[Med-privacy] two re: HIPAA
pmarshall
pwm@comcast.net
Wed, 23 Jun 2004 19:37:28 -0700
H I P A A L E R T -- Vol. 5, No. 5 -- June 23, 2004
ATTITUDE OF HEALTHCARE PRACTITIONERS & WORKERS ABOUT HIPAA
Although most healthcare practitioners have long been aware of the=20
concept of patient confidentiality and have recently been provided=20
focused HIPAA privacy training, many of those working within care=20
settings seem less than knowledgeable (or committed to) the overall=20
concept of helping patients understand their rights relative to=20
protected health information (PHI). Anecdotal tales abound of the=20
inconsistent, and sometimes bizarre, manner in which healthcare=20
professionals display their understanding of the HIPAA privacy regulation=
s.
It is not uncommon to hear doctors, nurses and other practitioners use=20
the phrase "all this HIPAA stuff" or "HIPAA nonsense." For most, this=20
does not reflect lack of respect for patients' right to privacy but,=20
rather, aggravation over the administrative processes that have been=20
implemented to prove an organization's compliance to the privacy=20
regulations. One physician commented recently to us that "HIPAA is just=20
more evidence that those bigwigs on the Beltway have no clue about=20
delivering healthcare."
Most clinicians truly do understand and respect patients' rights=20
regarding their health information; however, some questions exist=20
whether the HIPAA privacy regulations are a positive addition to the=20
industry. Many physicians, nurses, and other practitioners consider the=20
privacy mandates to be cumbersome and intrusive to the process of=20
providing healthcare. HIPAA Privacy regulations do NOT apply to=20
providing treatment (or payment and healthcare operations), and sound=20
confidentiality practices have been in place for a long time. Therefore, =
the lack of support for the new regulations from clinicians appears to=20
be related to beliefs that HIPAA privacy has created additional (and=20
unnecessary) administrative burdens that create annoyance and,=20
sometimes, dangerous situations. Although clinicians may grumble with=20
frustration over unnecessary measures to be followed in the name of=20
HIPAA, it is the horror stories that clinicians will cite as reasons=20
they lack respect for the legislation.
HIPAA message boards continue to identify news stories and anecdotes=20
that report healthcare workers "blaming" HIPAA for their inability to=20
provide certain information to patients. As an example, consider this=20
recent story=20
(http://seattletimes.nwsource.com/html/localnews/2001891032_hunt30m.html)=
=20
where a man was told for 29 hours by hospital officials that it was=20
because of HIPAA they could not give him any information about his=20
mother's emergency admission. In many similar incidents, staff members=20
are not responding to patients in accordance with the privacy=20
regulations. Let's consider some routine interactions between patients=20
and healthcare workers to examine whether there currently exists a true=20
spirit of compliance with the intent of HIPAA Privacy or, instead, an=20
atmosphere of complacency.
------------------------------
NOTICE OF PRIVACY PRACTICES
The HIPAA Privacy Rule intends for covered entities to inform patients=20
of their rights relative to PHI. Providing a Notice of Privacy Practices =
(NPP) to explain how an organization handles a patient's health=20
information was a simple enough concept. It originally created much=20
consternation for healthcare organizations but most will now report that =
their processes are in place and their patients have been informed of=20
the organization's practices for handling medical records and other=20
health information.
BUT, let's consider the NPP process from the patient perspective. Was=20
the patient informed of their physician's privacy practices? Did the=20
patient realize what he was signing when asked to indicate that he had=20
been provided the NPP? Does the patient now understand his rights under=20
HIPAA relative to his PHI?
Industry literature contains many accounts of haphazard handling of the=20
process for providing notification of privacy practices to patients.=20
Stories abound relating how patients are given little or no information=20
about what the NPP is intended to do. Anecdotal vignettes on listserves=20
(including HIPAAlive) provide tales of patients being told to "just sign =
the form" with no further information about privacy given.
To further examine the current reality of patients' experiences=20
receiving NPPs, we conducted an informal straw poll about the=20
"notification process." Twenty (20) adults from various geographic=20
regions around the country were interviewed and asked several questions=20
about how they were informed of their practitioners' privacy practices.=20
Survey participants were asked:
* Have you heard about HIPAA? What is it about?
Only about half of the respondents indicated that they had heard the=20
acronym "HIPAA" but most then stated they weren't really fully aware of=20
its meaning. A few individuals who had "heard of HIPAA" thought it was=20
"about privacy," but the remainder of participants indicated they=20
"weren't sure" or that it was "about giving my records to my insurance=20
company."
* Has your physician/dentist/other practitioner informed you of their=20
privacy practices relative to your personal health information?
- Most answered "no" to this question, but several commented they=20
thought the receptionist had them "sign something about privacy." Almost =
every respondent indicated that there was a focus on signing the form,=20
not explaining anything about privacy. Several individuals said that=20
they had been told "you need to sign this HIPAA thing," while a handful=20
of the respondents said that they thought the receptionist said the=20
paper was about HIPAA and that their insurance company needed the signatu=
re.
- One of the discouraging aspects of hearing about patients' experiences =
with receiving the NPP is the general confusion over what they were=20
signing -- most indicated they felt it was just "another one of those=20
medical forms." Few respondents actually had the form explained to them=20
or engaged in any discussion about the organization's privacy practices. =
Discussions with the survey participants (and many other patients)=20
indicate that office personnel tend to be rather blase' about the NPP,=20
offering little information. The information that is offered to the=20
patient is often misleading -- patients are told they need to sign "for=20
HIPAA" or "for insurance."
* Did your (MD/dentist/other practitioner) provide you with a paper or=20
document when they asked you to sign the document about being notified=20
about privacy?
- When asked if they had received (or been offered) any documentation on =
their doctor's privacy practices, most of the participants were not=20
sure. At least half of the respondents did not think there was any such=20
"notice" (except for the form they were asked to sign). Many of the=20
participants had to be asked specifically if they had signed any forms=20
about the use of their medical records in order for them to recall=20
whether they had signed forms or been informed about their privacy rights=
=2E
- Some of the survey participants indicated they believed they had been=20
given a paper to read about privacy but did not really remember what it=20
said nor if they had saved the paper for their records. Interestingly,=20
many of those individuals asked about being provided a NPP commented=20
that they think they received "something like that," but indicated they=20
had not really read it since it was "confusing," "too long," or "just=20
another one of those insurance forms."
The notion that the NPPs were confusing to our survey respondents comes=20
as no surprise. In his article "Readability of HIPAA Privacy Notices"=20
(http://www.benefitslink.com/articles/hipaareadability.pdf), Michael=20
Hockhauser, Readability Consultant, suggests that communication problems =
over the NPP may have less to do with lack of using "plain language" and =
more to do with the amount of information. Citing "information=20
overload," Mr. Hockhauser indicates that because there are so many=20
details in the privacy regulations many organizations have created=20
lengthy documents to ensure they cover all aspects of their privacy=20
practices. These comprehensive NPPs often end up overwhelming the=20
patients who then don't bother reading the notices. We agree with Mr.=20
Hockhouser's recommendation to use the "layered approach" where patients =
are provided a one-page, simple, bulleted list of key information about=20
how the organization handles PHI.
HIPAA does allow an abbreviated version of the NPP that indicates a=20
comprehensive explanation of the privacy practices is available upon=20
request. Although there is much support for the layered approach within=20
the industry, it appears many organizations have created complicated,=20
wordy notices that are not understood by their patients. Adding insult=20
to injury, many of the office workers assigned responsibility for=20
providing the NPP to patients simply do not understand the NPP and avoid =
explaining office privacy practices by stating "we need to have you sign =
this for HIPAA" or "you need to sign you received this privacy thing."=20
As long as the office worker obtains the sought after signature, the=20
complacent manner in which the NPP is provided appears to be acceptable.
------------------------------
PATIENTS UNDERSTANDING OF THEIR RIGHTS RE: PHI
Of particular note on the straw poll is that the handful of the=20
participants who clearly recognized they had been notified about privacy =
understood ONLY that their information could not be released to other=20
parties without their permission. Almost all of the participants were=20
confused over the question:
* Do you understand ALL of the rights that you have with respect to your =
personal health information?
- When it was explained that they had privacy rights beyond "release of=20
their records," all respondents stated that no other information (such=20
as use of PHI in marketing or their right to amend their health records) =
had been discussed with them. It is understandable that patients would=20
not have learned about all aspects of their rights if the NPP provided=20
to them was so lengthy that they did not read it and if no one in the=20
practitioner's office described their actual privacy rights. Indeed, it=20
appears that the energy dedicated to notifying patients about privacy=20
practices is often devoted to getting a signature from patients as=20
opposed to informing them about their rights concerning their PHI.
------------------------------
PUBLIC DISPLAY OF NPP
In our straw poll, we also asked participants whether the NPP was posted =
in the offices of their practitioners. The responses to the next=20
question were universally identical:
* Have you seen a document posted in your (MD/dentist/practitioner's)=20
office that describes its privacy practices or informs you of your=20
rights regarding your health information?
- When asked this question, not one of the respondents could recall=20
seeing such a notice displayed in their practitioner's office. Several=20
said that they were probably more focused on all the forms they had to=20
sign instead of reading anything on the office walls.
HIPAA does not require that patients be made aware of posted NPPs. The=20
intent of the regulation is that public notice of the NPP is given.=20
Obviously, for the group of survey respondents, any NPPs that were=20
posted in their practitioners' offices did not catch their attention.
------------------------------
PHI DISCLOSURE
Another important area of HIPAA privacy is disclosure of PHI. When asked =
about their understanding of how their physicians/practitioners could=20
release information from their medical charts to other parties, a=20
universal belief existed among the respondents that information from=20
their charts could ONLY be released with their written permission. This=20
group of patients had NO awareness that there were exceptions to the=20
notion of "only with my written permission." Most indicated that they=20
had not been informed at all about such a possibility. It should be=20
noted that ALL of the respondents commented that they had signed forms=20
allowing their records to accessed by their insurance companies (about a =
third of them confused this authorization with the NPP process).
Two individuals did indicate that they had signed a form giving consent=20
to have their family members have information about their care but the=20
other respondents stated there had been discussion of sharing=20
information with their families.
------------------------------
COMMUNICATION WITH FAMILY MEMBERS
One area in the HIPAA literature that always draws attention is that of=20
communicating with family members about a patient's condition. The press =
provides us with amusing (and sometimes, worrisome) tales of how=20
patients' families have had difficulties obtaining information about=20
them due to misinterpretations of the HIPAA regulations. In January of=20
this year, the Washington Post published one such "horror story"=20
(http://www.washingtonpost.com/wp-dyn/articles/A30267-2004Jan19.html)=20
that exemplifies how bizarre handling communications with patients'=20
families can become.
As reported in this very disturbing story, a man's family was not=20
informed that he had died as a result of a hit and run accident that=20
occurred two minutes away from his home, even though he carried=20
identification. The family thought he was missing for two weeks and only =
learned of his death when his wife received a bill for $17,000 from the=20
hospital. There were questions raised about the current address of the=20
man since it was not listed on his identification, but somehow the=20
hospital was able to forward a bill for services to the right address.=20
When asked why they had not notified the family, hospital authorities=20
cited federal confidentiality regulations as preventing them from doing s=
o.
Tales of HIPAA-noia (as one of our HIPAAlive readers so eloquently=20
phrased it recently), such as the one above, indicate the lack of=20
privacy knowledge existing in the industry. More than a year after the=20
privacy compliance date and in spite of much focused energy on privacy=20
training, some health professionals and administrators appear to lack=20
true understanding of the basic requirements.
Position statements made by the HIPAA Privacy Project=20
(http://www.healthprivacy.org/usr_doc/HPP%27s_1st_Annual_HIPAA_Privacy_Ch=
eck-Up.doc)=20
maintain that the current administration "failed to provide effective=20
technical assistance to healthcare providers and health plans" and that=20
it "continues to fail to educate healthcare consumers about their rights =
and healthcare providers about their responsibilities." The criticism,=20
levied this April, further points out that "Despite over 5,000 consumer=20
complaints filed, not one civil penalty has been imposed by HHS. And,=20
dozens of criminal complaints have been referred to DOJ, with no known=20
penalties imposed."
Why do we hear such criticisms? Some complain that the current=20
government is to blame while others point to the responsibility of=20
individual healthcare organizations to ensure that employees have the=20
information they need to comply with HIPAA, indicating there are=20
abundant resources available to obtain current and valid information=20
about these requirements.
------------------------------
GET THE FACTS!
The cry is often heard from healthcare workers that HIPAA privacy is=20
confusing. In fairness to those who find the privacy regulations=20
overwhelming, it is granted that the regulations are wordy and very=20
extensive. Acknowledging that the privacy legislation is a "hefty set of =
documentation" does not, however, condone a lack of commitment to ensure =
we make every effort to comply.
The federal government maintains a site for the Office for Civil Rights=20
that is intended to serve as a reference guide for the healthcare=20
industry (http://www.os.dhhs.gov/ocr/hipaa/), which offers FAQs,=20
educational materials, fact sheets, and links to other HIPAA sites. Just =
last month, this site featured an article describing how to use the OCR=20
resources to debunk common HIPAA myths and announced a new listserve=20
that will keep its membership informed of new updates to the site. There =
are also many resources sponsored by private associations and commercial =
agencies available to healthcare organizations and their workers to get=20
the information needed to ensure each of us is protecting the privacy=20
rights of patients.
Organizations should advise their workforces about those resources=20
(including internal information and Internet websites) that it=20
specifically recommends for knowledge and clarification of the privacy=20
requirements. In today's environment of information sharing, there is no =
excuse for complacency relative to obtaining correct information about=20
privacy for healthcare information.
------------------------------
MOVING FORWARD
It was always understood that HIPAA privacy would transition from an=20
implementation focus to becoming part of the overall organizational=20
culture. Like its predecessor, confidentiality, privacy would be thought =
of as an essential element of patient rights. It appears that objective=20
has yet to be met -- why?
* In its energy to "meet the privacy deadline," "get the NPP=20
distributed" and "provide privacy training," did the industry neglect to =
ensure that what its workers really understand privacy as it relates to=20
their job responsibilities?
* Many healthcare workers will comment that they "know all about HIPAA," =
but why do some then proceed to perform their roles in ways inconsistent =
with the Privacy Rule?
* Why do we have so many intriguing HIPAA horror tales if healthcare=20
workers are following the guidelines (and also using common sense)?
A concern is that the current level of compliance for HIPAA privacy=20
within the industry is merely that of complacency. Most healthcare=20
professionals and workers would NOT deliberately violate their patients' =
rights relative to privacy. If violations are occurring within an=20
organization, steps should be taken not only to remediate the particular =
situation but to ensure that all staff members understand such=20
violations are not to be tolerated. As organizations conduct risk=20
management activities, they must consider whether the level of adherence =
to the privacy requirements is truly where they want it to be and what=20
they should do to improve it if it is not.
If the assertions made by the Health Privacy Project noted above are to=20
be believed, the industry has failed in its attempt to establish a=20
universal understanding of our responsibility to patient privacy. If the =
informal straw poll conducted as part of this article is any indication=20
of the current reality, most patients are NOT aware of the actual=20
privacy rights that HIPAA affords them. If the tales of HIPAA neglect=20
circulating throughout the literature are to be believed and our=20
healthcare workers do have only minimal understanding of HIPAA Privacy,=20
then this observed level of complacency threatens to become the culture=20
of our industry -- which is far removed from the true intent of the=20
HIPAA Privacy Rule.
Although the healthcare industry has spent extensive time and money=20
implementing the privacy regulations, the general population of patients =
is confused about their actual rights and many (or at least ) healthcare =
workers see HIPAA privacy compliance as frivolous and have varying=20
degrees of compliance. However, we must point out that the awareness of=20
the issue of privacy for both patients and healthcare workers HAS been=20
raised and considerable implementation efforts have occurred to set the=20
stage for true integration of compliant privacy practices into our=20
healthcare environments. We now have the opportunity to better educate=20
our workforce members to help them communicate more effectively with=20
patients to prevent complacency toward privacy rights being the=20
acceptable mode of operation.
*** And Then There Were Four --
HIPAA Covered Entities, That Is ***
By Steve Fox & Rebekah A.Z. Monson, Esqs., Pepper Hamilton LLP
When asked how many general categories of covered entities currently=20
exist under the HIPAA regulations, most people knowledgeable about HIPAA =
would answer three: health plans, clearinghouses, and certain healthcare =
providers. However, the correct answer is now four.
With the passage of the Medicare Prescription Drug, Improvement, and=20
Modernization Act of 2003 (the "Act"), signed into law on December 8,=20
2003, a fourth category of HIPAA covered entity was created - namely,=20
Prescription Drug Card Sponsors. In a landmark piece of legislation, the =
Act adopts numerous changes to the Medicare program including detailed=20
prescription drug benefits. As the Medicare Part D prescription drug=20
benefits will not begin until January 1, 2006, the Act directs the=20
Centers for Medicare and Medicaid Services ("CMS") to develop and begin=20
to operate by May 2004 a prescription drug discount program designed to=20
provide Medicare beneficiaries (without prescription drug insurance)=20
discounts on drugs for the interim period. The Medicare Prescription=20
Drug Discount Card and Transitional Assistance Program (the "Program")=20
provides Medicare beneficiaries with discounts of 10% to 25% on=20
prescription drugs and the poorest beneficiaries will receive $600=20
credits (if they do not have certain other drug ccoverage). CMS=20
estimated that 7.3 million people are expected to enroll in the Program=20
which was effective on June 1, 2004.
The Medicare-approved Program discount cards are marketed to Medicare=20
beneficiaries by organizations that have been selected by CMS (referred=20
to as "Prescription Drug Card Sponsors" or "Sponsors"). As of March=20
2004, 28 general Sponsors have been selected and they are listed on the=20
CMS website. The sections of the Act addressing the Program detail the=20
qualifications of Prescription Drug Card Sponsors. In general, the=20
Sponsors are to be non-governmental entities endorsed by the Secretary=20
of the US Department of Health and Human Services ("HHS") and may=20
include: pharmaceutical benefit management companies, wholesale or=20
retail pharmacy delivery systems, insurers, or Medicare + Choice=20
Organizations.
One of the Program protections for beneficiaries is the requirements=20
that Sponsors maintain the confidentiality of enrollee records in=20
accordance with HIPAA. Specifically, the Act provides that the=20
"operations of an endorsed program are covered functions and a=20
prescription drug card sponsor is a covered entity" for purposes of=20
applying the Administrative Simplification Requirements of HIPAA and all =
regulatory provisions promulgated under HIPAA. 42 U.S.C. =A7=20
1395w-141(h)(6)(A). This requirement creates the fourth general category =
of HIPAA covered entity, i.e., Prescription Drug Card Sponsors. The Act=20
also provides the Secretary of the DHHS with authority to waive=20
"relevant portions" of the HIPAA privacy regulations where appropriate=20
in order to promote participation of endorsed sponsors in the Program.
On December 15, 2003, CMS issued an interim final rule with comment=20
period (the "CMS Rule") regarding the Program. The provisions of the CMS =
Rule were effective on December 15, 2003, and the comment period ended=20
on January 14, 2004. Several pages of the commentary to this rule are=20
dedicated to addressing the interaction of the HIPAA Administrative=20
Simplification and other provisions with the Program and its Sponsors.=20
Most importantly, CMS has added a regulatory provision (codified at 42=20
C.F.R. =A7 403.812) providing that Sponsors are HIPAA covered entities an=
d=20
must comply with the standards, implementation specifications and=20
requirements of the various HIPAA regulations (including privacy,=20
security, electronic transactions, and unique identifiers).=20
Additionally, the CMS Rule states that the functions of Sponsors which=20
are "necessary or directly related" to the operations of the Program are =
HIPAA covered functions. In comments to the CMS Rule, CMS clarified that =
functions of Sponsors outside the scope of the PProgram would not be=20
HIPAA covered functions. However, if those other activities would make a =
Sponsor a health plan, clearinghouse or covered healthcare provider,=20
then the Sponsor may otherwise be a HIPAA covered entity and subject to=20
the HIPAA standards and requirements.
Most of CMS' comments on the new regulatory provision focus on Sponsors' =
compliance with the HIPAA Privacy Rule (the "Privacy Rule").
------------------------------
General; Sponsors Treated as Health Plans
In general, the standards and requirements of the Privacy Rule do not=20
apply to all covered entities in the same manner. The new regulation=20
states that the Privacy Rule applies to Sponsors in the same manner as=20
health plans, although CMS is quick to point out (in comments to the CMS =
Rule) that Sponsors are not, by virtue of their sponsorship, health=20
plans. However, due to the similarity in the operations of health plans=20
and the activities of Sponsors of the Program, CMS has decided to treat=20
them in the same manner, for purposes of the Privacy Rule, despite the=20
fact that Sponsors technically constitute their own category of covered=20
entity.
------------------------------
Administration of the Program; NOPP
Under the Privacy Rule, covered entities are permitted to use or=20
disclose protected health information ("PHI") without individual=20
authorization for healthcare treatment, payment, and operations. In=20
comments to the CMS Rule, CMS wrote that the activities of Sponsors in=20
connection with the products and services offered under the Program=20
generally fall into the categories of "payment" and "operations."=20
Therefore, enrollee PHI may be used or disclosed, for these purposes,=20
without authorization. Prior to, or upon, enrollment in the Program,=20
Sponsors are required to provide enrollees with a Notice of Privacy=20
Practices in accordance with the Privacy Rule standards.
------------------------------
Marketing Restrictions
As part of the Program, Sponsors are required to provide information and =
outreach about Program products and services offered by the Sponsor. The =
Act and another new regulation (codified at 42 C.F.R. =A7 403.813)=20
provides that Sponsors may only market products and services related to=20
its sponsorship in the Program (i.e., related to a covered discount card =
drug and discounts for non-prescription drugs). Under the Privacy Rule,=20
use and disclosure of an individual's PHI for marketing generally=20
requires an authorization. However, with respect to marketing of Program =
products and services, CMS has written that "using or disclosing=20
beneficiary [PHI] to provide information and outreach is not marketing=20
under the privacy rule," but rather is considered part of the Sponsor's=20
healthcare operations and therefore a beneficiary authorization is not=20
required. 68 Fed. Reg. 69840, 69872 (Dec. 15, 2003). CMS is taking the=20
position that these outreach efforts fall within the Privacy Rule=20
definition of marketing exception for ddescribing health-related=20
products or services provided by a covered entity. Sponsors may not ask=20
potential or current enrollees to authorize the Sponsor to use or=20
disclose individually identifiable health information (the CMS Rule=20
specifically does not use the term "PHI" but uses the broader category=20
of individually identifiable health information) for purposes of=20
marketing any product or service outside of the Program.
Furthermore, Sponsors may not "commingle" or include information on such =
products and services in the Program-related outreach and information=20
materials (regardless of whether the marketing effort involves the use=20
or disclosure of PHI). CMS, in the CMS Rule, distinguishes between=20
Sponsors acting in their capacity as Sponsors and Sponsors acting in=20
another capacity (such as a Medicare + Choice Organization) for purposes =
of applying the commingling restriction. Finally, after termination of a =
Sponsor's endorsement or after termination of the Program, an enrollee's =
individually identifiable health information collected or maintained by=20
the Sponsor may not be used or disclosed to market "any" products or=20
services. The marketing limitations just described are not enforceable=20
by the HHS Office for Civil Rights under HIPAA, but will be enforced by=20
CMS as part of the Program.
------------------------------
Sponsors as Business Associates
For purposes of administering transitional assistance under the Program, =
Sponsors are business associates of CMS and will be required to execute=20
a business associate agreement with CMS. In general, the Privacy Rule=20
requirements do not directly apply to business associates, but rather=20
through the contractual requirements of a business associate agreement.=20
CMS, in comments to the CMS Rule, has stated that the application of the =
Privacy Rule to Sponsors under the new Program-related regulations does=20
not affect business associate arrangements between Sponsors and other=20
covered entities for activities outside of the Program. However, as=20
Sponsors now are also covered entities, if a Sponsor violates a business =
associate agreement with another covered entity for activities outside=20
of the Program, the Sponsor will be in violation of the Privacy Rule.
As Sponsors are HIPAA covered entities, they are required to comply with =
the assorted HIPAA standards, including requirements to safeguard the=20
PHI of Program enrollees as well as to provide enrollees with rights to=20
access and amend their information, comply with the electronic=20
transaction standards and security standards and the unique provider=20
identifiers. For those Sponsors who already are required to comply with=20
HIPAA in connection with their other non-Program activities, this will=20
be one more aspect of their sponsorship. However, for those=20
organizations who have thus far escaped the complexities of complying=20
with HIPAA, they will now be faced with an added challenge in connection =
with their Program sponsorship.
Read past HIPAA Legal Q/A articles:
http://www.hipaadvisory.com/action/LegalQA/archives.htm
------------------------------
Steve Fox, Esq., is a partner at the Washington, DC, office of Pepper=20
Hamilton LLP. This article was co-authored by Rebekah A.Z. Monson,=20
Esq., of Pepper Hamilton LLP. Disclaimer: This information is general in =
nature and should not be relied upon as legal advice.
Copyright 2004, Phoenix Health Systems, Inc.