Lighthouse Blog

One of the unanticipated consequences of the COVID-19 pandemic and the ensuing shift of office employees being forced to work from home, is the impact on counsel who must continue to direct forensically defensible collections for eDiscovery, investigations, and regulatory response scenarios. As employees adjust to remote work, they are increasingly commingling personal data sources, home networks, and corporate data, which in turn creates a wealth of new data sources that will need to be collected as potentially-relevant ESI.In my recent webinar, I discussed this significant shift to the “new normal” of digital digital-forensics and how information governance policies and IT security practices should be proactively extended to remote employees, as well as ways to mitigate future complications around forensic collections that will now need to be almost exclusively remote. Here are a few of the most important aspects to consider on how working from home impacts digital digital-forensics, and practical workflow strategies for handling remote ESI collections.Working from Home: The Digital digital-forensics ImpactThere’s a behavioral impact that automatically comes with working entirely from home, with less delineation between the workday and home life, and subsequently more temptation to use your work laptop for personal reasons. This behavioral impact is also mirrored in the reverse scenario where personal devices become more convenient to use for work. Although we were already seeing quite a bit of intermingling of data pre-COVID-19, this habit is dramatically increasing as home has quickly become the only workplace and there hasn’t been time for organizations to adopt new IT policies to tackle these issues.With the advent of this new remote workplace era, data (mis)management will remain with us for future matters and there will be a permanent impact on collections going forward. Among the top adjustments that need to be made is custodian questionnaires must be enhanced to scrutinize whether any relevant work-related data or communications reside on the custodians’ home devices. The same scrutiny will need to be applied to personal data potentially residing on work laptops as the opportunities for this type of data intermingling or “contamination” will undoubtedly continue to increase.ESI Collections: Practical Workflow StrategiesEven though we’re currently not able to travel onsite to acquire device and data source evidence, we can continue collections by relying on sound and defensible forensic remote strategies that are already in place. Collections from the Cloud are status quo and conducted remotely by definition, but for other ESI sources, we will favor targeted and logical collections over full physical forensic images.For remote collections on premise at an office that’s closed, if there’s a skeleton IT crew in place, screen sharing can be utilized to mimic the exact scenario of a digital-forensics professional being onsite to help load a hard drive or provide access into a server. For custodians sitting at home, the same process can apply and technical guidance can be provided remotely. If shipping is a safety concern, data can be uploaded by secure encrypted file transfer protocol (FTP) using software that can resume broken uploads or by utilizing fast data transfer solutions such as Aspera. Whether figuring out a safe way to transport encrypted hard drives back and forth or using remote data transfer technology, we’ll need to plan for increased turnaround times due to varying upload speeds from home and/or decontamination procedures that are implemented for shipping protocols.Key TakeawaysAs company and personal custodian data commingling grows during COVID-19, a permanent shift is happening in digital digital-forensics and eDiscovery. From a legal standpoint, it’s settled that company-related communication on personal devices is subject to discovery, thus custodian interviews and other information-gathering techniques to identify the relevant scope of a collections effort must be enhanced. And although data preservation and evidence acquisition tasks may take longer to conduct when onsite collections is not an option, the technology is already in place to ensure forensically sound and defensible remote collections now and in the future.To discuss this topic further, please feel free to reach out to me at JBui@lighthouseglobal.com.digital-forensics; information-governancelegal-operations, digital-forensics, information-governancecloud; collections; cloud-security; bloglighthouse

The overall impacts of COVID-19 are widespread and still very uncertain. The Law & Candor podcast team wanted to come together with this special edition to reflect on the current impacts and how they are affecting those the legal space and beyond.In this special edition, co-hosts Bill Mariano and Rob Hellewell, are joined by Lighthouse’s CEO, Brian McManus, to discuss his take on the industry impacts of COVID-19. The group discusses shifts in company priorities, common themes being heard throughout the industry, as well as the downstream implications this pandemic could have on the legal space by answering the following key questions:What are key company priorities?What are current employee safety priorities and items to be aware of?What is the industry saying?What will be the lasting impact of COVID-19 on the legal space?In conclusion, they share top takeaways from the episode. If you are interested in listening, click here. To join the conversation on Twitter, click here.Catch up on past seasons by clicking the links below:‍Season 1Season 2Season 3For questions regarding this podcast and its content, please reach out to us at info@lighthouseglobal.com.ediscovery-reviewcloud, self-service, spectra, cloud-security, blog, ediscovery-review,cloud; self-service, spectra; cloud-security; bloglighthouse

A good discovery strategy goes beyond complying with production obligations. When preparing for discovery matters, law firms and legal corporate departments most often focus on developing a compliant and cost-effective responsive review capability with the appropriate expert personnel, technology, and workflows. After all, once in place, a tested responsive review capability can provide legal counsel the cost predictability, security, and control needed to focus on legal strategy early on in large litigation matters.Yet, while it is necessary to develop a reliable in-house or managed responsive review capability for document-intensive litigation, being ready for the demands of modern day discovery extends beyond complying with production obligations. Most notably, the work of fact-finding often continues well after production, and introduces its own unique complexities and opportunities requiring special tactical attention.Responsive review and finding key documents require different workflows. There is a substantive difference between identifying what is responsive for production versus honing in on the key information that ultimately decides a case or investigation. While responsive review focuses on compliance with negotiated and documented requests for production, targeted fact-finding focuses on legal hypothesis-testing and story development in an actively changing and open-ended context.As such, the mix of skills, technologies, and workflows required for responsive review does not necessarily extend beyond the production phase. Honing in on key documents and dispositive information buried in large data sets requires tactical agility and adaptation that efficient responsive review approaches limit by design in order to achieve production compliance at scale.Targeted fact-finding requires an iterative process and an expert team.A common need shared across fact-finding case teams is quick identification of key documents to help develop a robust and coherent fact-based narrative. Rather than casting a broad net to look for similarities among documents as you would do in a responsive review, fact-finding teams require an ability to sleuth through large data sets in order to identify key players, reveal hidden connections between them, and establish an overall picture and timeline of what happened.More specifically, rather than leveraging linear review workflows—even those optimized by technology-assisted review (TAR)—targeted fact-finding is best supported by iterative workflows in which attorneys and discovery experts deeply familiar with the case conduct tailored interrogations of the data to find the information that will best help with developing the case team’s understanding of the matter.Broaden the notion of discovery for better preparedness. Limiting discovery preparedness to achieving scalable responsive review gives short-shrift to developing a capacity for targeted fact-finding. Broadening the notion of discovery preparedness to include fact-finding means reassessing your discovery capabilities beyond production-oriented questions, such as what number of documents will require eyes-on review or what level of accuracy can be achieved. It makes sense to make more qualitative, legal expert-based assessments such as: Have we been able to uncover the full extent of the relevant fact pattern? How confident are we that we have connected the dots regarding who acted improperly and who had knowledge of it?To answer these sorts of questions, senior members of the litigation team need to be actively informed at a granular level regarding fact-finding approaches and outcomes. A robust and effective fact-finding function can provide a critical advantage in not only witness and trial preparation, but also in early case assessment, internal investigations, and government subpoenas, increasingly important discovery contexts to consider in light of increased regulatory, shareholder, and public scrutiny of corporate fraud and wrong-doing.For more on fact-finding, see: eDiscovery for Investigations: Different Goal, Different Approach. ediscovery-reviewblog, ediscovery-reviewbloglighthouse

Executive SummaryThe GDPR and Data Subject Access Requests (DSARs) are a key reason why companies are starting to focus their attention on information governance strategically, as opposed to simply reacting each time they get a request. With GDPR, companies have seen a significant increase in DSARs and the resulting requirement to look inwardly at their data landscape is timed perfectly with advances in cloud computing.Inconsistent NeedOver the last 20 years, I have assisted clients in responding to triggering events such as litigation and investigations by helping to identify where their data is and how to retrieve, preserve, and filter it for legal review. Rarely have those same clients been interested in proactively implementing information governance frameworks and policies without a consistent need to do so. A General Counsel once told me they face an investigation about as often as every Olympic cycle, so they don’t prioritise resources to prepare for such an infrequent event.The GDPR and associated DSAR obligations have provided exactly this motivation. However, this stick has combined with the carrot of cloud computing to provide the right mix of requirement and capability, not just to make compliance a token project stream within a company, but an enterprise-wide strategic initiative to focus on how data is generated, accessed, managed, and deleted. Common and Civil Law EnvironmentsThroughout my career, I have worked closely with companies in mainland Europe and the Middle East on cross-border litigation and investigations. In my experience, companies operating in civil law jurisdictions are not as familiar with the eDiscovery process as their common law counterparts unless they have faced regulatory scrutiny (such as companies in the financial services or technology industry). This is because they and their counsel do not face the same discovery obligations and thus have not traditionally focused on gathering evidence to produce to a court or third party. The result is inadequate retention procedures and disconnected strategies regarding data management.However, one thing all companies have in common is that using technology to make data management more efficient has become essential as data volumes grow. For example, DSAR responses may not be as ‘normal’ in mainland Europe as they are in the US or UK, but they have universally added motivation to those tasked with managing data within the company.Information Governance Buy-InNow that awareness has increased on the significant consequences of holding certain data longer than you need, senior leadership is prioritising (even at board level) how to effectively manage data within the company. This comes at a time when most companies have moved or are moving to the Cloud. According to Microsoft, “97% of Fortune 500 and 95% of Fortune 1000 companies have Office 365.” Notably, these companies are not moving to the Cloud for compliance or eDiscovery reasons, they are doing so for overall enterprise reasons including streamlining IT operations by moving off premise, giving employees access to modern workplace tools, and for security purposes. But as a bonus, when it comes to comprehensive cloud platforms such as Office 365, information governance, compliance, and eDiscovery tools are already included.Cloud Relevance for Legal TeamsNow that companies are shifting their focus to information governance, what can legal teams do to utilise the investment they’ve made in cloud computing? Since business efficiencies are important but not what legal is primarily concerned about, risk management is the key and to that end, data management is the order of the day. With increased GDPR penalties looming and cloud capabilities at their disposal, lawyers are now turning to the central pillars of information governance – document retention, categorisation, preservation, defensible deletion, identification, collection, and, depending on cloud maturity, data migration.For example, utilising functionality within Office 365, a company has a fighting chance to develop very effective and granular document retention policies that actually work and are dynamic (rather than a dusty document no one ever refers to). Categorising a document (or having it automatically categorised) when it is created, as well as determining, based on its content, when it will be deleted, is a very powerful capability. Setting email and chat message retention based on a defined policy is a significant achievement that goes a long way to limiting what data is kept and for how long.Not Just TechnologyAs GDPR and the Cloud have revolutionised information governance and provided the motivation and capability to address new and existing risks and inefficiencies, for these technology solutions to work in the long term, there needs to be a strong focus on people and processes. Change management has always been the Achilles heel of technology implementation and it is no different for Office 365 when it comes to effective information governance. First and foremost, understanding who in the company has responsibility for various processes needs to be determined. For example, who will respond to a DSAR? Who will create the data searches, preserve the data, and retrieve it for review? When it comes to labelling a document, what is the criteria for determining what qualifies as personal data? How does the technology assist in the decision making? How can a remediation exercise tie into an ongoing retention policy?Overall ComplianceIt is very hard for a multinational company to become 100% GDPR compliant. However, the Cloud offers significant capability for a company to take very reasonable and appropriate measures that go a long way. It’s better to be in the middle of the sheep pack than on the outside when the wolf is close and modern cloud technology allows companies to develop enterprise-wide frameworks to better manage their data. Let the regulators worry about companies with no demonstrable plans, not those who have made comprehensive changes to their data landscape. Even for companies that are not used to the fraught discovery world of US or even UK discovery, information governance has become a key priority due to GDPR and increasingly complex data environments that can now be managed in an effective and coordinated manner.More on this topic can be found in this article, Three Steps to Tackling Data Privacy Compliance Post GDPR. To discuss this article further, please feel free to reach out to me at MBrown@lighthouseglobal.com. data-privacycloud, gdpr, dsars, blog, data-privacy,cloud; gdpr; dsars; blogmichael brown

Season three of Law & Candor, the podcast wholly devoted to pursuing the legal technology revolution, is now available for your listening pleasure. Click the image below to binge season three now or keep scrolling for more details on the latest season. Law & Candor co-hosts, Bill Mariano and Rob Hellewell, have done it again. They have developed yet another riveting season of content by bringing on industry experts from AstraZeneca, Dentons, Dignity Health, Goulston & Storrs, GSK, and Lighthouse to discuss hot topics within the eDiscovery, compliance, and information governance space. Season three is filled with valuable takeaways, practical tips, and lots of banter along the way. See the season three episode lineup below:Tackling Big Data ChallengesData Privacy in a Post-GDPR World: Facing Regulators and Ensuring Compliance Through Rock-Solid Information Governance PracticeThe Future of On-Demand SaaS Software for Small Matters – A self-service, spectra Model StoryNew Efficiency Gains in TAR 2.0 and CMML RevealedHow Microsoft 365 and GDPR Are Driving a Proactive Approach to eDiscovery Across the GlobeeDiscovery Shark Tank - What’s Worth Your Investment in 2020?Each episode is bingeable and available on your podcast platform of choice including Apple, Spotify, Stitcher, and Google. Check them out now or bookmark them and listen later. Follow the latest updates on Law & Candor and join in the conversation on Twitter. Catch up on past seasons by clicking the links below:Season 1Season 2‍‍For questions regarding this podcast and its content, please reach out to us at info@lighthouseglobal.com.ediscovery-reviewmicrosoft, cloud, gdpr, self-service, spectra, data-privacy, ai-big-data, cloud-security, tar-predictive-coding, blog, ediscovery-review,microsoft; cloud; gdpr; self-service, spectra; data-privacy; ai-big-data; cloud-security; tar-predictive-coding; bloglighthouse

In honor of International Women’s Day 2020, Lighthouse is featuring female leaders within the industry who actively choose to challenge stereotypes, fight bias, broaden perceptions, improve situations, and celebrate women's achievements. Below are spotlights on each of our 2020 featured females helping to make a gender equal world. Check them out!1. What does a gender-equal world mean to you? It means a meritocracy where everyone with skill, hard work, and imagination may aspire to, and actually can achieve, the highest level regardless of gender. It means the elimination of explicit and implicit biases that can skew professional relationships and result in disparate opportunities. It means having a voice and a seat at the table earned through performance and not being sidelined because of gender.2. How do you personally challenge stereotypes and/or fight biases around females in the workplace? I was raised in a counter-stereotypical environment. My mother was the primary breadwinner and a full-time working professional, while my father took on most of the childcare responsibilities after a full work day of physical labor that began at 5 a.m. I grew up playing backyard tackle football with my brother and male family friends in mud, ice, and rain, and they did not go easy on me. I then joined the Marine Corps. Until a few years ago, I never had the perception that there were limits on what I could achieve because I am female.Unfortunately, I am now intimately aware of the ugly reality of gender discrimination. My experiences allow me to better understand the elements that contribute to disparate treatment and what can be done to address them. Raising awareness of these issues in a more vocal way is in the works. I have never been afraid to challenge the status quo (like using predictive coding in 2012) and I will continue to do so to effectuate positive change.When faced with bias in the past, I researched and gathered information regarding best practices to address such issues. I presented recommendations to leadership and organized events to build community and provide training. I continue to provide mentorship and support to other women. And, I challenge stereotypes by persevering as a working mom in big law.3. How do you celebrate other women's achievements? I like to spread awareness of other women’s achievements and provide other women opportunities to shine. I go out of my way to ensure key decision makers know about the accomplishments of other women.4. What recommendations do you have for others looking to ensure a gender equal workplace? For those trying to establish best practices internally, there are a myriad of resources available. For example, the Center for Worklife Law, spearheaded by the Professor Joan Williams, provides an array of practical tools, model policies, training, and best practice guides. Vote with your feet and dollars. If efforts to effectuate change internally fall on deaf ears, go somewhere else where there is a demonstrated commitment to providing a level playing field. Dentons is truly invested in supporting women, as apparent through their review processes, bias training and safeguards, development and authentic leadership diversity. Support vendors and consultants who demonstrate gender equality. Be cognizant of who you work with and keep busy. Build community.1. What does a gender-equal world mean to you? To me a gender-equal world means not having to over analyze each piece of my daily life to assure my value is recognized by all participants. It means not having to change my approach, tone, or demeanor to be heard by my male colleagues. It means I can be ME.2. How do you personally challenge stereotypes and/or fight biases around females in the workplace? I personally challenge stereotypes at my firm by being a strong leader, volunteering for important projects, speaking up in meetings, offering feedback to my colleagues equally, male and female. Importantly, I recognize my value to the firm. I am BRAVE. I am CONFIDENT.3. How do you celebrate other women's achievements? Through my leadership in the GOIC Lean In Circle and membership in the Diversity and Inclusion Committee at Orrick, I help host events and provide a forum for women’s accomplishments to be recognized. When working with my colleagues and teams I assure that credit earned is given.4. What recommendations do you have for others looking to ensure a gender equal workplace? Be persistent! Be ambitious! Don’t settle. Recognize your value. People live up to expectations. Make your value known, expect credit. If you don’t get it, seek it out. If you don’t expect to get the next big project, you may never get it. Volunteer and make your voice heard.1. What does a gender-equal world mean to you? A human is recognized for "their" personality and knowledge in all capacities. Mental and physical health are supported and provided for without bias. "We" are respected for virtues both positive and negative.2. How do you personally challenge stereotypes and/or fight biases around females in the workplace? Initially and always, listening. What's the reason for the bias? Challenging the responses with actions, calmness, and, ultimately, calling out the unbalanced views. Empathy to all is the sincerest way to "fight" and remove bias.3. How do you celebrate other women's achievements? I like to send notes or cards to congratulate as a small but personal article of celebration. Telling women how fantastic the achievements are and discussing them in other communities. Sharing the knowledge equates to opening new conversations or relighting old topics.4. What recommendations do you have for others looking to ensure a gender equal workplace? Develop an altruistic culture focusing on team dynamics, envelop clients into team and workspace initiatives, and, importantly, talk about it! Publicise the how, the who, and the why.1. What does a gender-equal world mean to you? It means fair treatment across the gender identity spectrum. It does not mean we have to look, talk, or act the same. We all bring something unique to the conversation and should be celebrated equally for our contributions. Rights, opportunities, obligations, and pay should not take gender into consideration. 2. How do you personally challenge stereotypes and/or fight biases around females in the workplace? My workplace makes diversity a priority. That being said bias still exists, often when you least expect it. When you experience bias, gather your thoughts, speak up, and don’t tolerate bad behavior. Set an example by never apologizing for being at the table. Your opinion matters so speak with authority. 3. How do you celebrate other women's achievements? We’re often bad at celebrating our own achievements, making it more important that we celebrate each other. Words of encouragement when things don’t go as expected and notes of recognition when they do. Use your organization's award, bonus, and feedback structure, especially if achievements were missed by the broader group. 4. What recommendations do you have for others looking to ensure a gender equal workplace? Begin with the end in mind. My organization works hard to expand our candidate pool, rethink our interview process so that a diverse panel interviews candidates, and set up mentor and onboarding programs that match diverse candidates. For my team, work life balance, flexibility, and open communication have been key.1. What does a gender-equal world mean to you? I aspire to a world where we equally value the attributes of all genders and celebrate the power of teams of people with different experiences, perspectives, and strengths. It may seem funny, but when traveling for business, I am often struck by the fact that I am the only woman in the hotel restaurant at breakfast. It would be inspiring to see that change. 2. How do you personally challenge stereotypes and/or fight biases around females in the workplace? My career path and non-partner role defy stereotypes. In my role, I strive to create an environment where it is safe to disagree and challenge the status quo. The success of my team shows that when you refuse to do things as they have always been done by the same people who have always done them, great things can happen. But, most of all, I love what I do contrary to stereotypes!3. How do you celebrate other women's achievements? As a team we foster meaningful relationships and connections among women so that we can lift each other up and challenge one another. We are active in Women in eDiscovery and She Breaks the Law, and recently nominated 16 women to the ABA Women in Tech list. When selecting vendors, technology solutions, and making investments via our legal tech fund, we look at whether the company has women in senior leadership roles. 4. What recommendations do you have for others looking to ensure a gender equal workplace? Re-imagine the skill set and talent profiles for new hires. Women are under-represented in senior leadership positions in the legal and technology industries. To expand your talent pool, look for candidates in other industries and value innate ability over previous titles and years of experience. Give early opportunities and invest in creating the next generation of women leaders. 1. What does a gender-equal world mean to you? At a basic level, gender equality means having gender never enter into the equation. However, for my everyday reality, it means a workplace where being a working mother that values and prioritizes time with her family does not count against me and is actually celebrated. 2. How do you personally challenge stereotypes and/or fight biases around females in the workplace? As a manager, I promote an environment that has open and honest communication and treats everyone equally. As a mother, I am raising my two young boys to think of women as not just equals, but as powerful forces. 3. How do you celebrate other women's achievements? As the world comes closer to gender equality, it is important that we reward all individuals in a way that does not create a greater divide. At a basic level, this means rewarding people for the quality of work they do and not just the number of hours they put in. 4. What recommendations do you have for others looking to ensure a gender equal workplace? There are a number of actions companies and individuals can take to help ensure gender equality in the workplace. These can be as simple as removing names from resumes to make them gender neutral, create pay bands based on position and not previous salary, and using gender neutral leave policies. 1. What does a gender-equal world mean to you? A world where gender is no longer a barrier to equal opportunity. A world free of the biases and prejudice currently associated with gender, both overtly and unconsciously, where everyone has a chance to develop their potential. 2. How do you personally challenge stereotypes and/or fight biases around females in the workplace? I support diversity in groups and teams, both during the hiring phase and after hiring. When hiring, I work with recruiters to ensure a diverse applicant pool. When managing, I encourage inclusion and collaboration, thereby allowing for a wide range of perspectives and opinions from which everyone will benefit.3. How do you celebrate other women’s achievements? Whenever a female colleague accomplishes something important, I take the time to recognize, support and encourage her. Where possible, I do so in person. In addition, and where necessary, I also use one of the other myriad avenues for such recognition, including email, phone, text, social media, company intranet.4. What recommendations do you have for others looking to ensure a gender equal workplace? Use best efforts to support and encourage diversity, and celebrate important accomplishments. Start during hiring, working with recruiters to ensure it includes both women and men. When managing, encourage inclusion and collaboration, encourage everyone to develop their potential, and take the time to celebrate the successes.1. What does a gender-equal world mean to you? Girls are often encouraged to believe they can do anything they set out to do, as long as they aren’t too loud about it, because, after all, they must behave like proper young ladies. In a gender-equal world, girls should be as brash as they wish and women should tout their accomplishments.2. How do you personally challenge stereotypes and/or fight biases around females in the workplace? I lead by example, making sure my voice is heard. When I run meetings, I ensure that every participant has the opportunity to contribute if they wish. I acknowledge great ideas put forth by women when their male counterparts try to co-opt them.3. How do you celebrate other women’s achievements? I choose words carefully when describing women’s achievements to ensure they are gender-neutral and give credit that is deserved. I use active voice to indicate a female team member has worked for her accomplishments, rather than phrases that seem to imply she was lucky to have something happen for her.4. What recommendations do you have for others looking to ensure a gender equal workplace? If you feel overlooked in the workplace, develop allies and mentors. Allies are female and male counterparts who will amplify your voice. Mentors can help navigate workplace politics and educate male-dominated leadership on the importance of gender equality.1. What does a gender-equal world mean to you? A gender-equal world is on in which all people, regardless of their sex, have the same opportunities and receive equal compensation.2. How do you personally challenge stereotypes and/or fight biases around females in the workplace? I definitely lead by example. As a leader in my organization, I also have a responsibility to identify and correct when stereotypes or biases surface. I find one-on-one conversations with a person who has articulated the stereotype or bias is effective. Some people don't even realize that they have biases. It is important to me that I am known for cultivating a fair work environment for everyone.3. How do you celebrate other women’s achievements? Women need more professional mentors. I seek mentors out myself and I have served as a mentor for many other women in my career. I celebrate the achievements of the women I have mentored with a personal note or even a quick text. I have close professional female counterparts at other organizations. We are intentional about staying connected. Congregations with these ladies at industry events often turn into think tanks of sorts and we are always celebrating someone's latest accomplishment. Women have to hold up and support other women.4. What recommendations do you have for others looking to ensure a gender equal workplace? If you are in the job market, look at the leadership of the organization. That will speak volumes about their efforts to ensure a gender equal workplace. Ask about their commitments to gender quality and any corporate programs they have in place to support those efforts. If you are in a company that lacks in this area, take the initiative to raise it and spearhead a proposal to help them elevate their efforts.A big shout out to the women who participated in our International Women's Day Campaign focused on #EachforEqual! Take a look at our 2019 International Women's Day Campaign. diversity-equity-and-inclusionediscovery-process, blog, diversity-equity-and-inclusion,ediscovery-process; bloglighthouse

When it comes to data privacy in healthcare fraud investigations and litigation, there is more than HIPAA to consider. Fraud investigations and litigation in the healthcare industry are growing. Whether these matters are handled internally or involve external parties to produce to, increased regulatory scrutiny — coupled with vast amounts of data generated by healthcare organizations — has created a pressing need for such organizations to become more adept at comprehensively inventorying, accessing, and reviewing internal data sources for potential fraud.A perennially tricky issue, and one that is just getting thornier, concerns how to treat sensitive, private data in a healthcare context. Healthcare organizations need to be mindful not only of carefully managing protected health information (PHI) subject to the Health Insurance Portability and Accountability Act (HIPAA), but also protected consumer information, which is now subject to regulations such as the California Consumer Privacy Act. Challenges and costs related to being compliant with these regulations are growing and setting themselves up to be just as substantial as managing privilege in litigation.Healthcare data: What privacy rules apply?To make sure these new compliance requirements do not inadvertently extend timelines or burn through budgets, those managing healthcare fraud matters need to proactively take stock of which regulatory regimes concerning personal data are applicable in their case and what data sets being reviewed in their matter could potentially have personal data subject to regulation.Now there is certainly a gray area in distinguishing between protected health information and protected consumer information in a healthcare context. Technically, information is PHI (and therefore subject to HIPAA) if it is created or received by a healthcare provider or health plan. But in today’s data-driven environment, there are a variety of touchpoints between consumers and healthcare services (e.g., marketing data analytics, customer service records, fitness app logs, fringe benefit tracking) that defy traditional understandings of what exactly differentiates PHI from a broader pool of potentially protected consumer data.So, whether subject to HIPAA or CCPA or other privacy mandates, healthcare companies nowadays need to be able to track potentially protected information across all of their data sources, including those not traditionally considered sensitive in that they do not contain information such as health histories, lab test results, or medical bill information.Healthcare fraud: Muddying the data privacy watersThe nature of healthcare fraud further complicates an approach to identifying and appropriately treating sensitive personal data. Matters related to false claims, physician self-referral, Medicaid/Medicare fraud, improper kick-backs, or non-compliant contract and billing practices (to name a few), most often require delving into internal email communications to understand to what extent a fraudulent pattern exists within the organization under investigation, thus enlarging the data pool subject to privacy mandates.The internal work of sorting out billing and coding issues is a messy affair that involves relaying a variety of details of specific patient treatment across multiple related emails. Methodically tracking how these questions get resolved internally over time is at the heart of good healthcare fraud investigation and litigation practice. And carefully treating the sensitive data involved in these conversations is a responsibility that comes with it. If, for instance, you are relying on techniques to extract personal data that have only been tested on structured electronic medical records, you will be missing data that is potentially protected in relevant email discussions.Similar to the task of finding potentially privileged information in large document sets, identifying and treating personal data in healthcare fraud requires its own dedicated workflow, leveraging a mix of tools and methods. The key to successful identification and treatment of protected personal data is being deliberate about the process you design and implement, and specific about the tools you are integrating into it.data-privacyblog, data-privacybloglighthouse

Last year, California passed legislation that alters civil discovery procedures and significantly impacts discovery for all litigants in state court. This change in the state court rules of civil procedure essentially makes it mandatory for the producing party to identify the specific discovery request to which each and every document is responsive. Many fear this new rule will exponentially increase the cost and burden of discovery requests. The good news is there’s a simple solution: use technology to easily automate the process. In this blog, I’ll discuss a brief overview of the rule, the potential impact, and how technology can save the day and provide an automated and cost-effective solution.The RuleBeginning on January 1, 2020, California’s Code of Civil Procedure § 2031.280 was amended by legislation S.B. 370 to make it a requirement that documents planned for production identify “the specific request number to which the documents respond.” Prior to this rule (and as is the case in the majority of jurisdictions both in federal and state courts), documents could either be produced as they are maintained in the usual course of business, or organized to correlate with the categories in the discovery demand. By mandating this new way of organizing and labeling documents, S.B. 370 marks the establishment of a major new requirement for document productions and impacts all pending and active cases that are subject to California’s Civil Discovery Act. Of note, the new rule is vague on the procedural front and fails to identify how exactly litigants should fulfill the requirements, leaving open questions that courts will likely need to address in the future.Potential ImpactThe rule change is weighted towards the goal of saving the requesting party time and streamlining reviews so that large quantities of documents aren’t received without any indication of which discovery request they relate to. Litigants are also concerned, however, that a heavy burden in terms of time and cost is created by S.B. 370 for producing parties. Imagine a case involving a large-scale ESI production with thousands upon thousands of documents where the producing party must go through and manually identify every document and exactly which request it is responsive to. The time it would take to manually organize a large production at this level would almost certainly greatly increase the length of the review due to the challenge that is involved with manually determining how each document correlates to a specific discovery demand. Ultimately, the biggest potential impact of S.B. 370 is higher litigation costs as a result of a lengthened review if a manual process is left in place.The SolutionWhen contemplating the bigger burden this new rule might place on producing parties, there’s also a unique opportunity that presents itself. With the use of technology, large reviews can be managed with an automated solution that would decrease the time from review to production and reduce costs. At a high level, the solution would entail:Identify the Issues - Identifying a comprehensive list of issues involved in the review.Map the Issues - Once the issues are understood, they would be mapped to a numbered list of specific discovery requests.Review and Tag - Armed with that organizational structure, the reviewers would conduct their document review and tag the documents by issue as per usual. At the completion of the review, the solution would automatically link the documents to each category based on the original map we created at the commencement of the review.Report Back - A report could also be generated to be provided with the final production set. That list could be produced in a sortable spreadsheet or it could be automated to connect to separate tags within the review database so it could be searched as contemplated. With S.B. 370 now in effect, it’s important to set up an automated process that will address the changes and potentially create a better organized and more cost-effective review. ediscovery-reviewediscovery-process, blog, ediscovery-review,ediscovery-process; bloglighthouse