3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102

Lawyer Monthly - August 2023

As this edition is finalised, we are hitting the height of summer – and hitting it a little too hard, judging by the news from around the world. Amid unsettling reports of rising temperatures, wildfires and their human impact, we wish a safe month to all of our international colleagues. Our front cover feature of the month comes from prolific US healthcare attorney Helen Oscislawski, who has accrued a wealth of knowledge pertaining to health data and privacy over the course of a long and successful career. In today’s age of holistic digital integration, what safeguards exist for patients’ data, and how might a growing focus on app-centric healthcare cause friction? You can find our conversation with Helen on page 14. Elsewhere in this edition, we speak with a number of other attorneys of note, including Deborah Schuff at JUNES Legal and Lee Previant and John Noland at NP Law Firm. These stars in their respective fields share a little of their specialised knowledge with us, probing deeply into the fundamentals of process service and trial law. These interviews can be found on page 24 and page 48. Finally, as ever, this edition comes packed with a host of news stories and lawyer moves to get you caught up on all of the goings-on in the legal sector, as well as the latest developments in the M&A and IPO space. All you need to know about the world of business and law going into August is collected here for you to peruse. We hope that you enjoy this edition. LAWYER MONTHLY©2023 Universal Media Limited Lawyer Monthly is published by Universal Media Limited and is available on general subscription. Readership and circulation information can be found at: www.lawyer-monthly.com. The views expressed in the articles within Lawyer Monthly are the contributors’ own. All rights reserved. Material contained within this publication is not to be reproduced in whole or in part without prior permission. Permission may only be given in written form by the management board of Universal Media Limited. Approx. 302,000 net digital distribution. Oliver Sullivan Editor Lawyer Monthly Welcome to Lawyer Monthly Magazine AUGUST 2023 EDITION @lawyermonthly @LawyerMonthly @lawyermonthly company/lawyer-monthly Universal Media Limited, PO Box 17858, Tamworth, B77 9QG, United Kingdom 0044 (0) 1543 255 537 Production Team: Emma Tansey, Luke Ostle, Nathan Athersmith production@lawyer-monthly.com Sales Enquires: Jacob Mallinder Jacob.mallinder@universalmedia365.com

14

Contents 24 48 6 Monthly Round-Up 10 Lawyer Moves FEATURE OF THE MONTH 14 Helen Oscislawski Inside the Evolving Healthcare and Privacy Landscape MY LEGAL LIFE 24 Deborah Schuff The Value of Process Services for Law Firms 28 Lisa Ortega Delivering Expertise as a Legal Nurse Consultant SPECIAL FEATURES 34 What Is the UK Post Office Scandal? Oliver Sullivan, Lawyer Monthly 38 Why the Fixed Costs Reforms Will Spark a Legal Sector ‘AI Explosion’ Jonathan White, National Accident Helpline 42 ‘The Start-Up Nation’: Legislation Boosting Efficiency at the Israeli Company Registrar Diana Grosz, TMF Israel EXPERT INSIGHT 48 The Making of an Effective Trial Attorney Lee Previant and John Noland, NP Law Firm 54 Inside Biotech Prosecution in Japan Masaki Morishima, Saegusa & Partners THOUGHT LEADER 62 The ‘New Normal’ and How it Affects Serving of Process Harlin Parker, Target Legal Process Worldwide Corporation 66 Why is Family Mediation Training Essential? Joan Davis, Family Mediation NI 70 ADR in Family Law: When is it Suitable? Sarah Hechtman, Rower LLC TRANSACTIONS 74 What’s Happening in the World of M&As and IPOs?

Supreme Court Rules Business Owner Can Deny Services to Same-Sex Couples On 30 June, the Supreme Court of the United States ruled in favour of a Coloradobased web designer who objected to creating websites for same-sex weddings, saying that the state's anti-discrimination law violated the first amendment by infringing her right to free speech as an artist. to same-sex couples, it allowed her to express her views against same-sex marriage. The state also pointed out that the case was hypothetical, and that it appeared no same-sex couples had actually asked Smith to create a website for them. The ruling came days after news outlets discovered that part of the case’s foundation appeared to be false. In her lawsuit, Smith cited a request from a gay man for help in designing a website for his wedding to a man named Mike. However, the man whose name, telephone number and email address matched those listed on the request told news outlets that he had never contacted Smith, and that he had been married to a woman for 15 years. In her dissent, Justice Sonia Sotomayor described the Supreme Court’s decision as “profoundly wrong”. “Today, the Court, for the first time in its history, grants a business open to the public a constitutional right to refuse to serve members of a protected class,” Sotomayor wrote. “Our Constitution contains no right to refuse service to a disfavoured group.” The 6-3 ruling in favour of Lorie Smith is likely to have a wide impact, making it easier for business owners to discriminate against LGBTQ customers or other groups where they are assumed to have the same entitlement to expressive speech as Smith has as a designer. Colorado argued that its anti-discrimination law did not infringe upon Smith’s first amendment rights because, while it prevented her from refusing service Monthly Round-Up AUGUST 2023 Court Rules Against Uber in Win for California Workers The highest court in California has ruled that Uber must face a class-action lawsuit claiming that it should have covered work-related expenses for UberEats drivers. The landmark ruling, delivered unanimously by the California Supreme Court, found that driver Erik Adolph did not give up his right under state law to sue on behalf of a large group of workers, despite signing an agreement to bring his own work-related legal claims in private arbitration rather than litigation. Adolph had sued Uber in 2019 over its alleged misclassification of drivers as independent contractors rather than employees. In this case, he has claimed that drivers should be reimbursed. The ruling affects more than half of non-union private sector workers in the US, who are required to sign agreements similar to Adolph’s, and could open companies in the state up to more largescale lawsuits. However, Uber lawyer Theane Evangelis argued in a statement on 17 July that the ruling conflicts with a decision made by the US Supreme Court in 2022 involving Viking River Cruises, which found that companies could force individual PAGA claims into arbitration. “We are considering our appellate options,” she said. 6 LAWYER MONTHLY AUGUST 2023

claimed that her child had used the money payed for the images to fund a crack cocaine habit. A lawyer for the young person has since dismissed the allegations as “rubbish”, but the family have stood by their claims. “We will now move forward with that work, ensuring due process and a thorough assessment of the facts,” a BBC spokesperson said regarding the investigation. Edwards’ wife named him as the presenter at the heart of the allegations, stating that he was in hospital with “serious mental health issues”. The reopening of the BBC’s enquiry followed a statement from the Metropolitan Police that found there was “no information to indicate” that a criminal offence had been committed. The presenter’s identity was not initially disclosed in the allegations published on 7 July by the Sun website, where it was reported that he had paid a young person (now 20) for sexually explicit photographs beginning from when they were 17. The wording of the allegation was changed in subsequent versions of the Sun’s story, stating instead that “it is understood contact between the two started when the youngster was 17”. The paper had quoted the young person’s mother, who MONTHLY ROUND-UP 7 The BBC has announced a resumption of its investigation into presenter Huw Edwards after police found no evidence of criminality regarding claims that he paid a young person for explicit images. BBC Resumes Huw Edwards Enquiry as Police Find No Criminality

Elon Musk Sues Law Firm That Compelled Him to Complete Twitter Takeover Elon Musk has filed suit against top law firm Wachtell, Lipton, Rosen & Katz to recover the bulk of a $90 million fee it received from Twitter after thwarting his attempt to ditch his $44 billion buyout of the company. In a suit filed on 5 July in the California Superior Court in San Francisco, Twitter parent company X Corp, owned by Musk, accused Wachtell of exploiting Twitter by accepting a large ‘success’ fee paid by soon-to-depart Twitter executives shortly before the buyout was conclude on 27 October 2022. Musk called the $90 million sum “unconscionable” and accused Wachtell of having “undertaken absolutely no risk” in obtaining the fee by arranging to bill Twitter by hourly rates instead of taking the case on a contingency basis. Musk is seeking to recoup the “excess” fees that Wachtell charged. The firm has tackled buyout-related lawsuits from billionaires previously, having spent years embroiled in a legal battle with Carl Icahn over his 2012 hostile takeover of CVR Energy before Icahn’s malpractice claim was ultimately dismissed. Twitter itself has been the subject of a number of lawsuits, both threatened and actual, since Musk’s 2022 buyout. Multiple landlords, consultants and vendors have accused Musk of not paying bills, and Twitter has threatened a lawsuit against Mark Zuckerberg’s Meta over the latter company’s new social media app, Threads. Monthly Round-Up AUGUST 2023 8 LAWYER MONTHLY AUGUST 2023 Photo Credit: WikiCommons - Ministério Das Comunicações. License: Attribution 2.0 Generic (CC BY 2.0) - https://creativecommons.org/licenses/by/2.0/deed.en

J&J Again Fails to Resolve Talcum Powder Lawsuits in Bankruptcy Florida Judge Rules Against Disney in Ongoing DeSantis Feud Johnson & Johnson’s second attempt to resolve tens of thousands of lawsuits over its talcum powder products in bankruptcy, putting a proposed $8.9 billion settlement aimed at stopping new lawsuits at risk. A Florida judge has rejected a request from Walt Disney Co to throw out a lawsuit filed by an oversight district, a move that could make it harder for the media giant to pursue its case against Governor Ron DeSantis in what has become a protracted feud. first attempted to resolve the lawsuits in 2021, shifting its talcum powder liabilities to new unit LTL Management and then immediately having that company file for bankruptcy. In April 2022, a US appeals court threw the attempt out, arguing that the company was 2022 after Disney criticised a newly introduced law banning discussion of sexuality and gender identity in classrooms. DeSantis proceeded to attack “woke Disney” in public remarks and led lawmakers in passing bills to transfer power over not under sufficient financial stress to warrant bankruptcy protection. J&J said that it would appeal Kaplan’s decision, adding that it would defend itself against lawsuits that are “specious and lack scientific merit”. Disney’s district in the state to the governor, reconstituting the area as the Central Florida Tourism Oversight District. The oversight district has not commented on these latest developments. In a ruling delivered on 28 July, US bankruptcy judge Michael Kaplan said that J&J’s second bankruptcy must be dismissed – like the first – because the lawsuits did not place the company in “immediate financial distress”. Kaplan wrote: "In sum, this Court smells smoke, but does not see the fire” in reference to J&J unit LTL. "Therefore, the emphasis on certainty and immediacy of financial distress closes the door of Chapter 11 to LTL at this juncture." The pharmaceutical giant The oversight district’s case seeks to void what it describes as “backroom deals” favourable to Disney that the company struck with a prior district board earlier in 2023. Should those deals be voided, Disney’s federal case against DeSantis will be greatly disadvantaged. In a statement, a Disney spokesperson said that the company is fully confident that it “will prevail in both the federal and court cases”, adding that the decision “has no bearing” on the federal lawsuit that seeks to “vindicate Disney’s constitutional rights”. The feud between the entertainment empire and Governor DeSantis began in MONTHLY ROUND-UP 9

Lawyer Moves RECENT APPOINTMENTS FROM ACROSS THE GLOBE UK National law firm Irwin Mitchell has expanded its real estate disputes team with the recruitment of a new partner, William Scott, who will be based in the firm’s London office. Scott has extensive experience of working for both landlords and tenants, advising on all aspects of disputes relating to commercial landlord and tenant relationships. He has particular expertise in acting for corporate occupiers, charities, retailers, unions, educational establishments and individuals. His day-today work includes advising on service charge disputes, dilapidations claims, all aspects of exits from property, lease renewals, forfeitures and possession claims. Scott He joins Irwin Mitchell from Bates Wells, where he was head of real estate disputes since April 2019, having joined the firm as a solicitor in 2008. He will be working with Irwin Mitchell partner and London head of real estate disputes Paul Henson in a team of seven specialist real estate disputes lawyers in London. The appointment takes the headcount of Irwin Mitchell’s specialist disputes team to 25, including four partners and four senior associates, based in offices across the UK. The team is jointly led by partners Danny Revitt and Tim Rayner and sits within Irwin Mitchell’s property division, which will now number 29 partners and over 150 qualified lawyers. Baker McKenzie has appointed Angela Petros to the role of chief marketing officer (CMO). Based in New York, Petros will lead the firm's business development, marketing and communications function globally. She joins from Morrison Foerster, where she has held the role of CMO for the past eight and a half years. Petros brings a strong track record in professional services, holding senior marketing and strategy roles with LexisNexis as well as working as a management consultant at the Boston Consulting Group. She trained as a lawyer in her native Australia and spent the first part of her career as an associate with what are now Herbert Smith Freehills and King & Wood Mallesons. In recent leadership roles, Angela has focused on growing revenue by building and strengthening key client relationships, adopting a ‘digital first’ approach to marketing and developing strong, integrated global business development, marketing and communications teams. Irwin Mitchell Adds London Partner to Real Estate Disputes Team Chief Marketing Officer Appointed at Baker McKenzie London, United Kingdom Irwin Mitchell New York, USA Baker McKenzie Dublin, Ireland Bryan Cave Leighton Paisner Global law firm DLA Piper has made 13 new appointments in its Dublin office, with seven senior associates, one legal director and five business services professionals promoted across the firm. Finance, projects and restructuring lawyer Kieran Finn has been promoted to legal director, while the new senior associates are Blayre McBride and Dara McDonald in the corporate team, Eilís McDonald in intellectual property and technology, Hayley Maher in employment, Laura O’Malley and Cathal Barrett in tax and Lorcan Doocey in real estate. Appointments across business services teams at the firm include David Grimes as IT manager, Shane Halpin as finance manager, Shauna O’ Hanlon as team co-ordinator, Caroline Byrne as senior HR manager and Kerri Pender as secretary. Additionally, the recent appointment of Naoise Hartnett brings the total number of partners in the Dublin office to 18, with a total team of more than 110 professionals operating from the location. “Today is a significant day for us as we announce these promotions and continue to strengthen the firm’s expertise in Ireland,” said David Carthy, country managing partner for Ireland at DLA Piper. “All of the individuals will step up in their new roles to further support our growth strategy in Ireland, while nurturing and developing existing relationships with clients at home and internationally.” DLA Piper Announces 13 New Appointments in Dublin Office 10 LAWYER MONTHLY AUGUST 2023

Dentons has announced the appointment of Sulema Medrano as a partner in the firm’s commercial litigation practice. Joining the Chicago office, Medrano will bring extensive experience in commercial litigation cases to the practice group. Specialising in fraud, breach of contract, misrepresentation and bad-faith claims, Medrano is known for her capabilities in commercial disputes in both state and federal courts across the US. With success in defending wrongful-death claims, arbitrating large-scale firstparty claims and obtaining scores of dismissals for clients, Medrano also acts as a trusted representative for insurance clients seeking counsel on litigation, complex coverage disputes and regulatory compliance matters. Medrano has experience in representing a diverse range of clients, including those in the transportation and construction sectors, property owners and securities firms and healthcare and manufacturing companies. Dentons Bolsters Commercial Litigation Practice with Partner Hire Dechert LLP ha announced that Sam Kay, one of the UK’s leading private equity fund lawyers, has joined the firm as a partner in its financial services and investment management practice in London. With over 25 years of experience advising on investment funds, Kay specialises in fund formation work for a wide range of private equity firms across a broad range of investment strategies, including leveraged buyouts, venture capital, real estate, infrastructure, energy and transition funds, and for asset management clients in the private equity, private debt, infrastructure and real estate sectors. He also regularly works on GP-led transactions and secondaries (both buy-side and sell-side), carried interest arrangements and co-investment schemes, and counsels on ongoing and follow-on fund strategy as well as liquidity solutions. In addition, he advises institutional investors in connection with their investments in private equity funds and thus sees a broad range of fund terms and conditions. Kay has been distinguished as a ‘Global Leader’ for private fund formation by Who’s Who Legal and ranked in Chambers UK in 2022. He was included in Real Deals’ list of the ‘Top 20 Most Influential’ in private equity in 2022. Dechert Boosts London Fund Formation Practice in London with New Partner Chicago, USA Dentons London, United Kingdom Dechert LAWYER MOVES 11

Lawyer Monthly regularly features opeds and news updates tracking the everchanging climate of data regulation and privacy. The pace of technological advancement and its regulatory fallout can be difficult to parse, yet the decisions made by governments and courts in this area affect countless lives. This is true for health data most of all, as its mismanagement could have an especially dire impact upon victims. Our cover story for August 2023 comes from Helen Oscislawski and explores this matter further. A seasoned New Jersey attorney with a wealth of knowledge of the US healthcare sector and its inner workings, Helen takes us through her journey into law, the regulations that govern organisations’ use of health information and what the future may hold for health data and privacy in this exclusive interview. Her insights can be found overleaf. FEATURE OF THE MONTH

Inside the Evolving Healthcare and Privacy Landscape Helen Oscislaws With healthcare becoming more digitally integrated year on year, health data has grown increasingly sensitive – and potentially vulnerable to misuse. Regulation in the US and internationally to combat data misuse has seen a corresponding sea change, with new developments underway as the pace of digital growth accelerates. Career healthcare law attorney Helen Oscislawski speaks with us on the above and more in this month’s main feature. The following interview takes a close look at Helen’s fascinating career story and the current state of healthcare and privacy law in the US, as well as the uncertain future of health data privacy with the advent of app-based health information services. Thank you very much for speaking with us, Helen. For our readers who may not have encountered you before, can you please share a little about your practice and your personal journey in the field of law? It is hard for me to believe that I have been practicing law for over 23 years! Growing up, pursuing a career in law was not even in the realm of my awareness. I grew up an only child to two working parents who came to the United States as Ukrainian refugees shortly after World War II. Quite often, I was looked after by my grandmother who did not understand English. Consequently, Ukrainian was my first spoken language. One might say that 14 LAWYER MONTHLY AUGUST 2023

ski FEATURE OF THE MONTH 15

such factors are not exactly conducive to pursuing a profession which demands the strongest of English speaking and writing skills. I went on to graduate from Rutgers University with a degree in Psychology Summa Cum Laude and was named ‘Most Outstanding Student in Psychology’. My plan was to go on to earn a PhD degree and become a clinical psychologist. However, my husband and I had to relocate to Michigan so that he could complete his residency in emergency medicine. As a result, I put my graduate school plans on hold. I worked as a social worker in a skilled nursing facility during that time. However, soon after, my husband convinced me that I should give law school a try. The rest then, as they say, is history. I graduated from Rutgers School of Law at the top of my class and was admitted to the New Jersey bar in 1999. I worked as an associate at two different law firms before ending up at a large firm’s satellite office in Princeton, New Jersey. As it turns out, that job set up the trajectory for the rest of my career focusing on a unique and fascinating niche area of law – health data privacy. When I started my job in Princeton, the federal law of HIPAA had just been enacted and its related regulations were brand new. For two years straight, I was assigned almost exclusively to matters which required detailed and comprehensive analysis of HIPAA. I was also required to research and analyse state laws which intersected with HIPAA, as well as other federal privacy laws. I quickly became the firm’s ‘go-to’ attorney for any legal issues involving privacy and health information. Around 2005, health information technology really started to take off. First, there was a massive push to transition medical records from paper to electronic health records. Next came initial efforts to connect providers, patients and their electronic medical information through internet-supported networks. I was fortunate to be ideally positioned as a privacy expert at the forefront of this transformation. On 13 May 2008, I was appointed by Governor Corzine to serve a twoyear term on the New Jersey Health Information Technology Commission which was charged with developing a statewide health information technology plan for New Jersey. My role was to fill a seat reserved for “an attorney practicing in this State with demonstrated expertise in health privacy issues”. In 2010, I was reappointed by Governor Christie to serve a second two-year term and became Chair of the Commission’s Privacy Subcommittee. In February of 2010, I left the law firm I had been at for nearly eight years to start my own boutique law practice, Attorneys at Oscislawski LLC. I now have the privilege of working with clients across the entire United States and advising them on how to manoeuvre their businesses through data privacy 16 LAWYER MONTHLY AUGUST 2023 For two years straight, I was assigned almost exclusively to matters which required detailed and comprehensive analysis of HIPAA.

Drawing on your area of expertise, can you share some background into healthcare privacy regulation in the United States and the key laws and statutes that govern the use of healthcare information today? In the early 1970s, Congress enacted a federal privacy law to protect the confidentiality of patient records originating from certain providers providing treatment for substance use disorders (SUD). That law and its related regulations are often referred to as ‘Part 2’. However, Part 2’s privacy protections did not extend to protecting information created by other types of healthcare providers. Additionally, although states were addressing health data privacy rights on an individual basis, the result was an uneven patchwork of standards that often fell short of guaranteeing individuals with meaningful privacy rights. On 21 August 1996, Congress finally passed the first comprehensive federal healthcare privacy law in the United States – the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (‘HIPAA’). Four years later, the Secretary of Health and Human Services (HHS) published the ‘HIPAA Privacy Rule’ and required full compliance by 14 April 2003. Other rules implementing HIPAA followed, including the HIPAA Security Rule, which aims to safeguard electronic health information, and the Breach Notification Rule, which requires individuals and HHS to be notified when certain unencrypted health information has been compromised. Together, Part 2 and HIPAA formed the predominant legal foundation for health data privacy in the United States. However, as technology and data sharing models continued to rapidly evolve, these federal laws started to become disconnected from what was actually happening in the ‘real world’. As a result, over the last few years, privacy attorneys and health information technology minefields. A typical work week for me might include assisting clients with responding to OCR HIPAA investigations, managing a data breach impacting health information, negotiating a complex data-sharing arrangement with a technology vendor or other types of third parties seeking access to health data for a variety of reasons, reviewing and updating consent forms, policies and other documents for compliance with federal and state data privacy requirements, completing compliance audits and developing mitigation strategies, all while keeping up with a rapidly changing data privacy and technology landscape which I cover in article posts on my blog (www.legalhie.com). Every day, I have the pleasure of working closely with in-house general counsels, CEOs, CIOs, IS Directors, Privacy Officers and many other incredible individuals who are dedicated to striking the right balance between data privacy and allowing technology to improve and drive healthcare forward into the future. I look forward to hopefully many more years of doing the same things that I have been doing for the last 23. FEATURE OF THE MONTH 17

First, individually identifiable health information that is protected under HIPAA (referred to as ‘protected health information’ or ‘PHI’) may not be used or disclosed in an unauthorised manner. Generally, a ‘covered entity’ (CE) custodian of PHI must first obtain a signed authorisation from the individual who is the subject of the PHI to permit the desired use or disclosure. If a signed authorisation is not obtained, then the CE custodian is only permitted to use and disclose PHI in ways expressly allowed under an exception in the HIPAA Privacy Rule. Examples of when HIPAA does not require a signed authorisation to use and disclose PHI include for: treatment, payment, health care operations, public health, and other limited reasons. However, even if a use or disclosure might fall within an exception under the HIPAA Privacy Rule, certain state laws could still require a signed consent before such information can be disclosed. In such cases, the CE custodian of the health information protected by a state’s privacy law would have to obtain a signed consent before disclosing the information, even if it is not required by HIPAA. Another important right guaranteed by HIPAA is the individual’s right of access. This ensures that an individual generally has a right to access and control his/her PHI, including being permitted to request and receive electronic copies of his/her PHI in the form and format requested, and directing such information to be transmitted to a third party. This provision together with the Information Blocking Rule have had a profound impact on increasing patients’ use of mobile applications to directly connect to their provider’s EMR, extract their health information and facilitate its transmission to other third parties. Finally, the HIPAA Breach Notification Rule guarantees that individuals will be notified if their PHI has been compromised by a data breach or security incident. This way, individuals can take steps to potentially protect themselves against identity theft and fraud. 18 LAWYER MONTHLY AUGUST 2023 What rights are guaranteed under HIPAA and other laws concerning healthcare information privacy? There are several ‘rights’ that HIPAA affords to individuals. I will touch on the big ones. like myself have had to keep up with a never-ending onslaught of new privacy laws, rules and amendments. Most recently, Congress enacted the 21st Century Cures Act, which resulted in a new ‘Information Blocking Rule’ that prohibits certain actors from interfering with the access, use and exchange of electronic health information when it is otherwise legally permissible. This new rule was created in part because certain electronic medical record (EMR) vendors were allegedly configuring their products to make it either impossible or too cost prohibitive for other vendors and third parties to connect to and access electronic health information from their EMR product. In many ways, the Information Blocking Rule has turned federal healthcare privacy law on its head. In the past, healthcare organisations focused on how to keep medical information private. Now, they are left scrambling to realign their longtime data privacy practices with the Information Blocking Rule, which requires electronic health information to be openly accessible. And, if that is not enough, more changes to federal laws affecting healthcare privacy and technology are in the pipeline as we speak. I look forward to hopefully many more years of doing the same things that I have been doing for the last 23.

I think that these ‘rights’ are three of the most important ones that HIPAA created. There are others, but it would be impossible to cover them all here. During your years in practice, what significant advances have you seen in health information technology? It was around 2005 when I recall health information technology (IT) really starting to take off. First, there was a massive push to transition medical records from paper to an electronic format. In the beginning, this transition was voluntary. However, by 2011 the federal government deployed a program called ‘Meaningful Use’ which initially financially rewarded healthcare providers for adopting EMRs, but then punished those who did not do so by 2018 by reducing their Medicare and Medicaid reimbursement. Next came efforts to connect providers, patients and their electronic medical information through internet-supported networks called either ‘regional health information organisations’, ‘health information exchanges’ or ‘health information networks’. For years, these networks attempted to either connect EMRs to each other or develop ‘data wells’ where certain healthcare information about individuals was aggregated and maintained in a single source. However, lack of interoperability proved to be a barrier that stymied progress. Today, we are in a phase where interoperability of health IT is a paramount goal. The federal government has pivoted to requiring developers of certified health IT to essentially ‘open up’ their application programing interfaces (API). This, in turn, is now allowing different EMR vendors to connect to one another with more ease. Moreover, this is creating new opportunities for individuals to use mobile apps to directly connect to multiple providers’ EMRs to access and control their health information. What have the consequences of these advances been for patients’ privacy? It cannot be denied that when medical records were maintained predominantly on paper, it was more certain that the privacy of health information contained in such records could be protected. Paper medical records were typically manually controlled by the custodian and therefore much less accessible. Provider custodians would often refuse to release any part of these medical records unless the patient signed a paper consent form allowing such release, including when the patient wanted any part of such records released to themselves! Moreover, data breaches of paper records usually only happened when there was an incident of improper disposal (e.g. failing to shred) or records were taken off premises. FEATURE OF THE MONTH 19

20 LAWYER MONTHLY AUGUST 2023 Now, with technological advances, electronic information can be transmitted anywhere and everywhere with a click of a button. Moreover, health information and medical records are often stored on virtual servers on the internet instead of in physical cabinets. As the healthcare industry marches rapidly forward to allowing more ‘open’ APIs with EMRs, provider custodians will lose even more control over who is gaining access to confidential health information and where it is going. While privacy laws and security frameworks continue to offer guardrails to try and prevent misuse and breaches of health information, the cold, hard truth is that its increased prevalence in an electronic medium and being shared more openly and easily makes it inherently more vulnerable. In your experience, what are the most common ways in which a person’s right to health information privacy might be compromised? The most common way that an individual’s privacy might be compromised is through data for other purposes, including potentially selling such data, and the customer agrees to such terms of use, the vendor would generally be permitted to do so. The Federal Trade Commission (FTC) has been very active over the last few months in an attempt to hold vendors of mobile heath data Apps accountable for “unfair or deceptive acts or practices”. Several such vendors have been subjected to FTC enforcement actions this year. In addition, many states are individually passing privacy laws which would further regulate such mobile app vendors in their collection and reuse of individually identifiable information. Last, I would be remiss if I did not mention how pixels, cookies and other online tracking technologies have recently led to finding a massive amount of patients’ individually identifiable data being ‘scraped’ up and shared with or even sold to third parties like Google and Meta. What consequences can there be for those whose when healthcare information is compromised in these ways? The consequences to the healthcare organisations are substantial. When health information is compromised due to violation of HIPAA, this can lead to significant civil monetary penalties. It can also lead to lawsuits, as is recently the case with the online tracking fiasco. Currently, dozens of hospitals have been named in class action lawsuits where plaintiffs are alleging that enabled tracking pixels impermissibly ‘scooped up’ their personal information from the hospital’s online website and disclosed it to third parties for unauthorised purposes. When such incidents happen, reputational damage to the organisation is also unavoidable. There are also consequences to the affected individuals. Data breaches can result in a person’s sensitive and highly confidential information ‘floating around’ in the public domain. The impact of this can include embarrassment breaches. This can happen in a few different ways. Hacking incidents occur when criminals purposefully target and gain access to electronic health information. Hacking incidents can lead to medical and other sensitive information of thousands of individuals being obtained by the hacker and potentially ‘sold’ to other third parties. Data breaches can also occur because of unintentional security lapses. For example, if during a technology upgrade a health care organisation does not adequately evaluate the impact on security, a gap might cause health information to become inadvertently exposed on the internet. With the more recent push to open APIs and adopt FHIR standards for certified EMRs, I think we are unfortunately going to see mobile apps becoming a new point of risk to electronic health information. With this new model, the burden will shift from the provider custodian to the patient to adequately vet all mobile apps that he/she intends to use and fully understand how their health information may be reused once it is downloaded from a source EMR. Many people do not realize that, for the most part, mobile app vendors are not subject to HIPAA. Such vendors are generally only required to abide by their own privacy policies and terms of use. Therefore, if the mobile app vendor notifies its customers that it may reuse any information downloaded into the app It cannot be denied that when medical records were maintained predominantly on paper, it was more certain that the privacy of health information contained in such records could be protected.

Attorneys at Oscislawski Attorneys at Oscislawski LLC is a boutique healthcare law firm established by its founder, Helen Oscislawski, in February 2010. It is recognised as a leading healthcare law firm with attorneys who bring significant experience with a broad spectrum of healthcare laws, regulations and corporate transactions, as well as with governmental relations. Every year since 2018, Attorneys at Oscislawski has been included among the ’Best Law Firms’ in healthcare law in Princeton, New Jersey (issued by Best Lawyers). About Helen Oscislawski Helen Oscislawski is a seasoned healthcare attorney who is known to many as a “go to” attorney for legal guidance on HIPAA, 42 C.F.R. Part 2, Information Blocking, state privacy laws, consent, data breaches and networked electronic health information exchange, though her experience extends far beyond these fields. Helen was selected Best Lawyers® 2022 ‘Lawyer of the Year’ for healthcare law in Princeton, New Jersey, a distinction awarded to one lawyer with the highest overall peer feedback for a specific practice area and geographic region. She has also been selected every year since 2020 to a Super Lawyers® list for healthcare law (issued by Thomson Reuters). She is admitted to practice law in New Jersey and Arizona, although she has clients from across the United States. Contact Helen Oscislawski, Esq. Founder, Attorneys at Oscislawski LLC 782 Alexander Road, 2nd Floor Princeton, NJ 08540, USA Tel: +1 609-385-0833 | Fax: +1 609-385-0833 | E: helen@oscislaw.com www.oscislaw.com to the individual, harm to personal relationships, interference with legal disputes, loss of employment, and other potentially damaging outcomes. It can also lead to identity theft and fraud. What legal recourse is available to victims in these circumstances? Where hackers are involved, health care organisations would have to rely on the justice system to hopefully go after such criminals. Otherwise, when an organisation has relied on a contracted vendor to ensure the security of the health information maintained in its EMR and other systems, and said vendor has failed to do so, a lawsuit might need to be filed against such vendor to enforce contractual terms and recoup damages. This is why negotiating contractual terms, including indemnification and insurance, are so important up front. As for recourse for individuals, lawsuits are one option, but often an uphill battle. Many people do not know that HIPAA does not include a private right of action. This means that if an organisation has compromised an individual’s health information, that person cannot walk into court, allege that HIPAA has been violated and, as a result, demand that he/she is entitled to damages. To even have a chance at sustaining a cause of action in such a case, that person would have to find a viable legal theory (e.g. invasion of privacy or breach of contract) based on the laws of the state in which he/she resides or where the wrongdoing occurred to file an action. Another recourse an individual has is to file a HIPAA complaint with the federal government. However, not all HIPAA complaints result in investigations, and patients’ complaints are not always grounded in an actual violation of HIPAA. In what ways do you expect to see health information technology and related privacy matters develop in the latter half of 2023 and beyond? I expect mobile apps to continue to explode and facilitate the collection and transmission of electronic health information even more. Whether this will result in an increase in health information being compromised depends in part on how well consumers will become educated and understand what is actually going on with their health data once it leaves a more secure EMR source. Meanwhile, as the healthcare industry scrambles to catch up with managing open APIs and mobile apps, ChatGPT has arrived. The full scope of how such new AI technology will impact and even disrupt healthcare and privacy further is something that I expect to be busy staying on top of in the latter half of 2023, and likely well into next year. FEATURE OF THE MONTH 21

Each month, Lawyer Monthly Magazine has the privilege of interviewing the brightest and most ambitious movers in the legal space. In these conversations we dig into their areas of expertise, learning more about their practice and the stories behind their pursuit of excellence. For our August 2023 edition, we shine a spotlight on two exceptional lawyers across two exclusive articles. In the first, Deborah Schuff dives into the world of process servers and the value they bring to law firms. In the second, Lisa Ortega expounds on the crucial role played by legal nurse consultants throughout the legal sector. MY LEGAL LIFE

Deborah Schuff In brief, what does ‘process service’ entail? Wikipedia describes process service as: “The procedure by which a party to a lawsuit gives an appropriate notice of initial legal action to another party (such as a defendant), court, or administrative body in an effort to exercise jurisdiction over that person so as to force that person to respond to the proceeding before the court, body, or other tribunal. Notice is furnished by delivering a set of court documents (called “process”) to the person to be served.” JUNES describes process service as a very exciting niche business that we have mastered in our 50 years of service. My Legal Life The Value of Process Services for Law Firms For many attorneys and law firms, reliable process service can make the difference when it comes to effective litigation. But what makes for exceptional process service, and how can it add value to the operation of a law firm? Deborah Schuff, President of JUNES Legal, offers insights gleaned from her professional career and multiple decades of effective operation. 24 LAWYER MONTHLY AUGUST 2023 How can law firms benefit from making use of these services? What do they enable firms to do that they cannot manage on their own? Attorney services have been around for decades. It is common practice for attorneys to engage process servers, couriers, court reporters, document retrieval services and many other vendors to assist their clients. JUNES has been very successful in being a ‘one-stop shop’ for our clients. What are the legal considerations involved in serving legal documents as part of a support service? JUNES serves legal documents from all over the country and we always adhere to each state’s very specific rules for

MY LEGAL LIFE 25 process service. In Nevada, process service is governed by the NRS (Nevada Revised Statute) and we take no liberties in following those very clear rules. Another critical part of process service is the process servers’ own integrity. We are only as good as the people we hire and JUNES only hires licensed process servers who have completed a background check with the Nevada Private Investigators Licensing Board. If we say we served someone, then you can be guaranteed that we served them and our signed affidavit is as good as gold. We proudly sign all affidavits under penalty of perjury and will happily send any server to court to testify that service was properly effectuated. And this happens! Many of our process servers have been with JUNES for 10 or more years and we are proud to have them. What are a process server’s necessary skills? Tenacity, like a dog with a bone. Selfmotivation to get up and get the job done. Understanding that each case is important to every plaintiff and their attorney. How can a good process server be used to improve a law firm’s efficiency and cashflow? We are all watching the bottom line these days. One of the things JUNES I had to learn on the fly, but 50 years later, I think I got it right.

age of 18. I liked what I was doing and started to assist my dad with other things he needed done, which included court filings. Before we knew it, I had 70 clients in 1973. Today, women make up a significant portion of legal process servers, taking their place among the most successful and respected companies in the country. I am proud to be one of them. Every day we make conscious decisions to expand our profession; continued growth is an important step. It is also important that we surround ourselves with winners who appreciate our achievements and who can bring skills to our company so that we may offer the best of the best customer service and receive satisfaction when a job is well done. We are flexible and able to offer solutions for difficult serves. We like the hard-to-get ones! What are your proudest achievements to date? I have always known who I am. I did not change when I saw others running their companies differently. Challenge seems to be something I do not mind leaning into. Compliments were few and far between, but I persevered. In 1976 I was interviewed by a local television station, pregnant with my first daughter, running the office, and doing a ‘walking route’ in downtown San Diego. This consisted of pickups and deliveries from law firms, going to court and back twice daily for 25 clients. I planned on bringing her to work with me, which I did, along with two other children over the next 10 years. To this day, I allow employees to bring their babies to work. I am a strong believer that motherhood and careers can successfully co-exist. I take great pride and satisfaction in providing a positive workplace environment, boosting company morale and fostering individual growth. I have had many employees who came to me not knowing anything about the legal industry and then went on to have successful careers at the courts or as paralegals. I hate to see the good ones prides itself on is not ‘nickel-and-diming’ law firms. Our office staff try to identify good addresses for service before we even send the documents out with the server. Getting the defendant served correctly the first time saves the client money. There is no need to attempt multiple addresses if we do not have to. This also allows the attorney to proceed quickly with the next steps required in the litigation process. JUNES holds our process servers accountable for returning all work in a timely manner. Time is always of the essence. Beyond process services, what other third-party support services can help a law firm’s operations? This is a great question. Since 1973, JUNES has offered many legal support services to clients including court filings, messenger and mobile notary services, copying of records, binder and document prep for courtroom proceedings, nationwide skip tracing and asset searches. Another recently added service includes evictions. The law recently changed in Nevada, in which eviction notices must be served or posted by a licensed server, constable, or agent of attorney. We assist many property management companies and law firms in the state with their monthly evictions. Even the private sector uses JUNES to assist with evictions . How have you seen the field of legal support services change and grow during your career? When I started JUNES in 1973 in downtown San Diego, I did what we called a ‘walking route’. I had about 25 clients downtown and I would walk to all 26 LAWYER MONTHLY AUGUST 2023 of their offices, pick up their documents and take them to the appropriate government buildings. Everything was handwritten. Everything. There was no email or cell phones or even fax machines or computers. We finally got pagers, facsimile machines using thermo paper and typewriters with carbon paper. Wow, have the times changed! That is so very true of the legal profession. Service rules and legal requirements are always changing. One thing I have always said is that “nothing stays the same – however, I am consistent”. Taking a step back, looking at how the industry has changed, I ask the question: what would I have done differently? I was young, in my first year in college at 19 and learning the importance of that firm handshake, eye contact and demonstrating good character. It all came with life experiences. I had to learn on the fly, but 50 years later, I think I got it right. With your firm’s 50th anniversary this year, can you tell us a little about your career journey so far? In a profession that was historically dominated by men, I started serving legal documents for my dad who was an attorney in La Mesa, California at the I am a strong believer that motherhood and careers can successfully co-exist.

Deborah Schuff is the founder and President of JUNES Legal, which she moved from San Diego to Las Vegas in 2005 after more than 30 years of successful practice. Committed to client satisfaction above all else, Deborah continues to run the firm as a familyowned and operated business, with multiple generations of expertise tied up in its offering. JUNES Legal is a Las Vegasbased, which was launched by Deborah Schuff in 1973 as a part-time messenger with just 70 clients. Today, with a client base of more than 3,000 in the US, JUNES boasts a pool of experienced staff capable of providing a range of aggressive, high-quality litigation support services to its clients. Contact Deborah Schuff President JUNES Legal Service, Inc. 630 South, 10th Street, Suite #B, Las Vegas, NV 89101, USA Tel: +1 702-579-6300 Fax: +1 702-259-6249 E: deborah@juneslegal.com www.juneslegal.com go, but proud to have helped them along their journey. I often have past employees reach out to me to say hi, still considering me “family” many years later. It is such a good feeling. Growing up with a dad as an attorney in a solo practice and my mom in nursing, certain skills were passed down to me as someone who always cares for others, listens to their needs and who tries to have an answer. If I did not know how to solve the problem, I was taught to find a way. You treat people right, with respect and understanding, and you will be rewarded. Having procedures in place and being willing to adopt new ones is the key to keeping a tight ship afloat. Can you share anything about your plans for the future of Junes Legal? Business changed dramatically after COVID-19, and in most cases, the changes are well received. Everyone is excited and maybe a bit anxious to see where this new era takes us. Most practices are becoming more digital; courthouse hours of operations are changing; electronic filing and department drop-offs look different. JUNES is staying on top of these changes, and it is our goal to be part of this evolving legal industry. At JUNES we listen to our clients’ ever-changing needs. We always tailor our services around their needs by listening and adapting. I enjoy meeting my clients one-on-one and hearing what they need and making sure they know their needs are my number one priority. I am a hands-on owner and am always available. Everyone makes promises. I like results and a strong handshake, and I follow through on my promises. In this profession, the stress can get the best of you with due-right-now timelines and crazy demands, but at JUNES no one needs to worry if the job is being handled. We get it done. I am 70 years old and people always ask when I will retire – and if will I retire. This business keeps the blood flowing. I am JUNES and JUNES is me; so I guess the answer is simply: no. I am fortunate to have my oldest daughter, Rebecca, assisting in the day-to-day operations. Her depth of knowledge and insight, her ability and her communication skills are very strong. She is more than capable of managing the ever-changing industry. My other two children, although doing their own thing now, also spent years with JUNES and helped to set up procedures still used today. My son developed our software that clients and staff use today, and my youngest daughter developed the court and runner system, offering her very personal touch to clients’ needs. It truly is a family business. I even have second generations working at JUNES – grown kids of prior employees starting at the office! Whether we like it or not, we are being judged and compared to our competitors. Having discipline to work efficiently, effectively and with measurable results will ensure we stand out and get noticed – and in a good way! There is nothing more impressive than a company you can count on to get the job done. Mastering good work ethics and exceeding expectations is the accountability that will keep Junes going for another 50 years. With a staff of over 32, many with over 10 years’ experience at JUNES, we offer a unique field of expertise. Being successful in business absolutely has challenges. Understanding there is no obstacle to stand in our way, we choose to conquer every request from every client. MY LEGAL LIFE 27 This business keeps the blood flowing. I am JUNES and JUNES is me.

RkJQdWJsaXNoZXIy Mjk3Mzkz