The United States Court of Appeals for the District of Columbia Circuit in the case of Noel Canning v. National Labor Relations Board (“NLRB”) threw the area of employment law into a state of turmoil. On January 25, 2013, the Court ruled that three of President Obama’s appointments to the NLRB were invalid.  If this decision is not overturned it means that more than 200 decisions by the NLRB may no longer be valid and may have to be revisited.  Included in the decisions are a number of rulings dealing with employers’ attempts to restrict employees’ use of social media.
                 
The most controversial decisions by the NLRB during this time were the rulings that employees can use social media to complain about or comment on management, without retribution.  As an example, see the Costco case decided on September 7, 2012.  These were also other decisions concerning employers’ social media policies and what restrictions were overly broad.  These cases are likely to be appealed and the state of the law will be in some state of turmoil until these issues are resolved.
                 
Sharon Block, Richard Griffin and Terence Flynn’s appointments were all ruled invalid.  They were all appointed prior to January 4, 2012.  There are only five members on the NLRB.  These three members were part of the quorum necessary for the NLRB to decide cases since January 4, 2012.  Without them the NLRB did not have a proper quorum and thus each of its decisions would be in question.  
                 
The NLRB continues to stand by its rulings, and therefore, it appears that this case is headed for the Supreme Court to ultimately decide this issue.  There have been contrary decisions by other appeals courts.  This split in decisions and the importance of the issue presented make it likely that the Supreme Court will take the case and make a decision on the matter.  One of the issues will be: if this decision is upheld, there have been a large number of other appointments and actions that could also be found to be unconstitutional.   Also, it appears that Presidents going back to James Madison and certainly all the recent Presidents have made the same type of appointments, which would now be considered unconstitutional.  
                
We’ll just have to wait and see what the NLRB and the Supreme Court do.

 
 
Okay.  You have received a letter from the PICPA Committee on Professional Ethics ("the Committee") indicating that it has received information that "you may have violated the PICPA Code of Professional Conduct."  What do you do?  Stop.  Breathe.  Remember it is not the end of your world.  The Committee’s role is remedial not to punish.  If you are doing something wrong the goal is to help you learn and improve and thus protect the public and provide a better service.  

For clarification purposes, if you have committed a felony and in some other egregious situations, you will be expelled.  However, in these situations you generally have a lot more to worry about than your PICPA membership.  

The Committee commonly refers to this letter as the "Opening Letter."  The last thing you want to do is ignore this letter.  Do not bury your head in the sand and hope this will go away.  It will not.  Keep in mind that as a member of the PICPA you have agreed to abide by the Code of Professional Conduct and a part of the Code is that you will cooperate with an ethics investigation.  Failure to cooperate is grounds for termination of your membership in the PICPA.  Not responding to the committee when it asks for a response and/or further information is failing to cooperate and may lead to expulsion from the PICPA.  The good news is that if you do not respond to the first letter there will be a follow-up about 30 days letter giving you another opportunity to respond.  The reality is that you will have to ignore numerous opportunities to respond before you will be expelled for non-cooperation.

You generally have thirty days to respond to the Opening Letter.  Appropriate responses to this letter include just about anything that demonstrates that you will cooperate.  You can ask for more time, you can provide the requested information, and you can ask for a deferral because the underlying matter is in dispute in any court of law and/or if there is an ongoing investigation by another regulatory body (i.e. the SEC).  Deferrals are routinely granted and are preferred by the Committee because a member should not have to fight a battle concerning their actions on two fronts at the same time and because any investigation or findings by the Committee should not be used as leverage in any other proceeding.  You will eventually have to provide the requested information, even if it is years later after the matter has been deferred during that time (i.e. while you defend yourself from a civil lawsuit).  Should you request additional time to respond to the Opening Letter, the Committee will generally work with you, if demonstrate you need extra time.

Once the Committee has the information requested it will review all the information and ask for more information if necessary.  It will ultimately decide whether there has been any violation of the Code.  The best outcome is a letter from the Committee that based upon the response received that the Committee "has concluded not to pursue the matter at this time."  The worst case is expulsion from the PICPA but this does not directly affect your license to practice accounting.  Typically, the Committee will recommend CPE’s that will help you learn and understand how to do a better job the next time you under take a similar engagement.  Other remedial measures include pre or post issuance reviews, an accelerated PEER Review and restrictions on performing PEER Reviews.  Short of expulsion, the Committee also has the authority to suspend a member up to two years and to publicly admonish the member.

Before the Committee will decide anything other than an outright dismissal based upon your initial response you will be offered an interview where you will be given an opportunity to answer questions and present your side of the issues.  There are a number of procedural and due process protections.  Additionally, members can agree to settle cases rather than undergo a full investigation.  Where no settlement agreement is reached the case is heard by the AICPA Joint Trial Board for a decision.

Please let me know if you have any general questions about this topic but if you have a specific matter before the Ethics Committee I cannot address those issues because I represent and advise the Committee on legal issues including due process issues as they may arise. jmcguire@c-wlaw.com


 
 
On Friday January 18, 2013, the IRS’ attempt to regulate non-CPAs, non-enrolled agents, and non-attorneys were put to an end by a decision of the United States District Court for the District of Columbus.  The IRS believes that it has the authority to regulate “representatives” who “practice” before it.  However, three independent tax-preparers brought the suit objecting to the IRS’ efforts and the Court agreed.  
                  
U.S. District Court Judge James E. Boasberg ruled against the IRS and enjoined the agency  from enforcing its Registered Tax Return Preparer requirements.  The Court held that the IRS’ regulatory scheme was impermissible and entered a permanent injunction.  The judge ruled that IRS does not have the statutory authority to regulate tax preparers.  If no further action is taken, tax preparers will not have to comply with the recently enacted regulations.
                 
At this point it remains to be seen what the IRS will do next.  Their first option is to appeal to the Circuit Court in an effort to have the decision overturned.  If an appeal is not successful, the IRS will have to turn to the Legislature for the authority to regulate tax preparers.  The IRS would like to require an exam, a fee, and required continuing  education courses for all non-CPA, non-enrolled agent, and non-attorney tax preparers.


 
 
 
Below is a link to my article on the Cipriani & Werner website about cyber risk from a professionalviewpoint.

http://goo.gl/ovGwf
 
 
 
On Saturday, December 1st, it became official. The revised regulations were published in the Pennsylvania Bulletin and now all licensed accountants in Pennsylvania must obtain at least four hours of CPE in ethics during each renewal.  Pennsylvania has not made this ethics requirement state or statute specific, so any ethics course from any approved sponsor is acceptable.  Be sure to obtain your 4 hours from an approved sponsor before December 31, 2013.
             
Speaking of approved program sponsors, the new regulations clean up what entities are approved sponsors, which will eliminate most of the prosecution that has historically resulted from courses not being approved by the Board.  Now any sponsor who is approved by the state board of another state that has substantial equivalency is deemed to be an approved sponsor along with anyone who is NASBA approved.  This is good for PA accountants because all of our neighboring states and almost every state has substantial equivalency.

In other items of interest, the Board did elect to maintain “specialized knowledge and applications” as an approved subject area. CPAs further retained the ability to obtain CPE credit for authorship of writings.  However, to receive credit for authorship each licensee must receive approval from the Board prior to renewal for these credits to apply, so if you are considering this, please keep the time constraints in mind and review the regulations for the specific requirements. 
          
Also published the same day, were regulations adopted by the Board which set forth a schedule of civil penalties for first offenses for CPE violations and unlicensed practice.  Hopefully, the prosecutors who handle accounting licensing cases will begin to use this process for these “minor violations” rather than the formal filing that results in a hearing and full prosecution. Further, it is hoped that someday there will be legislation that passes allowing expungement of these “minor violations”.  Legislation was introduced in the last session by Representative Harper [HB 646]that would have made this the law.  Unfortunately, while it passed the house (unanimously I believe), it stalled in the Senate and never came out of committee.  Therefore, this legislation will have to be reintroduced in the next legislative session.
             
Here are links to the PA Bulletin where these regulations were published.  
http://www.pabulletin.com/secure/data/vol42/42-48/2312.html  (Continuing Professional Education)
http://www.pabulletin.com/secure/data/vol42/42-48/2313.html  (Schedule of Civil Penalties)
           
If you have any ethics or licensing questions please contact me at jmcguire@c-wlaw.com.  Please sign up for any of my ethics courses through PICPA or contact me if you wish an in house ethics course.

 
 
Even if you haven’t taken an ethics course you already know that it would be unethical to lie about having taken an ethics course.  The New Jersey Board of Accountancy collected $4.2 million in penalties from CPAs last year who apparently did just that.  That’s right $4,200,000.00!  The New Jersey Star Ledger reports that this amount exceeded the “total amount of penalties leveled by all the state boards in each of the last five years.”  The largest fine assessed was $8,000, so there were a lot of CPAs who failed to obtain the required CPE.

In New Jersey, CPAs are required to take a state specific ethics course every three years.  Like many states New Jersey usually selected about 10% of renewal applications to conduct an audit of all CPE courses.  Instead, last year they elected to compare the list of attendees at the required ethics course from 2006 through 2008 to the list of CPAs who renewed as of January 1, 2009.  Everyone who filed a renewal but had not attended the state specific course was audited for all courses.  While I’m certain some of these CPAs attended a non-state specific ethics course and believed that was acceptable there was a disturbingly large number of CPAs who didn’t take any courses.  That means these CPAs lied on their applications not only about taking the ethics course but also about taking the required 120 hours.  
 
Not surprisingly the New Jersey Board has indicated that it will conduct another audit for the January 1, 2012 renewals and it should come as no surprise that other states and other professional boards are considering conducting audits of their own.  $4.2 million is certainly an incentive for any state.  New Jersey has already indicated that they may more vigorously review doctors, nurses, pharmacists and psychologists. 

CPAs are generally considered to be the most honest and trustworthy profession, so, if they have trouble meeting their ethics requirements the other professionals are as well.  Hopefully, the lesson learned here is that every professional should take their CPE requirements seriously.  If anyone has any questions about their requirements or has a licensing issue please contact me.  And remember to contact me before meeting with an investigator.

 For CPAs, please remember that in Pennsylvania, your next renewal will be on January 1, 2014.  You are required to obtain at least 20 CPE credits each year during the two year cycle and 80 hours total during that period. Although the regulations still have yet to be passed, the Board has indicated that it will be requiring 4 credits of ethics for the upcoming renewal.  Remember, it is also your responsibility to make certain that the CPE credits you have taken are approved for credit in Pennsylvania.  Your provider should be able to give you this information.

 All other professionals have renewal deadlines and CPE requirements which must be followed.

 While it remains to be seen if Pennsylvania will increase its CPE audits and prosecutions,  you can avoid any concern about an audit or prosecution if you simply follow the regulations of your profession.

 
 
The passage of Massachusetts law restricting mandatory overtime for nurses gave me the occasion to look back and report on the Pennsylvania’s law.  Act 102 of 2008 is called the Prohibition on Excessive Overtime in Healthcare Act and went into effect on July 1, 2009.  These laws are designed to provide increased patient safety by preventing nurses from being forced to work mandatory overtime. Numerous studies have linked nurse fatigue and/or overwork to medical errors and/or patient deaths.  
 
At this time, with the addition of Massachusetts there are now 15 states with laws restricting mandatory overtime for nurses.  New Jersey, New York, and West Virginia are the neighboring states with such a law.  
  
Pennsylvania’s law does not go so far as to prohibit voluntarily exceeding eight hours in a day or forty hours in a week as some states have done.  Therefore, in Pennsylvania, a nurse may voluntarily work as many hours in a day or week as they like.  The law protects nurses from discrimination or retaliatory action for refusing to work overtime.  There are limited exceptions when a nurse may be required to work overtime but those essentially involve patient safety issues should the nurse not work the overtime.
 
The Department of State has a web page devoted to this law and reporting violations.   http://www.portal.state.pa.us/portal/server.pt?open=514&objID=614498&mode=2 The  Pennsylvania Association of Staff Nurses and Allied Professionals (PASNAP)  indicates on their website that they continue to monitor Pennsylvania’s law as well. http://www.pennanurses.org/pac/mot.html

If you have any questions about this, please contact me a jmcguire@c-wlaw.com.

 
 
          
It’s that time of year when nurses and doctors show up in non-medical offices and not to perform annual physicals.  Or maybe your office will have a Jedi, elf, vampire, pirate, superhero or one of hundreds of other popular movie characters or monsters.  Do you have a policy about costumes in the workplace? Do you waive your dress code simply because it is Halloween?
            
There are a number of well known examples of the slight but real danger of costumes in the workplace in the area of sexual harassment.  There is the example of Mrs. Devane, a salesperson at Sears who was awarded $750,000.00 from her employer for sexual harassment for actions which included a manager unbuckling his pants, motioning to his groin and telling her while she was dressed in a doctor costume, “Here, Doctor.  It hurts here.”  Other cases have settled out of court but telling a woman, even in a cat costume, that you like her tail will be considered sexual harassment.  

Of course, an employee may defeat their own claim of an offensive work environment by wearing an overly sexually explicit costume such as “a see-through Empire State Building.”  This type of costume can demonstrate that the employee is not really offended by this type of behavior.
                 
The courts have had to address other costume situations such as the man simulating sex with a sheep and public officials or others in “black face.”  As a practice pointer, although it costs your company nothing to allow costumes in the workplace, if you do allow costumes, make certain that there are applicable rules in place and that someone actually polices the costumes.  Anything in questionable taste must be dealt with by either removal of the costume or the employee being sent home.  Remember that sexual harassment is in the eyes of the receiver not the intent of the offender.  Your normal dress code should apply with very limited exceptions.

 
 
The following is an article which I wrote and was recently published via email by the PICPA.

Lost Your Smart Phone? Now What?


So much data is stored on phones, laptops, and other electronic devices that a loss can be devastating. FBI statistics indicate that a laptop is lost or stolen every 53 seconds. That is more than 10,000 every week. This statistic must be higher in the case of smart phones. In its 2003 Global Information Security Survey, Ernst & Young found that one-third of corporate chief technology officers indicated that they do not have insurance coverage for cyber events, and another 22 percent did not know if they had coverage. These numbers are frightening considering how much information we store on these devices.

I can’t emphasize enough that you should consult with an attorney about your actions if you find yourself in this position, but I am realistic enough to know that many of you will not. Perhaps this article will help you make more informed decisions, but please keep in mind that this article barely touches the surface of the numerous connsiderations that are dependent on your specific circumstances. 

From the moment an electronic device is placed in your hand, you need a well-thought-out procedure for how to handle its loss. Things to consider include what state and federal laws apply, and what are the legal requirements for reporting a loss. Compliance with the law is just the beginning. If not required under the law, should you still report the loss to your clients? Will you report to the authorities? Do you have security in place, such as the ability to wipe the memory on the device remotely or any tracking software? Do you need to cancel credit cards or change Passwords? There is much to consider.

When an item goes missing, the first step is to determine whether it was lost or whether it may have been stolen. The response is dependent on the circumstance. Also, if stolen, can you determine if it was taken for the device or the contents of the device? If stolen, do you contact the police or some other agency? Further, do you contact the press, shareholders, or your employees?

I’ll state again that you need to contact your attorney, and that may be the first contact you should make. Contacting your insurance company also will help you determine if you have coverage that will protect your loss. There are a number of types of insurance that may provide coverage, but general liability and most standard policies will likely have exclusions. This is something to consider prior to any loss. There is one other must-contact, in my opinion: your computer consultant. The consultant can help you navigate the security issues and determine what data may be or has been breached.

Know that once you notify any outside entity, you will begin to lose control. This will matter if you are attempting to avoid bad publicity or negative information going to your clients. Regardless, you may be required to notify clients, depending on the circumstances. The Pennsylvania Breach of Personal Information Notification Act (BPINA) will apply if you have a Pennsylvania company with a loss in the state and the affected clients are Pennsylvania residents. Requirements if the device is lost outside the state or some of the clients live in other states or jurisdictions is still an evolving area of law. The BPINA, effective in 2006, requires notification if personal information (as defined by the statute), which is unencrypted and unredacted, is “reasonably believed to have been accessed and acquired by an unauthorized person.” This is certainly not a bright line test and is subject to interpretation. There are some exceptions to the reporting requirement that have to be considered. How and when do you notify, what information you provide, and whether you must do anything else should all be considered.

The type of data on the device will make a difference as well.  Medical records are subject to the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH), both of which may apply to a CPA firm that provides services to a hospital or other medical provider. There are other federal statutes that may have notification requirements, too. 
 
Violations of these laws carry some harsh penalties. Violation of BPINA, for instance, is deemed a violation of the Unfair Trade Practices and Consumer Protection Law, is prosecuted by the office of the attorney general, and carries penalties that include treble damages and attorney’s fees.

If the decision is made that there is no legal requirement to notify clients, then whether to notify authorities becomes a tougher question.  Although convictions are made in about one in 10 of these types of thefts, they may be highly publicized by the police and prosecutor as they try to use the case as a deterrent. This must be considered. 
 
It is easy to say that passwords need to be changed, accounts closed, and credit cards canceled if that information was on the device, but it is easier said than done. Do you even know which of this information is on the device in some form? Another consideration, and one that you will want to make in consultation with your IT experts and possibly the authorities, is whether to keep any of these accounts active but have them alerted so unauthorized access
can be traced.

The loss of data and the potential data breach can lead to numerous expenses. Losses and expenses include the cost of lawyers, the cost of a forensic audit, loss of reputation, cost of IT services, and the cost of credit and identity monitoring. There is also considerable loss of productivity from dealing with these issues.

It is important to be proactive, and consider some of these items prior to any data loss:         
     -    Data encryption other security measures 
     -    Insurance to cover any losses      
     -    Insurance to cover regulatory fines and penalties       
     -    Communication plan 
 
I hope you will consider the points in this article before you encounter the loss of a device. You certainly will be considering them if such an event occurs.

 Jeffrey T. McGuire, JD, is a partner with Cipriani
& Werner PC in Lemoyne and serves as legal counsel to the PICPA. He can be
reached at
jmcguire@c-wlaw.com.

 
 
Not that long ago I blogged about the new requirement for dentists to carry professional liability insurance.  Now Pennsylvania has added prosthetists, orthotists, pedothorthists and orthotic fitters to the list of medical professionals required to maintain professional liability insurance.  In fact, these professionals are now under the oversight of the Pennsylvania State Board of Medicine [Board] and will require licenses by 2014.
 
Governor Corbett signed HB 48 of 2011 into law on July 5, 2012.  This bill was supported by the Pennsylvania Orthotics and Prosthetics Society [POPS], Pedorthotic Footwear Association [PFA], National Orthotic Manufacturers Association [NOMA], the Pennsylvania Orthopedic Society [POS] and the Hospital and Healthsystem Association of Pennsylvania [HAP].  With its passage, Pennsylvania joins more than a dozen states including Ohio and New Jersey in regulating the practices of prosthetics, orthotics and pedorthotics.
 
The bill, as passed, is poorly written.  This is probably partially due to edits during the legislative process and the fact that part of it was standard language drafted on a national level which was cut and pasted into the Act.  Representative Scavello’s press releases indicate that beginning in 2014, in order to be licensed as a prosthetist and orthotist an individual will be required to have at least an associate’s degree in prosthetics or orthotics and an additional two years of education or a bachelor’s degree and meet a work experience requirement that is two years or 3,800 hours of patient care.  Further, each licensee will need to pass an exam and other requirements as set by the Board.  Pedorthotists and orthotic fitters must complete a board approved entry-level education program specific to their field and have a minimum of 1,000 hours of supervised work experience.   
 
There is also a requirement that a licensee must be of “good moral character”.  Further, an applicant cannot “be addicted to alcohol, narcotics or other habit-forming drugs.”  Nor can the applicant have a conviction for a felony under the Controlled Substance, Drug, Device and Cosmetic Act.  Please contact me if you need assistance navigating the application process.  Once granted the license must be renewed every two years.
 
There is a grandfather provision that will allow current practitioners to obtain a license as well. Current practitioners have to apply within two years from the effective date and must meet other criteria which are unclear from the language of the statute as passed.  Representative Scavello has indicated that they must either be holding a current national certification or have been in continuous practice for three years to qualify.  However, the statute also lists requirements for education and training and actually requires both the certification and three years of experience.
 
Finally, under this act, all licensees are required to maintain one million dollars of professional liability insurance. 
The statute requires the Board to establish appropriate regulations within eighteen months and I have been told that the Board has started to draft regulations.  Hopefully, the statute will be amended and we will have regulations that will clarify the licensing requirements.

If you need any licensing advice or advice interpreting this statute pl