Well almost.  Some Pennsylvania licensing boards have that power now, but it was unclear if others did.  Therefore, the law is being amended.  House Bill 261 has passed both the House and the Senate and, as of January 15, sits on Governor Corbett’s desk for signature.  All indications are that he will sign this bill.   Once signed, the bill will go into effect sixty (60) days later.

The bill will provide the authority for each licensing board to deny, suspend or revoke any license for failure to pay any fines, interest, or costs assessed as a result of a disciplinary proceeding.  It also provides that if the amount due exceeds one thousand ($1,000.00) dollars and remain unpaid the board has the ability to enter the amount as a civil judgment against the individual or corporate entity.  This judgment remains of record and does not need to ever be revived.  The board has up to sixty (60) months to enter such a judgment.  Further, once paid the board has up to ninety (90) days to satisfy their judgment.

In my opinion, this is good fix because certainly the intention has always been to be able to discipline a licensee for failure to pay their fines. I do not see the requirement for entering the fine as a judgment but generally this should never be an issue for a licensee.  I have been able to negotiate payment terms in cases where payment was difficult.

If you have any questions about licensing please contact me at jmcguire@c-wlaw.com.
 

Note:  The Governor signed this bill on February 4, 2014.
 
 
        So you've timely and properly renewed your license.  You've taken all the CPE credits required and you checked the box saying that you took them.  Now you've received a letter stating that your renewal application has been accepted for a CPE audit.  What should you do?  These letters will start going out after the Board Staff has processed all the renewal applications.  As you can imagine with all the renewals at one time in Pennsylvania, this is a busy time of the year for them.

        First, don't panic.  According to the information I have received the Accountancy Board will audit approximately ten (10%) percent of individual licensees as they have done after past renewals.  You are not the only one in this position.  I recommend you consult with an attorney because of the problems I have seen arise when licensees try to handle these situations on their own, but I understand that you probably won't want to go through the cost and aggravation of an attorney when you believe you have taken all the required CPE and can demonstrate that to the Board.  The issues of course are whether you have in fact taken all the required CPE and can demonstrate that.  

        I recommend putting each of your courses in a spreadsheet with the dates taken and categories each course satisfies.  CPAs must remember that you need at least twenty (20) credits in each calendar year in addition to the hours in ethics, taxation, and accounting and auditing.  You will need to gather each of your certificates of attendance.  Your provider is required to provide you with a certificate and is most likely able to provide you with a replacement if you have misplaced the original.  You need to review each certificate and make certain it provides the amount of credits, the type of credits, the date(s) of attendance, and the providers ID number(s).

        CPAs and other professionals have found themselves in trouble when the course provider is not approved or the specific course is not approved.  Your certificate of completion or attendance should state the provider's approval numbers and what entity or entities have approved the course.  It is the licensee's responsibility to make certain that the courses were approved.  For CPAs in Pennsylvania, that generally means approved by NSBA or one of the State Boards of Accountancy.   In practice, most CPAs do not look at their certificates and do not check if the provider is approved to provide CPE in Pennsylvania.  It is too late after the fact to make up any missing CPE after 12/31 of the renewal year.

        Of course if you did not take all your required CPE you will find yourself in trouble with the Board.  This is a situation several CPAs find themselves in after each renewal period.  You will certainly have to make up the missed CPE and will most likely find yourself with a licensing violation and fine.  This will be reported on your record and available to anyone who looks up your license.  Unfortunately, at this time, there is no means to have this removed from your license.   However, legislation has been introduced that would allow for a one time expungement of violations like these.  See SB 619 at the following link.   http://www.legis.state.pa.us/cfdocs/legis/PN/Public/btCheck.cfm?txt&sessYr=2013&sessInd=0&billBody=S&billTyp=B&billNbr=0619&pn=0595 

        Keep in mind that if you have taught a course you may be entitled to additional credits for your time preparing your materials and your presentation.  This has on occasion saved a licensee from a license violation and fine if these additional credits can satisfy what was otherwise missing.  Further, if Pennsylvania does not accept some or all of your credits, you do have an equitable argument that you attempted in good faith to obtain the proper credits and that your actions do not deserve punishment.

        If after the audit the Board is not satisfied that you have taken the required CPE, then an Order to Show Cause will be filed against you and a prosecutor from the Bureau of Professional and Occupational Affairs will seek a determination by the Board that you have violated the CPA Law and that you should be subject to discipline which will certainly include a fine, notice of violation, and possibly costs of prosecution.  In extreme cases, like not taking any CPE but stating that you did, they might seek to have your license revoked.  Frankly, any time there is a question from the Board concerning your license or request by a Board investigator to meet you, should have the advice of counsel.  But, if you recieve an Order to Show Cause, you really must seek legal advice.

If you have any questions about licensing please contact me at jmcguire@c-wlaw.com.
 
 
Licensed professionals need to give serious consideration as to whether they shall enter a Nolo Contendere Plea.  There are serious implications on ones ability to continue to practice their profession.  Most if not all of the licensing statutes allow the Licensing Board to revoke, suspend, limit, or otherwise restrict a license.[i]
             
The Latin phrase Nolo Contendere means “I will not contest it.” The idea behind a plea of Nolo Contendere is that the criminal defendant will accept in the criminal court the charges as presented and subject themselves to the appropriate punishment as determined by the court.  However, it is also supposed to only have that effect in the criminal court.  The Nolo Contendere plea is not supposed to have any impact or relevance outside of the criminal court, particularly in civil actions.  
              
The Pennsylvania courts have determined that the professional licensing boards are “watchdogs” of the professions and therefore are empowered to maintain the high standards, which the people of this Commonwealth have a right to expect from their professionals, and therefore, the courts have held that the Boards have the ability to admit a certified copy of the docket entry of a plea of Nolo Contendere at an administrative hearing, and that a Nolo Contendere plea is evidence of an admission of guilt of a crime.
             
It should be noted that there are lots of reasons why an individual might plead Nolo Contendere in the criminal setting, including the high cost to defend the criminal case, the emotional toll of a criminal trial, and the risk of a guilty verdict and the attendant jail time that would ensue being some of the  most common.
             
While the courts have held that the Nolo Contendere plea is admissible in the administrative hearing, they have also held essentially that this Nolo Contendere plea is simply a presumption of guilt and leaves the door open for the professional to submit evidence that they are not guilty.  Obviously, having a rebuttable presumption is better than facing the licensing board with a guilty plea or criminal conviction, but the burden of establishing innocence may be difficult indeed.  Remember that your audience will ultimately be a licensing board and will initially be the prosecutor and possibly hearing officer, all of whom are likely to have never faced criminal charges and who might find it difficult to believe that a person would plead Nolo Contendere or, in their minds, essentially a guilty plea, if they were not guilty.  The reality of the situation will be that it is most likely that even an innocent person who pleads no contest, will have some disciplinary action taken upon their license.
             
It is important for any professional faced with a criminal charge to consider the effect of a Nolo Contendere plea.  Obviously, the primary focus when facing criminal charges is going to be to maintain one’s freedom and avoid jail time.  However, as a professional, you must keep in mind the effect the criminal charges will have on your ability to practice your chosen profession.  Also, please keep in mind that most criminal defence attorneys will not understand the implications of a Nolo Contendere plea upon a professional license.  The reality is that most criminal defense attorneys do not handle professional licensing matters.  
              
Ultimately, my advice is to weigh all your options and understand the potential implications of a Nolo Contendere plea before you enter it. It may very well be the right decision to make, but understand the impact it could have upon your professional license.
     
[i]For example, see the Pennsylvania Accountancy Law, Section 9.1 (5), which states that a CPA can be disciplined for entering a plea of Nolo Contendere for a felony under any federal or state law or the laws of any foreign jurisdiction.  
 
 
Below is a link to my article on the Cipriani & Werner website about cyber risk from a professionalviewpoint.

http://goo.gl/ovGwf
 
 
 
On Saturday, December 1st, it became official. The revised regulations were published in the Pennsylvania Bulletin and now all licensed accountants in Pennsylvania must obtain at least four hours of CPE in ethics during each renewal.  Pennsylvania has not made this ethics requirement state or statute specific, so any ethics course from any approved sponsor is acceptable.  Be sure to obtain your 4 hours from an approved sponsor before December 31, 2013.
             
Speaking of approved program sponsors, the new regulations clean up what entities are approved sponsors, which will eliminate most of the prosecution that has historically resulted from courses not being approved by the Board.  Now any sponsor who is approved by the state board of another state that has substantial equivalency is deemed to be an approved sponsor along with anyone who is NASBA approved.  This is good for PA accountants because all of our neighboring states and almost every state has substantial equivalency.

In other items of interest, the Board did elect to maintain “specialized knowledge and applications” as an approved subject area. CPAs further retained the ability to obtain CPE credit for authorship of writings.  However, to receive credit for authorship each licensee must receive approval from the Board prior to renewal for these credits to apply, so if you are considering this, please keep the time constraints in mind and review the regulations for the specific requirements. 
          
Also published the same day, were regulations adopted by the Board which set forth a schedule of civil penalties for first offenses for CPE violations and unlicensed practice.  Hopefully, the prosecutors who handle accounting licensing cases will begin to use this process for these “minor violations” rather than the formal filing that results in a hearing and full prosecution. Further, it is hoped that someday there will be legislation that passes allowing expungement of these “minor violations”.  Legislation was introduced in the last session by Representative Harper [HB 646]that would have made this the law.  Unfortunately, while it passed the house (unanimously I believe), it stalled in the Senate and never came out of committee.  Therefore, this legislation will have to be reintroduced in the next legislative session.
             
Here are links to the PA Bulletin where these regulations were published.  
http://www.pabulletin.com/secure/data/vol42/42-48/2312.html  (Continuing Professional Education)
http://www.pabulletin.com/secure/data/vol42/42-48/2313.html  (Schedule of Civil Penalties)
           
If you have any ethics or licensing questions please contact me at jmcguire@c-wlaw.com.  Please sign up for any of my ethics courses through PICPA or contact me if you wish an in house ethics course.

 
 
Even if you haven’t taken an ethics course you already know that it would be unethical to lie about having taken an ethics course.  The New Jersey Board of Accountancy collected $4.2 million in penalties from CPAs last year who apparently did just that.  That’s right $4,200,000.00!  The New Jersey Star Ledger reports that this amount exceeded the “total amount of penalties leveled by all the state boards in each of the last five years.”  The largest fine assessed was $8,000, so there were a lot of CPAs who failed to obtain the required CPE.

In New Jersey, CPAs are required to take a state specific ethics course every three years.  Like many states New Jersey usually selected about 10% of renewal applications to conduct an audit of all CPE courses.  Instead, last year they elected to compare the list of attendees at the required ethics course from 2006 through 2008 to the list of CPAs who renewed as of January 1, 2009.  Everyone who filed a renewal but had not attended the state specific course was audited for all courses.  While I’m certain some of these CPAs attended a non-state specific ethics course and believed that was acceptable there was a disturbingly large number of CPAs who didn’t take any courses.  That means these CPAs lied on their applications not only about taking the ethics course but also about taking the required 120 hours.  
 
Not surprisingly the New Jersey Board has indicated that it will conduct another audit for the January 1, 2012 renewals and it should come as no surprise that other states and other professional boards are considering conducting audits of their own.  $4.2 million is certainly an incentive for any state.  New Jersey has already indicated that they may more vigorously review doctors, nurses, pharmacists and psychologists. 

CPAs are generally considered to be the most honest and trustworthy profession, so, if they have trouble meeting their ethics requirements the other professionals are as well.  Hopefully, the lesson learned here is that every professional should take their CPE requirements seriously.  If anyone has any questions about their requirements or has a licensing issue please contact me.  And remember to contact me before meeting with an investigator.

 For CPAs, please remember that in Pennsylvania, your next renewal will be on January 1, 2014.  You are required to obtain at least 20 CPE credits each year during the two year cycle and 80 hours total during that period. Although the regulations still have yet to be passed, the Board has indicated that it will be requiring 4 credits of ethics for the upcoming renewal.  Remember, it is also your responsibility to make certain that the CPE credits you have taken are approved for credit in Pennsylvania.  Your provider should be able to give you this information.

 All other professionals have renewal deadlines and CPE requirements which must be followed.

 While it remains to be seen if Pennsylvania will increase its CPE audits and prosecutions,  you can avoid any concern about an audit or prosecution if you simply follow the regulations of your profession.

 
 
The passage of Massachusetts law restricting mandatory overtime for nurses gave me the occasion to look back and report on the Pennsylvania’s law.  Act 102 of 2008 is called the Prohibition on Excessive Overtime in Healthcare Act and went into effect on July 1, 2009.  These laws are designed to provide increased patient safety by preventing nurses from being forced to work mandatory overtime. Numerous studies have linked nurse fatigue and/or overwork to medical errors and/or patient deaths.  
 
At this time, with the addition of Massachusetts there are now 15 states with laws restricting mandatory overtime for nurses.  New Jersey, New York, and West Virginia are the neighboring states with such a law.  
  
Pennsylvania’s law does not go so far as to prohibit voluntarily exceeding eight hours in a day or forty hours in a week as some states have done.  Therefore, in Pennsylvania, a nurse may voluntarily work as many hours in a day or week as they like.  The law protects nurses from discrimination or retaliatory action for refusing to work overtime.  There are limited exceptions when a nurse may be required to work overtime but those essentially involve patient safety issues should the nurse not work the overtime.
 
The Department of State has a web page devoted to this law and reporting violations.   http://www.portal.state.pa.us/portal/server.pt?open=514&objID=614498&mode=2 The  Pennsylvania Association of Staff Nurses and Allied Professionals (PASNAP)  indicates on their website that they continue to monitor Pennsylvania’s law as well. http://www.pennanurses.org/pac/mot.html

If you have any questions about this, please contact me a jmcguire@c-wlaw.com.

 
 
          
It’s that time of year when nurses and doctors show up in non-medical offices and not to perform annual physicals.  Or maybe your office will have a Jedi, elf, vampire, pirate, superhero or one of hundreds of other popular movie characters or monsters.  Do you have a policy about costumes in the workplace? Do you waive your dress code simply because it is Halloween?
            
There are a number of well known examples of the slight but real danger of costumes in the workplace in the area of sexual harassment.  There is the example of Mrs. Devane, a salesperson at Sears who was awarded $750,000.00 from her employer for sexual harassment for actions which included a manager unbuckling his pants, motioning to his groin and telling her while she was dressed in a doctor costume, “Here, Doctor.  It hurts here.”  Other cases have settled out of court but telling a woman, even in a cat costume, that you like her tail will be considered sexual harassment.  

Of course, an employee may defeat their own claim of an offensive work environment by wearing an overly sexually explicit costume such as “a see-through Empire State Building.”  This type of costume can demonstrate that the employee is not really offended by this type of behavior.
                 
The courts have had to address other costume situations such as the man simulating sex with a sheep and public officials or others in “black face.”  As a practice pointer, although it costs your company nothing to allow costumes in the workplace, if you do allow costumes, make certain that there are applicable rules in place and that someone actually polices the costumes.  Anything in questionable taste must be dealt with by either removal of the costume or the employee being sent home.  Remember that sexual harassment is in the eyes of the receiver not the intent of the offender.  Your normal dress code should apply with very limited exceptions.

 
 
Not that long ago I blogged about the new requirement for dentists to carry professional liability insurance.  Now Pennsylvania has added prosthetists, orthotists, pedothorthists and orthotic fitters to the list of medical professionals required to maintain professional liability insurance.  In fact, these professionals are now under the oversight of the Pennsylvania State Board of Medicine [Board] and will require licenses by 2014.
 
Governor Corbett signed HB 48 of 2011 into law on July 5, 2012.  This bill was supported by the Pennsylvania Orthotics and Prosthetics Society [POPS], Pedorthotic Footwear Association [PFA], National Orthotic Manufacturers Association [NOMA], the Pennsylvania Orthopedic Society [POS] and the Hospital and Healthsystem Association of Pennsylvania [HAP].  With its passage, Pennsylvania joins more than a dozen states including Ohio and New Jersey in regulating the practices of prosthetics, orthotics and pedorthotics.
 
The bill, as passed, is poorly written.  This is probably partially due to edits during the legislative process and the fact that part of it was standard language drafted on a national level which was cut and pasted into the Act.  Representative Scavello’s press releases indicate that beginning in 2014, in order to be licensed as a prosthetist and orthotist an individual will be required to have at least an associate’s degree in prosthetics or orthotics and an additional two years of education or a bachelor’s degree and meet a work experience requirement that is two years or 3,800 hours of patient care.  Further, each licensee will need to pass an exam and other requirements as set by the Board.  Pedorthotists and orthotic fitters must complete a board approved entry-level education program specific to their field and have a minimum of 1,000 hours of supervised work experience.   
 
There is also a requirement that a licensee must be of “good moral character”.  Further, an applicant cannot “be addicted to alcohol, narcotics or other habit-forming drugs.”  Nor can the applicant have a conviction for a felony under the Controlled Substance, Drug, Device and Cosmetic Act.  Please contact me if you need assistance navigating the application process.  Once granted the license must be renewed every two years.
 
There is a grandfather provision that will allow current practitioners to obtain a license as well. Current practitioners have to apply within two years from the effective date and must meet other criteria which are unclear from the language of the statute as passed.  Representative Scavello has indicated that they must either be holding a current national certification or have been in continuous practice for three years to qualify.  However, the statute also lists requirements for education and training and actually requires both the certification and three years of experience.
 
Finally, under this act, all licensees are required to maintain one million dollars of professional liability insurance. 
The statute requires the Board to establish appropriate regulations within eighteen months and I have been told that the Board has started to draft regulations.  Hopefully, the statute will be amended and we will have regulations that will clarify the licensing requirements.

If you need any licensing advice or advice interpreting this statute pl

 
 
As counsel to numerous professional firms and associations I am asked frequently about cyber risk.  As technology advances we have more and more information stored in electronic devices and in the so called “cloud.” Cyber risk is of particular concern for professionals like CPAs and attorneys because they have confidential client information like Social Security Numbers and financial information. There is no prohibition to maintaining our data electronically and particularly in the cloud, however, we must be aware of the risks and take reasonable precautions to protect our data and particularly our clients’ confidential information.  As professionals we must remember that our clients trust us and we have to make sure that trust is not misplaced.

Clients have an increased expectation that we are available 24/7 and that we have all their information at our fingertips to answer their questions and respond to their concerns. Therefore, we are more and more dependent on technology and storing more and more information, which is available remotely. This makes our data subject to increased cyber risk.  The first question is, are we prepared for the risk? Generally, the answer is that firms are
not.  They are not fully aware of the risk and are not prepared for it.  The second question is, are we prepared to respond to a breach of our data?  Again, generally, the answer is that firms are not.

Any size firm is subject to cyber risk.  The statistics are alarming.  Identity theft and security breaches are on the rise.  The cost to respond to a breach has been reported up to $204 per record with an average cost of $2.4 million per breach.  The cost to respond to a cyber-breach can be staggering.  The damage from a cyber-breach can be tremendous. Ignoring just the financial cost of responding, there may also be bad publicity, loss of productivity, and loss of reputation.

Now, I generally don’t use text messaging for work but where are those messages stored and how safe are they? 
When we are using technology we need to evaluate the risk and what if any safeguards are in place.  I just assume Verizon has those text messages secured on their end but what about my phone? If my phone is stolen everything that I have texted and not deleted is open for reading.  But do I have access to wipe the phone’s memory remotely? 
These are questions we need to know about all our devices.  Do we have an inventory of all the devices that are subject to cyber risk?  (Every server, desktop, laptop, iPad, cell phone etc.)  And not just company owned devices, but also personal devices that have access to company data.  Do we have an inventory of the types of data on each device? (Documents, emails, contact information, texts etc.)  Do we have an inventory of what data of each type on each device?  Without all this information, we can’t fully appreciate the cyber risks involved.

Of course, there is insurance available to help with some of the risk.  From a professional firm’s standpoint, insurance is about spreading or lessening risk.  There are several types of policies available and I suggest any firm consult with their insurance broker about the type of insurance that might work best for them. Fortunately, this type of insurance is not expensive, because although incidents are on the rise, there is a relatively low incident rate.  Unfortunately, as touched on above, the losses can be extremely high, so be careful that your policy will cover the full extent of the loss.

 The reality is that professional firms need to spend time addressing their cyber risk.  They need to catalog their data and determine action plans to prevent the loss of data and to respond to any loss. I recommend you address these issues immediately in consultation with your computer experts, your insurance broker, and your attorney.

Since posting this blog, the following exchange took place in LinkedIn which you may find helpful:

Jeffrey - it is far less costly and much more effective to implement appropriate (i.e., cost vs countermeasures; reduction of risk to an acceptable level) information system security policies, procedures and countermeasures than purchase insurance policies. Properly implemented, an adequate IS security program will obviate the need of additional insurance and go much further to prove prudent managerial action (for litigation). This is not just a technical issue as most incidents involve human behavior (both authorized insiders as well as non-authorized  outsiders). Also - there is a slight (but very important) differences in implementing risk mitigation for information system incidents versus disaster recovery planning. The IS security profession has been around for several decades and some very well-regarded professional certification systems are now key (e.g., CISSP, GIAC). There are even a couple LinkedIn groups for this.

My Response
Thanks for the additional information.  I completely agree that appropriate information system security policies, procedures and countermeasures must be implemented.  But I'm not sure there is an acceptable risk level.  This is particularly true for associations and depends upon what confidential information an organization or company maintains.  That is why I think everything should be assessed and considered.

Further comment
If there is no acceptable level of risk, no firm has enough resources nor are there enough countermeasures available.   Here is synopsis of information system controls viewed to be critical: 

http://www.sans.org/critical-security-controls/

My Response
That is an excellent list! Thank you for sharing it.  I think we agree on this.  My point is that there is no one level of risk that is acceptable across the board and each company must assess the risk.  There are far too many variables.   Even if a company does everything listed, there remains a risk. For some companies I believe that risk is too great to not purchase insurance but that is why a complete assessment is needed.  From everything I have read on the subject the data cannot be completely protected if it is to be accessible and usable.  At that point, what confidential information is contained in the data will certainly be a factor.  Lawyers and CPAs whom I represent maintain social security numbers and a lot of other extremely confidential information.  A data breach would be extremely expensive and the firm should decide ahead of time
what risk they will take and whether they will insure it. 
Unfortunately, Many companies do not know the risks and take no
comprehensive action.