Author: faithatlaw

Maryland technology attorney and college professor.

iPhone Call Log For Follow-up

An increasing number of attorneys, including me, use an iPhone in their practice.  As a practicing attorney, I’ve been looking for some kind of application that could permit me to track and follow-up on phone calls made or received.  Without such an application, it is a manual effort to review calls made and either document or otherwise follow-up on the issue that generated the phone call.  In my research, I had found an application that performed the “simple” task of taking calls from the call log of the iPhone and importing them into a designated calendar in iCal on my Macbook.  However, at one of the last major releases of the iOS, this application stopped working (probably because the call log database on the phone was upgraded to a later version of SQL Lite).

So, I endeavored to cook up a way to accomplish a simple-enough process to get at the call log on my iPhone and import the data to a web application.  Here is basically how this works:

  1. Backup your iPhone to your laptop using iTunes.  This creates a set of backup files that are stored locally.
  2. Using the free iPhone Backup Extractor, extract the iOS backup files to a particular location on your laptop’s hard drive.  Within this directory, /IOS Files/Library/Callhistory, is a SQL Lite version 3 database called call_history.db.  This database is presently not encrypted (unlike, apparently your SMS history).
  3. Using the application I wrote, import your call_log history into a pre-installed MySQL database.  In addition, my import process will also import my address book entries (used to match up calls with people that are known to me) from my Mac Address Book database (another SQL Lite version 3 database that is stored on your laptop).

Once this process is complete, I have a recent list (the most recent 100 calls, including missed calls) of people that I have talked to or missed.  This data is presented in a php-based web application.  The status of each entry can be changed to reflect whether I need to do something, or whether the issue is closed or otherwise resolved.  I also have links to a reverse phone lookup site to check numbers that I don’t recognize in my call log.  Resolved calls drop off of the list so only calls that require follow-up or have just been imported appear on the home page.

Because the phone call log only keeps the last 100 calls, I worked on importing call data from my AT&T phone bill into the database based on the .csv file export that AT&T provides.  I was able to import the last 12 months of calls into my application (though the process is a manual one to process the invoice data points so that they can be imported).

I’ve written some rudimentary reporting to track time and number of calls per month.  I plan to work on some additional features as time permits.  Do you think this would be helpful to your practice?  Let me know in the comments.  Thanks.

Meaningful Use Stage 2 Regulations Released

The Meaningful Use Stage 2 proposed rule has been released earlier this week.  You can download a copy of the full 455 page regulation here: MU Stage 2 Proposed Rule.  For those keeping score at home, there are three stages of “meaningful use” as that term is defined in section 495.6 of the regulations.  Stage 1 set certain Core (required) and Menu (pick from the list to implement) Criteria, and established minimum compliance metrics for a “eligible professional” to qualify for the federal incentives.  The original regulations that defined “meaningful use” indicated that there would be future changes to the definition in two more stages.  We initially expected Stage 2 to be defined for compliance in 2013.  However, the regulations have pushed out compliance for Stage 2 to 2014.  This article will take a look at what’s been proposed for Stage 2.

First off, there are more “Core” or required Criteria in Stage 2.  Stage 1 had a total of 15 Core Criteria, some of which any certified electronic health record would have to meet (such as collecting certain demographic and vital signs data for patients seen in the office).  In addition, there were several Core criteria that, when originally published, no one had yet defined how you might actually comply.  For example, there is a Core Criteria in Stage 1 where providers were required to submit certain quality data to either CMS or their State Medicaid program.  But, no one had indicated when the regulations were published what data, exactly, or how this data was to be provided.  The metric in Stage 1 was merely the ability to submit a test file.

Stage 2 has 17 total Core Criteria.  In several cases, CMS has proposed to terminate a prior Stage 1 Core item entirely in Stage 2.  And in a number of cases, Criteria that were previously on the “Menu” in Stage 1 are now incorporated as Stage 2 Core Criteria.  For example, structured lab data, patient lists by specific condition for use in a quality improvement initiative, patient reminders, patient access to electronic health information, patient education resources, medication reconciliation for transition of care, care summary for patients transitioned to another provider, and data submission to an immunization registry were all Menu Criteria in Stage 1 and are now Core Criteria in Stage 2.

Also, where a Stage 1 Criteria was kept, the minimum compliance percentage has increased, in some cases substantially, in Stage 2.  For example, where a 50% compliance rate was sufficient for Stage 1 for collecting patient smoking status, in Stage 2, the compliance rate minimum is 80%.  In Stage 1, a single decision support rule needed to be implemented for compliance.  In Stage 2, five such rules must be implemented.

As for the Menu Criteria, Stage 1 required that you implement 5 of the 10 on the list as an eligible provider.  In total, therefore, a provider had a total of 20 Criteria that had to be met to achieve meaningful use.  In Stage 2, there are only 5 menu criteria, and the provider must meet at least three.  So the total number of required criteria is no different, but providers have fewer menu criteria to choose to comply with.  In addition, the Menu Criteria in Stage 2 include three interfaces with specific state or public health registries, and the remaining two involve access to imaging results in the EHR and storing family health history in a structured data format.  You may be able to waive out of some of these if there isn’t a way in your state to submit surveillance or other registry data electronically.  However, if you elect to implement one of these interfaces, the compliance requirement under Stage 2 is full year data submission to the registry (not just submitting a test file).  If you plan on doing one of these, start early to make sure you can get to the compliance target by 2014.

Overall, Stage 2 appears to “up the game” for providers who wish to continue to receive incentive payments in out years of the program.  The Stage 2 rules that were published this week are interim rules.  The public has 60 days to submit comments.  After that, CMS will ultimately publish a final rule, taking into account comments made during the comment period.  While it is possible that CMS may back down on some of these measures, providers should get plan to comply with much of this Rule.  Talk with your EHR vendor, consultant, MSO or other service providers to analyze and plan for compliance.

Living in the Cloud(s)

I wrote about cloud computing in an earlier post and discussed some of the general pros and cons involved with the idea.  For attorneys, doctors and other professionals that are regulated, cloud computing creates some new wrinkles.  For attorneys, protecting the confidences of clients is an ethical obligation.  The unauthorized disclosure of client secrets can lead an attorney to disciplinary action and disbarment.  For physicians and other health care providers, federal laws on the privacy of patient information put providers at risk for substantial fines for inappropriately disclosing patient health information (or otherwise not complying with HIPAA’s privacy and security rules).  Using the cloud for applications that might have such confidential information adds a layer of uncertainty for the practitioner.

On the other hand, cloud computing is coming to a practice near you whether you like it or not.  For example, an increasing number of attorney practice management systems are cloud-based, such as Clio.  Legal research tools like FastCase, LexisNexis, Westlaw and Google Scholar are all cloud-based systems (in the sense that the information being searched is not stored on your local network but in internet-based database repositories that you access through your web browser).  And a growing number of email providers, including Google Apps for Business, Mailstreet.com, and others have been providing cloud-based email solutions for custom domain names.

State bar ethics groups and the ABA have been working on ethics opinions about these cloud-based systems.  North Carolina’s Bar had initially proposed a restrictive rule on the use of cloud computing systems by attorneys in the state.  The NC Bar had suggested that the use of web-based systems like directlaw.com (which allows clients to complete a questionnaire online for specific legal documents which are reviewed by an attorney before becoming final) represented a violation of the state’s ethics rules.  However, the NC Bar later revised its opinion and indicated that cloud computing solutions can be acceptable, so long as the attorney takes reasonable steps to minimize the inadvertent disclosure of confidential information.  “Reasonable,” a favorite word of attorneys for generations, has the virtue and vice of being subject to interpretation.  However, given the pace of change of technology, a bright line rule that favors one system over another faces prompt obsolescence.

In the context of the NC Bar 2011 Formal Opinion 6, for software as a service providers, ethics considerations include: (a) what’s in the contract between the vendor and the lawyer as to confidentiality, (b) how the attorney will be able to retrieve data from the provider should it go out of business or the parties terminate the SAAS contract, (c) an understanding of the security policy and practices of the vendor, (d) the steps the vendor takes to protect its network, such as firewalls, antivirus software, encryption and intrusion detection, and (e) the SAAS vendor’s backup and recovery plan.

Can you penetrate past the marketing of a vendor to truly understand its security practices?  For example, Google does not even disclose the total number of physical servers it uses to provide you those instant search results (though you can learn where its data centers are – there is even one in Finland as of the writing of this article – here).  And, in spite of Google’s security vigilance, Google and the applications it provides have periodic outages and hack attacks, such as the Aurora attack on gmail that became known in 2010.  Other data centers and service providers may be less transparent concerning these security issues.  In some cases, the opacity is a security strategy.  Just as the garrison of a castle wouldn’t advertise its weak spots, cloud providers aren’t likely to admit to security problems until either after the breach is plugged, or the breach is irreparable.

What’s your alternative?  For you Luddites, perhaps paper and pencil can’t be hacked, but good luck if you have a fire, or a disgruntled employee dumps your files in a local dumpster for all to see one weekend.  For those of you that want computer system in your practice, can you maintain these systems in-house in a cost-effective manner?  Do you have the resources to keep up with the software and hardware upgrades, service contracts, backup & recovery tests, and security features to reasonably protect your data?  How does that stack with professional-grade data centers?  Are you SAS-70 or SAS-16 compliant?  Do you know how data you access is encrypted?  In functional terms, do you really exercise more effective control over your security risks if you have IT people as employees rather than a data center under a reasonable commercial contract?

There are a lot of considerations.  And the best part?  They keep changing!

Don’t Be Fooled (Domain Name Registration)

One of my clients forwarded to me an email he received regarding the renewal of his domain name.  The email had the appearance of an invoice for the renewal.  The problem?  The invoice was not from my client’s domain name registrar, but from a vendor that wants my client to transfer his domain away from his existing registrar.

How Does This Work?

If you have a web site, your web site has a registered domain name.  That name (ending with a .com, .net, or another .something) has to be registered with an authorized domain name registrar, like Network Solutions or GoDaddy.  There is an international body, ICANN, that is responsible for approving registrars for the “top level domain names.”  ICANN acts as a coordinator to make sure that a particular domain name is controlled by one responsible registrar, who is the host for translating the domain name into an IP address, which your computer needs to find each internet site that you are trying to reach.  Without such a coordination, the internet would likely stop functioning in that you would be unable to consistently find a web site when you went to visit it.

Underneath the covers, each time you go to visit a web site, your computer asks what the IP (internet protocol) address the domain name you’ve asked for translate to.  For example, my domain, faithatlaw.com, has an IP address of 63.147.127.12.  My computer finds this IP address by asking a domain name server close to it (usually on the same local area network as my computer).  This local domain name server, in turn, asks itself whether it is an “authoritative” server for the domain name, and if not, asks a domain name server above it who is the authoritative server to tell it what the IP address for this domain name is.  Most DNS servers have a list programmed into them of “root hint” or upstream servers to ask when the local server does not know.  Ultimately, (and usually within a few seconds, which is kind of incredible, given that there are billions of computers on the worldwide internet), the local domain name server finds the address and tells my computer, 63.147.127.12.  My computer, in turn, uses this information to point my web browser to where I was trying to go.

This architecture only works if there is one authoritative domain name server out on the internet.  If there were many authoritative servers, each might have a different IP address for the same name, which would mean my question of where to go might be answered differently each time I asked it.  Talk about mass confusion.  So, if you own a domain, you registered it with a registrar.  You pay a fee to have a registration.  Usually you need to pay this fee annually.

The Problem

The problem is that for many business owners, the registration is handled by a web developer, or was done years ago (because you can purchase a web site registration for several years at a time).  It is easy, then, to forget about who you registered with when it comes time to renew your domain name.  And then, it is even easier to be fooled into sending your credit card information to “Domain Services” (the originator of the spam that spurred this posting).  One way to solve this is to setup your domain names to automatically renew with your current registrar.  You can also determine who is your current registrar by performing a “WhoIs” query on your domain name.  You can use this information to determine when your domain name is due to renew.

Be careful – the internet is a wild place.  This is but one way to get into trouble!

Lion Migration from IIS, A Novel

For the new year, we decided to take the plunge and migrate from our old friend, Windows server 2003 with IIS 6 over to Apple’s Lion Server on a shiny new Mac Mini with 8 GB of RAM and a quad processor.  The conversion from Microsoft’s to Apple’s server operating system is not too bad, though much is different between the two systems.  This article discusses some issues and resources for reference for those that are new to Lion.

MySQL

So, first off, we host web sites using IIS 6.  Some of our sites utilize WordPress, which means that we use a back-end mySQL database, and we also run php.  Neither of these applications were originally written for Windows, so both run ok there, but with issues over time.  Lion, of course, underneath is really a flavor of Unix.  This makes mySQL and php happy.  And, the nice people at Apple even have pre-loaded php onto Lion server for you.  However, you will need to install mySQL on your Lion box ahead of time for this conversion.  Here is a link to downloads for mySQL.  Here is also a very good walkthrough of installing and verifying your php, Apache, and mySQL installations.

Also note that with mySQL that there are three separate installation packages that you have to run – the main one is called mysql-5.5.19-osx10.6-x86_64.pkg (yes you want the 64 bit version of this application, not that crappy 32 bit thing you were running on your sad Windows server), but you also need to run the MySQL.prefpane and MySQLStartupItem.pkg so that you can get to this in the Preferences Pane and have it set to automatically run when you reboot).

Remote Access

Oh, but wait.  You might be wondering how you get into your Lion box in the first place to do all of this stuff.  For Windows people, we are used to the whole Remote Desktop thing (or if you are truly desperate, breaking out that spare monitor, mouse and keyboard and plugging them into your shiny new server).  Don’t worry: Apple has some tools for the sysadmin’s remote access.  If you are using, perish the thought, a Mac workstation or laptop, you can use Screen Sharing.  To connect for the first time, you authenticate to the Lion server with a blank user name, and the password is the Mac Mini’s hardware serial number.  From there, you will walk through the initial setup steps (like giving your box a network name, and the like).  Apple also shows you the other couple of options here (because, no, you are not the only person to want to access your box remotely).

The Server and Server Admin Apps

Ok, so now you have you setup the box and have installed mySQL, php and your Apache server.  In case you don’t know where Apache is (because you like to click a play button in the services applet in Windows), there is an application in Lion aptly called, “Server.”  Within that is a big “on/off” button for the web server that you can click to get Apache running.  By the by, there is a more sophisticated set of server tools called “Server Admin” that all the cool kids have downloaded to their Lion server.  (Click here to download that).  You can also do this stuff at the command line in the application called “Terminal” which is in the Utilities group of Applications.  I won’t get into the command line in this article, though there are a number of good references out there if you like that kind of thing (and sometimes, that is the best way to do something!).

Setting Up the Web Root Location

So you now have some setup choices to make, like where you are going to put your web site directories for the web sites you want to host on your Lion.  I’d say put them somewhere isolated, perhaps in their own little folder in the root where you have a way to limit access.  In Lion’s world, this will be a location where “Everyone” will have access, because, you know, the world wide web can come to your little box and see the contents.  I’d guess that putting all this stuff in the middle of your server’s system files would be a bad idea.  If you bought a server with two harddrives, and you aren’t going to mirror the one to the other, you might use the other disk to locate your web files.  Or you could create a partition from the free space and isolate your web files from the rest of the server’s files. Do what you need to do here.

Local DNS for Dev

Once you get things setup, you can then copy your files from your production IIS server over to their new location on the Lion server.  By default, Lion is running DNS for the .home domain (the equivalent of the .dom domain in Windows – local only).  However, you can’t configure DNS with the “Server” application.  Instead, you need “Server Admin” (aren’t you glad you already downloaded this and installed it?  Oh, you didn’t do that yet.  Well, come on.)  DNS lives there (or you can do your unix command line voodoo if you are in to that sort of thing).  The home domain is configured and your server is in it.  If this server is an internet DNS server, you could configure this server to run DNS for an internet domain here.  However, if you want to test your migrated web sites (why would anyone test anything before putting it into production?), you can configure your names here.

Setting up your Web Pages

Once you have done this, you can then declare your new sites in the “Server” application in the Web application.  You add a domain at a time (like test1.home, test2.home, or something lame like that), and tell the web service the location of the files for each site.  You’ll note that the service doesn’t ask you what the default document is for your web site; I think it is assuming that the default page is index.htm (or index.php if you are running php).  If you have a funny named default page, you will probably have to edit httpd.conf to modify the line for DirectoryIndex as follows (or you can just rename your page to index.php/index.htm.  I know, I know, that is too much effort):

#see below, replacing the text in square brackets 
#with your unusual default page
DirectoryIndex [yourcrazyindexpagename].[crazyextension]

Now, you are going to chuckle a bit at this point once you have added your multiple domains into DNS and you configure your multiple web sites, because Lion only will serve up one.  I don’t know why Lion ships this way.  But there is a solution.  Edit httpd.conf and add some entries for multiple domains as noted in the article.  You can also alias subdomains if you want, like http://www.  The downside to this is that if you have to change IP addresses later, you will need to edit internet DNS, add these addresses to your Lion server’s network settings, and then come back here and edit httpd.conf.  And for some reason with Lion, Apple has taken away a GUI configuration for Apache for advanced things like this.  Maybe someone out on the interweb will write one for those of us that are sad and don’t like trying to change these oddly named text files in the System directory.  Also, even more sadly I note that the Snow Leopard version actually had a GUI to do this and Apple took it away from us sysadmins.  I now wander alone in the desert, cast out by Apple.

Ok, I’m out of cheese so I will stop whining.  Needless to say, Apple has its problems too.  If they had everything figured out, we wouldn’t know what to do with ourselves and would probably not have a fabulous  job in IT.

FTP

By the by, you might want to configure ftp access to your web server.  Here is an article to do that.  (If you are going to allow ftp access, this is yet another reason to isolate your web files from the rest of your server files).  FTP access might be helpful if you are going to upload and download files from the web server periodically, and you can stop and start the service if you want to further limit access.  Probably best to also not use root as the user to access files by ftp (or just post your social security number, date of birth, license number, bank account numbers, and all your passwords to all of your accounts to the internet – you know, whatever).

Setting up new MySQL Databases

So, just a few more things to do in order to get your web sites up and running.  If you are using WordPress, you will want to export the tables in your production mySQL database to your new Lion mySQL database.  Ahead of this, you can get ready by creating blank databases on the Lion mySQL server with the same names as in production.  This can be done by logging into mySQL from Terminal, and running the commands:

create database [databasename];
grant all privileges on [databasename].* to
"[webusername]"@"localhost" identified by "[password]";
flush privileges;

In addition, if you have already copied the web files to your Apache server, and configured Apache to serve up these pages, you should be able to run the initial WordPress setup on your Lion box (won’t impact production), and you should be able to get into the wp-admin section and check out your plugins and themes to make sure they are good before importing your data into your mySQL database.  This will create blank tables with the default data of a default WP install – these will all get overwritten in the next step below.

Export/Import MySQL Database Tables

Happily, mySQL for Windows comes with an application you can use to export your database into a single .sql file that you can then execute in mySQL to import the tables and their data.  In Windows, the program is called “mysqldump.exe” and it is installed in Program FilesMySQLMySQL Server 5.0bin.  You run this program at the dos prompt.  With the proper syntax, it will create a .sql file where you tell it to, which you can then use to import all of your data and tables into your fresh mySQL install on Lion.  Here is an article on the syntax for using this function.

Once you have your .sql file for your database, and you have copied it to your Lion server, you can use mysqlimport from within the Terminal application in order to import these tables and data into the appropriate shell database you have for your WP site.  I’ve found that this process works better than using the Export/import features within WP admin, particularly if your site has custom tables for a particular widget or plugin.  My site, for example, had a customized menu that didn’t work in the new site until I just exported all of the data and tables and imported into the Lion install.  You can also simply execute a command at Terminal to process the .sql file that is created by exporting using mysqldump that looks like this:

mysql -u root -pYourPasswordHere NameOfYourDatabase <
/locationofyourMySqlExportFile.sql

Once you run that command, mysql will import and overwrite whatever is in the shell database that you have on your new mysql server.  Of course, if you have anything in there that you want, it will be overwritten.

So that’s it.  Ha ha.  This is not a thing you do in a half an hour, even for an experienced sysadmin.  But this is a perfectly reliable way of hosting web sites.  Lion’s not bad, mostly because you are just running Apache, php and mySQL, all of which work pretty well and have been around for quite a while.  But Lion is cute and cuddly.  For the most part, as long as you avoid those fangs, claws, and don’t get squished under the command line.  Happy computing!

Spam Spam Spam Spam Spam Spam Baked Beans and Spam

“18” year old virgins have recently found online resellers of non-prescription viagra for Magic Jack users that want cheap ski vacations that need health insurance, iPads and Dyson vacuum cleaners at rock bottom, knock off prices!  And all of these thousands of emails have been sent to my account online so that I can help a gentleman from Nigeria move $55 million in money from an African bank account into the U.S. and I can charge a humble $5 million fee to help.  I just need to send my social security number, credit card numbers, street address, and a sample of my signature to a person I’ve never met by email, deposit the bogus cashier’s check in my trust account, and then immediately write a check off the account the next day, well before the bogus check is returned by the collecting bank.

I feel as though I have ended up in the 21st century Monty Python skit about the restaurant that only seems to have “spam” on the menu.  I hear this problem continues, with more than 70% of all email amounting to spam, according to a 2011 article from Symantec (though there was a time that more than 90% of email was spam, so there has been some improvement since those dark days in 2009).  Progress has been made with some service providers that have waged a counter war against spam.  Gmail, for example, group-sources and marks messages as spam based on all messages identified by users as spam across the gmail platform.  This is a surprisingly effective strategy.  My experience has been that there are few false positives.

Previously, email systems were implemented that would check if a message was sent from a known, blacklisted IP address based on a series of independently maintained blacklist databases on the internet.  There have also been other improvements in the background, including the use of special DNS entries, and email gateways that pre-filter messages before reaching the mail server (Symantec had a product it had acquired from Brightmail; Google Apps includes a single-domain license for Postini, which is also generally effective at cutting down spam).  Spam messages often include phishing links, virus-laden email attachments, and other nefarious attacks on users.  Reducing spam makes sense for service providers that are paying, ultimately, for the bandwidth and storage space to process and deliver this junk to users.  We clearly have a way to go to reduce this problem for users.  Until then, if you need male enhancement medicine, are missing out on a $1,000 transfer to your bank account, want to help a political refugee move his family fortune to the U.S., need a usurious student loan, or want to work from home – I’m your guy!

Entertainment Contracts for Businesses

Entertainment businesses operate like many other business enterprises: ultimately, the business must make a profit in order to survive.  One way to help sustain and protect an entertainment business is to document the business relationships through written entertainment contracts between parties that participate in the providing of services to clients.

Ownership Contracts
For example, if several people are business owners, having a written agreement between those owners is an essential ingredient to the business’ success.  Such an agreement will vary based on the business entity, but generally, the agreement should describe each owner’s ownership interest, how management decisions are made, how owners join and depart from the organization, and how the business finances will be managed.

The forms of these agreements will vary based on the kind of business.  If the entity is unincorporated and there are two or more owners (“partners”) who share in the profit or loss of the business, the entity is likely a general partnership and would be governed by a partnership agreement (and, in its absence, state law for partnerships).  If the entity is an incorporated limited liability company, the owners (“members”) would typically enter into a membership agreement.  If the entity is a corporation, the owners (“shareholders”) would enter into a shareholders agreement.  The absence of such written agreements can make things much more expensive later should disputes arise among the owners.

Agency Contracts
For entertainment businesses that act as a booking agent for performers, having a written agency agreement with the performer is an important document.  This contract would clarify the procedures for scheduling and booking performances, might determine whether the agent is exclusive for the performer, what geographic area the agent would book the performers within, how the agent is compensated, among other considerations.

Performer Contracts
Also important to an entertainment business are the individual performers that work for the entertainment business.  Whether or not these performers are employees or independent contractors is an important distinction with substantial legal and tax implications for the business.  Employers understand that an independent contractor can potentially be less expensive than a full time employee because employers can avoid paying certain payroll taxes for independent contractors (shifting the tax burden to the contractor).  However, if the business mistakenly determines a staff member to be an independent contractor, the business may quickly face some very costly back taxes and penalties.

Independent Contractor vs. Employee
Determining whether a performer is an independent contractor or employee is highly fact specific.  There are a series of factors that are used to determine this distinction; these factors may vary by state and by the regulating entity.  However, at its roots, an employee is a person over whom the employer controls both the results of the work performed, and the methods and tools to achieve the result.  According to IRS Publication 1779, the IRS looks at three basic areas to determine if a staff person is an employee or independent contractor: (a) behavioral control, (b) financial control, and (c) the relationship of the parties.

Generally, the more control the business exercises over how the job is done (not just what results are expected), the more the staff person is likely to be viewed as an employee.  With regards to financial control, if the staff person can incur a profit or loss from his/her activities, you have a significant investment in the work that you do, and/or you pay your own business expenses, you are more likely to be viewed as an independent contractor.  And on the relationship of the parties, if the business pays benefits for you (like health insurance, pensions, and paid time off), and there is no written agreement between the parties, the IRS is more likely to view you as an employee.[1]  Independent contractors typically are able to work for several businesses providing similar services within their field.

In Maryland, the Department of Labor and Licensing also considers whether the business retains the right to discharge the staff member, and whether the business provides the tools, materials and the place to work for the staff member.  Typically, the independent contractor would have his/her own tools and materials, and would work from his/her own office or location.  DLLR also indicates that independent contractors are usually in a business that is different from the hiring business; professionals like lawyers, dentists, and public accountants are commonly independent contractors in business for themselves.

There may be other factors to consider besides the ones noted above.  In the entertainment business, musicians are may be independent contractors because they (a) have their own tools (e.g., instruments), (b) they may work for more than one business or band, (c) they typically have a fair amount of time and money invested in their education and equipment to be musicians, (d) the business they work for tends to exercise control over the result (the performance), rather than the specific methods of how the work is performed, and (e) typically organizations that schedule or coordinate performances are in a different business from the performers.  In some cases, performers take a percentage of ticket sales, and won’t get paid if either no one shows up for the event or if the event is canceled.  In those cases, a performer is more likely to be viewed as an independent contractor.

However, there are also factors that might tend to make a performer an employee: (a) benefits for the performer like paid sick or vacation time or health insurance, (b) the exercise of control by the busiess over practice times and location and how a particular musical piece is performed, and (c) the lack of a written agreement between the parties, suggesting that the business may terminate the relationship at will with the performer, without further obligation.

If you aren’t sure if the performer is an independent contractor or employee, you can request that the IRS provide a private letter ruling through filing Form SS-8.  An attorney in your state may also be able to advise you on the state-specific factors and your circumstances.

Other Contracts
There may be other relationships for an entertainment business (such as licensing and royalty agreements for the licensing of copyrighted works, contracts with merchandise distributors, record label and publisher agreements, venue agreements, just to mention a few).  The more that can be documented, the more likely it is that you will get paid and the less likely it is that parties will have disputes.

Documenting relationships in the form of formal, written agreements at the beginning of the relationship can help save headaches and costly mistakes down the road.  Consulting with an experienced attorney can help you to craft effective and binding agreements.

[1] In close cases, the written agreement may determine that the staff person is an independent contractor.

Estate Planning in the Digital Age

One event remains certain for all of us, our inevitable end.  Planning for this eventuality is generally a good idea because you can help ensure that the people that survive you will be able to keep on keeping on.  This is why people have, for generations, written wills, powers of attorney, health care agent appointments, living wills or advance directives, and other legal documents.  All of these documents help to explain who is supposed to get what, and how your affairs should be closed out after your death.  The 21st century, however, has created a new set of problems with the rise of technology and the information age.  What happens to your online life when you die?  And how will your heirs access all of these things?

First off, computer security people have drilled into all of us to not share our passwords with others.  Besides having to change these passwords all of the time, users of most commercial information systems are used to having a password personal to them, which sometimes acts as a digital signature authorizing the commercial vendor to do certain things (for example, to trade stocks, post information, or to pay bills from a bank account).  In addition, security experts have also drilled that we should not write down our passwords, or attach them as post-it notes underneath our keyboards.  Furthermore, we have been taught to have different passwords for different services (so that, in the event of a password loss, the damage that might result would be limited to one or a few systems).  As a result, we probably keep a lot of passwords to a substantial number of systems, but we usually don’t tell anyone what these passwords are.  So what happens when we die?

For myself, I am just thinking about the computer passwords that I use on a regular basis: (a) one for my laptop, (b) one each for online banking at several different banks, (c) a passcode for my iPhone, (d) a passcode for my iPad, (e) passwords for blogs that I maintain online, (f) passwords for my web server, (g) passwords for online web sites that I use like amazon.com, ebay.com, iTunes.  I mean, I even had to create an account in order to update the software that programs my remote control for the T.V. at home!  I’m sure that if I sat down and thought about it, I would be able to write an even longer list.  Without help, I doubt my wife or any of my relatives would be able to access much, if any, of this.  Moreover, if I simply wrote out the whole list, I would have to periodically update my passwords for those systems that require that I regularly update (a growing percentage of my online accounts).

There do appear to be some subscription-based services available online today to help address this conundrum.  Dead Man’s Switch is one such service.  Another is called Death Switch.  There may be other services available.  Obviously, you would want to give some thought to what you are providing to the service, and what security is employed by the service that you sign up to use, given that you may end up leaving with it sensitive information to forward to people that you have designated.  I have not used either of these services.  If you are a user, please feel free to post comments to this post on your experience to date.

The Struggle Over Privacy Online

More and more data is being collected and stored in more and more data centers all over the world as the use and functionality of the internet expands.  Sites like Facebook now have in excess of 800 million users, half of which are active in any particular day.  An almost countless amount of information and data is shared with the public internet on a daily and hourly basis.  In addition, many businesses are using cloud-based services (like Google’s gmail or Google Apps, Salesforce.com, Amazon marketplace, and a host of other solutions) to provide services and products to customers and manage their businesses.  As a result, we keep inventing names for the units of measure to calculate how much data is available throughout the world wide web (I mean, how many people do you know that use the term “exabyte” in conversation, really?).  The problem posed is what in the world all of this data is really being used for.

To answer that question is not simple.  A fair amount of what governs the protection, use and backup of data on the internet are private agreements between the service provider and the person or business who is putting data online.  When’s the last time you stopped and read one of those online “click-through” agreements?  I can’t say most are much fun to review (with an exception for the Sharebuilder user agreement, which took smoke breaks periodically and made entertaining chatter in between paragraphs of heavy-duty legal writing).  Commonly, these agreements (for services designed for consumers) severely limit the site operator’s liability, disclaim any and all warranties regarding the service, and few offer that many protections for your data or your privacy.  (See, for example, Second Life’s Privacy Policy which provides some limitations on data provided to the service, but your ability as a user to control access to your information is relatively limited in comparison to what Second Life may do with information about you.  Google’s Privacy Policy is somewhat more limiting on what Google might do with your data, but you will notice that there is some variation in policies based on the specific product you might be using).

There are also governmental regulations that may govern your privacy.  Facebook recently entered into a consent order with the Federal Trade Commission because of allegations of privacy invasions by Facebook.  Presumably, other nations or international bodies may have jurisdiction over some of the larger companies that operate on the internet.  And, just like other international intellectual property rights may vary by country, privacy regulation also is likely to vary (with some nations like Germany with more data protections than others, for example).  Ultimately, our privacy interests in part have taken a back seat to having “free” applications available to us all the time.  Google’s original product, web search, has historically been free to use by anyone connected to the internet, but only because advertisers have been willing to pay for click-through advertising.  As google continues to dominate the web search market, so has it also benefited from the many advertisers that are able to cost-effectively run ads alongside the web search engine’s results.  These ads are effective because they usually attempt to match up what a user is searching for with a product or service that might be relevant to the keywords.

Facebook (and other social media technologies) have, as well, informed our cultural disinterest in privacy, by providing a forum to post all sorts of the mundane, outrageous, or controversial information and graphics, and quickly disseminate this information to “friends” or the general public.  However, there has not yet emerged a “facebook” for health data (though, perhaps, the rise of health information exchanges and online personal health records may result in such an application).  Lawyers and accountants don’t (at least not intentionally) publish their client’s secrets online.  Our government has in recent years labeled many more documents as secret (and therefore, not as easy to obtain) following 9/11.  There remain islands of privacy in the sea of unfettered information access that is the internet.  If you value your privacy, you may need to pay more to preserve it, or be more discerning in the products and services you contract to purchase.

 

Common Will Problems in Maryland

A will is a document that describes how its author (the “testator”) wishes his or her assets to be distributed to others at death.  Wills are a practical necessity for people that own real or personal property.  These documents, when properly drafted and executed, provide for an orderly distribution of property to survivors of a testator.  In the absence of a will, the law of the place where the person has died will generally determine how that person’s property will be distributed.  Having no estate plan, or an estate plan that is incomplete, can lead to surprises, challenges for survivors, and litigation, making the grieving process that much more difficult for survivors.  Having a plan is a good plan.  Here are a few common problems that you can avoid while you are planning for your estate.

No Will

Not having a will is a common problem for many people.  The next best thing to not having a will is having a will that you have not properly executed (which, in Maryland, generally requires that the testator sign the will, and that there be at least two witnesses that were present and signed the document themselves; see Maryland Estates & Trusts § 4-102).

Also, the Maryland probate process requires that the original will be filed with the Orphan’s Court in order to prosecute the estate.  A copy will not do.  If the original will cannot be found, the court may follow the estate plan described in a prior, original will, or the intestacy statute if there is not a prior will.  This may end up as a surprise for the expectant heirs if the testator changed his/her estate plan late in life.

A third variation on this theme is that the will describes beneficiaries that have died, or that otherwise fails to properly address all the property owned by the person making it.  Some wills lack a “failure of beneficiary” clause which describes how assets should be transferred in the event that there are no beneficiaries based on the remaining bequests in the will.  This can also create a case of surprise for the survivors.

A fourth, less common variation on this theme is that a person’s will was drafted in another state or country, but doesn’t meet the statutory minimums to be recognized in Maryland.  The other dilemma with this is that the will does meet Maryland’s requirements, but the will is challenged here and the witnesses cannot be found to testify as to the veracity of the signature on the document (or the witnesses have died and therefore cannot come to court to testify).

Out of Date Will

Estate plans change over time.  For example, a young person that enlists in the military would have a different estate plan (which might primarily benefit his/her parents) than a married person that has recently had a child.  However, it is not uncommon for the living to write a will and forget about it for a period of time.  People also may write a will when they have fewer assets, and then subsequently prosper (or buy a life insurance policy to cover a major debt, like a mortgage), but not update their will to match these changes.

Major life changes like getting married or having children also changes how your estate will be distributed if you have no will.  Spouses are also treated in a special way by the law if you have excluded your spouse from your estate as a spouse has the right to an “elective share” of your estate under Maryland Estates & Trusts § 3-203 and applicable Maryland case law.

Beneficiary Not Blood Relative

As you know, as of 2011, there is no gay marriage in Maryland.  As a result, gay partners that wish to protect their partner but have not written a will may inadvertently leave out their surviving partner from their estate.  This can be particularly difficult on the surviving partner, both financially and emotionally during an acutely difficult time.  The law is, at best, unclear as to what effect the marriage of same-sex partners in another state would have on partners in Maryland under the intestacy statute.  Maryland may eventually recognize same-sex marriage (pending this year’s election in Maryland which has a ballot initiative on gay marriage), but in the interim, your estate plan should address this issue properly.

Math Errors

Lawyers don’t typically get a degree in math, but that’s no excuse for the math not working out properly in a will.  However, this problem happens more often than you might think if the Residuary of the estate is apportioned into shares, but the shares don’t add up to 100% of the Residuary.

Taxes

Long ago in Maryland, there was a single estate tax exemption set at the federal level which permitted a fixed amount of an estate to be exempted from both state and federal estate taxes ($600,000 prior to 1998).  This “coupled” estate tax permitted Maryland to make a claim for a portion of the taxes collected by the federal government, without the estate having liability for a separate estate tax amount to Maryland.  However, federal law changed in 2001, causing the federal exemption amount to increase to $5 million for people that died in 2010, 2011 or 2012.  Maryland, on the other hand, capped the exemption from state estate taxes to $1 million.  This means that an estate may be exempt from federal taxes, but have a state tax liability when the total value of the estate is more than $1 million but less than $5 million.  See Maryland Tax-General § 7-309.

Maryland also has an inheritance tax based on the size of the estate and whether or not the heirs to the estate are immediate family of the deceased or a more distantly related (or unrelated) person.

Estate taxation is a complex and esoteric area of the law, and therefore an easy place to cause problems for an estate.  Discussing an estate plan with an attorney can help to discuss these issues and how to manage them.

Bonds and Funeral Expenses

Absent a provision in the will, a probate court may require that a personal representative obtain a bond to serve and a probate court may cap the total funeral expenses chargeable to an estate.  See Maryland Estates & Trusts § 8-106 (requiring court approval for funeral expenses over $5,000 for a small estate and $10,000 for a regular estate).  See also § 6-102 regarding a bond for the personal representative (which can add expense to the administration of the estate, and confusion for the person acting as the personal representative).

Business Assets

A person who owns an interest in a business (for example, owns a member interest in a limited liability company, or shares in a small, private corporation) may need special advice in planning for his/her estate.  One common way to address this is to enter into a buy-sell agreement so that the deceased owner’s estate is “bought out” of the business in exchange for proceeds from a life insurance policy, held by the business entity or personally by the other owners of the business.  More information is available in this post.

No Beneficiary on Insurance Policies

Another common problem for estates is that the decedent died with life insurance, but did not designate a beneficiary for the insurance policy.  The estate may not know to file a claim to the insurance company, defeating the purpose of paying the premiums on the policy, or if there is no beneficiary, the insurance policy may pay into the estate of the deceased, leaving the insurance money to be distributed as per the decedent’s will (if any) or the intestacy statute.  This may not have been the intended result of the decedent, and may also have unintended tax consequences for the the beneficiaries of the estate.

These are just a few of the estate planning problems that may crop up.  Talking with an attorney as a part of planning for your estate can help to reduce surprises and ensure that your loved ones are taken care of as you would want them to be.