The URL can be used to link to this page

R2017-244 2017-11-27RESOLUTION NO. R2017-244 A Resolution of the City Council of the City of Pearland, Texas, awarding a bid for EMS billing services to EMS Management & Consultants at the rate of 3.9% of net collections (plus an approximate $1,496 per month for ePCR software fee) for a three (3) year term. BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF PEARLAND, TEXAS: Section 1. That the City recently opened bids for EMS billing services, and such bids have been reviewed and tabulated. Section 2. That the City Council hereby awards the bid to EMS Management & Consultants, in the estimated amounts reflected in Exhibit "A" attached hereto. Section 3. The City Manager or his designee is hereby authorized to execute a contract for EMS billing services. PASSED, APPROVED and ADOPTED this the 27th day of November, A.D., 2017. ATTEST: APPROVED AS TO FORM: DARRIN M. COKER CITY ATTORNEY TOM REID MAYOR LU ',��I Dill......" ExhibitA Resolution No. R2017-244 Exhibit "A" BILLING SERVICES AGREEMENT THIS BILLING SERVICES AGREEMENT (hereinafter "Agreement"), is entered into this 27th day of November 2017 between EMS MANAGEMENT & CONSULTANTS, INC. (hereinafter "EMSIMC") and CITY OF PEARLAND, TEXAS (hereinafter "Client"). WITNESSETH: WHEREAS, EMSIMC is an ambulance billing service company with experience in providing medical billing and collection services to medical transport providers, including fire and rescue and emergency medical service (EMS) providers; and WHEREAS, Client is normally engaged in the business of providing emergency medical services, and billable medical transportation services; and WHEREAS, Client wishes to retain EMSIMC to provide medical billing, collection and related services as set forth in this Agreement. NOW, THEREFORE, in consideration of the mutual agreements described below and other good and valuable consideration, the receipt and sufficiency of which are acknowledged, the parties agree as follows: 1. ENGAGEMENT. a. During the term of this Agreement, EMSIMC shall provide routine billing, bill processing and fee collection services reasonably required and customary for service providers of similar size and situation to Client (the "Revenue Cycle Management Services" or "RCM Services"). The RCM Services shall include: (1) preparing and submitting initial and secondary claims and bills for Client to insurers and others responsible for payment; (2) performing reasonable and diligent routine collection efforts to secure payments from primary and secondary payers and patients or other entities, (as EMSIMC, in its sole discretion deems appropriate); (3) issuing up to three patient statements for all unpaid balances; and (4) referring accounts which have not been collected during EMSIMC normal billing cycle to an outside collection agency if so directed by Client. b. EMSIMC shall also provide to Client software in accordance with Exhibit A (the "Software"). 32473561 c. Collectively, the RCM Services, the Software and any other services that EMSIMC provides to Client shall be referred to as the 'Services'. 2. EMSIMC Responsibilities. a. EMSIMC will provide the RCM Services in material compliance with all applicable state and federal laws and regulations. b. EMSIMC will submit all "Completed Claims" to the applicable third -party payer. A "Completed Claim" is a claim for emergency medical services and billable medical transportation services that (i) is received by EMSIMC and supported by an ePCR record that contains all necessary and accurate information; (ii) has been reviewed and any identified issues sent to Client for remediation have been rectified; (iii) is for a patient encounter that has been electronically signed off by Client in the ePCR; (iv) has been reviewed by Client and deemed ready for billing; and (v) is not subject to a billing hold. EMSIMC will not have any responsibility for any adverse impact to Client that may result from any delay of Client in completing claims. c. Accounts with outstanding balances after the insurance and/or third party payer has determined benefits due will be billed by EMSIMC to the patient. EMSIMC will send up to three patient statements to the patient or responsible party, except as to those accounts on which an insurance carrier or third -party payer has accepted responsibility to pay. Once Client has submitted all necessary information, EMSIMC will bill all uninsured patients directly. d. Within ten (10) business days of the last business day of the month, EMSIMC will provide to Client a month end report, which shall include an account analysis report, aging report and accounts receivables reconciliation report for the previous month. Deposit reports will be provided daily. e. During the term of this Agreement, EMSIMC shall maintain, provide appropriate storage and data back-up for all billing records pertaining to the RCM Services provided by EMSIMC hereunder. Upon at least five (5) business days' prior written notice, EMSIMC shall make such records accessible to Client during EMSIMC business hours. Upon termination of this Agreement, trip data pertaining to the RCM Services shall be returned to Client. Notwithstanding anything to the contrary herein, Client acknowledges and agrees that EMSIMC is not a custodian of clinical records nor a clinical records repository. Client is responsible for maintaining all clinical records in accordance with Section 3(d). f. EMSIMC shall notify Client of (i) all patient complaints about clinical services within five (5) business days of receipt; (Q) all patient complaints about billing within ten 2 32473561 (10) business days of receipt; and (iii) all notices of audit, requests for medical records or other contacts or inquiries out of the normal course of business from representatives of Medicare, Medicaid or private payers with which Client contracts or any law enforcement or government agency ("Payer Inquiries") within ten (10) business days of receipt, unless such agency prohibits EMSIMC from disclosing its inquiry to Client. g. EMSIMC will reasonably assist Client in responding to Payer Inquiries which occur in the normal course of Client's business and arise from EMSIMC's provision of the Services. If EMSIMC, in its sole discretion, determines that (i) Client is excessively utilizing EMSIMC's assistance in responding to Payer Inquiries, (ii) a Payer Inquiry is outside the normal course of Client's business; or (iii) a Payer Inquiry does not arise from the Services provided by EMSIMC, EMSIMC may charge Client, and Client shall pay, for any assistance provided by EMSIMC at EMSIMC's then current hourly rates. h. EMSIMC is appointed as the agent of Client under this Agreement solely for the express purposes of this Agreement relating to billing and receiving payments and mail, receiving and storing documents, and communicating with hospitals and other entities to facilitate its duties. EMSIMC will have no authority to pledge credit, contract, or otherwise act on behalf of Client except as expressly set forth herein. i. As to all payments received from Medicare, Medicaid and other government funded programs, the parties specifically acknowledge that EMSIMC will only prepare claims for Client and will not negotiate checks payable or divert electronic fund transfers to Client from Medicare, Medicaid or any other government funded program. All Medicare, Medicaid and any other government funded program payments, including all electronic fund transfers, will be deposited directly into a bank account designated by Client to receive such payments and as to such account only Client, through its officers and directors, shall have access. j. The Services provided by EMSIMC to Client under this Agreement are conditioned on Client's fulfillment of the responsibilities set forth in this Agreement. k. EMSIMC shall have no responsibility to provide any of the following services: i. Determining the accuracy or truthfulness of documentation and information provided by Client; ii. Providing services outside the EMSIMC billing system; iii. Submitting any claim that EMSIMC believes to be inaccurate or fraudulent; or 3 32473561 iv. Providing any service not expressly required of EMSIMC by this Agreement. I. For Client's service dates that occurred prior to the mutually agreed go live date for the Services, Client agrees and understands that EMSIMC is not responsible for any services including, but not limited to, submitting claims or managing any denials, refunds or patient calls. As between Client and EMSIMC, Client is fully responsible for the proper billing and accounting of any remaining balances related to service dates that occurred prior to such go live date. 3. RESPONSIBILITIES OF CLIENT. The following responsibilities of Client are a condition of EMSIMC's services under this Agreement, and EMSIMC shall have no obligation to provide the Services to the extent that Client has not fulfilled these responsibilities: a. Client will pay all amounts owed to EMSIMC under this Agreement. b. Client will implement standard commercially reasonable actions and processes as may be requested by EMSIMC from time -to -time to allow EMSIMC to properly and efficiently provide the RCM Services. These actions and processes include, but are not limited to, the following: i. Providing EMSIMC with complete and accurate demographic and charge information necessary for the processing of professional and/or technical component billing to third parties and/or patients including, without limitation, the following: patient identification (name, address, phone number, birth date, gender); guarantor identification and address' insurance information; report of services; special claim forms; pre- authorization numbers; and such additional information as is requested by EMSIMC; ii. Providing EMSIMC with complete and accurate medical record documentation for each incident or patient service rendered for reimbursement, which is necessary to ensure proper billing and secure claim payment; iii. Providing EMSIMC, in a timely manner, with Patient Care Reports (PCRs) that thoroughly detail the patient's full medical condition at the time of service and include a chronological narrative of all services and treatment rendered; iv. Obtaining authorizations and signatures on all required forms, including consent to treat, assignment of benefits, release of information and 4 32473561 claims unless extenuating circumstances prevent Client from obtaining such signatures; v. Obtaining physician certification statements (PCS) forms for all non- emergency transports and other similar medical necessity forms or prior authorization statements as deemed necessary by the payer; vi. Obtaining or executing all forms or documentation required by Medicare, Medicaid, CHAMPUS, and any other payer or insurance carriers to allow EMSIMC to carry out its billing and other duties under this Agreement; and vii. Implementing reasonable and customary charges for complete, compliant billing. c. Client represents and warrants that the PCR and any and all associated medical records, forms and certification statements provided to EMSIMC are true and accurate and contain only factual information observed and documented by the attending field technician during the course of the treatment and transport. d. Client shall maintain Client's own files with all original or source documents, as required by law, and only provide to EMSIMC copies of such documents. Client acknowledges that EMSIMC is not the agent of Client for storage of source documentation. e. Client will provide EMSIMC with a copy of any existing billing policy manuals or guidelines, Medicare or Medicaid reports, or any other record or document related to services or billing of Client's accounts. f. Client will report to EMSIMC within ten (10) business days of payments received directly by Client, and promptly notify EMSIMC of any cases requiring special handling or billing. Client shall advise EMSIMC of any Payer Inquiries within ten (10) business days of receipt. g. Client shall ensure that any refunds posted by EMSIMC are actually issued and paid to the patient, insurer, or other payer as appropriate. h. Client agrees to provide EMSIMC with administrative access to the ePCR system or similar access in order to run reports and review documents and attachments to better service Client's account. i. Client shall provide EMSIMC with access to its facilities and personnel for the purpose of providing on-site and/or online training to such personnel. Client shall cooperate with EMSIMC and facilitate any training that EMSIMC wishes to provide. 5 32473561 j. Client shall complete EMSIMC's online training course within 90 days of the contract start date and all new hires will complete EMSIMC's online documentation training within 90 days of hire date. Newly developed training materials by EMSIMC should be mutually agreed upon by the parties to be required training. k. Client shall comply with all applicable federal, state, and local laws, rules, regulations, and other legal requirements that in any way affect this Agreement or the duties and responsibilities of the parties hereunder. 4. EMSIMC WEB PORTALS. a. EMSIMC shall provide Client and those individuals appointed by Client ("Users") with access to EMSIMC Web Portals (the "Portals"), which shall be subject to the applicable Terms of Use found on the Portals. To be appointed as a User, the individual must be an employee of Client or otherwise approved by Client and EMSIMC. Client is responsible for all activity of Users and others accessing or using the Portals through or on behalf of Client including, but not limited to, ensuring that Users do not share credentials for accessing the Portals. Client is also responsible for (i) identifying individuals who Client determines should be Users; (H) determining and notifying EMSIMC of each User's rights; (iii) monitoring Users' access to and use of the Portals; (iv) acting upon any suspected or unauthorized access of information through the Portals; (v) ensuring each User's compliance with this Agreement and the Terms of Use governing the use of the Portals; and (vi) notifying EMSIMC to deactivate a User account whenever a User's employment, contract or affiliation with Client is terminated or Client otherwise desires to suspend or curtail a User's access to and use of the Portals. Client agrees to follow best practices to ensure compliance with this provision. Client acknowledges that EMSIMC may suspend or terminate any User's access to the Portals (i) for noncompliance with this Agreement or the applicable Terms of Use; (H) if such User poses a threat to the security or integrity of the Portals or information available therein; (iii) upon termination of Client; or (iv) upon notice of suspension or termination of such User by Client. Client may suspend or terminate a User's access to the Portals at any time. 5. COMPENSATION OF EMSIMC. a. Client shall pay a fee for the Services of EMSIMC hereunder, on a monthly basis, in an amount equal to 3.9% percent of "Net Collections' as defined below (the "RCM Fee"). Net Collections shall mean all cash and check amounts including electronic fund transfers (EFTs) received by EMSIMC from payers, patients, attorneys offices, court 6 32473561 settlements, collection agencies, government institutions, debt set-off programs, group health insurance plans, private payments, credit cards, healthcare facilities or any person or entity submitting funds on a patient's account, or any amounts paid directly to Client with or without the knowledge of EMSIMC that are paid, tendered, received or collected each month for Clients transports less refunds processed or any other necessary adjustments to those amounts. Price adjustments for such services shall be allowed at the completion of the Initial Term and each Renewal Term. Price adjustments shall not exceed the change in the average of the Consumer Price Index (CPI) for all Urban Consumers, Not Seasonally Adjusted, Area: U.S. city average, Item: All item, Base Period: 1982-84=100 over the twelve months prior. b. Client shall also pay any fees associated with the Software as set forth in Exhibit A (the "Software Fee"). Together, the RCM Fee and the Software Fee as referred to as the "Compensation". c. EMSIMC shall submit an invoice to Client by the tenth (10th) day of each month for the Compensation due to EMSIMC for the previous calendar month. The Compensation amount reflected on the invoice shall be paid in full within thirty (30) days of receipt from when the invoice is first presented to Client (the "Payment Date"). Such amount shall be paid without offset unless the calculation of the amount is disputed in good faith, in which case Client shall pay the undisputed amount and shall provide EMSIMC with detailed written notice of the basis for the disputed portion no later than the Payment Date. Any invoices not disputed in writing by the Payment Date shall be deemed "undisputed" for all purposes of the Agreement. All invoices are to be paid directly from Clients banking institution to EMSIMC via paper check, direct deposit or ACH draft initiated by EMSIMC into EMSIMC's bank account. d. A one-time late fee of 5% shall be added to any invoices that remain unpaid after forty-five (45) days. Interest shall begin to accrue on all unpaid balances starting sixty (60) days after the presentment of said invoice for any unpaid balances at the rate of 1 %% per month or the highest rate allowed under applicable law, whichever is lower. Client shall be responsible for all costs of collection incurred by EMSIMC or others in attempting to collect any amounts due from Client under this Agreement, including, but not limited to, reasonable attorney fees. e. In the event of a material change to applicable law, the billing process and/or scope of Services provided in this Agreement or a material difference in any of the patient demographics provided by the Client and set forth in Exhibit B, EMSIMC reserves the right to negotiate a fee change with Client and amend this Agreement accordingly or terminate this Agreement. 7 32473561 f. EMSIMC may, in its sole discretion, immediately cease to provide Services for Client should the outstanding balance owed to EMSIMC become in arrears. Claims processing will not resume until all outstanding balances are paid in full or arrangements approved by EMSIMC have been made to wholly resolve any outstanding balances. 6. TERM OF AGREEMENT. a. This Agreement shall be effective commencing on January 1, 2018 and shall thereafter continue through December 31, 2020 ("Initial Term"). This Agreement shall be binding upon the parties hereto and their respective successors, assigns, and transferees. The Agreement shall automatically renew on the same terms and conditions as stated herein, for two (2) successive one (1) year terms (each a "Renewal Term"), unless either party gives written notice of intent not to renew at least 60 days before expiration of any term. Notwithstanding anything herein to the contrary, this Agreement may be terminated under the provisions provided below. (The Initial Term and any Renewal Terms are referred to as the "Term") b. Termination for Cause or Convenience. Notwithstanding Section 6(a), either party may terminate this Agreement if the other party materially breaches this Agreement, unless (i) the breaching party cures the breach within 10 days following receipt of notice describing the breach in reasonable detail, or (ii) with respect to a breach which may not reasonably be cured within a 10 -day period, the breaching party commences, is diligently pursuing cure of, and cures the breach as soon as practical following receipt of notice describing the breach in reasonable detail. After the one year anniversary of the effective date of the Initial Term, either party may terminate this Agreement for convenience at any time during the Term of this Agreement by providing the other party ninety (90) days prior written notice. c. Immediate Termination. Either party may terminate this Agreement immediately as a result of the following: i. Failure of Client to make timely payments due under this Agreement; or H. Injury to any customer, independent contractor, employee or agent of the other party hereto arising from the gross negligence or willful misconduct of a party; or iii. Harassment of any employee or contractor of a party or commitment of any act by a party which creates an offensive work environment; or iv. Commitment of any unethical or immoral act which harms the other party or could have the effect of harming the other party; or 8 32473561 v. The other party becomes insolvent, bankrupt, files a voluntary petition in bankruptcy, makes an assignment for the benefit of creditors, or consents to the appointment of a trustee or receiver; or vi. The legal authority of the other party to operate or provide services as required hereunder is suspended or terminated. 7. RESPONSIBILITIES UPON TERMINATION. a. Subject to Client's payment of all amounts due hereunder, upon any termination of this Agreement, and during the period of any notice of termination, EMSIMC will make available to Client or its authorized representatives data from the billing system regarding open accounts in an electronic format, and will otherwise reasonably cooperate and assist in any transition of the Services to Client, or its successor billing agent. Upon request, EMSIMC will provide to Client trip data associated with the claims submitted by EMSIMC on behalf of Client pursuant to this Agreement. EMSIMC shall retain financial and billing records not tendered or returned to Client on termination hereof for at least ten (10) years following the date of service. b. Following termination of this Agreement, for a period of ninety (90) days (the "Wind Down"), EMSIMC will continue its billing and collection efforts as to those accounts with dates of services prior to termination, subject to the terms and conditions of this Agreement including, but not limited to, Section 5. Client will continue to provide EMSIMC with copies of checks and payments on those accounts which were filed by EMSIMC under this Agreement. EMSIMC shall have no further responsibilities as to such accounts after the Wind Down; however, EMSIMC shall be entitled to compensation as provided in Section 5(a) for such amounts filed by EMSIMC, regardless of whether such amounts are collected by Client during or after the Wind Down period. During the Wind Down and for up to twelve months following termination of this Agreement, EMSIMC shall continue to make the Portals available to Client, subject the applicable Terms of Use. Notwithstanding the foregoing, in the event EMSIMC terminated this Agreement pursuant to Sections 6(b) or 6(c), EMSIMC shall have no obligation to provide any Services after the date of termination. 8. EXCLUSIVITY AND MISCELLANEOUS BILLING POLICIES. a. During the term of this Agreement, EMSIMC shall be Client's exclusive provider of the RCM Services. Client may not directly file, submit or invoice for any medical or medical transportation services rendered while this Agreement is in effect. 9 32473561 b. In addition, Client agrees not to collect or accept payment for services from any patient unless the service requested does not meet coverage requirements under any insurance program in which the patient is enrolled or the patient is uninsured. Payments received directly by Client for these services must be reported to EMSIMC as provided in Section 3(f) hereof and shall be treated as Net Collections for purposes of Section 5(a) hereof. c. In compliance with CMS regulations, Medicare patients will not be charged by Client a higher rate or amount for identical covered services charged to other insurers or patients. Accordingly, only one fee schedule shall exist and be used in determining charges for all patients regardless of insurance coverage. d. EMSIMC reserves the right not to submit a claim for reimbursement on any patient in which the PCR and/or associated medical records are incomplete or appear to be inaccurate or do not contain enough information to substantiate or justify reimbursement. This includes missing patient demographic information, insurance information, Physician Certification Statements (PCS) or any required crew and/or patient signatures, or otherwise contradictory medical information. e. Client shall implement and maintain a working compliance plan ("Compliance Plan") in accordance with the most current guidelines of the U.S. Department of Health and Human Services ("HHS"). The Compliance Plan must include, but not be limited to, formal written policies and procedures and standards of conduct, designation of a compliance officer, quality assurance policy and effective training and education programs. f. In accordance with the HHS Office of Inspector General ("OIG") Compliance Program Guidance for Third-Party Medical Billing Companies, EMSIMC is obligated to report misconduct to the government, if EMSIMC discovers credible evidence of Client's continued misconduct or flagrant, fraudulent or abusive conduct. In the event of such evidence, EMSIMC has the right to (a) refrain from submitting any false or inappropriate claims, (b) terminate this Agreement and/or (c) report the misconduct to the appropriate authorities. 9. NON-INTERFERENCE/NON-SOLICITATION OF EMSIMC EMPLOYEES. Client understands and agrees that the relationship between EMSIMC and each of its employees constitutes a valuable asset of EMSIMC. Accordingly, Client agrees that both during the term of this Agreement and for a period beginning on the date of termination of this Agreement, whatever the reason, and ending three (3) years after the date of termination of this Agreement (the "Restricted Period"), Client shall not, without EMSIMC's prior written consent, directly or indirectly, solicit or recruit for employment; 10 32413561 attempt to solicit or recruit for employment; or attempt to hire or accept as an employee, consultant, contractor, or otherwise, or accept any work from EMSIMC's employees with whom Client had material contact during the term of this Agreement, in any position where Client would receive from such employees the same or similar services that EMSIMC performed for Client during the term of this Agreement. Client also agrees during the Restricted Period not to unlawfully urge, encourage, induce, or attempt to urge, encourage, or induce any employee of EMSIMC to terminate his or her employment with EMSIMC. Client has carefully read and considered the provisions of Section 9 hereof, and having done so, agrees that the restrictions set forth in such section (including, but not limited to, the time period) are fair and reasonable and are reasonably required for the protection of the legitimate interests of EMSIMC, its officers, directors, shareholders, and employees. 10. PRIVACY. a. Confidentiality. The Parties acknowledge that they will each provide to the other Confidential Information as part of carrying out the terms of this Agreement. EMSIMC and Client will be both a Receiving Party and a Disclosing Party at different times. The Receiving Party agrees that it will not (i) use any such Confidential Information in any way, except for the exercise of its rights and performance of its obligations under this Agreement, or (ii) disclose any such Confidential Information to any third party, other than furnishing such Confidential Information to its employees, consultants, and subcontractors, who are subject to the safeguards and confidentiality obligations contained in this Agreement and who require access to the Confidential Information in the performance of the obligations under this Agreement. In the event that the Receiving Party is required by applicable law to make any disclosure of any of the Disclosing Party's Confidential Information, by subpoena, judicial or administrative order or otherwise, the Receiving Party will first give written notice of such requirement to the Disclosing Party, and will permit the Disclosing Party to intervene in any relevant proceedings to protect its interests in the Confidential Information, and provide full cooperation and assistance to the Disclosing Party in seeking to obtain such protection, at the Disclosing Party's sole expense. "Confidential Information" means the provisions of the Agreement (including, but not limited to, the financial terms herein) and any information disclosed by a Party (the "Disclosing Party") to the other Party (the "Receiving Party"). Information will not be deemed Confidential Information hereunder if the Receiving Party can prove by documentary evidence that such information: (a) was known to the Receiving Party prior to receipt from the Disclosing Party directly or indirectly from a source other than one having an obligation of confidentiality to the Disclosing Party; (b) becomes known (independently of disclosure by the Disclosing Party) to the Receiving Party directly or 11 32473561 indirectly from a source other than one having an obligation of confidentiality to the Disclosing Party; (c) becomes publicly known or otherwise ceases to be secret or confidential, except through a breach of this Agreement by the Receiving Party; or (d) is independently developed by the Receiving Party without the use of any Confidential Information of the Disclosing Party. b. HIPAA Compliance. The parties agree to comply with the Business Associate Addendum, attached hereto and incorporated by reference herein as Attachment 1, documenting the assurances and other requirements respecting the use and disclosure of Protected Health Information. It is Client's responsibility to ensure that it obtains all appropriate and necessary authorizations and consents to use or disclose any individually identifiable health information in compliance with all federal and state privacy laws, rules and regulations, including but not limited to the Health Insurance Portability and Accountability Act. In the event that this Agreement is, or activities permitted or required by this Agreement are, inconsistent with or do not satisfy the requirements of any applicable privacy or security law, rule or regulation, the parties shall take any reasonably necessary action to remedy such inconsistency. 11. DISCLAIMERS, LIMITATIONS OF LIABILITY AND DISPUTE RESOLUTION a. Each Party acknowledges that the liability limitations and warranty disclaimers in the Agreement are independent of any remedies hereunder and shall apply regardless of whether any remedy fails of its essential purpose. Client acknowledges that the limitations of liability set forth in this Agreement are integral to the amount of consideration offered and charged in connection with the Services and that, were EMSIMC to assume any further liability other than as provided in the Agreement, such consideration would of necessity be set substantially higher. b. EMSIMC and Client acknowledge and agree that despite their best efforts, billing errors may occur from time to time. Each party will promptly notify the other party of the discovery of a billing error. EMSIMC's sole obligation in the event of a billing error will be to correct the error by making appropriate changes to the information in its system, posting a refund if appropriate, and re -billing the underlying claim if permissible. c. EXCEPT FOR ANY EXPRESS WARRANTY PROVIDED HEREIN OR IN THE APPLICABLE EXHIBIT, THE SERVICES ARE PROVIDED ON AN "AS IS," "AS AVAILABLE" BASIS. CLIENT AGREES THAT USE OF THE SERVICES IS AT CLIENT'S SOLE RISK; AND, TO THE MAXIMUM EXTENT PERMITTED BY LAW, EMSIMC EXPRESSLY DISCLAIMS ANY AND ALL OTHER EXPRESS OR IMPLIED WARRANTIES WITH RESPECT TO THE SERVICES INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 12 32473561 PURPOSE, TITLE, NON -INFRINGEMENT OR WARRANTIES ALLEGED TO ARISE AS A RESULT OF CUSTOM AND USAGE. d. A "Claim" is defined as any claim or other matter in dispute between EMSIMC and Client that arises from or relates in any way to this Agreement or to the Services, hardware, software, or data provided by EMSIMC hereunder, regardless of whether such claim or matter is denominated as a contract claim, tort claim, warranty claim, indemnity claim, statutory claim, arbitration demand, or otherwise. e. To the fullest extent allowed by law, the total liability of EMSIMC to Client regarding any and all Claims shall be capped at, and shall in no event exceed, the amount paid by the applicable insurance policy for the event giving rise to the Claim. All amounts that may be potentially awarded against EMSIMC in connection with a Claim are included in and subject to the Liability Cap, and shall not cause the Liability Cap to be exceeded, including, without limitation, all direct compensatory damages, interest, costs, expenses, and attorneys' fees. Provided, however, that nothing in the foregoing shall be construed as an admission of liability by EMSIMC in any amount or as a waiver or compromise of any other defense that may be available to EMSIMC regarding any Claim. f. EMSIMC shall maintain, at its expense, at minimum, the following insurance coverage during the term of this Agreement: (i) Comprehensive General Liability to include premises and operations, contractual liability, independent contractor's liability, and broad form property liability coverage. (ii) EMSIMC shall maintain errors and omissions insurance coverage in an amount not less than $3,000,000. (iii) The Client, its officers, and employees are to be covered by EMSIMC's insurance policies as additional insured's with respect to: liability arising out of activities performed by or on behalf of EMSIMC, premises owned, occupied or used by EMSIMC; automobiles owned, leases, hired or borrowed by EMSIMC. The coverage shall contain no special limitations on the scope of protections afforded Client, its officers, officials, or employees. g. To the fullest extent allowed by law, and notwithstanding any statute of limitations, statute of repose, or other legal time limit to the contrary, no Claim shall be brought by Client against EMSIMC after (the "Claim Time Limit") the time period for bringing an action under any applicable state or federal statute of limitations. Any Claim not brought within the Claim Time Limit is waived. Client agrees that any Claim Client may have against EMSIMC, including EMSIMC's past or present employees or agents, shall be brought individually and Client shall not join such Claim with claims of any other person or entity or bring, join or participate in a class action against EMSIMC. 13 32473561 h. TO THE FULLEST EXTENT ALLOWED BY LAW, EMSIMC AND CLIENT WAIVE CLAIMS AGAINST EACH OTHER FOR CONSEQUENTIAL, INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY, AND TREBLE DAMAGES, AND FOR ANY OTHER DAMAGES IN EXCESS OF DIRECT, COMPENSATORY DAMAGES INCLUDING, BUT NOT LIMITED TO, LOSS OF PROFITS, LOSS OF DATA, OR LOSS OF BUSINESS, REGARDLESS OF WHETHER SUCH CLAIM OR MATTER IS DENOMINATED AS A CONTRACT CLAIM, TORT CLAIM, WARRANTY CLAIM, INDEMNITY CLAIM, STATUTORY CLAIM, ARBITRATION DEMAND, OR OTHERWISE, EVEN IF A PARTY HAS BEEN APPRISED OF THE POSSIBILITY OR LIKELIHOOD OF SUCH DAMAGES OCCURRING (the "Non -Direct Damages Waiver"). i. Subject to the Liability Cap, the Claim Time Limit and the Non -Direct Damages Waiver, EMSIMC agrees to indemnify, hold harmless, and defend Client, with reasonably acceptable counsel, from and against any fines, penalties, damages, and judgments that Client becomes legally obligated to pay to a third party proximately caused by EMSIMC's gross negligence or willful misconduct. Provided, however, that this indemnity is subject to the following further conditions and limitations: (i) Client must provide prompt written notice to EMS1MC of the matter for which indemnity is or may be sought, within such time that no right of EMS1MC is prejudiced, and in no event no later than thirty (30) days after Client first becomes aware of the facts that give rise or may give rise to a right of indemnity; (ii) Client must allow EMS1MC the opportunity to direct and control the defense and handling of the matter for which indemnity is or may be sought; (iii) Client must not agree to any settlement or other voluntary resolution of a matter for which indemnity is or may be sought without EMSIMC's express consent which shall not be unreasonably withheld.; and (iv) Client shall not seek or be entitled to indemnify for amounts that Client reimburses or refunds to Medicaid, Medicare, any governmental entity, any insurer, or any other payer as a result of medical services or medical transportation services for which Client should not have received payment in the first place under applicable rules, regulations, standards and policies. Client waives all rights of indemnity against EMSIMC not in accordance with this subsection. 14 32473561 12. GENERAL. a. Status of Parties. Nothing contained in this Agreement shall be construed as establishing a partnership or joint venture relationship between EMSIMC and Client, or as establishing an agency relationship beyond EMSIMC's service as a billing and collection agent of Client under the express terms of this Agreement. EMSIMC and its employees and representatives shall have no legal authority to bind Client. b. Assignment. Neither this Agreement nor any rights or obligations hereunder shall be assigned by either party without prior written consent of the other party, except that this Agreement may be assigned without consent to the survivor in any merger or other business combination including either party, or to the purchaser of all or substantially all of the assets of either party. c. Binding Effect. This Agreement shall inure to the benefit of and be binding upon the parties hereto and their respective successors, assigns (where permitted), and transferees. d. Notices. All notices required or permitted by this Agreement shall be in writing and shall be deemed to have been given: (i) on the day received, if personally delivered; (ii) on the day received if sent by a recognized overnight delivery service, according to the courier's record of delivery; and (iii) on the 5th (fifth) calendar day after the date mailed by certified or registered mail. Such notices shall be addressed as follows: Client: City of Pearland, Texas 3523 Liberty Drive Pearland, Texas 77581 EMSIMC: EMS Management & Consultants, Inc. Chief Executive Officer 2540 Empire Drive Suite 100 Winston-Salem, NC 27103 Either party may change its address for notices under this Agreement by giving written notice of such change to the other party in accordance with the terms of this section. 15 32473561 e. Governing Law. This Agreement and the rights and obligations of the parties hereunder shall be construed in accordance with and governed by the laws of the State of Texas, notwithstanding any conflicts of law rules to the contrary. f. Integration of Terms. This instrument together with all attachments, exhibits and schedules constitutes the entire agreement between the parties, and supersedes all prior negotiations, commitments, representations and undertakings of the parties with respect to its subject matter. Without limiting the foregoing, this Agreement supersedes and takes precedence over any inconsistent terms contained in any Request for Proposal ("RFP") from Client and any response to that RFP from EMSIMC. g. Amendment and Waiver. This Agreement may be amended or modified only by an instrument signed by all of the parties. A waiver of any provision of this Agreement must be in writing, designated as such, and signed by the party against whom enforcement of the waiver is sought. The waiver of a breach of any provision of this Agreement shall not operate or be construed as a waiver of any subsequent or other breach thereof. h. Severability. If any provision of this Agreement shall not be valid for any reason, such provision shall be entirely severable from, and shall have no effect upon, the remainder of this Agreement. Any such invalid provision shall be subject to partial enforcement to the extent necessary to protect the interest of the parties hereto. i. Force Majeure. With the exception of Client's payment obligation, a Party will not be in breach or liable for any delay of its performance of this Agreement caused by natural disasters or other unexpected or unusual circumstances reasonably beyond its control. j. Third Party Beneficiaries. There are no third -party beneficiaries to this Agreement. k. Counterparts. This Agreement may be executed in multiple counterparts by a duly authorized representative of each party. 1. Survival. All terms which by their nature survive termination shall survive termination or expiration of the Agreement including, but not limited to, Sections 3(c), 3(f) — (h), 5(a), 5(c), 7, 9 — 12. 16 32473561 IN WITNESS WHEREOF, the undersigned have caused this Agreement to be duly executed on the later of the dates set forth below. EMSIMC: CLIENT: EMS Manageeemmeennt & Consultants, Inc. City of Pearl nd, Tex =s Print Name: i -C 1'041 LDg1E Print Na e: 019 reCU5f1n TItIe:afef?er-FiivabtG OFficer Title: Date: /2/7/20/'7 Date: I1-3,-11 City Managr 17 32473561 Exhibit A Software 1. Software. Client will use the following ePCR software: ImageTrend. 2. Software Fees. EMSIMC will pay the Software vendor for the full cost of the Software pursuant to the agreement between EMSIMC and the Software Vendor. In turn, EMSIMC will invoice the Client $1,495.83 on their monthly Invoice. ImageTrend will perform price Increases of the recusing fees, The first price increase will occur with the fees due for Year 2. These price increases will occur once a year and may not exceed 3% of the price then currently in effect. EMSIMC shall stop paying any software costs upon the expiration or termination of this Agreement. Client is responsible for ensuring that it has a copy of all data maintained in the Software prior to termination of this Agreement or paying for continued use of and access to the data maintained in the Software. 3. If required by the Vendor, Client will enter into an agreement with the Vendor for use of the Software and comply with all terms and conditions of such agreement 4. Client agrees to provide EMSIMC with administrative access to the ePCR system or similar access in order to run reports and review documents and attachments. 5. No EMSIMC Warranty. EMSIMC DOES NOT MAKE, AND HEREBY DISCLAIMS, ANY AND ALL WARRANTIES, WHETHER ORAL OR WRITTEN, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, REGARDING THE ePCR SOFTWARE. 6. Description of what is included in the subscription. EMS/Fire Web -based Products: ImageTrend Elite EMS: ImageTrend Elite EMS Annual SaaS Fee ImageTrend Elite EMS Annual Support ImageTrend Elite EMS Annual Hosting EMS/Fire Mobile Products: ImageTrend Elite Field: ImageTrend Elite Field Site License ImageTrend Elite Field Site License Annual Support 18 324n561 EMS/Fire Module: ImageTrend Hospital Hub: Hospital Hub Annual Support and Hosting ImageTrend Mapping and Reporting System (MARS): MARS Annual SaaS Fee Exports/Integrations: Billing Integration: Billing Integration Setup Fee Billing Integration Annual Support CAD Integration Annual Support and Hosting 7. Client agrees and has signed the attached ImageTrend ePHI Data Export Sign off for transmitting ePHI data to EMSIMC. 19 32473561 Exhibit B Patient Demographics Provided by Client 1. Projected annual billable trip volume: 4,708 2. Payor mix: Medicare = 48% Medicaid = 6% Insurance = 21% Self -Pay = 25% 3. Run mix: ALS -E = 69.2% BLS -E = 28.1% ALS2 = 2.7% 4. Loaded mileage: 8 32473561 20 Attachment 1 Business Associate Addendum This Business Associate Addendum (the "Addendum") is made effective the 27th day of November 2017, by and between City of Pearland, Texas, hereinafter referred to as "Covered Entity," and EMS Management & Consultants, Inc., hereinafter referred to as "Business Associate" (individually, a "Party" and collectively, the "Parties"). WITNESSETH: WHEREAS, the Parties wish to enter into a Business Associate Addendum to ensure compliance with the Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA Privacy and Security Rules") (45 C.F.R. Parts 160 and 164); and WHEREAS, the Health Information Technology for Economic and Clinical Health ("HITECH") Act of the American Recovery and Reinvestment Act of 2009, Pub. L. III -5, modified the HIPAA Privacy and Security Rules (hereinafter, all references to the "HIPAA Privacy and Security Rules" include all amendments thereto set forth in the HITECII Act and any accompanying regulations); and WHEREAS, the Parties have entered into a Billing Services Agreement (the "Agreement") whereby Business Associate will provide certain services to Covered Entity and, pursuant to such Agreement, Business Associate may be considered a "business associate" of Covered Entity as defined in the HIPAA Privacy and Security Rules; and WHEREAS, Business Associate may have access to Protected Health Information or Electronic Protected Health Information (as defined below) in fulfilling its responsibilities under the Agreement; and WHEREAS, Covered Entity wishes to comply with the HIPAA Privacy and Security Rules, and Business Associate wishes to honor its obligations as a Business Associate to Covered Entity. THEREFORE, in consideration of the Parties' continuing obligations under the Agreement, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties agree to the provisions of this Addendum. I. DEFINITIONS Except as otherwise defined herein, any and all capitalized terms in this Addendum shall have the definitions set forth in the HIPAA Privacy and Security Rules. In the event of an inconsistency between the provisions of this Addendum and mandatory provisions of the HIPAA Privacy and Security Rules, as amended, the HIPAA Privacy and Security Rules in effect at the time shall control. Where provisions of this Addendum are different than those mandated by the HIPAA Privacy and Security Rules, but are nonetheless permitted by the HIPAA Privacy and Security Rules, the provisions of this Addendum shall control. The term `Breach" means the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information. The term "Breach" does not include: (1) any unintentional acquisition, access, or use of protected health information by any employee or individual acting under the authority of a covered entity 21 32473561 or business associate if (a) such acquisition, access, or use was made in good faith and within the course and scope of the employment or other professional relationship of such employee or individual, respectively, with the covered entity or business associate, and (b) such information is not further acquired, accessed, used, or disclosed by any person; or (2) any inadvertent disclosure from an individual who is otherwise authorized to access protected health information at a facility operated by a covered entity or business associate to another similarly situated individual at same facility; and (3) any such information received as a result of such disclosure is not further acquired, accessed, used, or disclosed without authorization by any person. The term "Electronic Health Record" means an electronic record of health-related information on an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff. The term "HIPAA Privacy and Security Rules" refers to 45 C.F.R. Parts 160 and 164 as currently in effect or hereafter amended. The term "Protected Health Information" means individually identifiable health information as defined in 45 C.F.R § 160.103, limited to the information Business Associate receives from, or creates, maintains, transmits, or receives on behalf of, Covered Entity. The term "Electronic Protected Health Information" means Protected Health Information which is transmitted by or maintained in Electronic Media (as now or hereafter defined in the HIPAA Privacy and Security Rules). The term `Secretary" means the Secretary of the Department of Health and Human Services. The term "Unsecured Protected Health Information" means Protected Health Information that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary in guidance published in the Federal Register at 74 Fed. Reg. 19006 on April 27, 2009 and in annual guidance published thereafter. II. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE a. Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Agreement or this Addendum, provided that such use or disclosure would not violate the HIPAA Privacy and Security Rules if done by Covered Entity. Until such time as the Secretary issues regulations pursuant to the HITECH Act specifying what constitutes "minimum necessary" for purposes of the HIPAA Privacy and Security Rules, Business Associate shall, to the extent practicable, disclose only Protected Health Information that is contained in a limited data set (as defined in Section 164.514(e)(2) of the HIPAA Privacy and Security Rules), unless the person or entity to whom Business Associate is making the disclosure requires certain direct identifiers in order to accomplish the intended purpose of the disclosure, in which event Business Associate may disclose only the minimum necessary amount of Protected Health Information to accomplish the intended purpose of the disclosure. b. Business Associate may use Protected Health Information in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of Business Associate, provided that such uses are permitted under state and federal confidentiality laws. c. Business Associate may disclose Protected Health Information in its possession to third parties for the purposes of its proper management and administration or to fulfill any present or future legal responsibilities of Business Associate, provided that: 22 32473561 I. the disclosures are required by law; or 2. Business Associate obtains reasonable assurances from the third parties to whom the Protected Health Information is disclosed that the information will remain confidential and be used or further disclosed only as required by law or for the purpose for which it was disclosed to the third party, and that such third parties will notify Business Associate of any instances of which they are aware in which the confidentiality of the information has been breached. d. Until such time as the Secretary issues regulations pursuant to the HITECH Act specifying what constitutes "minimum necessary" for purposes of the HIPAA Privacy and Security Rules, Business Associate shall, to the extent practicable, access, use, and request only Protected Health Information that is contained in a limited data set (as defined in Section 164.514(e)(2) of the HIPAA Privacy and Security Rules), unless Business Associate requires certain direct identifiers in order to accomplish the intended purpose of the access, use, or request, in which event Business Associate may access, use, or request only the minimum necessary amount of Protected Health Information to accomplish the intended purpose of the access, use, or request. Covered Entity shall determine what quantum of information constitutes the "minimum necessary" amount for Business Associate to accomplish its intended purposes. e. Business Associate may use Protected Health Information to de -identify such information in accordance with 45 C.F.R. § 164.514(b) for Business Associate's own business purposes or in connection with the services provided pursuant to the Agreement or to provide Data Aggregation services to Customer as permitted by 45 C.F.R. 164.504(e)(2)(i)(b). Once the Protected Health Information has been de - identified or aggregated, it is no longer considered Protected Health Information governed by this Addendum. III. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE a. Business Associate acknowledges and agrees that all Protected Health Information that is created or received by Covered Entity and disclosed or made available in any form, including paper record, oral communication, audio recording, and electronic display by Covered Entity or its operating units to Business Associate or is created or received by Business Associate on Covered Entity's behalf shall be subject to this Addendum. b. Business Associate agrees to not use or further disclose Protected Health Information other than as permitted or required by the Agreement, this Addendum or as required by law. c. Business Associate agrees to use appropriate safeguards to prevent use or disclosure of Protected Health Information other than as provided for by this Addendum. Specifically, Business Associate will: 1. implement the administrative, physical, and technical safeguards set forth in Sections 164308, 164.310, and 164.312 of the HIPAA Privacy and Security Rules that reasonably and appropriately protect the confidentiality, integrity, and availability of any Protected Health Information that it creates, receives, maintains, or transmits on behalf of Covered Entity, and, in accordance with Section 164.316 of the HIPAA Privacy and Security Rules, implement and maintain reasonable and appropriate policies and procedures to enable it to comply with the requirements outlined in Sections 164.308, 164.310, and 164.312; and 2. report to Covered Entity any use or disclosure of Protected Health Information not provided for by this Addendum of which Business Associate becomes aware. Business Associate shall report to Covered Entity any Security Incident of which it becomes aware. Notice is deemed to have been 23 32473561 given for unsuccessful Security Incidents, such as (i) "pings" on an information system firewall; (ii) port scans; (iii) attempts to log on to an information system or enter a database with an invalid password or user name; (iv) denial -of -service attacks that do not result in a server being taken offline; or (v) malware (e.g., a worms or a virus) that does not result in unauthorized access, use, disclosure, modification or destruction of Protected Health Information. d. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply through this Addendum to Business Associate with respect to such information. e. Business Associate agrees to comply with any requests for restrictions on certain disclosures of Protected Health Information to which Covered Entity has agreed in accordance with Section 164.522 of the HIPAA Privacy and Security Rules and of which Business Associate has been notified by Covered Entity. In addition, and notwithstanding the provisions of Section 164.522 (a)(I)(ii), Business Associate agrees to comply with an individual's request to restrict disclosure of Protected Health Information to a health plan for purposes of carrying out payment or health care operations if the Protected Health Information pertains solely to a health care item or service for which Covered Entity has been paid by in full by the individual or the individual's representative. f. At the request of the Covered Entity and in a reasonable time and manner, not to extend ten (10) business days, Business Associate agrees to make available Protected Health Information required for Covered Entity to respond to an individual's request for access to his or her Protected Health Information in accordance with Section 164.524 of the HIPAA Privacy and Security Rules. If Business Associate maintains Protected Health Information electronically, it agrees to make such Protected Health Information available electronically to the applicable individual or to a person or entity specifically designated by such individual, upon such individual's request. g. At the request of Covered Entity and in a reasonable time and manner, Business Associate agrees to make available Protected Health Information required for amendment by Covered Entity in accordance with the requirements of Section 164.526 of the HIPAA Privacy and Security Rules. h. Business Associate agrees to document any disclosures of and make Protected Health Information available for purposes of accounting of disclosures, as required by Section 164.528 of the HIPAA Privacy and Security Rules. i. Business Associate agrees that it will make its internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity, available to the Secretary for the purpose of determining Covered Entity's compliance with the HIPAA Privacy and Security Rules, in a time and manner designated by the Secretary, subject to attorney-client and other applicable privileges. j. Business Associate agrees that, while present at any Covered Entity facility and/or when accessing Covered Entity's computer network(s), it and all of its employees, agents, representatives and subcontractors will at all times comply with any network access and other security practices, procedures and/or policies established by Covered Entity including, without limitation, those established pursuant to the HIPAA Privacy and Security Rules. k. Business Associate agrees that it will not directly or indirectly receive remuneration in exchange for any Protected Health Information of an individual without the written authorization of the individual or the individual's representative, except where the purpose of the exchange is: 24 32473561 1. for public health activities as described in Section 164.512(b) of the Privacy and Security Rules; 2. for research as described in Sections 164.501 and 164.512(1) of the Privacy and Security Rules, and the price charged reflects the costs of preparation and transmittal of the data for such purpose; 3. for treatment of the individual, subject to any further regulation promulgated by the Secretary to prevent inappropriate access, use, or disclosure of Protected Health Information; 4. for the sale, transfer, merger, or consolidation of all or part of Business Associate and due diligence related to that activity; 5. for an activity that Business Associate undertakes on behalf of and at the specific request of Covered Entity; 6. to provide an individual with a copy of the individual's Protected Health Information pursuant to Section 164.524 of the Privacy and Security Rules; or 7. other exchanges that the Secretary determines in regulations to be similarly necessary and appropriate as those described in this Section Ill. k. I. Business Associate agrees that it will not directly or indirectly receive remuneration for any written communication that encourages an individual to purchase or use a product or service without first obtaining the written authorization of the individual or the individual's representative, unless: 1. such payment is for a communication regarding a drug or biologic currently prescribed for the individual and is reasonable in amount (as defined by the Secretary); or 2. the communication is made on behalf of Covered Entity and is consistent with the terms of this Addendum. m. Business Associate agrees that if it uses or discloses patients' Protected Health Information for marketing purposes, it will obtain such patients' authorization before making any such use or disclosure. n. Business Associate agrees to implement a reasonable system for discovery of breaches and method of risk analysis of breaches to meet the requirements of HIPAA, The HITECH Act, and the HIPAA Regulations, and shall be solely responsible for the methodology, policies, and procedures implemented by Business Associate. o. State Privacy Laws. Business Associate shall understand and comply with state privacy laws to the extent that state privacy laws are not preempted by HIPAA or The HITECH Act. 25 32473561 IV. BUSINESS ASSOCIATE'S MITIGATION AND BREACH NOTIFICATION OBLIGATIONS a. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Addendum. b. Following the discovery of a Breach of Unsecured Protected Health Information, Business Associate shall notify Covered Entity of such Breach without unreasonable delay and in no case later than forty-five (45) calendar days after discovery of the Breach. A Breach shall be treated as discovered by Business Associate as of the first day on which such Breach is known to Business Associate or, through the exercise of reasonable diligence, would have been known to Business Associate. c. Notwithstanding the provisions of Section IV.b., above, if a law enforcement official states to Business Associate that notification of a Breach would impede a criminal investigation or cause damage to national security, then: 1. if the statement is in writing and specifies the time for which a delay is required, Business Associate shall delay such notification for the time period specified by the official; or 2. if the statement is made orally, Business Associate shall document the statement, including the identity of the official making it, and delay such notification for no longer than thirty (30) days from the date of the oral statement unless the official submits a written statement during that time. Following the period of time specified by the official, Business Associate shall promptly deliver a copy of the official's statement to Covered Entity. d. The Breach notification provided shall include, to the extent possible: 1. the identification of each individual whose Unsecured Protected Health information has been, or is reasonably believed by Business Associate to have been, accessed, acquired, used, or disclosed during the Breach; 2. a brief description of what happened, including the date of the Breach and the date of discovery of the Breach, if known; 3. a description of the types of Unsecured Protected Health Information that were involved in the Breach, if known (such as whether full name, social security number, date of birth, home address, account number, diagnosis, disability code, or other types of information were involved); 4. any steps individuals should take to protect themselves from potential harm resulting from the Breach; and 5. a brief description of what Business Associate is doing to investigate the Breach, to mitigate harm to individuals, and to protect against any further Breaches. e. Business Associate shall provide the information specified in Section IV.d., above, to Covered Entity at the time of the Breach notification if possible or promptly thereafter as information becomes available. Business Associate shall not delay notification to Covered Entity that a Breach has occurred in order to collect the information described in Section IV.d. and shall provide such information to Covered 26 32473561 Entity even if the information becomes available after the forty-five (45) -day period provided for initial Breach notification. V. OBLIGATIONS OF COVERED ENTITY a. Upon request of Business Associate, Covered Entity shall provide Business Associate with the notice of privacy practices that Covered Entity produces in accordance with Section 164.520 of the HIPAA Privacy and Security Rules. b. Covered Entity shall provide Business Associate with any changes in, or revocation of, permission by an individual to use or disclose Protected Health Information, if such changes affect Business Associate's permitted or required uses and disclosures. c. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of Protected Health Information to which Covered Entity has agreed in accordance with Section 164.522 of the HIPAA Privacy and Security Rules, and Covered Entity shall inform Business Associate of the termination of any such restriction, and the effect that such termination shall have, if any, upon Business Associate's use and disclosure of such Protected Health Information. VI. TERM AND TERMINATION a. Term. The Tenn of this Addendum shall be effective as of the date first written above, and shall terminate upon the later of the following events: (i) in accordance with Section VII.c., when all of the Protected Health Information provided by Covered Entity to Business Associate or created or received by Business Associate on behalf of Covered Entity is destroyed or returned to Covered Entity or, if such return or destruction is infeasible, when protections are extended to such information; or (ii) upon the expiration or termination of the Agreement. b. Termination for Cause. Upon Covered Entity's knowledge of a material breach of this Addendum by Business Associate and Business Associate's failure to cure such breach within thirty (30) days of receiving notice of same from Covered Entity, Covered Entity shall have the right to terminate this Addendum and the Agreement. c. Effect of Termination. 1. Except as provided in paragraph 2. of this subsection, upon termination of this Addendum, the Agreement or upon request of Covered Entity, whichever occurs first, Business Associate shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Neither Business Associate nor its subcontractors or agents shall retain copies of the Protected Health Information. 2. In the event that Business Associate determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible and shall extend the protections of this Addendum to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information. 27 32473561 VII. MISCELLANEOUS a. No Rights in Third Parties. Except as expressly stated herein, the Parties to this Addendum do not intend to create any rights in any third parties. b. Survival. The obligations of Business Associate under Section VII(c) of this Addendum shall survive the expiration, termination, or cancellation of this Addendum, the Agreement, and/or the business relationship of the parties, and shall continue to bind Business Associate, its agents, employees, contractors, successors, and assigns as set forth herein. c. Amendment. This Addendum may be amended or modified only in a writing signed by the Parties. The Parties agree that they will negotiate amendments to this Addendum to conform to any changes in the HIPAA Privacy and Security Rules as are necessary for Covered Entity to comply with the current requirements of the HIPAA Privacy and Security Rules. In addition, in the event that either Party believes in good faith that any provision of this Addendum fails to comply with the then -current requirements of the HIPAA Privacy and Security Rules or any other applicable legislation, then such Party shall notify the other Party of its belief in writing. For a period of up to thirty (30) days, the Parties shall address in good faith such concem and amend the terns of this Addendum, if necessary to bring it into compliance. If, after such thirty (30) -day period, the Addendum fails to comply with the HIPAA Privacy and Security Rules or any other applicable legislation, then either Party has the right to terminate this Addendum and the Agreement upon written notice to the other party. d. Independent Contractor. None of the provisions of this Addendum are intended to create, nor will they be deemed to create, any relationship between the Parties other than that of independent parties contracting with each other solely for the purposes of effecting the provisions of this Addendum and any other agreements between the Parties evidencing their business relationship. e. Interpretation. Any ambiguity in this Addendum shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Privacy and Security Rules. f. Certain Provisions Not Effective in Certain Circumstances. The provisions of this Addendum relating to the HIPAA Security Rule shall not apply to Business Associate if Business Associate does not receive any Electronic Protected Health Information from or on behalf of Covered Entity. g. Ownership of Information. Covered Entity holds all right, title, and interest in and to the PHI and Business Associate does not hold and will not acquire by virtue of this Addendum or by virtue of providing goods or services to Covered Entity, any right, title, or interest in or to the PHI or any portion thereof. h. Entire Agreement. This Addendum is incorporated into, modifies and amends the Agreement, inclusive of all other prior amendments or modifications to such Agreement. The terms and provisions of this Addendum shall control to the extent they are contrary, contradictory or inconsistent with the terms of the Agreement. Otherwise, the terms and provisions of the Agreement shall remain in full force and effect and apply to this Addendum. 28 32473561 IN WITNESS WHEREOF, the Parties have executed this Addendum as of the day and year written above. Business Associate•. Covered Euti EMS Manage eutt'k Consrents, Inc. City of P By://�� rr••. t9 By: Title: l-YUele P Drwnc OW75tue: C.1 Date: 12 /17 2Q/1 Date: I l-o1Q"1� 29