Conflict of Interest or Interesting Conflict: The Rules of Professional Responsibility
Meet HIPAA1
Gordon J. Apple, Esq.
Robert A. Wells, Esq.
“In civilized life, law floats in a sea of ethics.”
Supreme Court Chief Justice Earl Warren2
“Our society is truly an information society, our time an information age. The
question before us now is whether the kind of society we are creating is the one
that we want.” Professor Richard Mason in Four Ethical Issues for the
Information Age3
Introduction
On January 25, 2013, final rules implementing changes to HIPAA Privacy, Security and
Breach Notification Rules were published in the Federal Register.i The final rules are a
wake-up call for lawyers and law firms that qualify as business associates of covered
entities to determine whether they are able to comply with regulatory requirements that
now apply directly to them;ii the violation of which can end in fines, penalties and, in
extreme cases, jail.iii
HIPAA is an acronym for the Administrative Simplification provisions of the Health
Insurance Portability & Accountability Act of 1996.iv HIPAA provides a framework
under its Privacy and Security Rules for the protection of patient confidentiality, security
of electronic systems, and standards and requirements for the use, disclosure and
electronic transmission of what is defined as “Protected Health Information”v or PHI.
The Breach Notification Rules outline notice and mitigation requirements when
unsecured PHI is acquired, accessed, used, or disclosed in violation of the Privacy and/or
Security Rules. In real life, this means an unencrypted laptop computer with protected
health information that is stolen from a car or office.
1
Copyright © 2013,2014 Gordon J. Apple, All rights reserved – used with permission.
Earl Warren, Speech, 1962, New Haven, Connecticut. The quote goes on to state: “Society would come
to grief without ethics which is unenforceable in the courts and cannot be made part of law…. There is thus
a law beyond the law, as binding on those of us who love our institutions as the law itself, although there is
no human power to enforce it.”
3
Management Information Systems Quarterly. Volume 10, Number 1, March, 1986. Dr. Mason used the
acronym PAPA to set fourth his view that the four key ethical issues for the information age were privacy,
accuracy, property and accessibility.
2
An organization or individual originally required to comply with the HIPAA rules is
defined as a “covered entity” (“CE”). Many lawyers and law firms have entered into
“business associate” contracts with covered entities such as hospitals, nursing homes and
physician groups to have access to PHI to provide legal advice. The contracts require the
law firm to follow applicable HIPAA requirements to assure the privacy and security of
the information provided and to notify the covered entity client in the event of a breach
involving the impermissible use or disclosure of PHI. Now, lawyers and their firms have
both contractual liability under business associate contracts as well as direct legal liability
pursuant to statute and regulations.
Becoming a Business Associate
If your firm represents a CE and needs access to the CE’s ePHI or PHI in order to provide
its legal services the firm qualifies as business associate and the CE is required to have a
contractual relationship with it.4 Or, if you serve as co-counsel to a firm that has a
business associate relationship with a CE and they provide you PHI or ePHI to
assist….congrats, you are a BA in that case too! So, now that you know you have to
comply with certain aspects of HIPAA, the question becomes whether there is anything
else you should lose sleep over and of course, the answer is yes. The American Bar
Association (ABA) Model Rules of Professional Conduct set forth a number of duties
that, on a conceptual level, need to be married with various HIPAA requirements in a
cogent whole so that lawyers can fulfill their legal, contractual and ethical obligations.5
ABA Model Rules of Professional Conduct that Intersect with HIPAA
Requirements
The following is a brief discussion of some ethical issues that lawyers need to think about
in the context of providing legal services as a business associate under HIPAA. The
purpose of this paper is not to define all the rules of the ethical road, but rather to serve as
a reminder that Justice Warren’s “sea of ethics” can be a turbulent one. As part of their
analysis of the nexus between HIPAA and ethics all lawyers should also acquaint
themselves with the work of the American Bar Association’s Commission on Ethics
20/20 (“ABA 20/20”) and its resolutions regarding “Technology and Confidentiality” and
“Outsourcing” that were adopted by the ABA House of Delegates in August of 2012. In
adopting the resolutions, the ABA made changes to the Model Rules to address the
increasingly complex world of information technology and attorney/client relationships.6
A.
Rule 1.1 Competence
4
Examples include malpractice defense counsel reviewing potential claims, fraud and abuse counsel
reviewing billing records and underlying medical records documentation, counsel representing parties to a
medical staff dispute and M&A counsel conducting due diligence.
5
It is also important to review state ethical rules to determine if there they differ or are in sync with the
ABA. As discussed below regarding the issue of metadata, there are times when the ABA and individual
state bars go their separate ways.
6
http://www.americanbar.org/content/dam/aba/administrative/ethics_2020/20120808_revised_resolution_1
05a_as_amended.authcheckdam.pdf
Conflict of Interest or Interesting Conflict: The Rules of Professional Responsibility Meet HIPAA
Gordon J. Apple & Robert A. Wells
2
A lawyer shall provide competent representation to a client. Competent
representation requires the legal knowledge, skill, thoroughness, and
preparation reasonably necessary for the representation.
With respect to the requirement of competence under Rule 1.1, two of the requirements
stand out in the context of HIPAA.
First, there is the requirement of legal knowledge. This means that if lawyers agree to be
business associates, then they better have more than a passing knowledge about HIPAA
with respect to the requirements their clients need to meet as well as the regulatory
requirements that they will need to meet as a business associate. For example, under the
preamble to the final rule it is noted that “any privacy rule limitation on how a covered
entity may use or disclose protected health information automatically extends to a
business associate.” 78 Fed. Reg. 5597. If you don’t know what a “privacy rule
limitation” is, you might not have the appropriate level of legal knowledge.
Second, is the issue of “preparation reasonably necessary for the representation” required
under Rule 1.1. It is not without irony that the HITECH final rule commentary notes:
“[w]e acknowledge that some business associates, particularly the smaller or less
sophisticated business associates that may have access to electronic protected
health information for limited purposes, may not have engaged in the formal
administrative safeguards such as having performed a risk analysis, established a
risk management program, or designated a security official, and may not have
written policies and procedures, conducted employee training, or documented
compliance as the statute and these regulations would now require.”
Although it may be permissible to sign a BAA without having implemented these various
requirements, is a lawyer reasonably “prepared” under Rule 1.1 if they access ePHI
before implementing the applicable Security Rule requirements related to risk analysis
and management?
Comments 1, 4 and 8 to Rule 1.1 provides guidance on these issues.
1. In determining whether a lawyer employs the requisite knowledge and skill in a
particular matter, relevant factors include the relative complexity and specialized
nature of the matter, the lawyer’s general experience, the lawyer’s training and
experience in the field in question, the preparation and study the lawyer is able to
give the matter, and whether it is feasible to refer the matter to, or associate or
consult with, a lawyer of established competence in the field in question. In many
instances, the required proficiency is that of a general practitioner. Expertise in a
particular field of law may be required in some circumstances.
Conflict of Interest or Interesting Conflict: The Rules of Professional Responsibility Meet HIPAA
Gordon J. Apple & Robert A. Wells
3
4. A lawyer may accept representation where the requisite level of competence
can be achieved by reasonable preparation. This applies as well to a lawyer who
is appointed as counsel for an unrepresented person. See also Rule 6.2.
8. To maintain the requisite knowledge and skill, a lawyer should keep abreast of
changes in the law and its practice, including the benefits and risks associated
with relevant technology, engage in continuing study and education and comply
with all continuing legal education requirements to which the lawyer is subject.
(Underlined text added by ABA 20/20)
Comment 8, assumes an ongoing duty for a lawyer to actively stay abreast of an ever
changing technology environment. For example, all lawyers who use Microsoft’s
Windows XP as the operating system on their computer should be aware of the fact that
security updates for Windows XP will no longer be provided after April 8, 2014, and that
the risks associated with its continued use are likely too high to satisfy ethical and/or
HIPAA related requirements.
B.
Rule 1.6 Confidentiality of Information
(a) A lawyer shall not reveal information relating to the representation of a
client unless the client gives informed consent, the disclosure is impliedly
authorized in order to carry out the representation or the disclosure is
permitted by paragraph (b)….
(c) A lawyer shall make reasonable efforts to prevent the inadvertent or
unauthorized disclosure of, or unauthorized access to, information relating to
the representation of a client. (Subsection c was added by ABA 20/20)
A lawyer representing health care clients needs to address this rule at three different
levels; contractual in terms of the limitations (subject to the requirements of Rule 1.2)
and requirements contained in a BAA, legally, in the context of HIPAA requirements and
ethically in the context of adhering to the spirit as well as the express requirements of the
rule.
Comments 18 and 19 to the rule, heavily modified by ABA 20/20, are instructive of the
ethical duties entailed in meeting confidentiality requirements
[18] Paragraph (c) requires a lawyer to act competently to safeguard
information relating to the representation of a client against unauthorized access
by third parties and against inadvertent or unauthorized disclosure by the lawyer
or other persons who are participating in the representation of the client or who
are subject to the lawyer’s supervision. See Rules 1.1, 5.1 and 5.3. The
unauthorized access to, or the inadvertent or unauthorized disclosure of,
information relating to the representation of a client does not constitute a
violation of paragraph (c) if the lawyer has made reasonable efforts to prevent
the access or disclosure. Factors to be considered in determining the
Conflict of Interest or Interesting Conflict: The Rules of Professional Responsibility Meet HIPAA
Gordon J. Apple & Robert A. Wells
4
reasonableness of the lawyer’s efforts include, but are not limited to, the
sensitivity of the information, the likelihood of disclosure if additional safeguards
are not employed, the cost of employing additional safeguards, the difficulty of
implementing the safeguards, and the extent to which the safeguards adversely
affect the lawyer’s ability to represent clients (e.g., by making a device or
important piece of software excessively difficult to use). A client may require the
lawyer to implement special security measures not required by this Rule or may
give informed consent to forgo security measures that would otherwise be
required by this Rule. Whether a lawyer may be required to take additional steps
to safeguard a client’s information in order to comply with other law, such as
state and federal laws that govern data privacy or that impose notification
requirements upon the loss of, or unauthorized access to, electronic information,
is beyond the scope of these Rules. For a lawyer’s duties when sharing
information with nonlawyers outside the lawyer’s own firm, see Rule 5.3,
Comments [3]-[4].
[19] When transmitting a communication that includes information relating to
the representation of a client, the lawyer must take reasonable precautions to
prevent the information from coming into the hands of unintended recipients. This
duty, however, does not require that the lawyer use special security measures if
the method of communication affords a reasonable expectation of privacy. Special
circumstances, however, may warrant special precautions. Factors to be
considered in determining the reasonableness of the lawyer's expectation of
confidentiality include the sensitivity of the information and the extent to which
the privacy of the communication is protected by law or by a confidentiality
agreement. A client may require the lawyer to implement special security
measures not required by this Rule or may give informed consent to the use of a
means of communication that would otherwise be prohibited by this
Rule. Whether a lawyer may be required to take additional steps in order to
comply with other law, such as state and federal laws that govern data privacy, is
beyond the scope of these Rules. (Underlined text added by ABA 20/20)
Comment 18 has significantly raised the stakes from an ethical point of view, but in many
ways is not much different than the security risk assessment analysis and scalable risk
management requirements imposed under the HIPAA Security Rule. At a minimum, it
would be prudent to develop an early understanding with clients as to the level of security
safeguards to be provided to various types of communications and activities.
Comment 19 as revised by ABA 20/20, is an acknowledgement that the landscape of
state privacy, security and breach notification laws is an ever changing one that cannot be
ignored.
Rule 1.6 - Lawyers and Metadata
Conflict of Interest or Interesting Conflict: The Rules of Professional Responsibility Meet HIPAA
Gordon J. Apple & Robert A. Wells
5
If you are reading this and don’t have a clue what metadata is, at worse your
license to practice law may be at risk, while at best you should realize that you may not
be a particularly good HIPAA business associate. The ABA defined metadata in a press
release regarding a controversial ethics opinion it issued in November of 2006 as follows:
[M]etadata is ubiquitous in electronic documents, and includes such information
as the last date and time that a document was saved and by whom, data on when it
was accessed, the name of the owner of the computer that created the document
and the date and time it was created, and a record of any changes made to the
document or comments written into it.
http://www.abanet.org/abanet/media/release/news_release.cfm?releaseid=48
The opinion was controversial in that it stated that lawyers are free to look at metadata in
the electronic documents they receive. At the time the opinion was issued, the ABA was
aware its position was not universal, noting that “[t]he opinion is contrary to the view of
some legal ethics authorities, which have found it ethically impermissible as a matter of
honesty for lawyers to search documents they receive from other lawyers for metadata or
to use what they find….” For example, in Arizona, attorneys are not permitted to
examine documents to determine if they contain metadata. Arizona Bar Association
Ethics Opinion 07-03.
ABA 20/20 has since addressed the issue of metadata under revisions to Rule 4.4 Respect for Rights of Third Parties. Subsection b has been revised to read:
(b) A lawyer who receives a document or electronically stored information
relating to the representation of the lawyer's client and knows or reasonably
should know that the document or electronically stored information was
inadvertently sent shall promptly notify the sender.
The following provisions of comment 2 and 3 address the issue of metadata as follows:
(2) For purposes of this Rule, ‘‘document or electronically stored information’’
includes, in addition to paper documents, email and other forms of electronically
stored information, including embedded data (commonly referred to as
“metadata”), that is subject to being read or put into readable form. Metadata in
electronic documents creates an obligation under this Rule only if the receiving
lawyer knows or reasonably should know that the metadata was inadvertently
sent to the receiving lawyer.
[3] Some lawyers may choose to return a document or delete electronically
stored information unread, for example, when the lawyer learns before receiving
it that it was inadvertently sent. Where a lawyer is not required by applicable law
to do so, the decision to voluntarily return such a document or delete
electronically stored information is a matter of professional judgment ordinarily
reserved to the lawyer. See Rules 1.2 and 1.4.
Conflict of Interest or Interesting Conflict: The Rules of Professional Responsibility Meet HIPAA
Gordon J. Apple & Robert A. Wells
6
The issue of metadata is just one example of the need to have a hefty geek quotient when
it comes to complying with HIPAA and with applicable Rules of Professional Conduct.
Rule 1.6 and Government Investigations
(b) A lawyer may reveal information relating to the representation of a client
if:
(1) the client gives informed consent;
As business associates, law firms are subject to government audits with respect to HIPAA
compliance. It is likely that such an audit will be intrusive and may expose what would
otherwise be attorney client privileged information to third party review. Law firms will
need to think about this issue at the time of the engagement, in structuring their records,
both paper and electronic and the options that might be available to limit disclosures of
otherwise privileged information, both intentional and inadvertent during a government
audit/investigation. This also becomes and issue in the context of how to maintain closed
files that may contain information that may be subject to a government audit.
Lawyers in the 8th Circuit should also acquaint themselves with the theory of selective
waiver. The theory of selective waiver provides that a party’s voluntary disclosure of
privileged materials to the government does not necessarily waive the privilege in civil
litigation. The theory was first adopted by the Eighth Circuit in Diversified Industries Inc.
v. Meredith, 572 F.2d 596 (8th Cir. 1978) (en banc). Every other circuit to consider the
theory has rejected it.
Rule 1.6 and Independent Contractors
The obligation to maintain the confidentiality of client information as required under the
professional rules of conduct does not stop at the law firm door without regard to HIPAA.
However, HIPAA does require heightened vigilance and lawyers need to make sure that
independent contractors that assist them in fulfilling any of the obligations they undertake
relative to legal services provided to covered entity clients can also meet applicable
HIPAA requirements. To do this, it will be important for law firms to engage in a certain
level of due diligence. For example, a law firm might want to query independent
contractors whether or not they know about HIPAA and, assuming that they do, to ask
them what sort of HIPAA privacy and security policies and safeguards they have in
place. It will also be important to understand when an independent contractor becomes an
agent under the federal common law of agency. The reason for this is that as a business
associate, the law firm would be vicariously liable for civil penalties under HIPAA for
the acts of its agents within the scope of the agency.
It is not unusual for a firm to hire warm, but smart, bodies either independently or
through a staffing organization to help in large scale document discovery. If you fit that
fact scenario with discovery involving ePHI or PHI, then the subcontractor will need to
meet the business associate requirements applicable to the firm and will expose the firm
Conflict of Interest or Interesting Conflict: The Rules of Professional Responsibility Meet HIPAA
Gordon J. Apple & Robert A. Wells
7
to vicarious liability to the extent it is considered an agent rather than a true independent
contractor. One can easily imagine a scenario where an independent contractor
inadvertently causes a breach of unsecured PHI and hopes nobody notices – until
someone does.
In addition, lawyers in corporate legal departments may have to manage the additional
complexity of attempting to ensure the HIPAA compliance of engaged outside law firms.
In-house counsel should consider an outside law firm’s HIPAA compliance capabilities,
and at a minimum add appropriate business associate language into engagement letters
when the services involve the possible disclosure of PHI.
ABA 20/20 in addressing the issue of outsourcing and independent contractors made
changes to the comments to Rule 5.3 – Responsibilities Regarding Nonlawyer
Assistance that require a level of due diligence to assure the nonlawyer’s services are
compatible with professional ethical obligations. The comment states:
[3] A lawyer may use nonlawyers outside the firm to assist the lawyer in
rendering legal services to the client. Examples include the retention of an
investigative or paraprofessional service, hiring a document management
company to create and maintain a database for complex litigation, sending client
documents to a third party for printing or scanning, and using an Internet-based
service to store client information. When using such services outside the firm, a
lawyer must make reasonable efforts to ensure that the services are provided in a
manner that is compatible with the lawyer’s professional obligations. The extent
of this obligation will depend upon the circumstances, including the education,
experience and reputation of the nonlawyer; the nature of the services involved;
the terms of any arrangements concerning the protection of client information;
and the legal and ethical environments of the jurisdictions in which the services
will be performed, particularly with regard to confidentiality. See also Rules 1.1
(competence), 1.2 (allocation of authority), 1.4 (communication with client), 1.6
(confidentiality), 5.4(a) (professional independence of the lawyer), and 5.5(a)
(unauthorized practice of law). When retaining or directing a nonlawyer outside
the firm, a lawyer should communicate directions appropriate under the
circumstances to give reasonable assurance that the nonlawyer's conduct is
compatible with the professional obligations of the lawyer.
All of the above points to the need to evaluate due diligence requirements and to have
appropriate scalable contracting policies in place.
C.
Rule 1.2 Scope of Representation and Allocation of Authority Between Client
and Lawyer
(c) A lawyer may limit the scope of the representation if the limitation is
reasonable under the circumstances and the client gives informed consent.
Conflict of Interest or Interesting Conflict: The Rules of Professional Responsibility Meet HIPAA
Gordon J. Apple & Robert A. Wells
8
The issue under Rule 1.2 that lawyers need to think about is whether there are ways to
limit their engagement in such a way as to minimize risks associated with being a
business associate. For example, is it possible to place a limitation on the relationship
such that the client is not permitted to share with the law firm any ePHI so that the law
firm can avoid the need to fulfill HIPAA Security Rule requirements? Can you place the
burden on the client to provide and manage secure mobile media such as laptops or cell
phones that will only be used for that client? Another key question is when is it
appropriate to attempt to limit the representation?
Comment 7 to Rule 1.2 notes:
Although this rule affords the lawyer and client substantial latitude to limit the
representation, the limitation must be reasonable under the circumstances.
In addition, it is important to be mindful of Comment 8 to Rule 1.2 which provides:
All agreements concerning a lawyer's representation of a client must accord with
the Rules of Professional Conduct and other law. See, e.g., Rules 1.1, 1.8 and 5.6.
Finally, it is also important to consider the impact of Rule 1.7 on any potential limitation.
Note 10 to Rule 1.7 provides that “[t]he lawyer’s own interests should not be permitted
to have an adverse affect on representation of a client.”
D.
Rule 1.8 Conflict of Interest – Current Clients – Specific Rules
Rule 1.8 (h)(1) provides that “a lawyer shall not make an agreement prospectively
limiting the lawyer’s liability to a client for malpractice unless the client is
independently represented in making the agreement….”
Comment 14 to Rule 1.8 provides some insight stating:
Agreements prospectively limiting a lawyer's liability for malpractice are
prohibited unless the client is independently represented in making the agreement
because they are likely to undermine competent and diligent
representation….This paragraph does not … prohibit an agreement in
accordance with Rule 1.2 that defines the scope of the representation, although a
definition of scope that makes the obligations of representation illusory will
amount to an attempt to limit liability.
Clear as mud, right? Well, what this really means is there may be a point in dealing with
a client relative to HIPAA issues where there is an ethical duty to advise the client to seek
independent legal counsel. For example, if the client asks your firm to provide the BAA
that the firm will sign can it really do so without an explicit waiver of the conflict by the
client? Is it even possible to waive the conflict?
E.
Rule 1.2 & The Bad Client
Conflict of Interest or Interesting Conflict: The Rules of Professional Responsibility Meet HIPAA
Gordon J. Apple & Robert A. Wells
9
(d) A lawyer shall not counsel a client to engage, or assist a client, in conduct that
the lawyer knows is criminal or fraudulent, but a lawyer may discuss the legal
consequences of any proposed course of conduct with a client and may counsel or
assist a client to make a good faith effort to determine the validity, scope,
meaning, or application of the law.
The issue here relates to clients who do not want to comply with HIPAA even though
they are regulated entities either as a result of being a covered entity or a business
associate. HIPAA contains significant civil and, in the worst case, criminal penalties.
Comments 9 and 10 are instructive in terms of lawyers obligations.
[9] Paragraph (d) prohibits a lawyer from knowingly counseling or assisting a
client to commit a crime or fraud. This prohibition, however, does not preclude
the lawyer from giving an honest opinion about the actual consequences that
appear likely to result from a client's conduct. Nor does the fact that a client uses
advice in a course of action that is criminal or fraudulent of itself, make a lawyer
a party to the course of action. There is a critical distinction between presenting
an analysis of legal aspects of questionable conduct and recommending the
means by which a crime or fraud might be committed with impunity.
[10] When the client's course of action has already begun and is continuing, the
lawyer's responsibility is especially delicate. The lawyer is required to avoid
assisting the client, for example, by drafting or delivering documents that the
lawyer knows are fraudulent or by suggesting how the wrongdoing might be
concealed. A lawyer may not continue assisting a client in conduct that the lawyer
originally supposed was legally proper but then discovers is criminal or
fraudulent. The lawyer must, therefore, withdraw from the representation of the
client in the matter. See Rule 1.16(a). In some cases, withdrawal alone might be
insufficient. I may be necessary for the lawyer to give notice of the fact of
withdrawal and to disaffirm any opinion, document, affirmation, or the like. See
Rule 4.1.
Conclusion
Lawyers need to keep their eyes and ears open to developments in the sea of ethics, such
as the efforts of the ABA Commission on Ethics 20/20 with respect to how the rules of
professional conduct are interpreted generally. In addition, lawyers must think of those
rules in the context of continuing technological changes and, more specifically, their
obligation to meet HIPAA business associate requirements. Not unlike the movement to
address the issue of how lawyers use, disclose or return metadata at the national and state
levels, it is likely that various state boards will begin to issue ethics opinions in this area
as well. For the moment, there are more questions than answers, but no one can possibly
Conflict of Interest or Interesting Conflict: The Rules of Professional Responsibility Meet HIPAA
Gordon J. Apple & Robert A. Wells
10
say that lawyers in general and health lawyers in particular, do not live in the most
interesting of technological and ethical times.
i
78 Fed. Reg. 5566 (Jan 25, 2013)
The final rule was effective on March 26, 2013. Covered entities and business
associates had180 days beyond the effective date of the final rule to come into compliance with most of the
final rule’s provisions – September 23, 2013. It should be noted that breach notification requirements
already exist and were effective in 2009.
iii
The reality is that law firms already faced some of these potential consequences after the effective date of
the HITECH amendments in 2009. However, now that final rules have been published implementing these
changes, the likelihood of enforcement is greatly increased.
iv
Pub. L. 104-191 110 Stat. 1936 (1996)
v
The Privacy Rule applies to protected health information in any form whereas the Security Rule only
applies to protected health information in electronic form. Protected health information means individually
identifiable health information: (45 CFR 160.103)
(1) Except as provided in paragraph (2) of this definition, that is:
(i) Transmitted by electronic media;
(ii) Maintained in electronic media; or
(iii) Transmitted or maintained in any other form or medium.
(2) Protected health information excludes individually identifiable health information in:
(i) In education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C.
1232g;
(ii) In records described at 20 U.S.C. 1232g(a)(4)(B)(iv); and
(iii) In employment records held by a covered entity in its role as employer;. and
(iv) Regarding a person who has been deceased for more than 50 years.
ii
Conflict of Interest or Interesting Conflict: The Rules of Professional Responsibility Meet HIPAA
Gordon J. Apple & Robert A. Wells
11