OT: Club Schmitz is Closing. Since sometime in the mid 1990's, most summers I host a group of summer clerks at my law firm at something we like to call "Dallas Dives." While other lawyers take the clerks to lunch at different "dive" locations around the city, my Friday midday trek is always to the same place, Club Schmitz. Opened in 1948 (and they've never changed the grease in the fryers since), it is the prototypical dive: burgers, cheap beer, and all things fried, served in broken-down cracked-vinyl booths and wobbly tables arrayed across a broken linoleum floor. Golden Tee has replaced the pinball machines, but the pool table and shuffleboard are still there. The building is a squat one-story cinder-block fortress, with bars on the windows and one door out each side. A good place for a gangster's hideout, since the cinderblocks could stop bullets and there's always a way to escape. It's the closest thing to a
McSorley's that Dallas could hope for.
And it is no more, or will be May 31.
I have no idea how many times I've been to Club Schmitz, and couldn't even guess. I don't know the exact date of my first visit, either, but I can say with some certainty that it was probably in September of 1980, early in my first semester at the University of Dallas (when the drinking age in Texas was 18). Club Schmitz, along with Diamond H and Luke's Outhouse, was a UD hangout, for cheap beer and cheap burgers and chili. There were plenty of old folks hanging around, but they weren't bothered by the boisterous college kids; I figure now that they saw themselves in us to some degree, perhaps even envying us.
Schmitz was usually a nighttime place for us back then. When I moved back to Dallas in 1994, at some point I went there for lunch. And went again. And again and again. It wasn't a daily thing or anything; I probably got in the habit of going once a month or so. Often with friends, clients, co-workers, other lawyers, but as often alone. I found that I could take work there, spread out at one of the booths near a window (to get some sunlight in an otherwise dark bar), and get more done over lunch -- with no disruptions -- than I could in the entire morning in my office. Every third or fourth trip, I'd run into someone I knew from work, church, school, the real world, managing partners of law firms and executives of energy companies, all taking advantage of the guilty pleasure of a greasy lunch. More than once I saw the Chairman of Southwest Airlines, Herb Kelleher, there with a handful of Southwest execs. Everyone goes to Schmitz's.
My one somewhat constant Schmitz companion was my associate Karen Pyatt. If we were out seeing a client, or just needed to get out for lunch, Schmitz was always on the list of choices. Sometimes it was her, sometimes me, but occasionally one of us just
needed the grease, and off we went. Karen still refers to Carol, one of the two usual waitresses (not the one who waives at the trains), as the "Hotel California waitress:" sort of a you-can-check-out-but-you-can-never-leave type who is always there at lunch. We came in one noontime and Carol immediately came to our table with a pair of sunglasses. "Are these yours? I think you left them last time." They were, and I had. It had probably been a month before that I left them, but she knew I'd be back. And I was. When was the last time that happened to you at a restaurant?
I don't know the last time I actually had to place an order -- I always get the same thing: "double double pops, all the way." Double meat, double cheese, all the trimmings, and tater pops; not tater tots, these are chopped potato bits with jalapeno peppers and cheese, deep fried into hush-puppy-sized balls of heaven. And a huge glass of iced tea (it would've always been beer at UD, but if I did that now, I'd never go back to work). When I walk in, I always know that Carol or the other waitress has spotted me when I hear them call back to the bar for my iced tea. She'll deliver my iced tea, and ask, "the usual?" I'll say, "of course," and she'll say, "good, because I already put in the order."
Most summers, during the Dallas Dive visit, at least one of the summer clerks (law students between their second and third year of law school, interning with the law firm to try to show off their skills and earn an offer back for a post-law school job) will ask how long I've been going there. I'll tell them that I started Schmitzing sometime in September 1980. Once, upon hearing that, before she could stop herself, a young woman blurted out, "Wow, that's before I was. . . . " Have you ever seen someone try to suck the words they've just spoken back into their mouth? She was mortified that she had just insulted a partner and the firm she wanted to work for. I just smiled and said, yes, I've been coming here longer than you've been alive. Hopefully you'll appreciate the charm and understand why.
I'll drag one more class of summer clerks, the last one, out there next month; we had originally planned on May 30 for the Dallas Dive visit, but decided to move it up a week -- the penultimate day will probably be too crowded for the size of the group we're likely to bring.
My youngest Mary loves the place; my wife Anne Marie, despite her UD credentials, doesn't.
It's not for everyone, but it really has been my place for a while. And I'm really sad to see it go.
UPDATE: I went back to Schmitz's today for lunch (only a month left), and asked Carol the name of the other waitress: Andi. All these years, now I know.
Right Now: I'm listening to Kristen Rosati talk on "Anatomy of a Health Care Data Breach at the UT's Health Law CLE seminar. A couple of key points on hands-on dealing with a breach:
- No definition of "compromise"
- If misdirected email, recipient agrees to delete, and you can "document the heck out of it," probably don't need to report it.
- Risk analysis should document analysis of each factor if determining that reporting isn't required.
- Prepare in advance for a breach: who needs to be involved, including a committee of stakeholders; maybe lawyer (especially outside counsel) to protect attorney-client privilege;
- Move quickly to interview appropriate folks, including law enforcement if applicable;
- Implement correction action, even before correction action starts (map the steps out and follow up on them)
- Mitigate, fix, retrain, and document every step
- Fix within 30 days -- if no "willful neglect," it gives you an affirmative defense
- Make sure your notice has all of the specific regulatory requirements, especially once Marketing changes it
- Notification to media also has to be within reasonable time, but not necessarily at same time as notice to individuals (can give individuals a little advance notice to manage relationships)
Look at your BAAs and make sure notice responsibility from BAs is clear, including who go report to (regular "notice" provision probably isn't right, you want them notifying the Privacy Officer). Also, BA reporting time is subsumed into CE's reporting, so it should definitely be shorter than 60 days (hopefully within time for CE to meet the 30-day response for an affirmative defense). BA's might want to keep a matrix of their reporting obligations under all of their different BAAs.
OCR reviews the 500+ breach reports daily and regional offices confirm that entity actually submitted the report. If you get that call from OCR, you should already be working with your response team. Even though OCR folks are nice, it is a formal investigation, so keep a record of your communications with OCR.
State AG penalties are capped at the old $25,000 level, not the new $1.5 million level. Each individual and each day of violation count as separate violations (you get to $1.5 million quickly), and one act can violate more than one requirement.
On the flight down, I read HCCA's monthly magazine, and saw a Privacy Officer refer to "LoProCo" as shorthand for "low probability of compromise;" I will use that handle.
#LoProCo
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template
