RE: to sign or not to sign
Ian, Jim, I currently am working with 9 software authors/dealers and have advised on the subject of business associate agreements. There are a couple of very different flavors I have put together. If you're interested, e-mail me off list and I'll send you a couple samples I have put together for them to send to their clients. On the subject of appropriateness of a vendor initiating, I think provider opinion will vary -- some medical providers on this list have clearly expressed their desire not to receive these. I think the ones who are happy to receive these agreements are the ones who do not participate on lists like this. One advantage the vendor has is in a clear understanding of their business and operations which allows crafting an appropriately worded allowed uses and disclosures clause. Here is one for a practice management vendor who offers EDI software and clearinghouse services: Business Associate is authorized to use protected health information for the purposes of computer system training, software support, support for the proper use and operation of EDI software, EDI clearinghouse support, data format conversion, and troubleshooting the operation of computerized practice management system. Business Associate may access all information in the computerized practice management and transmitted to the EDI clearinghouse for the purposes of verifying proper use, operation and function of the software. Gary Pritts Eagle Consulting Group HIPAA Strategies, Compliance and Education ?xml:namespace prefix = st1 ns = urn:schemas-microsoft-com:office:smarttags /1568 Northland Ave. / Lakewood, OH 44107 (216) 228-7959 voice (216) 233-4960 cell (216) 228-6272 fax E-mail: [EMAIL PROTECTED] -Original Message- From: Ian Leedom [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 12:23 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: to sign or not to sign I also represent a software vendor in a similar situation. Our take has been that we must have Business Agreements (BA) with the CE's simply because we have access to PHI. It also means that at some level, we need to know who has in fact accessed things and when. I think that the fact that you have access to a DB which has PHI in it is enough to trigger all of the privacy rule in HIPAA . My problem, and I'd love to hear from others about this, is what sort of BA we should in fact have. We have enough clients that if we send every agreement from every client to our corporate attorneys then we'll be bankrupt before April. And you're right that some clients want indemnification for things which are THEIR business and for us to keep data even after a business contract has ended. If anyone has any to add to this, I for one would love to hear it. Ian Leedom Psyche Systems 321 Fortune Blvd. Milford, MA 01757 Tel: (508) 473-1500 x341 Compliments humbly accepted. Flames cheerfully ignored. -Original Message- From: Jim Randolph [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 11:39 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: to sign or not to sign Let me carry this a step further. We are a software vendor that has received BACs, TPAs and Chain of Trust agreements from different customers. As a vendor to this particular customer base we are exposed to PHI but never manipulate it in any way. Our support personnel do review setup configurations, billing problems or DB issues; but don't do anything to PHI. Attorneys and consultants are advising our customers so differently that no matter what, we end up being the evil vendor. Some of the BACs we receive are rather ridiculous, like requiring us to assume financial liability if our customer has any HIPAA problems in the future. The question for the group is: What is required in this scenario a BAC, TPA or COT? Jim Randolph The Echo Group -Original Message- From: Traci Winter [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 22, 2003 3:49 PM To: WEDI SNIP Privacy Workgroup List Subject: to sign or not to sign OK so the next question is do we sign these BACs or just put them in the round file. Your answers reflected what my impression was, but I wanted reinforcement. Thanks, Traci Winter --- --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent
RE: to sign or not to sign
Jim, According to CMS, a software vendor is a business associate of a covered entity as long as the vendorneeds access to the PHI of the covered entity in order to provide its service. Therefore, you are only required to enter into a BAA. Dee Warrington Director, HIPAA and Regulatory Compliance OAO HealthCare Solutions, Inc. 20955 Warner Center Lane Woodland Hills, CA 91367 (818) 598-6606 Fax: (818) 598-3270 [EMAIL PROTECTED] -Original Message-From: Jim Randolph [mailto:[EMAIL PROTECTED]]Sent: Thursday, January 23, 2003 8:39 AMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: to sign or not to sign Let me carry this a step further. We are a software vendor that has received BACs, TPAs and Chain of Trust agreements from different customers. As a vendor to this particular customer base we are exposed to PHI but never manipulate it in any way. Our support personnel do review setup configurations, billing problems or DB issues; but dont do anything to PHI. Attorneys and consultants are advising our customers so differently that no matter what, we end up being the evil vendor. Some of the BACs we receive are rather ridiculous, like requiring us to assume financial liability if our customer has any HIPAA problems in the future. The question for the group is: What is required in this scenario a BAC, TPA or COT? Jim Randolph The Echo Group -Original Message-From: Traci Winter [mailto:[EMAIL PROTECTED]]Sent: Wednesday, January 22, 2003 3:49 PMTo: WEDI SNIP Privacy Workgroup ListSubject: to sign or not to sign OK so the next question is do we sign these BACs or just put them in the round file. Your answers reflected what my impression was, but I wanted reinforcement. Thanks, Traci Winter --The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: to sign or not to sign
Carolyn, My agreement does not tell my BA how to carry out their business obligation, only what I expect of them in the treatment of my information. What would be a valid reason why I should sign my software vendors agreement? Or, please give me an example of when I should sign a vendor's agreement. I am getting alot of agreements from vendors that I am not signing. I would appreciate any insight that you can give me! Thanks Leslie -Original Message- From: Price, Carolyn [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 2:34 PM To: Harpe, Leslie; WEDI SNIP Privacy Workgroup List Subject: RE: to sign or not to sign Leslie: There are many different types of vendors who may be Business Associates. Those who perform a function for many different clients are often accessing PHI in order to fulfill their business obligation. It is not workable to have a different set of rules, imposed by each client, to perform the business function. This will lead to almost certain errors. Better to have one set of rules, spelled out clearly, to allow them to do what they have been hired to do. The BAK should spell out what safeguards will be imposed, and what the BA will do in order to assure compliance with HIPAA. I understand that you are the covered entity,but you also expect your BA to be compliant, and to perform in an error-free manner. There will be some BAs who have a valid reason for asking you to sign their agreement. Carolyn Price -Original Message- From: Harpe, Leslie [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 11:13 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: to sign or not to sign I don't think vendors should write agreements. I represent a hospital that is getting a lot of agreements from vendors. I say this with strong conviction, I do not want to sign vendor agreements. I think that if I've given you access to my patient information, you should sign my agreement. After all, its my information and I'm responsible for it. Furthermore, you are not a covered entity and you are not required by law to have an agreement. Do you have a Notice of Privacy Practice? Of course not, but why would you follow part of the law and not all of it? I wonder if I'll have this same strong conviction when JCAHO sends me their agreement. Thanks, Leslie Harpe South Georgia Medical Center Valdosta, GA 31605 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- From: Ian Leedom [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 12:23 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: to sign or not to sign I also represent a software vendor in a similar situation. Our take has been that we must have Business Agreements (BA) with the CE's simply because we have access to PHI. It also means that at some level, we need to know who has in fact accessed things and when. I think that the fact that you have access to a DB which has PHI in it is enough to trigger all of the privacy rule in HIPAA . My problem, and I'd love to hear from others about this, is what sort of BA we should in fact have. We have enough clients that if we send every agreement from every client to our corporate attorneys then we'll be bankrupt before April. And you're right that some clients want indemnification for things which are THEIR business and for us to keep data even after a business contract has ended. If anyone has any to add to this, I for one would love to hear it. Ian Leedom Psyche Systems 321 Fortune Blvd. Milford, MA 01757 Tel: (508) 473-1500 x341 Compliments humbly accepted. Flames cheerfully ignored. -Original Message- From: Jim Randolph [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 11:39 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: to sign or not to sign Let me carry this a step further. We are a software vendor that has received BACs, TPAs and Chain of Trust agreements from different customers. As a vendor to this particular customer base we are exposed to PHI but never manipulate it in any way. Our support personnel do review setup configurations, billing problems or DB issues; but don't do anything to PHI. Attorneys and consultants are advising our customers so differently that no matter what, we end up being the evil vendor. Some of the BACs we receive are rather ridiculous, like requiring us to assume financial liability if our customer has any HIPAA problems in the future. The question for the group is: What is required in this scenario a BAC, TPA or COT? Jim Randolph The Echo Group -Original Message- From: Traci Winter [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 22, 2003 3:49 PM To: WEDI SNIP Privacy Workgroup List Subject: to sign or not to sign OK so the next question is do we sign these BACs or just put them in the round file. Your answers reflected what my impression was, but I wanted reinforcement. Thanks, Traci Winter
Re: to sign or not to sign
Leslie, In general, I agree. The vendor is attempting to reduce the load on ITS legal staff by getting its customers to sign their version of the BAA before their cusomers write their own. You will have to have a BAA in place with most of these entities. It doesn't matter who originates the agreement. The CE (in your case, the hospital) is the one who must see that the agreement is in place. Note that the last part of BAA is significant - Agreement. The final wording must be mutually agreed to. On the other hand, whose wording is used may depend on the amount of competition in the field and/or the volume of business you do with the vendor. If they're the only game in town (an example: GE/Marquette EKG systems), or you would be considered small potatoes, you may have to live with their wording. If you can easily change to another vendor, you may be able to insist on your wording. IMHO, the best way to ensure that the wording is closer to your wording is to beat the vendors to the punch (send them your version before they try to send you theirs). In any case, don't sign just because they sent you one. There may not even be a business relationship that makes one necessary. Make sure that the final agreement protects your interests. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital Health Care Centers [EMAIL PROTECTED] This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you. - Original Message - From: Harpe, Leslie [EMAIL PROTECTED] To: WEDI SNIP Privacy Workgroup List [EMAIL PROTECTED] Sent: Thursday, January 23, 2003 01:13 PM Subject: RE: to sign or not to sign I don't think vendors should write agreements. I represent a hospital that is getting a lot of agreements from vendors. I say this with strong conviction, I do not want to sign vendor agreements. I think that if I've given you access to my patient information, you should sign my agreement. After all, its my information and I'm responsible for it. Furthermore, you are not a covered entity and you are not required by law to have an agreement. Do you have a Notice of Privacy Practice? Of course not, but why would you follow part of the law and not all of it? I wonder if I'll have this same strong conviction when JCAHO sends me their agreement. Thanks, Leslie Harpe South Georgia Medical Center Valdosta, GA 31605 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- From: Ian Leedom [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 12:23 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: to sign or not to sign I also represent a software vendor in a similar situation. Our take has been that we must have Business Agreements (BA) with the CE's simply because we have access to PHI. It also means that at some level, we need to know who has in fact accessed things and when. I think that the fact that you have access to a DB which has PHI in it is enough to trigger all of the privacy rule in HIPAA . My problem, and I'd love to hear from others about this, is what sort of BA we should in fact have. We have enough clients that if we send every agreement from every client to our corporate attorneys then we'll be bankrupt before April. And you're right that some clients want indemnification for things which are THEIR business and for us to keep data even after a business contract has ended. If anyone has any to add to this, I for one would love to hear it. Ian Leedom Psyche Systems 321 Fortune Blvd. Milford, MA 01757 Tel: (508) 473-1500 x341 Compliments humbly accepted. Flames cheerfully ignored. -Original Message- From: Jim Randolph [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 11:39 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: to sign or not to sign Let me carry this a step further. We are a software vendor that has received BACs, TPAs and Chain of Trust agreements from different customers. As a vendor to this particular customer base we are exposed to PHI but never manipulate it in any way. Our support personnel do review setup configurations, billing problems or DB issues; but don't do anything to PHI. Attorneys and consultants are advising our customers so differently that no matter what, we end up being the evil vendor. Some of the BACs we receive are rather ridiculous, like requiring us to assume financial liability if our
RE: to sign or not to sign
In the OCR guidance that was issued in December, the very last question in the section on BA's says this: Q: Is a software vendor a business associate of a covered entity? A: The mere selling or providing of software to a covered entity does not give rise to a business associate relationship if the vendor does not have access to the protected health information of the covered entity. If the vendor does need access to the protected health information of the covered entity in order to provide its service, the vendor would be a business associate of the covered entity. For example, a software company that hosts the software containing patient information on its own server or accesses patient information when troubleshooting the software function, is a business associate of a covered entity. In these examples, a covered entity would be required to enter into a business associate agreement before allowing the software company access to protected health information. However, when an employee of a contractor, like a software or information technology vendor, has his or her primary duty station on-site at a covered entity, the covered entity may choose to treat the employee of the vendor as a member of the covered entitys workforce, rather than as a business associate. See the definition of workforce at 45 CFR 160.103. I would say the need for a BAA then depends on the details of what you do for your customers. If you are a software retailer, like CompUSA or something like that, I'd argue no BAA is necessary. If you provide on site service and troubleshooting, or can remotely access the CE database, then I'd say you do need a BAA. I don't think a TPA is appropriate. My understanding is that this is a device from the Transaction and Code Set Standards and would only be used between parties that are conducting a covered transaction. COT agreements I believe are a creature of the long awaited Security Rule and since that is not finalized I don't think we can say if a COT is appropriate or not. Noel Chang -- Open WebMail Project (http://openwebmail.org) -- Original Message --- From: [EMAIL PROTECTED] (Jim Randolph) To: WEDI SNIP Privacy Workgroup List [EMAIL PROTECTED] Sent: Thu, 23 Jan 2003 11:39:07 -0500 Subject: RE: to sign or not to sign Let me carry this a step further. We are a software vendor that has received BACs, TPAs and Chain of Trust agreements from different customers. As a vendor to this particular customer base we are exposed to PHI but never manipulate it in any way. Our support personnel do review setup configurations, billing problems or DB issues; but dont do anything to PHI. Attorneys and consultants are advising our customers so differently that no matter what, we end up being the evil vendor. Some of the BACs we receive are rather ridiculous, like requiring us to assume financial liability if our customer has any HIPAA problems in the future. The question for the group is: What is required in this scenario a BAC, TPA or COT? Jim Randolph The Echo Group -Original Message- From: Traci Winter [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 22, 2003 3:49 PM To: WEDI SNIP Privacy Workgroup List Subject: to sign or not to sign OK so the next question is do we sign these BACs or just put them in the round file. Your answers reflected what my impression was, but I wanted reinforcement. Thanks, Traci Winter --- --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- End of Original Message --- --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org
RE: to sign or not to sign
As far as I am concerned, I am not signing an agreement that a Business Associate sends to us, including our Practice Management Software Vendor. The PHI is in OUR possession, and if a BA wants access to it, they can sign the agreement OUR attorney drafted. Period. I recycle the ones that are being sent to me by my Business Associates. Respectfully, Valerie Hromatka Western Washington Medical Group Privacy Officer -Original Message- From: Ian Leedom [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 9:23 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: to sign or not to sign I also represent a software vendor in a similar situation. Our take has been that we must have Business Agreements (BA) with the CE's simply because we have access to PHI. It also means that at some level, we need to know who has in fact accessed things and when. I think that the fact that you have access to a DB which has PHI in it is enough to trigger all of the privacy rule in HIPAA . My problem, and I'd love to hear from others about this, is what sort of BA we should in fact have. We have enough clients that if we send every agreement from every client to our corporate attorneys then we'll be bankrupt before April. And you're right that some clients want indemnification for things which are THEIR business and for us to keep data even after a business contract has ended. If anyone has any to add to this, I for one would love to hear it. Ian Leedom Psyche Systems 321 Fortune Blvd. Milford, MA 01757 Tel: (508) 473-1500 x341 Compliments humbly accepted. Flames cheerfully ignored. -Original Message- From: Jim Randolph [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 11:39 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: to sign or not to sign Let me carry this a step further. We are a software vendor that has received BACs, TPAs and Chain of Trust agreements from different customers. As a vendor to this particular customer base we are exposed to PHI but never manipulate it in any way. Our support personnel do review setup configurations, billing problems or DB issues; but dont do anything to PHI. Attorneys and consultants are advising our customers so differently that no matter what, we end up being the evil vendor. Some of the BACs we receive are rather ridiculous, like requiring us to assume financial liability if our customer has any HIPAA problems in the future. The question for the group is: What is required in this scenario a BAC, TPA or COT? Jim Randolph The Echo Group -Original Message- From: Traci Winter [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 22, 2003 3:49 PM To: WEDI SNIP Privacy Workgroup List Subject: to sign or not to sign OK so the next question is do we sign these BACs or just put them in the round file. Your answers reflected what my impression was, but I wanted reinforcement. Thanks, Traci Winter --- --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list
to sign or not to sign
OK so the next question is do we sign these BACs or just put them in the round file. Your answers reflected what my impression was, but I wanted reinforcement. Thanks, Traci Winter --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: to sign or not to sign
Traci, My vote's for the round file. Any lawyers out there feel free to chime in. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Traci Winter To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, January 22, 2003 02:49 PM Subject: to sign or not to sign OK so the next question is do we sign these BACs or just put them in the round file. Your answers reflected what my impression was, but I wanted reinforcement. Thanks, Traci Winter---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org