RE: business associate questions
If your law firm provides any services to any entity in healthcare, I strongly suggest you start getting familiar with HIPAA...in a hurry. Legal services is one of the types of messages specifically mentioned in the section of the regulation addressing business associates. Whether a law firm providing services to a health care entity is a Business Associate or that health care entity will depend essentially on two things: (1) is the health care entity a "covered entity" under HIPAA, and (2) does the law firm receive protected health information in the course of performing those services. If the answer to both of those questions is yes, then you need to have a Business Associate Agreement with the health care entity. Darrell Rishel, J.D. Director of Information Services Arapahoe House, Inc. This message is not legal advice. > -Original Message- > From: Jason Cantos [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 01, 2003 11:24 AM > To: WEDI SNIP Privacy Workgroup List > Subject: business associate questions > > > I work in a small law firm. A couple of our clients asked us to sign > business associate agreements. These business associate > agreements require > the law firm to adopt HIPAA specific policies and procedures. > Are there any > business associates (law firms specifically) that are doing this? > > On an unrelated matter, the provider of our dental insurance > asked us to > sign a business associate agreement, with us as the business > associate--I > just don't see how we are a business associate in this situation. > > Thanks so much for your help. > > > > > > _ > > > > --- > The WEDI SNIP listserv to which you are subscribed is not > moderated. The discussions on this listserv therefore > represent the views of the individual participants, and do > not necessarily represent the views of the WEDI Board of > Directors nor WEDI SNIP. If you wish to receive an official > opinion, post your question to the WEDI SNIP Issues Database > at http://snip.wedi.org/tracking/. These listservs should > not be used for commercial marketing purposes or discussion > of specific vendor products and services. They also are not > intended to be used as a forum for personal disagreements or > unprofessional communication at any time. > > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] > To unsubscribe from this list, go to the > Subscribe/Unsubscribe form at http://subscribe.wedi.org or > send a blank email to [EMAIL PROTECTED] > If you need to unsubscribe but your current email address is > not the same as the address subscribed to the list, please > use the Subscribe/Unsubscribe form at http://subscribe.wedi.org > --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Billing Company fee for copy/release billing records
I'd like some input on how Billing Companies are handling any fees for release of billing records to patients if your company does this. If you are, could you lead me to documentation in the regs or otherwise that support your answer? Thanks, Brenda --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: business associate questions
On your unrelated matter, I, too, don't see where there is a business associate relationship between a dental insurer and the law firm, or even between the dental insurer and the law firm's "group health plan." The U.S. Department of Health and Human Services Office of Civil Rights, the agency charged with enforcement of the HIPAA Privacy Rules, recently issued guidance that specifically addresses this point. The guidance (which can be found at http://www.hhs.gov/ocr/hipaa/privacy.html) states the following at p. 52: "Q: Is a health insurance issuer or HMO who provides health insurance or health coverage to a group health plan a business associate of the group health plan? A: A health insurance issuer or HMO does not become a business associate simply by providing health insurance or health coverage to a group health plan. The relationship between the group health plan and the health insurance issuer or HMO is defined by the Privacy Rules as an organized health care arrangement (OHCA), with respect to the individuals they jointly serve or have served. Thus, these covered entities are permitted to share protected health information that relates to the joint health care activities of the OHCA. . . . " The guidance also states, at pp. 47-48: "Q: Are covered entities that engage in joint activities under an organized health care arrangement (HCA) required to have business associate contracts with each other? A: No. Covered entities that participate in an OHCA are permitted to share protected health information for the joint health care activities of the OHCA without entering into business associate contracts with each other. . . . " I hope this is helpful. Judi Judith A. Langer, Attorney Privacy Official Cobalt Corporation The opinions expressed in this e-mail are my own and not necessarily those of Cobalt Corporation. -Original Message- From: Jason Cantos [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 12:24 PM To: WEDI SNIP Privacy Workgroup List Subject: business associate questions I work in a small law firm. A couple of our clients asked us to sign business associate agreements. These business associate agreements require the law firm to adopt HIPAA specific policies and procedures. Are there any business associates (law firms specifically) that are doing this? On an unrelated matter, the provider of our dental insurance asked us to sign a business associate agreement, with us as the business associate--I just don't see how we are a business associate in this situation. Thanks so much for your help. _ --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: business associate questions
Jason- I believe it depends on how your are being utilized. It would seem that as legal counsel you may be exposed to PHI when they are asking you to defend them in any litigation brought by a patient or if they are working against an insurance company for non-payment etc. The agreement should state that they require you to adopt their established HIPAA policies to protect the PHI that they disclose to you. So along with the agreement should be how they are placing utilizing reasonable safeguards in place and that you should do the same when using the PHI That is my interpretation of what HIPAA says for us as a covered entity to do Craig Moen, MPT Director of Rehabilitation HIPAA Privacy Official THERAPY 2000 Confidential Information This email message is intended only for the person or entity to which it is addressed. Unless otherwise indicated or obvious by the nature of this transmittal, the information contained in this email message is privileged and confidential, intended for the use of the intended recipient (or the employee or agent responsible to deliver to the intended recipient), you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message THERAPY 2000 1881 Sylvan Avenue Suite 210 Dallas, Tx 75208 -Original Message- From: Jason Cantos [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 12:24 PM To: WEDI SNIP Privacy Workgroup List Subject: business associate questions I work in a small law firm. A couple of our clients asked us to sign business associate agreements. These business associate agreements require the law firm to adopt HIPAA specific policies and procedures. Are there any business associates (law firms specifically) that are doing this? On an unrelated matter, the provider of our dental insurance asked us to sign a business associate agreement, with us as the business associate--I just don't see how we are a business associate in this situation. Thanks so much for your help. _ --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
business associate questions
I work in a small law firm. A couple of our clients asked us to sign business associate agreements. These business associate agreements require the law firm to adopt HIPAA specific policies and procedures. Are there any business associates (law firms specifically) that are doing this? On an unrelated matter, the provider of our dental insurance asked us to sign a business associate agreement, with us as the business associate--I just don't see how we are a business associate in this situation. Thanks so much for your help. _ --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Psychotherapy Notes
Psychotherapy notes are defined very specifically in the regulations including that the records "are separated from the rest of the individual's medical record." Does the definition imply that a mental health provider who does not keep the records separate -- not have HIPAA psychotherapy notes? If so, can the provider release the records under a general HIPAA authorization and not be required to obtain a separate authorization for release of what may be classified as "psychotherapy notes" had such records been kept separate and apart from the other medical records. Basically was the definition designed to allow two ways to handle such records. It is my understanding from discussion with some mental health care providers that they like to keep some records separate and from others that they put all the records into the full medical record. Thoughts. bob coffield ** Robert L. Coffield Flaherty, Sensabaugh & Bonasso, PLLC 200 Capitol Street (P.O. Box 3843) Charleston, WV 25338-3843 (304) 347-3791 Fax: (304) 345-0260 Work Email: [EMAIL PROTECTED] *** --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
'second tier' BAA
Anybody willing to share one with me? I'm a billing company and looking at the language we should put into our agreements with subcontractors/agents. We have an agreement with them, but now that I have heard about others referring to this document, 'second tier' BAA, I'd be interested in seeing what is in it. Thanks, Brenda Brenda K. Burton MEDEXTEND 877-491-7650 Available on Instant Messenger as: medextend Please Note: This email is intended only for the person/entity as specifically addressed in the TO:,CC: or BCC: portion of the heading of this email as originally addressed from the domain 'medextend.com'. Opinions expressed herein are not a substitute for legal advisement or other professional advice. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: More Business Associate
Deborah -- Yes according to § 164.532(b) if a covered entity had a contract in place with a BA on October 14, 2002, then the covered entity must amend that contract to include the required BA provisions the next time that the parties substantively modify the agreement but in no event later than April 14, 2004. A evergreen renewal does not constitute a substantive modification. So if the CE and the BA substantively modified their agreement after October 14, they should have included the BA provisions. My advice to clients is similar to the approach that you have taken. However, if the CE has contracts eligible for the transition rule that it can't amend by April 14, 2002, then the CE should send the BA a letter now placing the BA on notice about the various HIPAA obligations. The OCR 12/4/02 guidance on BA's has a useful list of such obligations that apply during the transition period. I have quoted that Q & A below. Best regards, Dave Ermer Q: What are a covered entity's obligations under the HIPAA Privacy Rule with respect to protected health information held by a business associate during the contract transition period? A: During the contract transition period, covered entities must observe the following responsibilities with respect to protected health information held by their business associates: Make information available to the Secretary, including information held by a business associate, as necessary for the Secretary to determine compliance by the covered entity. Fulfill an individual's rights to access and amend his or her protected health information contained in a designated record set, including information held by a business associate, if appropriate, and receive an accounting of disclosures by a business associate. Mitigate, to the extent practicable, any harmful effect that is known to the covered entity of an impermissible use or disclosure of protected health information by its business associate. Covered entities are required to ensure, in whatever reasonable manner deemed effective by the covered entity, the appropriate cooperation by their business associates in meeting these requirements during the transition period. However, a covered entity is not required to obtain the satisfactory assurances required by the Privacy Rule from a business associate to which the transition period applies. Of course, even during the transition period, covered entities still may only disclose protected health information to a business associate for a purpose permitted under the Rule and must apply the minimum necessary standard, as appropriate, to such disclosures. Gordon & Barnett Attorneys at Law 1133 21st St., NW, Suite 450 Washington, DC 20036 202-833-3400 ext 3009 (voice) 202-223-0120 (fax) www.gordon-barnett.com >>> Deborah Campbell <[EMAIL PROTECTED]> 04/01/03 10:52AM >>> Craig, The way I understand this (correct me if I'm wrong guys), if you have a contract in place by October 2002, you have a 1 year extension for the BAA. But the Covered Entity is still responsible for the BA abiding by the BA requirements, even though you have waited another year to get a contract signed. We have decided to go ahead and amend the current contracts anyway. Deborah Deborah Campbell Compliance Coordinator Dominion Dental Services, Inc. 115 South Union Street, Suite 300 Alexandria, Virginia 22314 Phn: (703) 518-5000 ext. 3035 Fax: (703) 518-8849 Toll Free: 888-518-5338 Email: [EMAIL PROTECTED] *** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. * -Original Message- From: Craig Moen [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 10:52 AM To: WEDI SNIP Privacy Workgroup List Subject: More Business Associate Can someone help me understand this a little better: I am reading language about having contracts signed before October of 2002. It seems to states that Business Associate agreements/addendums have an extension to 4-14-04 in these instances? For those that we have verbal agreements with we have to have something in place by 4-14-03. Sounds a little strange, because contracts signed before October 2002 may have confidentiality policies etc, but not necessarily the language required by HIPAA(the way I have read it) Thanks for any clarification Craig Moen Director of Rehabilitation HIPAA Privacy Official THERAPY 2000 Confidential Information This email message is intended only for the person or entity to which it is addressed. Unless otherwise indicated or obvious by the nature of this transmittal, the information contained in this email message is privileged and
RE: More Business Associate
Title: RE: More Business Associate Craig, The way I understand this (correct me if I'm wrong guys), if you have a contract in place by October 2002, you have a 1 year extension for the BAA. But the Covered Entity is still responsible for the BA abiding by the BA requirements, even though you have waited another year to get a contract signed. We have decided to go ahead and amend the current contracts anyway. Deborah Deborah Campbell Compliance Coordinator Dominion Dental Services, Inc. 115 South Union Street, Suite 300 Alexandria, Virginia 22314 Phn: (703) 518-5000 ext. 3035 Fax: (703) 518-8849 Toll Free: 888-518-5338 Email: [EMAIL PROTECTED] *** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. * -Original Message- From: Craig Moen [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 01, 2003 10:52 AM To: WEDI SNIP Privacy Workgroup List Subject: More Business Associate Can someone help me understand this a little better: I am reading language about having contracts signed before October of 2002. It seems to states that Business Associate agreements/addendums have an extension to 4-14-04 in these instances? For those that we have verbal agreements with we have to have something in place by 4-14-03. Sounds a little strange, because contracts signed before October 2002 may have confidentiality policies etc, but not necessarily the language required by HIPAA(the way I have read it) Thanks for any clarification Craig Moen Director of Rehabilitation HIPAA Privacy Official THERAPY 2000 Confidential Information This email message is intended only for the person or entity to which it is addressed. Unless otherwise indicated or obvious by the nature of this transmittal, the information contained in this email message is privileged and confidential, intended for the use of the intended recipient (or the employee or agent responsible to deliver to the intended recipient), you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message THERAPY 2000 1881 Sylvan Avenue Suite 210 Dallas, Tx 75208 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
More Business Associate
Can someone help me understand this a little better: I am reading language about having contracts signed before October of 2002. It seems to states that Business Associate agreements/addendums have an extension to 4-14-04 in these instances? For those that we have verbal agreements with we have to have something in place by 4-14-03. Sounds a little strange, because contracts signed before October 2002 may have confidentiality policies etc, but not necessarily the language required by HIPAA(the way I have read it) Thanks for any clarification Craig Moen Director of Rehabilitation HIPAA Privacy Official THERAPY 2000 Confidential Information This email message is intended only for the person or entity to which it is addressed. Unless otherwise indicated or obvious by the nature of this transmittal, the information contained in this email message is privileged and confidential, intended for the use of the intended recipient (or the employee or agent responsible to deliver to the intended recipient), you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message THERAPY 2000 1881 Sylvan Avenue Suite 210 Dallas, Tx 75208 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org