Issue link: https://nebusinessmedia.uberflip.com/i/1500054
wbjournal.com | May 29, 2023 | Worcester Business Journal 23 By Joseph T. Bartulis, Jr. Bartulis is the chair for the labor and employment law practice group for Worcester law firm Fletcher Tilton P.C. 10) A seven-day workweek, for pay- roll purposes, may start on any day of the week. Employers should consider establishing a workweek placing its busiest day(s) in the middle of its payroll workweek. If hourly employees work extra hours on the busiest days, the employer has the option of reducing employees' number of hours before the end of the workweek to keep them at or below 40 hours. 9) Set it and forget it. A seven-day work- week, once established, should remain fixed. 8) Only certain employees can be paid as exempt-salaried. Only employees who satisfy the salary test and the duties test under the federal Fair Labor Standards Act are eligible to be paid a fixed weekly salary. 7) Exempt means just that. Only hourly employees must be paid extra wages for extra hours. While employers may do so, no law requires them to pay exempt-sal- aried employees' extra when they work beyond their regular hours. 6) Overtime is triggered by the number of hours actually worked. Hourly employees are not entitled to time-and-one-half over- time for any hours paid beyond 40 where the hours being paid represent unworked paid time off, e.g. sick, vacation, etc. 5) No such thing as free work. Mass. law requires all hourly employees be paid for all time spent working. This includes any time hourly employees spend before the start or end of their shifts doing work the employer did not ask them to perform, or at least not outside their shift. 4) Employees must be paid weekly or bi-weekly, with limited exception for cer- tain exempt-salaried employees. 3) Bi-weekly is not the same as semi-monthly. Employees who are paid bi-weekly are paid 26 times per year. Employees who paid twice a month are unlawfully shorted two pay periods per year, in violation of Massachusetts law. Once a payday is established, it should remain unchanged each pay period. 2) Final pay. An employee who is terminat- ed must be paid all their final wages owed – including payment for accrued vacation time – on the day the termination becomes effective. 1) Dog ate my homework: no excuses for late payments. An employer who ne- glects to timely pay its employees exactly what they are owed exactly when they are owed it – regardless of the reason – are subject to a claim for treble damages and attorney's fees. K N O W H O W PATCH Act would require medical device manufacturers to ensure cybersecurity U nderperforming employees don't just cost companies time and money, they demoralize other employees, potentially impacting retention. But what should managers do to get underperformers to get their work up to snuff? First, check in with others (and yourself) advises Joseph Weintraub and Jean-François Manzoni at Harvard Business Review. It's possible there's a mismatch in what managers and employees think is important when it comes to performance. "You may have contributed," says Manzoni. "Aer all, it's rare that it's all the subordinate's fault just as it's rare that it's all the boss's." Ask others confidentially if you are missing anything in your considerations: Perhaps a former supervisor or someone who has worked with this person. Manzoni suggests saying this: "I'm worried that my frustration may be clouding my judgment. All I can see are the mistakes he's making. I want to make an honest effort to see what I'm missing." Reiterate job expectations, aer documenting poor performance and getting the employee's side of the story, says Andrea Boatman at AIHR. com. "Make sure that the employee understands what you expect of them and the areas that require improvement. Instruct them on all the tasks involved, and the standard at which the employee should fulfill them … Oen it is new hires who are uninformed about specific expectations," she writes, especially if they aren't clarified during the hiring process. Seeing issues with more than one employee? It's survey time. Underperformance in more than one member of a team could show the team needs additional training, according to Indeed's Jennifer Herrity. "Send out an employee survey to identify areas where they lack confidence," she writes. "If multiple responses mention that they want more daily direction, for example … Consider holding a morning meeting, checking on team members throughout the day, and providing feedback more oen." 10 THINGS I know about... ... Massachusetts wage and hour laws M O T I V AT I N G U N D E R P E R F O R M E R S BY SUSAN SHALHOUB Special to WBJ Michelle Drolet is CEO of Towerwall, a cybersecurity services firm based in Framingham with clients such as Scipher Medicine, Foundation Medicine, Dyne Therapeutics, and Palleon. Contact her at michelled@towerwall.com and 774-204-0700. MICHELLE DROLET Special to the WBJ A major vulnerability in DNA sequencing equipment was discovered, highlighting the risks of cyberattacks on medical devices. e vulnerability was found, of all things, in DNA sequencing equipment made by San Diego biotech firm Illumina; discovered by its security team and subsequently patched. Such an intrusion could expose sensitive patient data or allow threat actors to alter genetic data or diagnostic testing results. DNA sequencing is a powerful tool that has revolutionized the field of biology. It has allowed scientists to identify genes, understand how genes work, and diagnose and treat diseases. DNA sequencing is used to develop new personalized medicines tailored to the individual's genetic makeup. Anything touching DNA is a serious privacy concern, but it is also a concern for digital forensics and custom cancer treatments. An attacker could taint evidence of a crime, mess with someone's life-saving medical treatment, or cast doubt on a device manufacturer, which would pose an integrity attack. A vulnerability in DNA sequencing equipment could allow adversaries to gain access to sensitive patient data and use it to commit identity the, fraud, or to take control of DNA sequencing equipment. is could allow threat actors to disrupt the equipment, which W W could have an impact on patient care. Other manufacturers of medical devices need to take stock and take retaliatory measures such as compliance readiness and penetration testing to assess, prepare, and guard against vulnerabilities. Like computer networks, medical devices too are increasingly being connected to the internet, which makes them more risk-prone. Cyberattacks on medical devices are on the rise. A 2021 report from the U.S. government found healthcare accounts for nearly a quarter of cyberattack events, the most of all industries. is trend is expected to gain momentum as medical devices become more soware-driven and cloud-connected. In response to these threats, a bipartisan bill sponsored by Sen. Bill Cassidy (R-LA) in April 2022 called the Protecting and Transforming Cyber Health Care (PATCH) Act, would require medical device manufacturers to ensure the cybersecurity of their devices. ese requirements include conducting risk assessments, developing security plans, implementing policies to respond to cyber threats, and reporting security incidents like ransomware attacks. e security guidelines below apply equally to health care and other industries, including small businesses: • Implement security controls like firewalls, threat response, and intrusion detection systems. • Regularly patch soware and automate the updating of operating systems. • Educate staff on cybersecurity best practices, including regular security awareness training to help identify, block, and report phishing scams. • Conduct quarterly risk assessments and penetration testing. • Have a mitigation plan in place, including a contact list of first responders in the event of cyberattack. e PATCH Act is a significant step forward in the effort to protect patients from the risks of cyberattacks on medical devices. e bill is currently being considered by the Senate Health, Education, Labor, and Pensions Committee. W