The URL can be used to link to this page

R-2016-215 2016-12-12RESOLUTION NO. R2016-215 A Resolution of the City Council of the City of Pearland, Texas, authorizing the City Manager or his designee to renew a contract for EMS billing and collection services with Digitech Computer, Inc. at the rate of 4.95% of net collections (plus an approximate $2,075 per month for ePCR software fee) for the period of December 16, 2016 through December 15, 2017. BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF PEARLAND, TEXAS: Section 1. That the City previously awarded a unit supply contract for EMS billing and collection services to Digitech Computer. Inc. Section 2. That the City Council hereby renews the bid to Digitech Computer, Inc., in the rate amount reflected in Exhibit "A", attached hereto in. Section 3. The City Manager or his designee is hereby authorized to execute a contract renewal for EMS billing and collection services. PASSED. APPROVED and ADOPTED this the 12th day of December, A.D., 2016. ATTEST: APPROVED AS TO FORM: DARRIN M. COKER CITY ATTORNEY t TOM REID MAYOR BILLING SERVICE AGREEMENT AGREEMENT made this /0 day of . % J in the year 2012 ("Agreement") between DIGITECH COMPUTER, INC. ("DIGITECH") maintaining its principal place of business at 555 Pleasantville Road, Suite 110N, Briarcliff Manor, N.Y. 10510 and CITY OF PEARLAND, TEXAS("CLIENT") maintaining its principal place of business at 3519 Liberty Drive, Pearland, TX 77581. WITNESSETH: In consideration of the terms, covenants, and considerations herein contained, the parties agree as follows: I. SERVICES A. DIGITECH will provide CLIENT the services ("Services") specified in Sections I, II and III of Rider A — Description of Services, Fees and Client Responsibilities. II. PAYMENT A. CLIENT agrees to compensate DIGITECH for the Services as described in Rider A, as applicable. B. All payments will be due within thirty (30) days of receipt of DIGITECH'S invoice. C. DIGITECH reserves the right to suspend or terminate the Services if any invoice remains unpaid for sixty (60) days from the date of invoice, unless DIGITECH receives reasonable documentation questioning the invoice within fifteen (15) days of the invoice date. In the event an invoice is disputed in good faith, CLIENT is entitled to withhold only that part of the invoice that is in dispute. D. In the event, that any invoice remains unpaid sixty (60) days from the invoice date, DIGITECH, at its option, may elect to terminate this contract upon forty- five (45) days prior notice to CLIENT. E. In the event that the Services are suspended in accordance with paragraphs C and/or D above, all undisputed outstanding invoices must be paid in full. Further, DIGITECH, at its option, may require prepayment for future Services as a condition of reactivating CLIENT'S account. F. All of CLIENT'S contractual obligations as stated herein will remain in full force and effect throughout the suspension period. Specifically, CLIENT Page 1 of 28 shall remain liable for all fees due DIGITECH as if this Agreement were not suspended, regardless of who performs the Services. The purpose of this clause is to prevent CLIENT from terminating this Agreement by not paying DIGITECH. DIGITECH will have no liability to CLIENT for damages of any type or nature arising from the suspension of Services under this Article IL G. In the event CLIENT does not renew this Agreement, DIGITECH shall require prepayment for Services to be rendered after DIGITECH'S receipt of CLIENT'S termination notice. III. CONFIDENTIALITY A. DIGITECH acknowledges and agrees that any and all information and material supplied by CLIENT to DIGITECH hereunder shall remain the property of CLIENT. DIGITECH will not make copies of such information or material, except to the extent necessary to perform the Services under this Agreement. DIGITECH, its employees, agents, assigns, subcontractors and successors shall keep strictly confidential all information designated by CLIENT as "confidential." With regard to CLIENT'S Protected Health Information ("PHI"), DIGITECH will perform the Services hereunder in accordance with the HIPAA Business Associate Agreement set forth in Rider B. B. CLIENT acknowledges and agrees that the software, and all other systems related to the provision of Services hereunder, are DIGITECH'S confidential proprietary information, and, except to the extent necessary to comply with law, CLIENT agrees that it will disclose such material only to those of its employees and agents who have a need to know, that it will use such material only in connection with the Services hereunder, and that it will take all reasonable precautions to prevent the disclosure of such confidential information to, or use by, any other party. CLIENT acknowledges and agrees that all software developed by DIGITECH for CLIENT using CLIENT'S specifications, or DIGITECH'S specifications, or a combination of both, will remain DIGITECH'S confidential proprietary property, unless the parties have otherwise agreed in writing. C. CLIENT will not be obligated to provide DIGITECH with any information, which by law or its own policy, may not be provided to DIGITECH. Upon any termination of this Agreement, PHI will be treated as set forth in Rider B. D. Each party agrees that during the term of this Agreement, and for a period of one year thereafter, it shall not hire or retain, as an employee or otherwise, any of the other party's employees, unless the parties have otherwise agreed in writing. Page 2 of 28 IV. TERM, TERMINATION AND RENEWAL A. The initial term ("Initial Term") of this Agreement shall comprise the following: (i) an implementation/training period of thirty (30) days commencing with the date of this Agreement, which period may be extended for good faith reasons upon mutual agreement of the parties, ending with a go - live date, on which claim processing commences ("Go -Live Date"); and (ii) a three (3) year claim processing period commencing with the Go -Live Date. DIGITECH will be entitled to its fees as described in Rider A for all transports conducted from the Go -Live Date through the end of the Initial Term. After the expiration/termination of this Agreement, DIGITECH shall be responsible for continuing to process collections for transports that occurred during the term of this Agreement for a period of up to ninety (90) days after the date of expiration/termination. 13. At the end of the Initial Term, either party shall have the option to renew the agreement for two (2) successive one-year renewal periods unless either party notifies the other party, in writing, at least ninety (90) days before the end of the then current term that it elects to cancel this Agreement. DIGITECH, at its option, may send a renewal notice to CLIENT sixty (60) days prior to the end of the then current term stipulating new pricing for the next renewal period. If CLIENT does not agree to the new pricing within thirty (30) days of the date of the renewal notice, then this Agreement shall be deemed terminated at the end of the then current term. C. Either party inay, upon thirty (30) days written notice identifying specifically the basis for such notice, terminate this agreement for breach of a material term or condition of this Agreement, provided that the party in breach shall not have cured such breach, or taken substantial steps toward curing such breach, within the thirty (30) day period. This paragraph does not apply to nonpayment, which is addressed in paragraph II(D) above. D. After the one year anniversary of the Go -Live Date, either party may terminate this Agreement for convenience at any time during the term of this Agreement by providing the other party ninety (90) days prior written notice. E. Notwithstanding anything to the contrary in this Agreement, either party may immediately terminate this Agreement in the event: 1. The other party becomes insolvent, bankrupt, files a voluntary petition in bankruptcy, makes an assignment for the benefit of creditors, or consents to appointment of a trustee or receiver, or has an involuntary petition of bankruptcy filed against it: or Page 3 of 28 2. the legal authority of the other party to operate its facility or provide services as required hereunder is suspended or terminated; or 3. a party hereto is excluded from participation in any state and/or federal health care program. V. INDEMNITY AND LIABILITY A. To the extent allowed by law, each party shall indemnify, defend and save the other, and its agents, employees and subcontractors ("Indemnified Parties") harmless from (i) any and all claims against the Indemnified Parties of whatever nature, arising from any act, omission, misrepresentation, fraud, violation of any law, breach of confidentiality, breach of Rider B, intellectual property violation, or any willful, wanton, reckless, or grossly negligent act committed by the defaulting party, or its agents, employees and subcontractors, and (ii) any breach, violation or non-performance of any covenant or condition in this Agreement, including nonpayment. This indemnity and hold harmless agreement shall include indemnity from and against any and all liability, fines, suits, demands, arbitration fees, costs and expenses of any kind or nature (including reasonable attorney's fees) incurred in connection with any covered claim or proceeding, including the defense of this Agreement. Notwithstanding the foregoing, the parties liability shall be limited as set forth below in paragraphs V(B) through (H). B. To the extent permitted by law, DIGITECH'S liability shall be limited to amounts paid by DIGITECH' S errors and omissions insurance policy, excluding any applicable deductible or retention under that policy, for which DIGITECH shall remain liable. DIGITECH agrees to maintain no less than $3,000,000 in errors and omissions insurance for the duration of this Agreement. Further, in no event shall either party be liable to the other for any loss in profits, or for any special, incidental, indirect, consequential or other similar damages suffered in whole, or in part, in connection with this Agreement, even if a party or its agents have been advised of the possibility of such damages. Further, in no event shall either party be liable for any delay or failure of performance that is due to causes or conditions beyond that party's reasonable control (this clause does not apply to CLIENT'S payment obligations). C. Both DIGITECH and CLIENT are independent contractors. Neither party, by virtue of this Agreement, assumes any liability for any debts or obligations of either a financial or legal nature incurred by the other party. D. CLIENT specifically agrees that it is solely responsible to repay any overpayments, denials, recoupments and/or offsets, including interest, penalties and other fees, sought, demanded or initiated by any governmental Page 4 of 28 or commercial carrier, payer or insurer in the event it is determined that CLIENT is not entitled to payment for its services rendered, or if any such carrier, payer or insurer determines that CLIENT has been paid any amounts in excess of what is otherwise due and payable under the terms of the applicable governmental or commercial benefit program or insurance policy. In no event will DIGITECH'S liability regarding any such bill or claim exceed the fee paid to DIGITECH to process such item, except this limitation of liability shall not apply to any claims or liability that may arise out of misrepresentation, fraud, or violation of any law, or any willful, wanton, or reckless conduct by DIGITECH. E. DIGITECH will not be liable in the event of a recoupment if DIGITECH is directed by the CLIENT to bill against DIGITECH'S advice and an audit determines that the item/trip should not have been billed. CLIENT will not be entitled to any refund or credit of any fee paid to DIGITECH, and DIGITECH will have no liability whatsoever in the event of such recoupment. F. In the event that an internal or external audit of paid claims determines that there was an overpayment for which DIGITECH collected a fee based on claims given an incorrect level of service and/or inaccurate rates, DIGITECH will issue a credit to CLIENT for an amount equal to the DIGITECH fee earned on the amount overpaid and returned. The credit will be capped at the amount of the fee paid to DIGITECH for each adjusted claim. G. In the event that the CLIENT receives a duplicate payment or overpayment and must refund the payer (e.g., the insurance company paid the same invoice twice, or the insurance company and patient paid the same claim, or two different insurance companies paid the same claim), DIGITECH will give the CLIENT a credit in an amount equal to the portion of DIGITECH'S fee that applies to the duplicate payment or overpayment. H. CLIENT acknowledges that DIGITECH is not a guarantor of collection, and that it shall not be responsible for any uncollected bills. CLIENT may subcontract with any third party collection agency to follow up regarding accounts that DIGITECH deems uncollectible after attempting to collect pursuant to the terms of this Agreement and Rider A. VI. EXCLUSIVITY A. CLIENT agrees that all billing Services outlined herein will be performed by DIGITECH exclusively during the term of this Agreement. Page 5 of 28 VII. COMPLIANCE A. DIGITECH warrants and represents that it maintains adherence to the Office of Inspector General of the Department of Health and Human Services Compliance Program Guidance for billing companies as published in the Federal Register. B. DIGITECH agrees to comply with all applicable federal and state laws, including "anti -kickback," "excessive charges," and other regulations relevant to this Agreement. C. CLIENT represents and warrants that it is not excluded from participation in any state and/or federal health care programs. CLIENT further agrees to notify DIGITECH within five (5) business days of CLIENT'S discovery that it is the subject of any actions, investigations or other proceedings that could lead to its exclusion from any state and/or federal health care programs. D. CLIENT represents and warrants that it is permitted by law to charge a fee and/or otherwise bill and be paid for its services, and that all fees and charges of CLIENT are solely determined by CLIENT, and are consistent with CLIENT'S legal obligations under any local, state and/or federal laws. E. CLIENT represents and warrants that it shall submit only truthful and accurate facts and documentation to DIGITECH for billing purposes. CLIENT is hereby advised that DIGITECH shall rely upon the documentation and factual representations made to it by CLIENT regarding the eligibility of the services rendered for payment according to applicable reimbursement laws, rules or policies. VIII. INSURANCE A. DIGITECH shall maintain, at its expense, at minimum, the following insurance coverage during the term of this Agreement: 1. Comprehensive General Liability. Comprehensive General Liability Insurance, including Premises and Operations, Contractual Liability, Independent Contractor's Liability, and Broad Form Property Damage Liability coverage: a) General Aggregate $2,000,000 Products and Completed Operations $2,000,000 Personal and Advertising $1,000,000 Each Occurrence $2,000,000 Fire Damage any one fire $100,000 Medical Expense any one Person $5,000 Page 6 of 28 2. DIGITECH also shall maintain errors and omissions insurance coverage in an amount not less than $3,000,000. Prior to the execution of this Agreement, DIGITECH shall provide proof of such coverage to CLIENT. 3. The CLIENT, its officers, officials, employees and volunteers are to be covered by DIGITECH's insurance policies as additional insured's with respect to: liability arising out of activities performed by or on behalf of DIGITECH, premises owned, occupied or used by DIGITECH; or automobiles owned, leased, hired or borrowed by DIGITECI-I. The coverage shall contain no special limitations on the scope of protections afforded CLIENT, its officers, officials, employees, or volunteers. 4. DIGITECH shall furnish CLIENT with certificates of insurance, with original endorsements, effecting coverage required by this Agreement. The certificates and endorsements are to be signed by a person authorized by that insurer to bind coverage on its behalf. All certificates and endorsements are to be received and approved by CLIENT before work commences. IX. SALES TAX A. CLIENT agrees to reimburse DIGITECH for any and all sales tax liabilities that may arise as a result of this Agreement. X. NOTICES A. All notices or other communications required or contemplated herein shall be in writing, sent by certified mail return -receipt -requested, overnight delivery, or personal delivery, addressed to the party at the address indicated below, or as same may be changed from time to time by notice similarly given. Notices shall be deemed given three (3) business days after mailing, if by certified mail, the next business day, if by overnight delivery, or, if hand delivered, on the date of such delivery. If to DIGITECH: Mr. Mark Schiowitz President DIGITECH COMPUTER, INC. 555 Pleasantville Road, Ste 110N Briarcliff Manor, NY 10510 Page 7 of 28 If to CLIENT: ,�``' 15 reartgek. / / ) XL MODIFICATION; GOVERNING LAW; ARBITRATION; ENTIRE AGREEMENT; FURTHER ASSURANCES; SEVERABILITY; WAIVER; AUTHORITY; SUCCESSORS AND ASSIGNS A. No provision of this Agreement shall be deemed waived, amended or modified by either party unless such waiver, amendment or modification is in writing and signed by the party against whom enforcement is sought. B. This Agreement shall be governed by the laws of the State of Texas without regard to the principles of conflicts of laws. C. This Agreement, including the attached rider(s) and exhibit(s), contains the entire agreement between the parties relating to this transaction and supersedes all previous understandings and agreements between the parties relating to this subject matter. Each party acknowledges that it has not relied on any representation, warranty, or other assurance made by, or on behalf of, the other party, except as expressly set forth herein. D. From time to time, each party will execute and deliver such further instruments, and will take such other action as the other party may reasonably request, in order to discharge and perform its respective obligations and agreements hereunder. E. Any provision of this Agreement prohibited by applicable law will be ineffective to the extent of such prohibition without invalidating the remaining provisions hereof. F. The failure of either party to require strict performance of any provision will not diminish that party's right thereafter to require strict performance of any provision. G. The signatories below have the authority to sign on behalf of the respective parties. H. This Agreement shall be binding on, and will inure to the benefit of, the parties hereto and their respective successors and assigns. Page 8 of 28 IN WITNESS WHEREOF, the parties hereto have executed this Agreement on the day and year first above written. CITY OF PEARLAND, TEXAS By: Name: i L/ 1 �- f f c\ Title: _ . elA, e1 Date: q Its h -- Page 9 of 28 DIGITECH COMPUTER, INC. By: Name:Rmei< Title: (//7/2— Date: RIDER A CRIPTION OF SERVICES FEES AND CLIENT RESPONSIBIL TIES This ' der a part of the Agreement between DIGITECH and CLIENT dated 0 L BILLING SERVICES A. DIGITECH shall provide the following billing and collection services which are contingent upon CLIENT fulfilling the responsibilities outlined in Rider A, Section X below: 1. DIGITECH shall perform Patient Care Report ("PCR") processing (to be performed within two business days of DIGITECH'S receipt of PCR from CLIENT), including: a) Review client prepared PCR'S for content, level of service and diagnosis; b) Procedure Coding; and c) Eligibility and Insurance Research and Verification. 2. DIGITECH shall perform billing as follows (completed within one business day of PCR processing unless otherwise required or allowed): a) Electronic Invoicing (1) Medicare; (2) Commercial Insurance; and (3) Medicaid (billed weekly). b) Paper Invoicing (1) CMS -1500 for Commercial Insurance; (2) Self -Pay; (3) Facility (where applicable); and (4) CMS -1500 for Medicaid (where applicable). II. COLLECTION SERVICES A. DIGITECH will provide the following collection services covering the following types of providers: 1. Facility a) Mail a maximum of 3 invoices/notices, at 30 day intervals; and b) Make a maximum of 2 follow-up calls. 2. Patient or Self Pay a) Mail a maximum of 3 invoices/notices, at 30 day intervals; b) Make a maximum of 2 follow-up calls; and c) Recommend to CLIENT amounts to be placed in legal proceeding upon the earlier of DIGITECH'S determination that Page 10 of 28 the amount is uncollectible or 120 days from the first invoice date. 3. Insurance a) Mail a maximum of 3 invoices/notices, at 45 day intervals; b) Make a maximum of 3 follow-up calls; and c) File appeals upon notice of denial, where applicable. 4. Medicaid a) Process denials; b) Follow-up on pending claims; and c) Resubmissions. 5. Medicare a) Process denials; b) Follow-up on pending claims; and c) Resubmissions. B. Claims resolution and appeals C. Remittance Posting D. Resubmission of denials, pending and held items E. Interfacing with carriers on behalf of CLIENT F. All payments received by payers for CLIENT shall be deposited into one or more bank accounts controlled by CLIENT, pursuant to CLIENT'S written instructions. G. DIGITECH will interface with CLIENT'S collection agency as follows: 1. Create and download one collection file per month using the industry standard XML collection file format; and 2. In the event CLIENT'S collection agency requires a format that differs from the industry standard XML format or requires more than one file submission per month, DIGITECH reserves the right to charge CLIENT additional fees as necessary. DIGITECH will not commence any such additional work without CLIENT'S approval. Page 11 of 28 III.REPORTING SERVICES A. DIGITECH will grant CLIENT access to its billing services reporting system. Such reporting includes but is not limited to, Master Files, Receivable Tracking, Receivable Reporting, Financial Scorecard and System Reporting. B. DIGITECH shall send to CLIENT, via email, its standard monthly reporting package which shall include: 1. Accounting Reports a) Sales original, sales payer re -class, adjustments, cash and aged accounts receivable (accounts receivable roll forward for general ledger entry); and 2. Transport Reports a) Per Trip Data and Collection Percentages. IV. FEES/BILLING, COLLECTION AND REPORTING SERVICES A. DIGITECH will charge a fee for the Services described above as follows: CLIENT shall pay to DIGITECH a fee equal to 4.95% of monthly EMS billing collections. DIGITECH'S percentage fee for service covers claims with a date of service commencing on the go -live date of the contract. DIGITECH reserves the right to charge a different, fixed price fee for claims with a date of service prior to the agreed upon go -live date. DIGITECH shall provide one interface from DIGITECH'S EMS billing software to CLIENT'S existing ePCR vendor ImageTrend, Inc. at no charge to CLIENT. Pricing is based on the accuracy of the transport and billing data provided by the CLIENT during the RFP process. Should the data provided to us prove to be in error, we reserve the right to exit the contract, provided DIGITCH gives CLIENT a 45 day notice of termination. Note: DIGITECH'S fee does not include the processing of claims in which the CLIENT has a contractual obligation to transport and not bill, such as financial hardship cases and prisoner transports. In addition, DIGITECH'S fee does not cover non -ambulance transports such as ambulette, wheelchair, and medivan transports. See Rider A, Section VII — Fees/Other below. Page 12 of 28 B. The fees are invoiced monthly approximately ten (10) days after the end of each month. C. The DIGITECH fees do not cover costs or additional fees associated with the placement of delinquent accounts with a third party collection agency. Any fees earned by third partly collection agencies from the collection or settlement of past due accounts placed with such agency shall be the responsibility of the CLIENT. V. FEES/TRAINING A. CLIENT training shall be billed at a rate of $125 per hour, per trainer, whether done in person or remotely via telephone or the Internet. Training includes menu navigation, report generation, claim input processing, and claim scanning. B. DIGITECH shall grant CLIENT an initial one (1) time training allotment of ten (10) hours. The initial training allotment shall expire three (3) months after the date of this Agreement. C. DIGITECH may require a work order prior to the provision of such services. VI. FEES/PROGRAMMING A. Time requested for special projects, including but not limited to, custom software development, non-standard report creation, data conversions and platform work will be billed at DIGITECH'S current hourly rate of $200 per hour, per programmer, B. DIGITECH may require a work order prior to the provision of such services. VII. FEES/OTHER A. Fees for the processing and/or collection of claims not covered by this Agreement shall be negotiated on a case-by-case basis. Such claims may include, but are not limited to, claims with dates of service not covered by this Agreement, non -ambulance claims, and non -billable claims. B. Time expended by DIGITECH, on behalf of CLIENT, to cover services not covered by this Agreement or tasks that fall under the responsibility of the CLIENT shall be billed at a rate of $50 per hour, per clerk. Such services include, but are not limited to, data entry, scanning and call taking/input. Page 13 of 28 C. DIGITECH may require a work order prior to the provision of such services. VIII.FEES/ePCR SOFTWARE & HARDWARE, ePCR DOCUMENTATION TRAINING AND BANK LOCKBOX SERVICES A. ImageTrend ePCR Software Fee 1. CLIENT agrees to pay DIGITECH an ImageTrend ePCR software fee of approximately $2,075 per month. Such fee shall be invoiced as a separate line item and will be calculated using the actual number of runs, as reported on the ImageTrend invoice, times $4.15 per run. Example: 500 runs per month @ $4.15 per run would yield a monthly fee of $2,075. B. ePCR Documentation Training 1. Digitech will enlist the professional services of Page, Wolfberg & Wirth, LLC, one of the top law firms in the country for EMS billing related issues, to travel to your site for an extensive ePCR documentation training session for your field personnel. This hands-on session is designed to improve your medics' field documentation through training and education. 2. The cost of this service is included in DIGITECH'S 4.95% fee. C. Bank Lockbox Services 1. All fees and charges associated with the establishment and maintenance of a lockbox are included in DIGITECH'S 4.95% fee. IX. REIMBURSABLE EXPENSES CLIENT will reimburse DIGITECH for travel expenses (at cost). X. CLIENT RESPONSIBILITIES A. CLIENT agrees to provide DIGITECH all information required to perform the Services. Furthermore, CLIENT agrees to deliver said information in one of the following two ways: 1. Standard Data Entry Protocol CLIENT agrees to enter all transport data into the DIGITECH system within one (1) business day of transport. Such information includes, but is not limited to: Page 14 of 28 a) Client Information; b) Date of Service; c) Level of Service; d) Transport "From" Address; e) Transport "To" Address; and f) Other Transport Information, as needed. CLIENT shall scan PCRs into the DIGITECH system within one (1) business day of transport. CLIENT shall scan into the DIGITECH system all other required paperwork, including but not limited to, Medicare Assignment of Benefits Signature and Physicians Certification Statement ("PCS") forms for repetitive and non -repetitive transports, where applicable. CLIENT shall procure scanner(s) in order to scan PCR'S and other required forms as stated above into DIGITECH'S system. 2. Automated Field Data Collection CLIENT shall: a) Provide file layout of field data collection data file with field mappings; b) Provide sample of field data collection file; c) Provide a daily file of previous days' calls so that DIGITECH can download file onto DIGITECH'S servers and/or import data into the DIGITECH billing system; d) Pay all third party vendor fees incurred to purchase, support, integrate and maintain the CLIENT'S field data collection system; and e) Provide a daily, weekly or monthly (depending on call volume) report of all billable transports to DIGITECH for reconciliation purposes. B. CLIENT agrees to provide copies of all remittances or electronic remittance files necessary for posting by DIGITECH within four (4) business days of receipt of remittance(s). DIGITECH requires the original, unaltered or "raw" electronic payer file that is produced by the payer. DIGITECH will not accept files which have been modified by any non -payer party. DIGITECH will not accept paper remittances in lieu of electronic remittances. CLIENT agrees to pay charges incurred to convert a payer file back to its original, unaltered or "raw" state. C. In cases where DIGITECH has verified payment, but CLIENT cannot provide remittance advice, DIGITECH will provide such listing to CLIENT and Page 15 of 28 CLIENT agrees to allow DIGITECH to apply such payments. CLIENT agrees that the application of such payments by DIGITECH will entitle DIGITECH to earn the fees described in Rider A, Section IV above. D. CLIENT agrees to establish and maintain a broadband or high speed Internet connection, with static IP address, from its place of business to the Internet. E. CLIENT agrees to complete and submit all Registration/Change of Information Applications with the insurance processors, including, but not limited to Medicare, Medicaid and Blue Cross Blue Shield. DIGITECH shall confirm receipt of applications and continue follow-up with insurance processors until final approval where possible. DIGITECH will inform CLIENT if the CLIENT'S intervention is required by processor. F. CLIENT agrees to authorize DIGITECH to execute and submit all Registration/Change of Information Applications with the insurance processors, including, but not limited to Medicare, Medicaid and Blue Cross Blue Shield, where necessary. G. CLIENT agrees to pay for any enrollment or revalidation fees imposed by payers. H. Where applicable, CLIENT agrees to flag non -billable claims prior to submission to DIGITECH for procedure coding. XI. TRANSITION A. In the event either party terminates under the provisions described in Agreement Section IV — Term, Termination and Renewal, DIGITECH and CLIENT agree to the following: 1. DIGITECH will cease all processing including the collection services described in Rider A, Section II above, ninety (90) days from the last transport date covered by this Agreement. 2. CLIENT will provide DIGITECH with remittance advice or cash receipt data for a period of at least one hundred twenty (120) days from the last transport date covered by this Agreement. 3. Subsequent to termination, for a period not to exceed one hundred twenty (120) days, DIGITECH will provide client access to data as follows: a) PDF copy of AR detail report through last date of service under contract at (no charge); and Page 16 of 28 b) Electronic access to the existing Ambulance Commander System for a fee to be determined. 4. Provide open accounts receivable detail in XML file format including record layout within five (5) business days of cessation of collection services. IN WITNESS WHEREOF, the parties hereto have executed this Rider on the day and year first above written on the Agreement. CITY OF PEARLAND, TEXAS By: fi Name: .631 s� Title: ( Az noec- Date: DIGITECH COMPUTER, INC. s Name: 0rC4110 . Title: ., 4/1:' f-cro Date: e7/2— Page 17 of 28 BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE ADDENDUM ("Addendum"), is made and entered into by and between the CITY OF PEARLAND, TEXAS ("Covered Entity") and DIGITECH COMPUTER INC. ("Business Associate"). This Addendum shall form a part of all agreements and other engagements as are currently in effect between the parties under which Protected Health Information ("PHI") (as defined in Article 1 of this Addendum) is provided, created or received by Business Associate from or on behalf of Covered Entity (collectively, the "Agreement"), and shall supersede and replace any business associate agreement or amendment previously entered into between Covered Entity and Business Associate in accordance with the requirements of HIPAA (as defined below) and/or the HITECH Act (as defined below). This Addendum is effective as of the effective date of the Agreement (the "Effective Date"). RECITALS WHEREAS, in connection with the performance of their respective obligations under the terms of the Agreement, Covered Entity may disclose certain information to Business Associate, and Business Associate may use and/or disclose certain information, some of which may constitute PHI; and WHEREAS, Covered Entity and Business Associate intend to protect the privacy and provide for the security of PHI disclosed to, or created, utilized or disclosed by, Business Associate pursuant to the Agreement in compliance with the Health Insurance Portability and Accountability Act of 1996, and its implementing regulations and guidance issued by the Secretary of the U.S. Department of Health and Human Services (the "Secretary"), all as amended from time to time ("HIPAA"), as well as the requirements of the Health Information Technology for Economic and Clinical Health Act, as incorporated in the American Recovery and Reinvestment Act of 2009, and its implementing regulations and guidance issued by the Secretary, all as amended from time to time (the "HITECH Act"), and other applicable laws; NOW, THEREFORE, in consideration of the mutual agreements herein contained and for other good and valuable consideration, the receipt and adequacy of which are hereby acknowledged, the parties do hereby agree as follows: Article 1: Defmitions 1.1 Definitions. For the purposes of this Addendum, the following defined terms shall have the following definitions. All capitalized terms used in this Addendum but not otherwise defined herein shall have the meaning given in HIPAA or the HITECH Act, as applicable. (a) "Breach" shall have the meaning given to such term under HIPAA and the HITECH Act, including, but not limited to, at § 13400(1) of the HITECH Act and 45 CFR § 164.402. The term "Breach" shall also refer Page 18 of 28 to any actual or suspected acquisition, access, use or disclosure of data in violation of any applicable federal or state law. (b) "Data Aggregation" shall have the meaning given to such term under the Privacy Standards (as defined below), including, but not limited to, at 45 CFR § 164.501. (c) "Designated Record Set" shall have the meaning given to such term under the Privacy Standards, including, but not limited to, at 45 CFR § 164.501. (d) "Health Care Operations" shall have the meaning given to such term under the Privacy Standards, including, but not limited to, at 45 CFR § 164.501. (e) "Limited Data Set" shall have the meaning given to such term under the Privacy Standards, including, but not limited to, at 45 CFR § 164.514. (0 "Privacy Standards" shall mean the HIPAA Privacy Rule and HIPAA Security Rule codified at 45 CFR Parts 160, 162 and 164. (g) "Protected Health Information" or "P111" shall have the meaning given to such term under HIPAA, the HITECH Act, and the Privacy Standards, including, but not limited to, at 45 CFR § 160.103. (h) "Unsecured Protected Health Information' shall have the meaning given to such term under HIPAA and the HITECI-I Act, including, but not limited to, at § 13402(h) of the HITECH Act and 45 CFR § 164.402. Article 2: Duties of Business Associate 2.1 Com fiance with Privacy Provisions. Business Associate shall only use and disclose PHI in performance of its obligations under the Agreement and as permitted or required by law. Business Associate agrees to be in compliance with each applicable requirement of 45 CFR § 164.504(e) and all requirements of the HITECH Act related to privacy and applicable as if Business Associate were a "covered entity," as such term is defined in HIPAA. 2.2 Compliance with Security Provisions. Business Associate shall: (a) implement and maintain administrative safeguards as required by 45 CFR § 164.308, physical safeguards as required by 45 CFR § 164.310 and technical safeguards as required by 45 CFR § 164.312; (b) implement and document reasonable and appropriate policies and procedures as required by 45 CFR § 164.316; (c) use its best efforts to implement and maintain technologies and methodologies that render PHI unusable, unreadable or indecipherable to unauthorized individuals as specified in the HITECH Act; and (d) be in compliance with all requirements of Page 19 of 28 the HITECH Act related to security and applicable as if Business Associate were a "covered entity," as such term is defined in HIPAA. 2.3 Breach of Unsecured PHI. (a) With respect to any suspected or actual unauthorized acquisition, access, use or disclosure ("Acquisition") of Covered Entity's PHI by Business Associate, its agents or subcontractors, and/or any Acquisition of data in violation of any applicable federal or state law, Business Associate shall (i) investigate such Acquisition; (ii) determine whether such Acquisition constitutes a reportable Breach under HIPAA, the HITECH Act, and/or applicable federal or state law ; (iii) document and retain its findings under clauses (i) and (ii); and (iv) take any action pertaining to such Acquisition required by applicable federal or state law. (b) If Business Associate discovers that a Breach has occurred, Business Associate shall notify Covered Entity in writing without unreasonable delay and in no case later than two (2) days after discovery of the Breach. Business Associate's written notice shall include all available information required by 45 CFR § 164.410 and other applicable law. Business Associate's written report shall be promptly supplemented with any new or additional information. Business Associate agrees to cooperate with Covered Entity in meeting Covered Entity's obligations under the HITECH Act and other applicable law with respect to such Breach. Covered Entity shall have sole control over the timing and method of providing notification of such Breach to the affected individual(s) or others as required by the HITECH Act and other applicable law. To the extent the Breach was caused by Business Associate or its agents, Business Associate shall reimburse Covered Entity for its reasonable costs and expenses in providing the notification(s), including, but not limited to, any administrative costs associated with providing notice, printing and mailing costs, and costs of mitigating the harm (which may include the costs of obtaining credit monitoring services and identity theft insurance for a period not to exceed one year) for affected individuals whose PHI has or may have been compromised as a result of the Breach. In order to be reimbursed by Business Associate, Covered Entity must provide to Business Associate a written accounting of Covered Entity's actual costs and, to the extent applicable, copies of receipts or bills with respect thereto, 2.4 Permitted Uses of PM. Satisfactory performance of its obligations under the Agreement by Business Associate may require Business Associate to receive or use PHI obtained from Covered Entity, or created or received by Business Associate on behalf of Covered Entity; provided, however, that Business Associate shall not use PHI other than for the purpose of performing Business Associate's obligations under the Agreement (including this Addendum), as permitted or required under the Agreement (including this Addendum), or as Page 20 of 28 required by law. Business Associate shall not use PHI in any manner that would constitute a violation of the Privacy Standards if so used by Covered Entity. 2.5 Permitted Disclosures of PHI. Business Associate shall not disclose PHI other than for the purpose of performing Business Associate's obligations under the Agreement (including this Addendum), as permitted or required under the Agreement (including this Addendum), or as required by law. Business Associate shall not disclose PHI in any manner that would constitute a violation of the Privacy Standards if so disclosed by Covered Entity. To the extent that Business Associate discloses PHI to a third party in carrying out its obligations under the Agreement, Business Associate must obtain, prior to making any such disclosure, (i) reasonable assurances from such third party that such PHI will be held confidential as provided pursuant to this Addendum and only disclosed as required by law or for the purposes for which it was disclosed to such third party, and (ii) an agreement from such third party to immediately notify Business Associate of any breaches of confidentiality of the PHI, to the extent the third party has obtained knowledge of such breach. 2.6 Minimum Necessary. Business Associate shall only request, use and disclose PHI to the Limited Data Set, or, if needed, to the minimum necessary to accomplish the intended use, disclosure or request, respectively. Effective on the date the Secretary issues guidance on what constitutes "minimum necessary" for purposes of HIPAA, Business Associate shall limit its use, disclosure or request of PHI to only the minimum necessary as set forth in such guidance. 2.7 Retention of PHI. Unless otherwise specified in the Agreement, Business Associate shall maintain and retain PHI for the term of the Agreement, and make such PHI available to Covered Entity as set forth in this Addendum. 2.8 Safeguarding PHI. Business Associate shall use appropriate safeguards to prevent the use or disclosure of PHI other than as permitted by the Agreement and this Addendum. Business Associate will appropriately safeguard electronic PHI in accordance with the standards specified at 45 CFR § 164.314(a). In particular, Business Associate will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of electronic PHI that it creates, receives, maintains or transmits on behalf of Business Associate. 2.9 Agents and Subcontractors. Business Associate shall ensure that any agents (including subcontractors) of Business Associate to whom Business Associate provides PHI received from Covered Entity, or PHI created or received by Business Associate on behalf of Covered Entity, agree in writing to the same restrictions and conditions that apply to Business Associate with respect to such PHI, including the requirement to implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of PHI. Business Associate shall implement appropriate Page 21 of 28 sanctions against agents and subcontractors that violate such restrictions and conditions, including termination of the agency or subcontractor relationship, if feasible, and shall mitigate the effects of any such violations. 2.10 Reporting of Security Incidents. Business Associate shall report in writing to Covered Entity any Security Incident as soon as possible after Business Associate becomes aware of such an incident but in no case later than (2) days after the date on which Business Associate becomes aware of any such incident. Business Associate shall take (i) prompt corrective action to cure any deficiencies that caused the security incident or unauthorized use or disclosure, and (ii) any corrective action required by applicable federal and state law. 2.11 Access to Information. Within five (5) days of Covered Entity's request, Business Associate shall provide Covered Entity with access to Covered Entity's PHI maintained by Business Associate or its agents or subcontractors in Designated Record Sets to enable Covered Entity to fulfill its obligations under the Privacy Standards, including, but not limited to, 45 CFR § 164.524. 2.12 Availability of PHI for Amendment. The parties acknowledge that the Privacy Standards permit an individual who is the subject of PHI to request certain amendments of their records. Upon Covered Entity's request for an amendment of PHI or a record about an individual contained in a Designated Record Set, but not later than five (5) days after receipt of such request, Business Associate and its agents or subcontractors shall make such PHI available to Covered Entity for amendment and incorporate any such amendment to enable Covered Entity to fulfill its obligations under the Privacy Standards, including, but not limited to, 45 CFR § 164.526. If any individual requests an amendment of PHI directly from Business Associate or its agents or subcontractors, Business Associate must notify Covered Entity in writing within five (5) days of the request. Covered Entity has the sole authority to deny a request for amendment of PHI received or created under the terms of the Agreement and maintained by Business Associate or its agents or subcontractors. 2.13 Accounting of Disclosures. Upon Covered Entity's request, Business Associate, its agents and subcontractors shall make available the information required to provide an accounting of disclosures to enable Covered Entity to fulfill its obligations under the Privacy Standards, including, but not limited to, 45 CFR § 164.528. For this purpose, Business Associate shall retain a record of disclosure of PHI for at least six (6) years from the date of disclosure. Business Associate agrees to implement a process that allows for an accounting to be collected and maintained by Business Associate and its agents or subcontractors for at least six (6) years prior to the request, but not before the effective date of the Agreement. At a minimum, such information shall include: (1) the date of disclosure; (ii) the name of the entity or person who received PHI and, if known, the address of the entity or person; (iii) a brief description of PHI disclosed; and (iv) a brief statement of the purpose of the disclosure that reasonably informs the individual Page 22 of 28 of the basis for the disclosure, or a copy of the individual's authorization, or a copy of the written request for disclosure. Where a request for an accounting is delivered directly to Business Associate or its agents or subcontractors, Business Associate shall within five (5) days of a request forward it to Covered Entity in writing. It shall be Covered Entity's responsibility to prepare and deliver any such reply to the requested accounting. 2.14 A reement to Restriction on Disclosure. If Covered Entity is required to comply with a restriction on the disclosure of PHI pursuant to § 13405 of the HITECH Act, then Covered Entity shall provide written notice to Business Associate of the name of the individual requesting the restriction and the PHI affected thereby. Business Associate shall, upon receipt of such notification, not disclose the identified PHI to any health plan for the purposes of carrying out Payment or Health Care Operations, except as otherwise required by law. 2.15 Accounting of Disclosures of Electronic Health Records "EHR"). If Business Associate is deemed to use or maintain an EHR on behalf of Covered Entity, then Business Associate shall maintain an accounting of any disclosures made through an EHR for Treatment, Payment and Health Care Operations, as applicable. Such accounting shall comply with the requirements of the HITECH Act. Upon request by Covered Entity, Business Associate shall provide such accounting to Covered Entity in the time and manner specified by the HITECH Act. Alternatively, if Covered Entity responds to an individual's request for an accounting of disclosures made through an EHR by providing the requesting individual with a list of all business associates acting on behalf of Covered Entity, then Business Associate shall provide such accounting directly to the requesting individual in the time and manner specified by the HITECH Act. 116 Access to Electronic Health Records. If Business Associate is deemed to use or maintain an EHR on behalf of Covered Entity with respect to PHI, then, to the extent an individual has the right to request a copy of the PHI maintained in such EHR pursuant to 45 CFR § 164.524 and makes such a request to Business Associate, Business Associate shall provide such individual with a copy of the PHI in the EIIR in an electronic format and, if the individual so chooses, transmit such copy directly to an entity or person designated by the individual. Business Associate may charge a fee, not to exceed Contractor's labor costs to respond, to the individual for providing the copy of the PHI. The provisions of 45 CFR § 164.524, including the exceptions to the requirement to provide a copy of PHI, shall otherwise apply and Business Associate shall comply therewith as if Business Associate were Covered Entity. At Covered Entity's request, Business Associate shall provide Covered Entity with a copy of an individual's PHI maintained in an EHR in an electronic format and in a time and manner designated by Covered Entity in order for Covered Entity to comply with 45 CFR § 164.524, as amended by the HITECH Act. Page 23 of 28 2.17 Remuneration for PHI. Business Associate agrees that it shall not, directly or indirectly, receive remuneration in exchange for any PHI of Covered Entity except as otherwise permitted by the HITECH Act. 2.18 Limitations on Use of PHI for Marketing Purposes. Business Associate shall not use or disclose PHI for the purpose of making a communication about a product or service that encourages recipients of the communication to purchase or use the product or service, unless such communication: (a) complies with the requirements of subparagraph (i), (ii) or (iii) of paragraph (1) of the definition of marketing contained in 45 CFR § 164.501, and (b) complies with the requirements of subparagraphs (A), (B) or (C) of § 13406(a)(2) of the HITECH Act. Covered Entity shall cooperate with Business Associate to determine if the foregoing requirements are met with respect to any such marketing communication. 2.19 Governmental Access to Books and Records. For purposes of determining Covered Entity's compliance with the Privacy Standards, Business Associate agrees to make available to the Secretary its internal practices, books, and records relating to the use and disclosure of PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. 2.20 Data Ownership. Business Associate acknowledges that Business Associate has no ownership rights with respect to the PHI. 2.21 Insurance. Business Associate shall maintain commercial general liability insurance, with commercially reasonable liability limits, that includes coverage for damage to persons or property arising from any breach of the terms of this Addendum. 2.22 Audits, Inspection and Enforcement. Within ten (10) days of a written request by Covered Entity, Business Associate and its agents or subcontractors shall allow Covered Entity to conduct a reasonable inspection of the facilities, systems, books, records, agreements, policies and procedures relating to the use or disclosure of PHI pursuant to this Addendum for the purpose of determining whether Business Associate has complied with this Addendum; provided, however, that (i) Business Associate and Covered Entity shall mutually agree in advance upon the scope, timing and location of such an inspection; (ii) Covered Entity shall protect the confidentiality of all confidential and proprietary information of Business Associate to which Covered Entity has access during the course of such inspection; and (iii) Covered Entity shall execute a nondisclosure agreement, upon terms mutually agreed upon by the parties, if requested by Business Associate. Covered Entity and its authorized agents or contractors, may, at Covered Entity's expense, examine Business Associate's facilities, systems, procedures and records as may be necessary for such agents or contractors to certify to Covered Entity the extent to which Business Associate's security safeguards comply with HIPAA, the HITECH Act or this Addendum, to the Page 24 of 28 extent that Covered Entity determines that such examination is necessary to comply with Covered Entity's legal obligations pursuant to HIPAA or the HITECH Act relating to certification of its security practices. The fact that Covered Entity inspects, or fails to inspect, or has the right to inspect, Business Associate's facilities, systems, books, records, agreements, policies and procedures does not relieve Business Associate of its responsibility to comply with this Addendum, nor does Covered Entity's (i) failure to detect or (ii) detection, but failure to notify Business Associate or require Business Associate's remediation of any unsatisfactory practices, constitute acceptance of such practices or a waiver of Covered Entity's enforcement rights under the Agreement or this Addendum. 2.23 Return of PHI at Termination. Upon termination of the Agreement, Business Associate shall, where feasible, destroy or return to Covered Entity all PHI received from Covered Entity, or created or received by Business Associate or its agents or subcontractors on behalf of Covered Entity. Where return or destruction is not feasible, the duties of Business Associate under this Addendum shall be extended to protect the PHI retained by Business Associate, Business Associate agrees not to further use or disclose information for which the return or destruction is infeasible. Business Associate shall certify in writing the destruction of the PHI and to the continued protection of PHI that is not feasible to destroy. 2.24 Retention of PHI. Business Associate and its contractors or agents shall retain communications and documents required to be maintained by HIPAA for six (6) years after termination of the Agreement. Article 3: Duties of Covered Entity 3.1 Using Annropriate SafeEuards. Covered Entity shall be responsible for using appropriate safeguards to maintain and ensure the confidentiality, privacy and security of PHI transmitted to Business Associate pursuant to the Agreement, in accordance with the standards and requirements of the Privacy Standards, until such PHI is received by Business Associate. Article 4: Term and Termination 4.1 Term. The provisions of this Addendum shall become effective on the Effective Date and shall continue in effect until all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity,, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy the PHI, protections are extended to such information in accordance with the termination provisions in Section 4.2 of this Addendum. 4.2 Termination by Covered EntO. (a) A breach by Business Associate of any material provision of this Page 25 of 28 Addendum, as determined by Covered Entity, shall constitute a material breach of the Agreement and shall provide grounds for immediate termination of the Agreement by Covered Entity. (b) If Covered Entity knows of a pattern of activity or practice of Business Associate that constitutes a material breach or violation of Business Associate's obligations under the provisions of this Addendum or another arrangement and does not terminate the Agreement pursuant to Section 4.2(a) of this Addendum, then Business Associate shall take reasonable steps to cure such breach or end such violation, as applicable. If Business Associate's efforts to cure such breach or end such violation are unsuccessful, Covered Entity shall either (i) terminate the Agreement, if feasible or (ii) if termination of the Agreement is not feasible, Covered Entity shall report Business Associate's breach or violation to the Secretary. 4.3 Termination b Business Associate. If Business Associate knows of a pattern of activity or practice of Covered Entity that constitutes a material breach or violation of Covered Entity's obligations under the Agreement or this Addendwn, then Business Associate shall immediately notify Covered Entity. With respect to such breach or violation, Business Associate shall (i) take reasonable steps to cure such breach or end such violation, if possible; or (ii) if such steps are either not possible or are unsuccessful, upon written notice to Covered Entity, terminate the Agreement; or (iii) if such termination is not feasible, report Covered Entity's breach or violation to the Secretary. 4.4 Termination jiy Either Party. Either party may terminate the Agreement, effective immediately, if (i) the other party is named as a defendant in a criminal proceeding for a violation of HIPAA, the HITECH Act or other security or privacy laws, or (ii) a finding or stipulation that the other party has violated any standard or requirement of HIPAA, the HITECH Act or other security or privacy laws is made in any administrative or civil proceeding in which the party has been j oined. Article 5: Miscellaneous 5.1 Acknowledgment. Business Associate recognizes and agrees that it is obligated by law to comply with the applicable provisions of the HITECH Act. 5.2 Chane in Law. The parties agree to promptly enter into negotiations concerning the terms of the Agreement (including this Addendum), and to negotiate in good faith, if, in either party's business judgment, modification of the Agreement (including this Addendum) becomes necessary due to legislative, regulatory, or judicial developments regarding HIPAA or the HITECH Act. Covered Entity may terminate the Agreement upon thirty (30) days written notice in the event (i) Business Associate does not promptly enter into negotiations to amend the Agreement when requested by Covered Entity pursuant to this § 5.2, or (ii) Page 26 of 28 Business Associate does not enter into an amendment to the Agreement providing assurances regarding the safeguarding of PHI that Covered Entity, in its sole discretion, deems sufficient to satisfy the standards and requirements of HIPAA and the HITECH Act. 5.3 Disclaimer. Covered Entity makes no warranty or representation that compliance by Business Associate with HIPAA, the HITECH Act or this Addendum will be adequate or satisfactory for Business Associate's own purposes. Business Associate is solely responsible for all decisions made by Business Associate regarding the safeguarding of PHI. 5.4 Assistance in Litigation or Administrative ProceedinOs. Business Associate shall make itself, and any subcontractors, employees or agents assisting Business Associate in the performance of its obligations under the Agreement or this Addendum, available to Covered Entity, at no cost to Covered Entity, to testify as witness, or otherwise, in the event of litigation or administrative proceedings being commenced against Covered Entity, its members/shareholders, managers/directors, officers or employees based upon a claimed violation of HIPAA or the HITECH Act or other laws relating to security and privacy, except where Business Associate, or its subcontractor, employee or agent is a named adverse party. 5.5 No Third -Party Beneficiaries. Nothing express or implied in this Addendum is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity, Business Associate and their respective successors or assigns, any rights, remedies, obligations or liabilities whatsoever. 5.6 Interpretation. Section titles in this Addendum are for convenience only, and shall not be used in interpreting this Addendum. Any ambiguity in this Addendum shall be resolved to permit the parties to comply with the requirements of HIPAA and the HITECH Act. In the event of conflict between the Agreement and this Addendum, the provisions of this Addendum shall prevail. Any reference in this Addendum to a section in the Standards for Privacy of Individually Identifiable Health Information at 45 CFR part 160 and part 164, subparts A and E, the Security Standards for the Protection of Electronic Protected Health Information at 45 CFR part 164, subpart C, or the HITECH Act means the section as in effect or as amended. SIGNATURES ON FOLLOWING PAGE Page 27 of 28 IN WITNESS WHEREOF, the parties hereto have executed this Rider on the day and year first above written on the Agreement. CITY OF PEARLAND, TEXAS (Covered Entity) Bv� Name:__11:j (rL; Se1 Title: ., c} .V A. Date: f r 2 DIGITECH COMPUTER, INC. (Business Associate) By: Name: Oie,,e- %km/ '124-'2?-- Title: V2Title: --'11b 1-:' 7—Cg) Date: WO2' Page 28 of 28