You heard it in your high school freshman literature class and hundreds of times since: Juliet speaks this line, intent on convincing Romeo that his last name means nothing to her. “What’s in a name? That which we call a rose by any other name would smell as sweet.”1 One of Shakespeare’s most well-known and oft-quoted verses informs us that names don’t really matter. We could call a rose a fish or a gym sock and the scent remains unchanged.
But names do matter, both individuals’ names and corporations’2 names alike. After all, if instead of “Romeo and Juliet” Mr. Shakespeare had dubbed his protagonists (and his play) “Herman and Gertrude,” opening night may have been, well, somewhat disappointing for the famous playwright. Do you want further proof that names matter? Would Marion Michael Morrison have galloped to cowboy film fame and stardom had he not changed his name to John Wayne? Would Reginald Kenneth Dwight play his piano to sold-out arenas worldwide had he not changed his name to Elton John? Would Demetria Gene Guynes have become a screen star without becoming Demi Moore? Methinks not.
Just as a person has a legal name that can be changed to another name (or even a symbol—e.g., “The Artist Formerly Known as Prince”) through legal processes, so are corporations given a legal name, as stated in their articles of incorporation, which can be changed, usually by shareholder and/or board approval and the filing of appropriate documents with the particular state’s Secretary of State or equivalent office.3 It’s not a complex process. And, as we know, sometimes people use a name other than their legal name without making the change official or legal. These are called “alias” names. (My first trial out of law school involved defending a tort action filed against a retail business by a woman who used several aliases, including “Peaches McGee,” but that, friends, is a story for another day).
So, what if a corporation, for marketing or other business purposes, decides to use a name other than its legal name without making it ‘official’? Say the corporation places this other name on its letterhead, Web site, signs or business cards? Say the corporation uses the other, different name on checks, invoices, pay orders or other legal documents? Say the business people in your corporation decide to do this for marketing reasons, internal accounting convenience or other reasons without considering that there could be legal consequences? If your clients ask, can you describe some of the potential legal issues and consequences? The legal implications are varied, and while some are not particularly complex or difficult, this simple issue, if overlooked or disregarded, can cause you trouble, difficulty, inconvenience, problems, liability, headaches—you name it. (Sorry about that).
Assumed name statutes
Let’s start with the most obvious issue your corporate client could encounter by using a name other than its true legal name, that of running afoul of various states’ “assumed” or “fictitious” name registration statutes. In most states, including Illinois, corporations must make an assumed name filing or registration before conducting business under that name.
In Illinois, an “assumed name” is defined as follows:
As used in this Act, “assumed corporate name” means any corporate name other than the true corporate name, except that the following shall not constitute the use of an assumed corporate name under this Act:
(1) the identification by a corporation of its business with a trademark or service mark of which it is the owner or licensed user; and
(2) the use of a name of a division, not separately incorporated and not containing the word “corporation,” “incorporated,” or “limited” or an abbreviation of one of such words, provided the corporation also clearly discloses its corporate name.4
So, If “ABC Corporation” has an division known as “XYZ” and in some instances the corporation wants to use this division name when transacting business, then instead of using “XYZ” or “XYZ Corporation” the corporation must be clear about what “XYZ” actually is: “XYZ, a division of ABC Corporation.”
In some states, assumed name registration must be completed at the state level; in others the registration takes place at the county level. In many states, including Illinois, registration is required both at the state and county level. In a few states fictitious name registration is optional, but this is not the norm. Finally, there are a few states with no assumed name registration laws.
Why do states have assumed name registration requirements? Such statutes promote transparency of ownership, protecting the public and other companies who deal with the corporation. For example, if a company wishes to check the credit rating of the corporation, it can first check with the Secretary of State to determine if the company is doing business under any other names, enabling it to check the credit ratings of the company under both its legal name and any assumed names it uses. Armed with complete name information, others can fully search judgment dockets. Those with a legal complaint against the corporation can be sure that it is naming the appropriate defendant in a lawsuit.
A corporation that wishes to conduct business using an assumed name in Illinois must follow the registration provisions set forth in 805 ILCS 5/4.15. First, the board of directors of the corporation must adopt a resolution authorizing the use of the assumed name. Then the corporation files an application with the Secretary of State, including in the application the true corporate name, the state or country where the corporation is organized, a statement that the corporation intends to transact business under an assumed name, and finally, the assumed name the corporation proposes to use. The corporation’s assumed name must meet the same standards required for legal corporate names, including that the name must include “corporation,” “company,” “incorporated,” “limited,” or an abbreviation of one of those words, and must be distinguishable from the name of other corporations or companies transacting business in the state.5 The current filing fee in Illinois is $150. Renewal of the assumed name registration must take place every five years.6 In other states renewal must be done from every two years up to every 10 years. Some states have county assumed name filing requirements, and in some states the assumed name must even be registered at the city level. The Illinois statute provides, “Once an application for an assumed corporate name has been filed by the Secretary of State, one copy thereof may be filed for record in the office of the recorder of the county in which the registered office of the corporation is situated in this State.”7
What does this mean for corporations transacting business under a name other than its legal name in several states? A proliferation of paperwork, the time and attention of personnel to track compliance, and fees that can add up to more than nickels and dimes. And what if you violate a state’s assumed name registration statute? In Illinois, violating the document filing provisions of the Business Corporation Act is considered a Class C misdemeanor,8 and the corporation is deemed guilty of an additional offense for each day the violation occurs. Fines can range from $0 up to $1,500 and jail time is from zero to 30 days. Ouch.
Other ramifications can be equally disconcerting. In many states failure to register an assumed or fictitious name can result in the corporation being denied access to state courts. So, if your corporate client enters into contracts using an unregistered assumed name and the other party breaches the agreement your client may not be able to enforce its contract in state court. Most states allow corporations to cure this problem by subsequent registration, but with attendant fines and penalties imposed. In a few states, the corporation may not be able to rectify the problem by subsequent registration, leaving you up the proverbial creek.
There are many compelling reasons why a corporation may choose to use an assumed name or be required to use an assumed name to conduct business in a particular jurisdiction. An example of the latter may occur when your corporate client files an application for authority to conduct business in State X, but learns that another entity is already transacting business in State X using your client’s corporation name. But, absent such compelling circumstances, the administrative burdens and risks of running afoul of various states’ laws may lead one to suggest that a corporation wishing to transact business under a different name at least consider whether it would be appropriate from a business perspective to simply change its name.
Other considerations
Avoiding third-party confusion is one of the reasons behind assumed name registration statutes, but this same confusion to the public can result, indirectly, in increased litigation costs. Using incorrect designations or imprecise names can lead claimants to sue the wrong party or incorrectly state the corporation’s name in a lawsuit. This could result in additional unnecessary entities being named as defendants, leading to protracted and difficult jurisdictional and dismissal proceedings at the outset of litigation, and potentially broader and more costly discovery.
And what of a corporation’s liability protections? Failure to properly use the corporation’s full legal name can lead to attempts to pierce the corporate veil by third parties who can claim they didn’t know which type of entity they were transacting business with. For example, assume “ABC Corporation” signs a contract as “ABC” or “ABC & Sons.” A claimant can argue that the corporation’s officers and directors should not be entitled to personal liability protection because it was not apparent to the claimant that it was dealing with a corporation, and that it thought the corporation was instead a sole proprietorship or partnership. If a subsidiary entity uses a parent’s name or any misleading name that leads third parties to believe that it is dealing with the parent, the parent’s liability protections may be jeopardized. Similarly, indiscriminate use of terms such as “partner,” “associate,” or “agent” can lead others to believe a relationship exists that does not.
Intellectual property or trademark implications can arise by imprecise use of business names or using an assumed name without taking appropriate registration steps. If it is unclear who owns intellectual property there is some change the material will cease to be proprietary or confidential at all. This could be devastating to a corporation with valuable IP assets. Improper use of names can undercut or result in abandonment or dilution of trademarks. Furthermore, use of imprecise or abbreviated names could result in the corporation’s inadvertent use of others’ trademarks or legal, assumed or reserved name rights, leading to infringement actions or other types of legal proceedings.
Conclusion
An array of legal implications, some of which are addressed here, arise when corporations use assumed or fictitious names without the advice of lawyers who have considered the facts and circumstances and offered guidance on how to use or not to use a name other than the corporation’s legal name. Proper use of corporate names may seem like a simple issue, but you can get tripped up if you overlook or disregard your client’s imprecise business name use. Take the advice of a lesser-known quote from Shakespeare’s Romeo and Juliet, “Wisely and slow; they stumble that run fast.”9
__________
* Jodi K. Plagenz, a 1992 graduate of the University of Illinois College of Law, is a Senior Attorney in the Law Department of Deere & Company in Moline, Illinois, practicing in the Finance/Securities and General Corporate areas.
1. Romeo and Juliet, Act II, Scene II.
2. In this article I refer solely to corporations. The same issues may apply to other types of organizations, including without limitation limited liability companies.
3. In Illinois, see Business Corporation Act of 1983, 805 ILCS 5/10.15 and 5/10.20.
4. See, Business Corporation Act of 1983, 805 ILCS 5/4.15.
5. See, Business Corporation Act of 1983, 805 ILCS 5/4.05.
6. See, Business Corporation Act of 1983, 805 ILCS 5/4.15(e)
7. See, Business Corporation Act of 1983, 805 ILCS 5/4.15(f).
8. See, Business Corporation Act of 1983, 805 ILCS 5/16.05(i).
9. Romeo and Juliet, Act II, Scene III.
The Lanham Act may be the major statute regulating trademarks, banning unfair competition, and dealing with consumer confusion, but there are many other relevant laws. For your holiday enjoyment, try the Solicitation For Charity Act, 225 ILCS 460/1 et seq. In particular Section 11(d):
No charitable oranization or professional fund raiser soliciting contributions shall use a name, symbol, or statement so closely related or similar to that used by another charitable organization or governmental agency that the use thereof would tend to confuse or mislead the public.
Introduction
A new and significant issue concerning trademarks in the healthcare industry arises not from a new trademark law or case but from the recent enforcement of the Health Insurance Portability and Accountability Act, commonly referred to as HIPAA, and the Privacy Rule issued under it. Physicians, hospitals, health insurers, health maintenance organizations, and other healthcare providers have all been discussing the requirements and the changes in practices needed in order to comply with HIPAA. However, there is an issue related to the enforcement of HIPAA that has not been extensively discussed, the impact of HIPAA on trademark protection. How will an attorney, representing an entity covered by HIPAA, prove use of its trademark without violating the privacy standards in HIPAA? Trademark professionals must now address how HIPAA regulations have affected trademark litigation, methods for overcoming the effect of HIPAA, methods of redaction needed to comply with HIPAA, and methods to avoid the obstacles of HIPAA.
Background of HIPAA and The Privacy Rule
In 1996, Congress enacted HIPAA,2 designed to improve the efficiency and effectiveness of the health care system.3 The legislation was adopted in recognition that advancements in technology increased the threat to patient privacy.4 Congress included provisions in HIPAA mandating the adoption of Federal privacy protections for individually identifiable health information.5
The Department of Health and Human Services responded to the HIPAA mandate in December of 20006 drafting a final regulation entitled “Standards for Privacy of Individually Identifiable Health Information (known as “The Privacy Rule”), which became effective April 14, 2001.7 Under The Privacy Rule, protected health information is broadly defined and includes information about the present or future health of a patient, as well as, the past, future, or present payment of health care expenses for the individual. Additionally, protected health information includes the issue most important to trademark professionals, information which either identifies an individual or could reasonably be used to identify an individual.8 Individually identifiable health information included in the definition of protected health information is defined as, any health information that is created or received by a covered entity and relates to the past, present or future physical and/or mental health, or a condition of an individual; the provision of health care to an individual that would identify the individual or would create a reasonable basis to believe that the information could be used to identify the individual.9 The Privacy Rule, for the first time, established national standards for healthcare data privacy protection and has provided an additional challenge to proving trademark use.10
Healthcare entities were given until April 14, 2003 to comply with the provisions of The Privacy Rule.11 Covered entities include not only: HMOs, PPOs. traditional health insurers, physicians, and other health care providers and those employers who provide self-insured health benefits but also business associates of entities directly covered by HIPAA.12 This includes lawyers acting to protect trademarks on behalf of covered entities.
The impact of HIPAA and The Privacy Rule on auditors, investigators, and lawyers involved in detecting and preventing healthcare fraud has been discussed, anticipated, and written about. However, neither the original nor modified Privacy Rule, even after public comment, seem to have foreseen the conflicts between the privacy regulations and trademark litigation.
HIPAA allows covered entities to disclose protected health information if the use/disclosure involves treatment, payment, or health care operations.13 The definitions of these terms are included within The Privacy Rule. The process of disclosing medical records to attorneys in the course of litigation is not considered treatment, payment, or health care operations.14 This presents a clear problem for trademark attorneys when representing a HIPAA covered entity in a trademark dispute.
The effect on Trademark Litigation
In instances where an alleged infringer is claiming non-use or abandonment of a mark or where the fact or date of use is sought to be established, the trademark owner must be able to show use of the trademark. This use is normally shown with marketing materials, products, and anything else bearing the trademark. However, when a trademark owner is a health insurer or provider or another entity covered by HIPAA then evidence of use will often largely consist of patient forms, insurance cards, health programs, and forms indicating coordination, denial, or payment of benefits sent to insureds, patients, and health care providers. These forms of evidence all contain patient names and other identifying data, which under HIPAA is private information. Where a trademark owner is a covered entity under the Privacy Rule, the trademark owner must abide by the limitations of disclosure within the rule; this makes it quite difficult if not nearly impossible to produce the appropriate evidence necessary to show trademark use. Happily, it appears that there are some possible solutions to this dilemma of providing evidence of trademark use while still meeting the requirements of HIPAA.
Possible Methods for Overcoming the Obstacles Imposed by HIPAA
The Privacy Rule provides procedures for disclosing protected health information to “business associates.”15 A business associate is defined as “a person who provides…legal, actuarial, accounting, consulting, data aggregation…”16 Under the HIPAA definition, a trademark attorney for a covered entity is a business associate. Therefore, information may be received as long as the covered entity receives a “satisfactory assurance,” in the form of a mandatory Business Associate Agreement between the entity and its attorneys that the information received will be properly safeguarded.17 The agreement must state that the attorney will safeguard the medical information and not use or disclose the medical information in an improper manner.18 This agreement between the attorney and the covered entity must be executed before the attorney receives any protected health information.19 Clearly disclosing medical records to attorneys for trademark litigation is not considered treatment, payment, or healthcare operations.
Three options are available when a trademark attorney must obtain and use documentation containing health information:
1. The organized health care solution;
2. Authorizations; and
3. Stripped versions of information.20
The first permitted solution relates to an agreement between a health plan and an entity offering services on the health plan’s behalf. Obviously, this is not applicable to a situation between an attorney and a covered entity under HIPAA.
The second option, authorizations, involves obtaining a separate authorization from each individual whose health information is contained on materials the attorney wishes to use. While legally sufficient, this option presents huge disadvantages in the way of time and efficiency. The authorization would have to contain specific plain language detailing what the information would be used for. HIPAA requires that authorizations include a long list of specific information, including:
4. A date or event that will operate to terminate the authorization;
5. A description of each purpose for each part of the disclosure requested;
6. Identification of person or class of persons, or positions that are authorized to use or disclose protected health information;
7. Identification of person(s) to whom the covered entity is authorized to make the requested use or disclosure.21
Since it is likely that numerous authorizations may be required for the purposes of proving trademark usage, this authorization process will be tedious and practically impossible. However, if appropriate trademark usage may be proved with a showing from a small number of patients’ documents then the individual authorization concept is a viable option.
The final and in many cases the only practical option is the stripped data concept. The stripped data concept allows for information on a patient to be used, but without any identifying information. This option presents the clear advantage of maintaining the patient’s anonymity while allowing the information to be used in the manner required to prove trademark use. The stripped data concept has three sub-options:
1. Summary Health Information;
2. A Limited Data Set; and
3. De-identification.
The Summary Health Information sub-option allows acquisition of information that summarizes a particular program’s claim history, expenses, or types of claims. This information provides a summary of claims or a treatment employed but does not contain identifying information, since all individualized data has been removed.22 The advantage is clear as this sub-option allows the covered entity to produce in litigation documents bearing its trademarks such as claim histories, expense recaps, or types of claims. These documents will have no individual information on the forms and will thereby protect the individual’s privacy as intended. However, these documents are less likely to exist as they are not prepared as a matter of course.
A related sub-option is the Limited Data Set. This option contains data safeguards to prevent unauthorized disclosures of information. Similar to the Summary Health Information, the limited data set removes identifiers of the individual. Individual patient specific documents can be used with certain identifiers removed.
8. Individual names;
9. Addresses;
10. Telephone and/or fax numbers;
11. Social Security numbers;
12. Health plan information such as beneficiary; and
13. Insurance certificate numbers.
The advantage here is that the date and the entire zip code remains in the data. Therefore, the duration and geographical extent of the trademark use can be shown. If data that is more specific is required, unique identifiers for that data may be assigned in place of the redacted data. This sub-option allows for the production of complete documents, bearing the entity’s trademark, in a redacted format. The information required to be removed is certainly not pertinent to the issue of trademark use.
The final sub-option is de-identification. This sub-option will render the information, as to who the individual is, completely un-identifiable. Additionally pursuant to The Privacy Rule, health information meeting these requirements no longer qualifies as individually identifiable health information. Therefore, the advantage of this option is that it removes any question of an inadvertent HIPAA violation in using data in trademark disputes.23 In addition to the personal information stripped in the limited data set sub-option, only the first three digits of the zip code remain and only the year will appear instead of complete dates.24 Although de-identification may also work in proving trademark use, the less information redacted the better. For purposes of proving the date and location of trademark use this is a disadvantage because the de-identification sub-option further restricts the amount of information available in the proof used without providing much additional security to the patient’s identity. Naturally, having the entire date as allowed in the limited data set sub-option may be important as it will indicate dates of first use where even a few days may matter. Similarly the entire zip code is much more useful in determining the geographic scope of the trademark use.
Redacting the Information to Comply with HIPAA
Having complied with the necessary redaction under HIPAA, will the court or Trademark Trial and Appeal Board or Trademark Examiner accept the documents? While there is no case law directly on point, a related issue emerged under the Freedom of Information Act (FOIA).25 FOIA was enacted to facilitate public access to government documents and consistent with this purpose there is a strong presumption favoring disclosure.26 Thus, the burden is on the party seeking to prevent FOIA disclosure.27 FOIA allows for the deletion of identifying details in order to “balance the public’s right to know with the private citizen’s right to be secure in his personal affairs which have no bearing or effect on the general public.”28 The rationale being that the public has a right to know certain details within the government documents but there is no need to identify the individuals involved.29 Further, courts have allowed redactions of documents even though the FOIA’s presumption is on disclosure. The requirement generally imposed by the court is that the material being redacted will not “shed any additional light on the government’s conduct of its obligation.”30
Both FOIA and HIPAA deal with the amount of personal information that may be publicly disclosed. Similar to decided FOIA cases, a patient’s personal information would not serve to aid either party’s case in an action under the Lanham Act.31 The issue is the use of the trademark and not the specific identification of each individual who saw the trademark. Procedures were invoked under FOIA to protect personal information that was too private to disclose to the public. Therefore, similar procedures should allow covered entities to provide enough evidence to prove the use of their trademarks without invading the patient’s expectation of privacy under HIPAA,
This concept is similar to the accepted standard under FOIA. Therefore, a trier of fact should look to this proposed analogous relationship and allow the redacted documents as evidence. If the Courts allow documents to be redacted to eliminate personal data in evidence under FOIA where the presumption is on disclosure, they should certainly allow redacted documents into evidence under legislation where the presumption is for non-disclosure. Applying this standard and the above options individual documents showing trademark use should be admissible as long as the protected health information is limited to the “minimum necessary.”
Covered entities, including attorneys litigating trademark matters on behalf of the covered entities, are able to disclose protected health information during judicial or administrative proceedings.32 However, assurance is needed that efforts for a “qualified protective order” have been made. The Privacy Rule requires that this “qualified protective order” contain a stipulation by the parties to litigation that the protected health information will not be used for any other purpose other than the litigation for which it was requested and that the protected health information be destroyed at the conclusion of the litigation.33 This stipulation will require attorneys to add provisions to the ordinary protective order forms they normally use in trademark litigation.
This safeguard protects the individual health information which is the subject of HIPAA. Additionally the use of a “qualified protective order” allows for the limited use of documents, normally kept completely confidential by HIPAA, in judicial and administrative proceedings where the disclosure of protected health information may be controlled and limited.
Methods To Implement Which Will Avoid HIPAA Obstacles
The methods discussed so far are useful after trademark issues have arisen and the trademark owner is already facing the obstacles to demonstrating trademark use presented by HIPAA. Attention to the HIPAA issue before proof becomes necessary will greatly reduce the likelihood of ever encountering a HIPAA obstacle to proving use. There are methods to provide a covered entity with appropriate specimens of use of their trademarks without including protected health information.
Entities should produce and retain samples of trademark use without protected health information. They should also keep records of the dates of actual use and geographic areas of use for each sample. In the event of litigation or other dispute, these records will be useful in proving when and where a trademark was used by the entity. The samples can be mock-ups using fictitious names and numbers or can be blank. If fictitious names are used care should be taken that they are generic enough so as not to accidentally represent a specific individual. Certain forms unique to the healthcare industry deserve special attention from the covered entity as they almost always contain the entity’s trademark. These forms include:
14. Checks and their vouchers;
15. Insurance certificates;
16. Brochures;
17. Billing statements;
18. Identification cards;
19. Appeal notices;
20. Denial and coordination of benefits forms;
21. Agreements with providers;
22. Appointment cards; and
23. Recall notices.
One method of producing specimens of use is to use forms that have the covered entity’s trademark(s) imprinted. This method will enable the covered entity to more easily retain samples of the forms with their trademark(s) without having protected healthcare information included. Naturally all standardized forms should have an issue date imprinted. As an alternative, entities that do not wish to use pre-printed forms but would rather have the trademark(s) computer generated when the patient information is included, can produce some forms with fictitious patient information. The entity should again retain the samples as evidence of trademark use. In both cases records of use of each form, including dates and geographic areas of use, should be maintained.
A second method involves the covered entity having a finite number of patients pre-consent to the use of their patient information. This will allow the entity to use these patients forms as an examples of trademark use. These records should, again, be kept along with notation of dates and location of use.
Utilizing these aforementioned methods will aid in avoiding any potential HIPAA obstacles in the event of trademark litigation. Although it is possible to overcome HIPAA’s obstacles, doing so may be significantly time consuming and relatively labor intensive. Whereas, with a little foresight and planning the obstacles presented by HIPAA may well be avoided.
Conclusions
Only recently have trademark attorneys been exposed to HIPAA issues. The best choice for entities potentially faced with these situations would be to follow the preemptive measures described above. However, if an entity finds itself facing trademark litigation without implementation of these preemptive measures, then there appears no reason why documents, in a redacted format, can not be used in trademark proceedings. Documents stripped of identifying data and used in properly redacted form do provide evidence concerning trademark usage. If necessary, the limited data set option allows disclosure of more geographical and durational information. Since this option leaves some question as to possible HIPAA violations, applying the de-identifier option discloses less geographical and durational information, but is less likely to be found a HIPAA violation provided that proper redactions are made. Further, under either option, if it is necessary to provide some evidence of the number of people who received information bearing the trademark, artificial identifiers may be implemented to symbolize different individuals.
Although challenging to a trademark attorney, HIPAA does provide exceptions to the non-disclosure policy. HIPAA was implemented with the purpose of preserving patient privacy. But, it is possible to comply with HIPAA and still produce individual documents as evidence of trademark use. Further, it is possible to avoid HIPAA obstacles completely with planning and organization.
Unfortunately, there are only predictions as to the outcomes of these matters. As matters proceed to litigation, the trademark world will see how the courts handle the disputes.
__________
1. Reprinted with permission of Aspen Publishers and the authors, <ecbankendorf@welshkatz.com> and <srollo@welshkatz.com>, from 16 Intellectual Property & Technology Law Journal #1, 1, Oct 2004, Copyright 2004 by Aspen Publishers.
2. 104 P.L. 191 § 261 (1996).
3. Id.
4. See Id.
5. Id.
6. 45 CFR Part 160 (2000).
7. 45 CFR Part 160 (2000).
8. Goldberg, Michael, “HIPAA privacy rules and discovery of medical records,” General Practice, Solo & Small Firm Vol. 32, No. 8, February 2004.
9. 45 Fed. Reg. 160.103
10. 45 CFR §160.102 (2000).
11. 45 CFR § 160.102 (2000).
12. Goldberg, Michael, “HIPAA privacy rules and discovery of medical records,” General Practice, Solo & Small Firm Vol. 32, No. 8, February 2004.
13. 45 CFR § 164.506 (2000).
14. Goldberg, Michael, “HIPAA privacy rules and discovery of medical records,” General Practice, Solo & Small Firm Vol. 32, No. 8, February 2004.
15. 45 CFR §164.502 (2000).
16. See 45 CFR § 160.103 (2000) [emphasis added].
17. See 45 CFR §164.502(e)(2)(2000); Goldberg, Michael, “HIPAA privacy rules and discovery of medical records,” General Practice, Solo & Small Firm Vol. 32, No. 8, February 2004.
18. Goldberg, Michael, “HIPAA privacy rules and discovery of medical records,” General Practice, Solo & Small Firm Vol. 32, No. 8, February 2004.
19. Goldberg, Michael, “HIPAA privacy rules and discovery of medical records,” General Practice, Solo & Small Firm Vol. 32, No. 8, February 2004.
20. Golub, Ira, Grappling with New Health Privacy Rules, New York Law Journal, January 10, 2002.
21. Goldberg, Michael, “HIPAA privacy rules and discovery of medical records,” General Practice, Solo & Small Firm Vol. 32, No. 8, February 2004.
22. Sterling, Jonathan, How Do New HIPAA Privacy Rules Affect My Company, Connecticut Employment Law Letter, December 2002 (showing how employers who sponsor health plans may cope with the new HIPAA regulations).
23. See CFR § 164.514 (2000).
24. See Id.
25. 5 U.S.C. § 552 (2000).
26. See United States Department of State v. Ray, 502 U.S. 164, 174 (1991).
27. Id.
28. S. Rep. No. 813, 89th Cong., 1st Sess., 7 (1965).
29. H.R. Rep. No. 1487, 89th Cong., 2nd Sess., 8 (1966).
30. Ray at 178.
31. 15 U.S.C.
32. 45 CFR § 164.512(e) (2000).
33. Id.