Photo of Neal Roach Jr.

Neal’s practice focuses on transactional matters for companies for whom technology is critical, with a focus on intellectual property licensing.  He has represented numerous startup and high-growth companies on a broad range of matters, including advice on intellectual property protection, management and licensing; contracts; FDA and other regulatory issues; corporate structure and governance; sales and marketing regulation; healthcare compliance; reimbursement; strategic partnership relationships. In addition, Neal frequently advises healthcare clients and life sciences companies regarding the application of HIPAA and state patient privacy laws. Neal currently serves as chairperson of Taft’s Technology Services industry group.

Last summer, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security (SHIELD) Act. The SHIELD Act’s data breach notification requirements are already effective and the law’s data security requirements go into effect on March 21. Any company that does business in New York or has customers in New York needs to understand what the law requires.

New York, like many other states, has a data breach notification law that requires businesses to notify consumers when a breach occurs. The SHIELD Act goes further than New York’s previous law, both in its definition of what type of information is covered and in reaching companies that may not have any connection to New York except for having information about New York residents in their database. The SHIELD Act:


Continue Reading

Income tax season is arriving, and your company will soon be issuing W-2 forms to all of its employees. Now is a good time to remind all payroll and human resources personnel that a W-2 phishing scam, which has been around for a couple of years, is likely to arise again this year.

This phishing variation is known as a “spoofing” e-mail. It will contain, for example, the actual name of the company chief executive officer. In this variation, the
Continue Reading

On Monday, March 21, 2016, the Health and Human Services Office for Civil Rights (“OCR”) began the long-awaited Phase II of OCR’s random audit program to determine compliance with the patient privacy provisions included in the Health Insurance Portability and Accountability Act (“HIPPA”). As we discussed earlier here, these audits will extend beyond simply covered entities and will also include business associates.

Covered entities and business associates will receive an email from OCR entitled “Audit Entity Contact Verification.”  This
Continue Reading

global techThe agreement that allowed the transfer of personal data between businesses in the United States and the European Union was invalidated by the European Court of Justice on October 6, 2015. This “safe harbor” agreement had been in place since 2000. The Court’s decision throws into doubt the data collection and transfer practices of countless US businesses.

The safe harbor agreement was necessary because, under the European Data Protection Directive, the US is not considered to be a country with
Continue Reading

After several months of delay, the Health and Human Services Office for Civil Rights (“OCR”) has selected a vendor to begin Phase II of OCR’s random HIPAA audits mandated by the HITECH Act.  The program’s first phase included over 100 pilot audits, and phase II was to have begun in late 2014. While the first round of audits included only covered entities, OCR will include business associates in the next round.  The audits will assess compliance with the HIPAA privacy,
Continue Reading