Key Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style

Similar documents
ARE YOU HIP WITH HIPAA?

LEGAL ISSUES IN HEALTH IT SECURITY

HIPAA Compliance Guide

Determining Whether You Are a Business Associate

6/7/2018. HIPAA Compliance Simplified. HHS Wall of Shame. Marc Haskelson, President Compliancy Group

HIPAA AND ONLINE BACKUP WHAT YOU NEED TO KNOW ABOUT

AFTER THE OMNIBUS RULE

True or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15)

503 SURVIVING A HIPAA BREACH INVESTIGATION

HIPAA The Health Insurance Portability and Accountability Act of 1996

OMNIBUS COMPLIANT BUSINESS ASSOCIATE AGREEMENT RECITALS

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

Auditing for HIPAA Compliance: Evaluating security and privacy compliance in an organization that provides health insurance benefits to employees

2016 Business Associate Workforce Member HIPAA Training Handbook

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules

Preparing for a HIPAA Audit & Hot Topics in Health Care Reform

HIPAA in the Digital Age. Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia

Effective Date: 4/3/17

HIPAA & The Medical Practice

HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule. Association of Corporate Counsel Houston Chapter October 14, 2014.

H E A L T H C A R E L A W U P D A T E

1 Security 101 for Covered Entities

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

Business Associate Risk

HIPAA Overview Health Insurance Portability and Accountability Act. Premier Senior Marketing, Inc

Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300

Priciest HIPAA Incidents of 2015

HIPAA Background and History

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

HIPAA, Privacy, and Security Oh My!

Meaningful Use Requirement for HIPAA Security Risk Assessment

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)

HEALTHCARE BREACH TRIAGE

Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation

"HIPAA RULES AND COMPLIANCE"

DELHAIZE AMERICA PHARMACIES AND WELFARE BENEFIT PLAN HIPAA SECURITY POLICY (9/1/2016 VERSION)

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013

HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule

HIPAA and Lawyers: Your stakes have just been raised

Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule

ACC Compliance and Ethics Committee Presentation February 19, 2013

HIPAA Privacy, Breach, & Security Rules

HIPAA Data Breach ITPC

To: Our Clients and Friends January 25, 2013

HIPAA Privacy & Security. Transportation Providers 2017

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP

HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES KURTIN PLLC COMPLIANCE SOLUTION: UPDATE January 3, I. Executive Summary.

HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES

HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT

HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA

Ensuring HIPAA Compliance When Transmitting PHI Via Patient Portals, and Texting

The HIPAA Omnibus Rule and the Enhanced Civil Fine and Criminal Penalty Regime

OMNIBUS RULE ARRIVES

PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013

HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015.

March 1. HIPAA Privacy Policy

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.

What Brown County employees need to know about the Federal legislation entitled the Health Insurance Portability and Accountability Act of 1996.

Fifth National HIPAA Summit West

HIPAA Basic Training for Health & Welfare Plan Administrators

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION

HIPAA Privacy Overview

HIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights

Business Associate Agreement

HIPAA Privacy and Security Rules: Overview and Update HIPAA. Health Insurance Portability and Accountability Act ( HIPAA )

HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS

HIPAA Privacy and Security Rules

HITECH and HIPAA: Highlights for Health Departments. Aimee Wall UNC School of Government

"HIPAA FOR LAW FIRMS" WHAT EVERY LAW FIRM NEEDS TO KNOW ABOUT HIPAA

HIPAA Compliance for Business Associates ISBA Health Law Symposium October 10, 2017

GUIDANCE ON HIPAA & CLOUD COMPUTING

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by

HIPAA Security How secure and compliant are you from this 5 letter word?

Industry leading Education. Certified Partner Program. Please ask questions Todays slides are available group.

New. To comply with HIPAA notice requirements, all Providence covered entities shall follow, at a minimum, the specifications described below.

HEALTH & HUMAN SERVICES OFFICE FOR CIVIL RIGHTS HIPAA COMPLIANCE AUDITS. What do I need to know?

Business Associate Agreement Health Insurance Portability and Accountability Act (HIPAA)

8/30/2016 HIPAA: WHAT S CHANGED?

HIPAA: Impact on Corporate Compliance

Understanding Cyber Risk in the Dental Office. Melissa Moore Sanchez, CIC

Legal and Privacy Implications of the HIPAA Final Omnibus Rule

HIPAA COMPLIANCE. for Small & Mid-Size Practices

UNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP

Regenstrief Center for Healthcare Engineering HIPAA Compliance Policy

4/15/2016. What we strive for. Reality

SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT

Highlights of the Omnibus HIPAA/HITECH Final Rule

AMA Practice Management Center, What you need to know about the new health privacy and security requirements

Privacy Rule - Complaint Investigations

HIPAA / HITECH. Ed Massey Affiliated Marketing Group

HIPAA Enforcement Under the HITECH Act; The Gloves Come Off

Negotiating Business Associate Agreements

BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate)

ARRA s Amendments to HIPAA Privacy & Security Rules

HIPAA, 42 CFR PART 2, AND MEDICAID COMPLIANCE STANDARDS POLICIES AND PROCEDURES

JOTFORM HIPAA BUSINESS ASSOCIATE AGREEMENT

Transcription:

Key Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style July 27, 2016 www.mcguirewoods.com

Introductions Holly Carnell McGuireWoods LLP hcarnell@mcguirewoods.com 312-849-3687 Meggan Bushee McGuireWoods LLP mbushee@mcguirewoods.com 704-343-2360 McGuireWoods 2

Key Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Issues: Part 1 McGuireWoods 3

Part 1 Agenda Review of HIPAA and the HITECH Act What are HIPAA and the HITECH Act? Who do these laws apply to? Business Associates What are Business Associates? Pitfalls of Business Associates Diligence of Business Associates Business Associate Agreements 2015/2016 HIPAA Enforcement Actions McGuireWoods 4

Recap of HIPAA and the HITECH Act No, it's not a female Hippopotamus, anyone else know? Cartoon by Dave Harbaugh McGuireWoods 5

What is HIPAA? HIPAA stands for the Health Insurance Portability & Accountability Act of 1996. Provides a framework for the establishment of standards to protect patient confidentiality, to ensure the security of electronic systems, and to facilitate the secure electronic transmission of health information. HIPAA creates federal privacy floor (minimum requirement) Must comply with the more restrictive of HIPAA or state law Covered Entities and Business Associates are required to comply with HIPAA. McGuireWoods 6

Core Elements of HIPAA HIPAA has four key parts: The Privacy Rule establishes patients privacy rights and addresses the use and disclosure of protected health information ( PHI ) by covered entities and business associates. The Security Rule requires the adoption of administrative, physical, and technical safeguards to protect electronic PHI ( ephi ). The Breach Notification Rule requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured PHI. The Enforcement Rule establishes both civil monetary penalties and federal criminal penalties for the knowing use or disclosure of PHI in violation of HIPAA. McGuireWoods 7

What is the HITECH Act? The HITECH Act ( Health Information Technology for Economic and Clinical Health Act of 2009, part of the American Recovery and Reinvestment Act of 2009 ) expanded the scope of HIPAA HITECH made changes to HIPAA in these areas: Breach Notification Rules Increased Penalties Mandated Audits by Office of Civil Rights More rights for individual patients Directly applied the Security Rule and certain aspects of Privacy Rule to Business Associates McGuireWoods 8

Who Must Comply? Covered Entities Health Care Providers Hospitals Physician practices Laboratories Pharmacies Health Plans Health insurance issuers HMOs Group Health Plans Medicare, Parts A and B Medicare + Choice Medicaid Includes employer-sponsored health plans Health Care Clearinghouses Billing companies Business Associates Persons or organizations that perform certain functions or activities on behalf of, or provide certain services to, a Covered Entity that involve the use or disclosure of protected health information or PHI Includes downstream contractors McGuireWoods 9

Business Associates McGuireWoods 10

Who is a Business Associate? An individual or entity that provides services on behalf of the Covered Entity or another business associate that require the entity to create, receive, maintain, or transmit protected health information (PHI). Includes downstream contractors Examples: Billing companies IT consultants Law firms PHI disposal companies Transcriptionists Hosting companies McGuireWoods 11

Who is NOT a Business Associate? When the services performed are not for or on behalf of a Covered Entity The postal service or wireless carrier where PHI is transferred across the country or the network, as applicable Deemed mere courier of PHI Payors, where a provider sends PHI for purposes of receiving reimbursement Persons receiving PHI inadvertently, i.e., a person or vendor that overhears PHI while on-site at a client s health care facility A provider, where another provider sends PHI for treatment of an individual McGuireWoods 12

Pitfalls with Business Associates When a Business Associate violates a material term of a BAA, covered entities still must take reasonable steps to cure breach If unsuccessful in curing breach, covered entity must terminate the BAA Business associates may have less concern with the privacy and security of a covered entity s PHI because they are further removed It is the covered entity s reputation and patient relationships on the line McGuireWoods 13

Importance of Protecting ephi The principal goal of every health care provider and every health insurer, from a privacy and security perspective, is to avoid a data breach. In turn, this becomes the goal of every business associate, and every downstream contractor, that creates, receives, maintains or transmits PHI on behalf of a covered entity. Despite these objectives, CEs and BAs often know very little about the downstream entities to whom they are entrusting data. What security safeguards have they implemented? What is the company s operating history? Are they passing on data to subcontractors? Are they housing data offshore? McGuireWoods 14

Proper Diligence of Business Associates Often see Business Associates that have taken no steps towards HIPAA Compliance Start by conducting diligence on the Business Associate s compliance Seek references from other clients Ask questions of leadership Consider a third-party review of Business Associate s compliance with HIPAA Need to assess vendor s compliance in light of the work they will be doing and the extent of PHI involved McGuireWoods 15

Conducting Effective Vendor Due Diligence Key Administrative Safeguards and Requirements (45 CFR 164.308; 45 CFR 164.530) Does the vendor have a HIPAA Privacy Officer and a Security Official to implement and oversee HIPAA-related policies and procedures? Does the vendor have policies and procedures that comply with the Privacy Rule and Security Rule? The CE should ask for either a copy of the policies and procedures or a narrative description of their contents. McGuireWoods 16

Conducting Effective Vendor Due Diligence Security Risk Assessments (45 CFR 164.308(a)(1)(ii)) Has the vendor conducted a risk assessment in accordance with the HIPAA Security Rule? The CE or BA should request information regarding the vendor s most recent risk assessment and ensure that the vendor has a policy requiring the periodic performance of risk assessments. McGuireWoods 17

Conducting Effective Vendor Due Diligence Security Training (45 CFR 164.308(a)(5); 45 CFR 164.530(b)(1)) Does the vendor conduct HIPAA compliance training for its workforce, and in particular for workforce members who have access to ephi? The Security Rule requires CEs and BAs to implement security awareness and training programs for all members of their workforce (including management). How often does the vendor conduct training and who is required to participate? McGuireWoods 18

Conducting Effective Vendor Due Diligence Data Security Implementation Specifications (45 CFR 164.308-312) What is the vendor s password management policy? What is the vendor s data encryption policy? What is the vendor s policy regarding portable media? Does the vendor have a data backup plan and a disaster recovery plan? McGuireWoods 19

Conducting Effective Vendor Due Diligence Response and Reporting (45 CFR 164.308(a)(6)) Does the vendor have a protocol for investigating and responding to actual or potential breaches of ephi? The Security Rule requires the implementation of policies and procedures to identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the [CE or BA]; and document security incidents and their outcomes. The CE or BA should review a copy of the vendor s breach protocol or obtain a description of their breach identification and response processes. McGuireWoods 20

Conducting Effective Vendor Due Diligence Subcontractors Does the vendor use one or more subcontractors in connection with the services provided to the CE? If so, the CE should determine whether these subcontractors will have access to ephi and request information as to how the BA will evaluate the security and privacy practices of each subcontractor prior to retention. In general, BAs and BA subcontractors that store or transmit ephi outside of the CE s own IT infrastructure present more risk than BAs or subcontractors that simply access data on the premises of the CE or within the CE s information systems (cloud provider vs. software vendor). McGuireWoods 21

Business Associate Agreements A covered entity and a business associate are required to enter into a written agreement referred to as a Business Associate Agreement. The Business Associate Agreement provides that the business associate will safeguard individuals PHI when it is in the business associate s possession. The Business Associate Agreement must provide for termination by the non-breaching party in the event of a violation that is not cured. This is different from an NDA or other confidentiality agreement. Any use or disclosure of an individuals PHI by the business associate must be within the scope of the Business Associate Agreement and the HIPAA Privacy Rule. Includes regulatory requirements and negotiated provisions McGuireWoods 22

Negotiating with Business Associates Covered Entities can protect themselves against breach by a Business Associate with certain strategies Pre-contract diligence Audit Rights; annual review of vendors Require consent for downstream subcontractors Indemnification Insurance Covenant to encrypt PHI Return or destruction of PHI; Certifications Restrictions on off shore Use/Access/Disclosure of PHI McGuireWoods 23

HIPAA and Business Associate Enforcement Actions McGuireWoods 24

Raleigh Orthopaedic Clinic, P.A. (April 2016) Raleigh Orthopaedic Clinic, P.A. April 20, 2016 Agreed to settle potential violations for $750,000 The practice had released x-ray films and related PHI of 17,300 patients to a vendor for them to transfer the images to electronic media. Failed to execute a business associate agreement with the vendor! HIPAA s obligations on covered entities to obtain business associate agreements is more than a mere check-the-box paperwork exercise. It is critical for entities to know to whom they are handling PHI and to obtain assurances that the information will be protected. said OCR Director Jocelyn Samuels. McGuireWoods 25

North Memorial Healthcare (March 2016) North Memorial Healthcare of Minnesota March 2016 Agreed to settle potential violations of HIPAA for $1.55 million Theft of unencrypted laptop from a business associate s locked vehicle No business associate agreement with a vendor that had access to North Memorial s patient database! McGuireWoods LLP 26

Triple-S Management Corp. (November 2015) Triple-S Management Corp. November 30, 2015 Triple-S (formerly American Health Medicare, Inc.) agreed to settle potential violations of HIPAA for $3,500,000. Triple-S made multiple breach notifications to OCR resulted in investigation. Failure to conduct an accurate and thorough risk analysis. Failure to have appropriate BAAs in place with vendors. Failure to implement appropriate security safeguards. OCR remains committed to strong enforcement of the HIPAA Rules, said OCR Director Jocelyn Samuels. This case sends an important message for HIPAA Covered Entities not only about compliance with the requirements of the Security Rule, including risk analysis, but compliance with the requirements of the Privacy Rule, including those addressing business associate agreements and the minimum necessary use of protected health information. McGuireWoods LLP 27

Senior Health Partners Business Associate Breach (January 2015) Senior Health Partners business associate Premier Home Health caused the breach Registered Nurse working for Premier Home Health had her laptop and smart phone stolen Laptop was encrypted, but encryption key was stolen with laptop, and phone was not password protected or encrypted Contained potentially accessible e-mail containing ephi Result: 2,700 Members of Senior Health Partners affected Senior Health Partners forced to contact all health plan members who were affected McGuireWoods 28

Questions or Comments? www.mcguirewoods.com McGuireWoods 29

Key Legal Issues in EMR, HIPAA and Privacy Issues: Part 2 McGuireWoods 30

Part 2 Agenda EMR/IT System Enforcement Actions EMR Data Security Risks Other Data Security Hot Topics Text Messaging Social Media McGuireWoods 31

EMR/IT System Enforcement Actions McGuireWoods 32

EMR Data Security Risks Open workstations/emr terminals Workstations left unattended and station does not log the user out Users not informed or forget to log out immediately after use Improper deletion of information on previously used equipment Data governance issues Personal Devices (laptops, tablets, and smartphones) Devices containing PHI are stolen Failure to destroy or delete all information before disposal/ re-use of device One of most common ways for ephi breach Lack of Encryption Use encryption so that even if ephi is lost on something like a device, it is undecipherable and unusable Malicious Software McGuireWoods 33

Security Rule Compliance University of Washington Medicine December 14, 2015 UWM agreed to settle potential violations of HIPAA for $750,000. Potential violations of the Security Rule were discovered after UWM breach report that ephi of 90,000 patients was accessed after an employee downloaded an email attachment containing malware that compromised the UWM IT system. All too often we see covered entities with a limited risk analysis that focuses on a specific system such as the electronic medical record or that fails to provide appropriate oversight and accountability for all parts of the enterprise, said OCR Director Jocelyn Samuels. An effective risk analysis is one that is comprehensive in scope and is conducted across the organization to sufficiently address the risks and vulnerabilities to patient data. McGuireWoods LLP 34

Encryption Cancer Care Group PC September 2, 2015 Cancer Care Group agreed to settle potential violations of HIPAA for $750,000. An employee s laptop was stolen and accessed; contained PHI for 55,000 patients. Failure to conduct a company wide risk analysis following the breach. No policies dealing with the removal of hardware and electronic media. "Proper encryption of mobile devices and electronic media reduces the likelihood of a breach of protected health information. said OCR Director Jocelyn Samuels. McGuireWoods LLP 35

UCLA Health Breach (July 17, 2015) Four-hospital UCLA health was attacked by cyber criminals potentially starting as early as September 2014 Suspicious activity on the network was discovered in October 2014, but not until May 5, 2015 did UCLA realize attackers had access to its system UCLA can not yet tell if information was physically moved from the system Result: The medical records of an estimated 4.5 million people were potentially exposed Hackers had access to part of system where records could be accessed McGuireWoods 36

St. Elizabeth s Medical Center Enforcement Action (settled July, 2015) SEMC is a tertiary care hospital offering inpatient and outpatient services OCR received complaint alleging workforce members used internetbased document sharing application to store documents containing ephi of 498 individuals SEMC did not analyze the risks associated with such practice SEMC failed to timely identify and respond to the incident, mitigate its harmful effects, and document it and its outcome Resolution: Settlement of $218,400 with HHS SEMC must also institute a corrective action plan to cure gaps in the organization s HIPAA compliance program McGuireWoods 37

Other Data Security Hot Topics McGuireWoods 38

Three Principles 1. All it takes is a phone and the press of a button to cause a HIPAA Breach 2. News travels in an instant 3. Retrieval of PHI is almost always impossible McGuireWoods 39

Texting Issues Unable to verify identity of sender or receiver Unable to keep original message to verify order No assurance of delivery dependent on phone service Important to complete a risk assessment to determine whether texting fits into overall security profile Telling doctors not to text will probably not resolve the issue need to evaluate alternatives McGuireWoods 40

Texting Issues Joint Commission: not acceptable for physicians or licensed independent practitioners to text orders for patients to the hospital or other healthcare provider setting. Need to consider how this fits into electronic medical record Patient may be entitled to accounting of disclosures McGuireWoods 41

Patients are making Healthcare decisions based upon Social Media Information In a survey of more than a thousand consumers, more than two-fifths of individuals said social media affected their choice of a provider or organization. Forty-five percent said it impacted their decision to seek a second opinion; 34 percent said it influenced their decisions regarding medication selection and 32 percent said it would impact their choice of a health insurance plan. Source: PWC and HRI Social Media Consumer Survey, 2012 McGuireWoods 42

Benefits of Social Networking in Healthcare Single biggest risk is failure to participate Era of accountable care will require new strategies to engage patient populations and to manage population health Tools for collaboration and support with key internal and external customers Opportunities to build and support your brand McGuireWoods 43

Risks of Social Media Safety and security of patient information Discoverability and liability Patient consent issues Employment issues including administrative bullying Physician credentialing and licensing issues Boundary violations Ethical issues regarding the use of social media McGuireWoods 44

Current Privacy Issues Caused by New Technology Comments about patient care or clinical situations on FACEBOOK BLOGS about patient safety in hospitals TWEETS about cutting edge procedure in OR VIDEO of consent process, postoperative instructions or procedure on YOUTUBE EMAILS between providers regarding patient care or incident VIDEO of patient taken by family member on YOUTUBE PHOTOS that intentionally or inadvertently disclose patient information McGuireWoods 45

Dr. Tran Physician posted information about a patient on Facebook no name, but enough information to identify the patient OUTCOME: Fired by hospital Reprimanded by licensure board for unprofessional conduct McGuireWoods 46

Do I Need a Social Media Policy? Purposes of social media policy: Educate on proper uses of social media Establish guidelines to protect patient rights Reduce liability for provider organization and its employees Reduce risk of willful neglect However, a social media policy will not absolve all liability in the event of a significant breach Who should be involved in creating and maintaining policy? McGuireWoods 47

Elements of a Social Media Policy Definition of social media Guidelines for use of social media Penalties for HIPAA violations Address rogue employee conduct Provide for appropriate training at regular intervals Review of existing HIPAA-compliant communications policies & procedures Consistency and strict enforcement NLRB Guidance Review and revision of policy periodically McGuireWoods 48

Strategies to reduce liability Block access to social networking sites Develop policies and procedures Educate staff on policy and implications Routinely monitor the online presence of staff Define and disseminate information regarding disciplinary action for inappropriate use On hospital network; or From PDA Enforcement of policies McGuireWoods 49

Questions or Comments? www.mcguirewoods.com McGuireWoods 50

Document Number 79305578 v. 1 McGuireWoods 51

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback