Social Media Influencer Law

With some of the top influencers reportedly making $250,000 for a single Instagram post, snapping selfies has become a career. Since the emergence of social media platforms, companies have been using influencers as a tool in their marketing and advertising strategies. In response to the growing prevalence of influencer marketing, the Federal Trade Commission (FTC) has increased legal requirements and guidelines for influencers’ social media posts, even going so far as imposing enforcement actions and fines for those who violate these guidelines.

Whether you are a company utilizing an influencer or an influencer yourself, it is important to be aware of and heed the FTC guidelines.  

Material Connection

The FTC’s primary concern regarding influencers is that paid social media posts must be truthful. When a company compensates an influencer for a social media post, it is considered misleading if it is not clear within the post that the influencer is being paid to endorse the product. The audience could believe that the post is autonomous, therefore giving the endorsement more credence. In order to make the post more truthful, the FTC requires the influencer to disclose any “material connections” to the product being endorsed.

A material connection occurs when the influencer is being compensated in any way for the post. Compensation can include a cash payment, free products or samples, free accommodations or travel, discounts, sweepstake entries, or any other incentive.

If there is any material connection between the influencer and the company, the influencer must disclose that connection.


Influencers must disclose a material connection in a way consumers can easily find and moreover, obtain enough information to understand the value of the endorsement.

The most common way material connections are disclosed on social media is through hashtags in the caption of a post. The following are examples of hashtags that are acceptable to the FTC:

  • #ad
  • #paid
  • #sponsored

The brand name must also be included either as its own hashtag or in the caption.

The placement of the disclosure in a caption is also important. Below is an overview of a few major platforms’ current requirements for sponsored influencer posts:

  • Facebook
    • The disclosure must be before the “Show more” link.
    • Use the branded content tool to tag the company.
  • Instagram
    • For posts, the disclosure must be before the “More” button.
    • For stories, the disclosure must be superimposed on the image.
    • Use the branded content tool to create the, “Paid partnership with…” message above the post or story.
  • Twitter
    • The disclosure must be in the first 125 characters of the caption.
  • YouTube
    • The disclosure must be in the description, displayed in the video itself, and displayed long enough for the viewer to read and understand it. YouTube offers some optional features such as automatic text overlay, static titles, and end cards to help configure a sufficient disclosure.
    • Notify YouTube that the video includes paid content by checking the “Video contains paid promotion” box under Advanced Settings.
  • Snapchat
    • The disclosure must be superimposed on the image.


Lastly, the FTC requires that the influencer’s post reflect his or her own honest beliefs, opinions, or experiences. A consumer could be misled if a social media post seems to reflect the influencer’s own feelings, when in actuality, it is what the company paid the influencer to say. Therefore, if the influencer is claiming to use the product and the effect of such product, the advertisement must reflect the influencer’s true experience to avoid misleading their audience.  

Social Media Endorsement

With the amount of money up for grabs as an influencer and the benefit of having an influencer endorse your product, it is important to enter a social media endorsement agreement. A social media endorsement agreement should clearly state:

  1. what the company expects from the influencer, including number of posts and number of followers the influencer must retain;
  2. the guidelines the influencer must follow, such as the above discussed FTC requirements;
  3. how the influencer is compensated;
  4. how the company will monitor the influencer to ensure the influencer is following the guidelines; and
  5. any other terms of the relationship.

If you are thinking of entering into a social media endorsement, consult an attorney familiar with advertising and marketing to ensure compliance with the FTC’s guidelines. 

Tahlia Clement

Tahlia Clement’s primary practice areas are marketing, advertising and promotions law, health law, internet law, and general business transactions. Tahlia graduated from SMU Dedman School of Law and holds a B.A. in journalism and mass communications from Arizona State University.

What You Need to Know About Copyrights

Most people have heard the word “copyright” or at least have seen the symbol “©” – but what exactly is a copyright?

Overview of Copyrights

A copyright protects an original work of authorship that is fixed in a tangible form of expression or medium, including literary, dramatic, musical, and artistic works. Copyrighted materials may include books, songs, movies, TV shows, plays, choreography, paintings, computer software, and architecture.

To satisfy the test for being “fixed in a tangible form of expression,” the work must have been recorded or written in some fashion – even if only on one’s computer. A copyright does not protect ideas. Furthermore, a copyright does not protect names, titles, slogans, or logos (although these may be protected as trademarks).

If you have ever wondered why you are prohibited from recording a movie in a theatre, or downloading free music from a disreputable website, it is because that movie or music is copyrighted. Creating an item that qualifies for copyright entitles you to legal rights under the law. By holding a copyright, you exclusively hold the following five rights; (1) to reproduce the work; (2) to distribute copies of the work to the public; (3) to prepare derivative works, or create adaptations based upon the work; (4) to perform the work publicly; and (5) to display the work publicly.

Copyright exists to encourage people to create original works by rewarding them with an exclusive right to profit from that work. Without copyright, there would be no financial incentive to create original works, and your original works could be reproduced and used freely by anyone for profit.

Obtaining a Copyright

Unlike trademarks and patents, you are not required to register your copyright in order to obtain the legal protections it grants. Your work is under copyright protection the moment it is created and fixed in a tangible form. However, in order to bring a lawsuit for infringement of a U.S. work, you must first register your copyright with the U.S. Copyright Office. A registered copyright may entitle its owner to statutory damages and attorney’s fees in successful litigation.

Notice of a copyright is given by using the “©,” followed by the first year of publication for a given work and the authors name, on the work itself. While this notice is no longer a legal requirement for protection, it can be used for evidence that the work is, in fact, under copyright protection.

Once obtained, a copyright lasts for the life of the author and expires on the seventieth anniversary of his or her death. When the author of copyrighted material dies, the copyright generally passes to his or her heirs. Until expiration, copyrights are generally transferrable; transfer can be recorded by submitting documentation to the Copyright Office.

In the event that you create a work within the scope of your employment, or the work was specifically ordered or commissioned in a certain, specified circumstance, the work is considered a “work made for hire.” In this situation, the employer or commissioning party is considered to be the author, and therefore, holder of the copyright. A copyright for a work for hire lasts for 95 years from the date of first publication, or 120 years from year of creation, whichever date occurs first. When a copyright expires, the underlying work enters the public domain. Once a work is a part of the public domain, anyone can reproduce, and use the work freely.

Copyright Infringement

When you believe someone has infringed on your copyright, you can protect your rights by filing a civil lawsuit in federal district court. However, there are two ways someone can use a copyrighted work without being liable for infringement.

First, a user can gain permission to use the work from the copyright holder. If you want to use someone’s copyrighted work, you may simply ask them for permission. To find out who holds a copyright to a certain work, a search can be done through the Copyright Office. For copyrights registered before 1978, a manual search must be conducted. For copyrights registered after 1978, the search can be done online through the Copyright Office’s website. Generally, permission to use a copyright is granted by a license.

The second protection that users can claim is the “fair use doctrine.” This doctrine allows use of a sample or section of a copyright work without permission of the copyright holder when the copying is deemed a “fair use.” Criticism, commenting, news reporting, teaching, and scholarship or research purposes are all considered fair use. There is no certain length of sample or section where the line is drawn between fair use and copyright infringement.

When determining whether the use of a work is considered fair use, four factors must be considered; (1) the purpose and character of the use; (2) the nature of the copyrighted work; (3) the amount and substantiality of the portion used; and (4) the effect of the use upon the potential market. These four factors will be considered when determining if an infringement occurred, or the use was lawful under the fair use doctrine.

If you believe your copyright has been infringed, make sure your copyright is registered with the Copyright Office and consult an attorney familiar with copyright infringement suits. Taking these key steps will help to ensure that you protect your copyright.