United States: The New "Meaningful Use" Landscape: A Transition From Incentives To Penalties

Daniel Arking is an Associate in our Washington, D.C. office and Shannon Hartsfield Salimone is a Partner in our Tallahassee office.

HIGHLIGHTS:

  • Starting in 2015, eligible physicians and hospitals participating in the Medicare Electronic Health Records Incentive Program who do not adopt "meaningful" use" certified electronic health record (EHR) technology will no longer receive incentive payments but will face penalties in the form of a percentage reduction in their overall Medicare reimbursement.
  • The Centers for Medicare and Medicaid Services (CMS) has proposed a number of revised regulations allowing eligible entities an extended timeline to upgrade the latest certified version of current EHR technology.

Since 2011, the Centers for Medicare and Medicaid Services (CMS) has provided incentive payments to eligible physicians and hospitals that adopt and "meaningfully use" certified electronic health record technology (CEHRT). However, multiple recent developments, including penalties for failure to achieve meaningful use objectives and increasingly high-stakes audits, have significantly altered the landscape for participating providers.

Background of EHR Incentive Programs

The EHR Incentive Programs were established in 2010 as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act.1 Through these programs, CMS distributes incentive payments to eligible professionals (EPs) and eligible hospitals (EHs) that adopt and meaningfully use CEHRT, EHR technology certified by the Office of the National Coordinator for Health Information Technology (ONC). "Meaningful use" is based on specific objectives and clinical quality measures that pertain to the use of certain CEHRT functions. Each EP and EH must meet a specific set of "core" objectives, as well as a selection of "menu" objectives. For example, in Stage 1 of the Medicare EHR Incentive Program, every EP is required to meet 13 core objectives and five out of nine menu objectives.2

To demonstrate meaningful use of CEHRT, every EP and EH must attest to having met every applicable core objective and the required number of menu objectives as well as associated clinical quality measures. Attestation must be completed annually and is required in order to receive a meaningful use incentive payment for the applicable reporting year. Since 2011, CMS has paid over $23.4 billion in incentive payments to more than 608,000 entities.3

New Penalties for Failure to Meaningfully Use CEHRT

Currently, EPs and EHs that are not meaningful users of CEHRT do not receive the associated incentive payments. However, starting in 2015, such EPs and EHs participating in the Medicare EHR Incentive Program will incur potentially significant penalties, which CMS has characterized as "adjustments" to their overall Medicare reimbursements.4

Starting on Jan. 1, 2015, EPs that do not meaningful use CEHRT will be subject to a percentage reduction in their overall Medicare reimbursement under the Physician Fee Schedule (PFS) for the year. This reduction will begin at 1 percent in 2015 and will increase up to 5 percent by 1 percent increments each year. Therefore, EPs that are still not meaningful users of CEHRT in 2020 would receive only 95 percent of the amount specified in the PFS for that year. CMS will impose these penalties based on meaningful use in previous years, therefore EPs must have demonstrated meaningful use no later than 2014 in order to avoid these penalties in 2015. Specifically, EPs who first demonstrated meaningful use in either 2013 or 2014 must have been meaningful users for at least 90 days during their first year of use, and EPs who first demonstrated meaningful use in 2011 or 2012 must have been meaningful users for the entire year of 2013. To avoid penalties in subsequent years, EPs must have demonstrated meaningful use for the entire year for the two prior years. 5

EHs that do not meaningfully use CEHRT will incur reduced updates in their Medicare reimbursements under the Inpatient Prospective Payment System (IPPS) starting on Oct. 1, 2014, when the fiscal year 2015 IPPS becomes effective. These reductions will begin at 25 percent in fiscal year 2015 and increase up to 75 percent by 25 percent increments per year.6 As with EPs, CMS will impose these penalties based on meaningful use in prior years. Specifically, EHs that first demonstrated meaningful use in 2011 or 2012 must have demonstrated meaningful use during the entire fiscal year 2013, while EHs that first demonstrated meaningful use in fiscal year 2013 must have done so for at least 90 days during that year. All other EHs must meaningfully use CEHRT for a period of at least 90 days during the first nine months of fiscal year 2014 (by July 1, 2014) to avoid penalties in fiscal year 2015. To avoid penalties in subsequent years, EPs must have demonstrated meaningful use for the entire year two years prior.7

In the event that they are unable to demonstrate meaningful use for reasons beyond their control, EPs and EHs that are granted a hardship exemption by CMS will be able to avoid any penalties, despite not being able to demonstrate meaningful use. However, these exemptions are only available in limited and very specific circumstances.

EPs may claim a hardship exemption based on the following circumstances:

  • Lack of Infrastructure: The EP practiced in an area without sufficient Internet access to comply with the meaningful use objectives requiring Internet connectivity and faced insurmountable barriers to obtaining a sufficient Internet connection.
  • Extreme or Uncontrollable Circumstances: The EP experienced a natural disaster, practice closure, bankruptcy/debt restructuring or EHR vendor issues, including loss of EHR vendor certification, closure of EHR vendor or 2014 EHR vendor certification issues and delays.
  • Lack of Control Over Availability of CEHRT: The EP works at multiple locations and is unable to control the availability of CEHRT at one or more such locations that account for more than 50 percent of the EPs total patient encounters.
  • Lack of Face-to-Face Interaction: The EP has a complete lack of face-to-face patient interaction and follow-up or such interactions are extremely rare and not part of the EPs' ordinary scope of practice.

In order to claim one of these exceptions, EPs must submit an application to CMS no later than July 1, 2014.8 If granted, the exception is valid for one year, and EPs may reapply annually for up to five years.

EHs may claim a hardship exemption based on the following circumstances:

  • Lack of Infrastructure: the EH was located in an area without sufficient Internet access to comply with the Meaningful Use objectives requiring Internet connectivity and faced insurmountable barriers in obtaining sufficient Internet connectivity.
  • New Eligible Hospitals: The EH was newly eligible to participate and thus did not have time to become a meaningful user for the entire attestation period.
  • Unforeseen Circumstances: The EH experienced a natural disaster, closure, bankruptcy/debt re-structuring or EHR vendor issues, including loss of EHR vendor certification, closure of EHR vendor, or 2014 EHR vendor certification issues and delays.

The deadline for EHs to claim a hardship exception for fiscal year 2015 passed on April 1, 2014. However, the application to claim an exemption for fiscal year 2016 is expected to become available soon.

Meaningful Use Audits

Since 2012, CMS – through its contractor, Figliozzi and Company – has audited the meaningful use attestations of EPs and EHs that participate in the Medicare EHR Incentive Program or that are eligible for both the Medicare and Medicaid EHR Incentive Programs.9 However, with more entities participating and more incentive payments being distributed, the stakes of these audits have never been higher. A failed audit could result in CMS' recoupment of its incentive payments, and the discovery of knowingly false claims could lead to additional civil penalties and criminal prosecution.

An audit of a meaningful use attestation may be conducted either prior to or after (and potentially many years after) CMS' distribution of the associated incentive payment. The audit may be limited to verifying that the EP or EH had access to CEHRT during the attestation period or may encompass every core and menu objective and clinical quality measure to which the entity attested. Regardless of its timing and scope, every meaningful use audit will focus on the documentation that was used as the basis for the attestation. Therefore, in order to successfully complete the audit process, all EPs and EHs should maintain sufficient documentation to validate their attestations regarding every core and menu objective as well as every clinical quality measure. Certain objectives can be validated based on information generated by the CEHRT, but other objectives require alternative documentation. CMS has provided guidance on the type of documentation that is necessary to validate these objectives.10

Protection of Electronic Health Information Through a Security Risk Analysis

Of all meaningful use objectives, EPs and EHs alike have particularly struggled to document their efforts to protect electronic health information, a core objective that requires EPs and EHs conduct or review any security risk analysis and implement necessary updates.11

The security risk analysis requirement is borrowed from the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.12 This rule requires covered entities to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information (ePHI), and to implement security measures to reduce those risks.13

The government has published extensive guidance outlining how security risk assessments should be conducted. For example, in 2011, the National Institute of Standards and Technology (NIST) published a HIPAA Security Toolkit Application,14 and in Dec. 2013, CMS issued a tip sheet for conducting a data security risk analysis.15 Most recently, in March of 2014, the Department of Health and Human Services published a security risk assessment tool designed to help small- to medium-sized healthcare providers comply with HIPAA's risk analysis requirement.16

Under the Security Rule, most covered entities were required to conduct a documented risk analysis by April 21, 2005.17 However, many covered entities, including current participants in the EHR Incentive Programs, are likely not in full compliance with this requirement. Such entities may have not recently conducted a security risk analysis; have conducted an analysis that does not comply with NIST standards; or have conducted an analysis, but have not implemented the necessary updates to reduce the identified risks. Any such issues could potentially lead to a failed meaningful use audit.

Lessons Learned

In assisting many clients with security risk analyses and guiding others through meaningful use attestation and audits, a number of good lessons and best practices have been formulated. Although none of these lessons can guarantee a successful audit, they may ease the burden of the audit process and increase the chances of a successful outcome.

  • In preparing an attestation, clearly understand exactly what documentation and other information will be necessary to meet each core and menu objective and clinical quality measure that will be included in the attestation. The provider should collect this information under the assumption that the attestation will be audited. This effort may require additional resources upfront, but entities will have much more difficulty identifying and collecting this information months or years later during an audit.
  • Maintain all attestation documentation in a well organized, centralized location. CMS has recommended maintaining these records for at least six years following attestation. Due to the outside statute of limitations under the federal False Claims Act, it is typically recommended that these records be maintained for at least 10 years.18
  • Do not rely on their EHR vendors to certify that they have met certain objectives or clinical quality measures in lieu of the proper documentation. Other than verifying that their customers have access to certified EHR technology, vendors generally do not have the ability to verify their customers' use of the technology.
  • Check regularly for notification of an audit. Notifications are issued via email to the address provided during registration in the EHR Incentive Program, which may not be the email address of the administrator who coordinated the attestation that is subject to the audit. Thus, for example, notification of an EP's attestation could be sent directly to the physician, rather than the physician's office manager or administrative assistant. Moreover, audit notifications may come with no advance warning or follow-up reminders. It is therefore very easy to fail an audit simply for having missed the notification email.
  • Upon receipt of an audit notification, understand the exact scope of the audit and the applicable deadlines to respond. Figliozzi may grant a short extension, but this could be limited to special circumstances.
  • IIf unable to validate the attestation with the recommended documentation, it is critical to gather all documents that indicate that the EP or EH did, in fact, achieve the objective or clinical quality measure at issue. For example, if an EP did not perform a NIST-compliant security risk analysis during the attestation period, it may be able to document that an appropriate risk analysis and corrective actions, as necessary, were conducted with EHR maintenance logs, invoices from EHR vendors and other computer consultants, documented office protocols, minutes of internal compliance committee meetings or partner meetings, or staff training materials regarding data security. Such documents may be located among those records maintained in connection with the organization's other compliance documents from the HIPAA security official or privacy official's records, or the records related to selection of the EHR vendor. The entity's malpractice insurer may have reviewed the entity's EHR and conducted a risk assessment in connection with setting insurance premiums. Although not ideal, such alternative documentation may be sufficient to satisfy the audit, as long as it is responsive to the objective and pertains to the EP or EH with regard to the audit during the correct attestation period.
  • Do not under any circumstances knowingly provide false information as part of a meaningful use attestation. Knowingly providing false information, such as attesting to an objective that the entity knows it has not actually achieved, could lead to civil penalties or criminal prosecution under the federal False Claims Act, among other federal statutes.

Ultimately, it is not possible to predict with certainty whether a given attestation will be audited or whether the response to an audit will be successful. However, these lessons could potentially ease the burden of responding to an audit and increase the likelihood that the response will be successful.

CMS Proposes Additional Flexibility in Meaningful Use Attestation

To date, EHR systems have been certified under standards established by the ONC in 2011. However, under current regulations, all EPs and EHs participating in either the Medicare or Medicaid EHR Incentive Program must upgrade their systems to be certified under new 2014 standards.19 However, since the 2014 standards were issued, many EHR vendors have not been able to upgrade their products or obtain certification of their upgraded products from ONC. Moreover, the large number of EPs and EHs in need of upgraded software has created significant backlogs for vendors, who simply have not been able to install their upgraded products fast enough for EPs and EHs to meet upcoming attestation deadlines. In response, CMS has proposed revisions to its regulations that would extend the timeline EPs and EHs have to adopt EHR technology certified to 2014 standards and attest to certain meaningful use objectives.20 Specifically, CMS has proposed:

  • EPs and EHs that cannot attest to meaningful use based on 2014 standards in the current reporting cycle may attest to meaningful use based on 2011 standards or a combination of 2011 and 2014 standards. Exclusive use of 2014 CEHRT will not be required until the 2015 meaningful use attestation cycle.
  • To avoid incentivizing adoption of an outdated product, EPs and EHs that seek to adopt, implement or upgrade to certified EHR technology in their first year of participation must adopt, implement or upgrade to 2014 CEHRT. As a result, EHR vendors will not be able to sell 2011 CEHRT as certified EHR technology.
  • EPs and EHs that attest to meaningful use in 2014 based on 2011 standards will be required to attest to 2013 Stage 1 objectives and associated clinical measures, regardless of their current stage of meaningful use.
  • EPs and EHs that utilize a combination of 2011 and 2014 standards may attest to meaningful use in 2014 based on either 2013 or 2014 Stage 1 objectives and associated clinical measures.
  • EHs and EPs that are scheduled to begin Stage 2 in 2014 may attest to meaningful use in 2014 based on 2014 Stage 1 objectives and associated clinical measures.
  • EPs and EHs that began participating in the EHR Incentive Program in 2011 or 2012 may continue to attest to meaningful use based on Stage 2 objectives and measures for an additional year before having to transition to Stage 3 objectives and measures in 2017, rather than in 2016 as currently required.
  • EPs and EHs would be given additional flexibility in their reporting of certain clinical quality measures as part of their 2014 meaningful use attestation.

In order to take advantage of any of these changes, EPs and EHs would have to attest that they were unable to fully implement 2014 standards because of issues related to delays in its availability from EHR vendors.

CMS is currently accepting comments in response to these proposed changes until July 21, 2014. Because the changes that CMS has proposed could substantially impact the attestation process for 2014 and subsequent years, all interested stakeholders (including EPs and EHs) should consider commenting on these proposed rules.

Higher Stakes of Participation in EHR Incentve Programs Require Greater Diligence in Demonstrating Meaningful Use

CMS has distributed billions of dollars to EPs and EHs to incentivize the adoption of EHR technology, and these incentive programs have attracted significant participation among eligible EPs and EHs. However, the transition to penalties for failure to meaningfully use CEHRT and the increased stakes of meaningful use audits have substantially altered the landscape for participating entities. They must now be more diligent in rigorously documenting their achievement of all applicable core and menu objectives and clinical quality measures. Failure to adhere to these recordkeeping standards could lead to forfeiture of previously issued incentive payments, civil penalties or criminal prosecution. Moreover, the terms of these requirements remain subject to change throughout the rulemaking process. All participating entities should carefully consider the potential impact of these rulemakings on their ability to attest to meaningful use of CEHRT and the possible value of submitting comments to CMS.

Footnotes

1 See Pub. L 111-5, Tit. XII, 123 Stat. 115, 111th Cong, Feb. 17, 2009.

2 The lists of core and menu objectives for EPs and EHs were revised for Stage 2 of the Medicare EHR Incentive Program and are expected to be revised further for Stage 3, which is not scheduled to begin until 2016. EPs and EHs participating in the Medicaid EHR Incentive Program are subject to similarly structured sets of core and menu objectives, although specific objectives many vary between the two programs.

3 See CMS, Combined Medicare and Medicaid payments By State, Jan. 2011 - Apr. 2014 (Apr. 2014), available at http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Downloads/April2014_
PaymentsbyStatebyProgram.pdf
.

4 These penalties do not apply to participants in the Medicaid EHR Incentive Program.

5 Penalties in 2016 will be based on only 90 days of meaningful use in 2014.

6 Thus, if an EH is not a meaningful user on Oct. 1, 2015 and the fiscal year 2015 IPPS provides for a 2 percent increase, then that EH will receive an increase of just 1.5 percent. If that EH still fails to become a meaningful user by Oct. 1, 2016 and the fiscal year 2017 IPPS provides for a 2 percent increase, the EH will receive an increase of just 0.5 percent. Moreover, these reduced increases are cumulative for each year that the EH fails to become a meaningful user.

7 Penalties in 2020 will be based on meaningful use in 2019, not 2018.

8 See CMS, Eligible Professional 2015 Hardship Exception Application, available at http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Downloads/HardshipException
_EP_Application.pdf
.

9 Entities that participate in the Medicaid EHR Incentive program and are not dually eligible for the Medicare program are subject to audit by the states.

10 See CMS, EHR Incentive Programs: Supporting Documentation for Meaningful Use Audits (Feb. 2013), available at http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Downloads/EHR_Supporting
Documentation_Audits.pdf
. For example, documentation of objectives related to conducting drug-drug interaction checks or drug formulary checks should be validated by screenshots of the EHR system showing the appropriate information and dated within the applicable attestation period.

11 See 42 C.F.R. §495.6(d)(15).

12 HIPAA is codified at 42 U.S.C. §1320d through d-9. The HIPAA Security Rule is found at 45 C.F.R Parts 160 and Subparts A and C of Part 164. The specific parameters of the security risk analysis are set forth in 45 C.F.R. §164.308(a)(1)(ii).

13 See 45 C.F.R. §164.308(a)(1)(ii).

14 See NIST, HIPAA Security Rule Toolkit, available at http://scap.nist.gov/hipaa/.

15 See CMS, Security Risk Analysis Tipsheet: Protecting Patients' Health Information (Dec. 2013), available at http://cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Downloads/SecurityRisk
Assessment_FactSheet_Updated20131122.pdf
.

16 See ONC, Security Risk Assessment, available at http://www.healthit.gov/providers-professionals/security-risk-assessment.

17 See Centers for Medicare & Medicaid Services, Health Insurance Reform: Security Standards, 68 Fed. Reg. 8,334 (Feb. 20, 2003).

18 See 31 U.S.C. §3731(b) (indicating that a civil action under §3730 may not be brought more than six years after the date on which the violation of section 3729 is committed, or more than three years after the date when material facts are or should have been known, but in no event more than 10 years after the date on which the violation is committed, whichever occurs last).

19 See 45 C.F.R. §170.102.

20 See Centers for Medicare & Medicaid Services, Modifications to the Medicare and Medicaid Electronic Health Record Incentive Programs for 2014, 79 Fed. Reg. 29,732 (May 23, 2014).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
 
In association with
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Registration
Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:
  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.
  • Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.
    If you do not want us to provide your name and email address you may opt out by clicking here
    If you do not wish to receive any future announcements of products and services offered by Mondaq you may opt out by clicking here

    Terms & Conditions and Privacy Statement

    Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

    Use of www.mondaq.com

    You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.

    Disclaimer

    Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

    The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.

    Registration

    Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

    • To allow you to personalize the Mondaq websites you are visiting.
    • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
    • To produce demographic feedback for our information providers who provide information free for your use.

    Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

    Information Collection and Use

    We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

    We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

    Mondaq News Alerts

    In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.

    Cookies

    A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

    Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

    Log Files

    We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

    Links

    This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

    Surveys & Contests

    From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.

    Mail-A-Friend

    If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.

    Emails

    From time to time Mondaq may send you emails promoting Mondaq services including new services. You may opt out of receiving such emails by clicking below.

    *** If you do not wish to receive any future announcements of services offered by Mondaq you may opt out by clicking here .

    Security

    This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

    Correcting/Updating Personal Information

    If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

    Notification of Changes

    If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

    How to contact Mondaq

    You can contact us with comments or queries at enquiries@mondaq.com.

    If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.

    By clicking Register you state you have read and agree to our Terms and Conditions