The URL can be used to link to this page

Home My WebLink AboutItem 11 - Emergency Medical Services Billing and CollectionMEMO TO: HONORABLE MAYOR AND MEMBERS OF THE CITY COUNCIL FROM: • RUMBELOW, CITY MANAGER �. MEETING DATE: OCTOBER 15, 2013 SUBJECT: APPROVAL OF A RESOLUTION FOR AN ANNUAL CONTRACT FOR EMERGENCY MEDICAL SERVICES BILLING AND COLLECTION SERVICES Is • �� • City Council to consider approval of a Resolution for an annual contract for emergency medical services (EMS) billing and collection services with Digitech Computer, Inc. through an Interlocal Cooperative Agreement with the City of Plano, Texas. FUNDING SOURCE: Funds are budgeted in account 100 - 42200 -210 -3 (Operating Supplies /Fire Department) in an annual estimated amount of $82,000. BACKGROUND: Purchases will be made as required and in accordance with an Interlocal Cooperative Purchasing Agreement with the City of Plano, Texas as allowed by the Interlocal Cooperation Act, Texas Government Code, Chapter 791 and Texas Local Government Code, Section 271.101 and 271.102 and satisfies all bidding requirements. The City of Plano solicited competitive sealed proposals on CSP #2011 -36 -C for EMS Billing and Collection Services. A total of eight firms submitted proposals, two of which were deemed non - responsive. The proposals submitted by the remaining six firms were subsequently evaluated by an internal evaluation team. Two of the six firms, Digitech Computer, Inc. and Med 3000, were selected to continue in the evaluation process. While both companies would be a viable selection to provide EMS billing and collection services, the evaluation team found Digitech Computer, Inc. to have a stronger overall business rating with respect to its work experience, compliance oversight, industry practices, and ability to maximize revenues. This initial contract period will begin on October 16, 2013 and will end on October 15, 2014. After the initial term there are two optional, one -year renewals. 10/10/2013 (11:08:59 AM) The Finance, Purchasing and Fire Department staff reviewed the contract for specification compliance and determined that this annual contract would provide the best product, service and pricing for meeting the needs of the City. Staff recommends approval. 10/10/2013 (11:08:59 AM) RESOLUTION NO. A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF GRAPEVINE, TEXAS, AUTHORIZING THE CITY MANAGER OR THE CITY MANAGER'S DESIGNEE TO CONTRACT FOR EMERGENCY MEDICAL SERVICES (EMS) BILLING AND COLLECTION SERVICES THROUGH AN ESTABLISHED INTERLOCAL PARTICIPATION AGREEMENT AND PROVIDING AN EFFECTIVE DATE WHEREAS, the City of Grapevine, Texas is a local government in the State of Texas and as such is empowered by the Texas Local Government Code, Section 271.102 to enter into a cooperative purchasing program agreement with other qualified entities in the State of Texas; and WHEREAS, the City of Plano, Texas is a qualified entity as authorized by Section 271.102 of the Texas Local Government Code; and WHEREAS, the City of Grapevine, Texas has established an Interlocal Agreement with the City of Plano, Texas and wishes to utilize a contract for EMS billing and collection services meeting all State of Texas bidding requirements; and WHEREAS, the City of Plano, Texas has established a contract with Digitech Computer, Inc., contract #CSP 2011 -36 -C for EMS Billing and Collection Services; and WHEREAS, the City of Grapevine, Texas has a need to contract out these services. NOW, THEREFORE, BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF GRAPEVINE, TEXAS: Section 1. That all matters stated in the above preamble are true and correct and are incorporated herein as if copied in their entirety. Section 2. That the City Council of the City of Grapevine authorizes a contract for EMS billing and collection services with two optional, one -year renewals through an Interlocal Cooperative Purchasing Agreement with the City of Plano, Texas. Section 3. That the City Manager or his designee is authorized to take all steps necessary to consummate the contract for these services. Section 4. That this resolution shall take effect from and after the date of its passage. PASSED AND APPROVED BY THE CITY COUNCIL OF THE CITY OF GRAPEVINE, TEXAS on this the 15th day of October, 2013. ATTEST: I Oj BILLING SERVICE AGREEMENT AGREEMENT made this 16 day of October in the year 2013 ( "Agreement ") between DIGITECH COMPUTER, INC. ( "DIGITECH") maintaining its principal place of business at 555 Pleasantville Road, Suite 11 ON, Briarcliff Manor, N.Y. 10510 and CITY OF GRAPEVINE ( "CLIENT ") maintaining its principal place of business at 200 S. Main, Grapevine, TX 76051. WITNESSETH. In consideration of the terms, covenants, and considerations herein contained, the parties agree as follows: I. SERVICES A. DIGITECH will provide CLIENT the services ( "Services ") specified in Sections I, II and III of Rider A — Description of Services, Fees and Client Responsibilities. 3—I N1 A. CLIENT agrees to compensate DIGITECH for the Services as described in Rider A, as applicable. B. All payments will be due within thirty (30) days of receipt of DIGITECH' S invoice. C. DIGITECH reserves the right to suspend or terminate the Services if any invoice remains unpaid for sixty (60) days from the date of invoice, unless DIGITECH receives reasonable documentation questioning the invoice within fifteen (15) days of the invoice date. In the event an invoice is disputed in good faith, CLIENT is entitled to withhold only that part of the invoice that is in dispute. D. In the event, that any invoice remains unpaid sixty (60) days from the invoice date, DIGITECH, at its option, may elect to terminate this contract upon forty - five (45) days prior notice to CLIENT. E. In the event that the Services are suspended in accordance with paragraphs C and/or D above, all undisputed outstanding invoices must be paid before the Services will be reactivated. Further, DIGITECH, at its option, may require prepayment for future Services as a condition of reactivating CLIENT'S account. Page 1 of 29 F. All of CLIENT'S contractual obligations as stated herein will remain in full force and effect throughout the suspension period. Specifically, CLIENT shall remain liable for all fees due DIGITECH as if this Agreement were not suspended, regardless of who performs the Services. The purpose of this clause is to prevent CLIENT from terminating this Agreement by not paying DIGITECH. DIGITECH will have no liability to CLIENT for damages of any type or nature arising from the suspension of Services under this Article II. G. In the event CLIENT does not renew this Agreement, DIGITECH shall require prepayment for Services to be rendered after DIGITECH'S receipt of CLIENT'S termination notice. � 1 A. DIGITECH acknowledges and agrees that any and all information and material supplied by CLIENT to DIGITECH hereunder shall remain the property of CLIENT. DIGITECH will not make copies of such information or material, except to the extent necessary to perform the Services under this Agreement. DIGITECH, its employees, agents, assigns, subcontractors and successors shall keep strictly confidential all information designated by CLIENT as "confidential." With regard to CLIENT'S Protected Health Information ( "PHI "), DIGITECH will perform the Services hereunder in accordance with the HIPAA Business Associate Agreement set forth in Rider B. B. CLIENT acknowledges and agrees that the software, and all other systems related to the provision of Services hereunder, are DIGITECH'S confidential proprietary information, and CLIENT agrees that it will disclose such material only to those of its employees and agents who have a need to know, that it will use such material only in connection with the Services hereunder, and that it will take all reasonable precautions to prevent the disclosure of such confidential information to, or use by, any other party. CLIENT acknowledges and agrees that all software developed by DIGITECH for CLIENT using CLIENT'S specifications, or DIGITECH'S specifications, or a combination of both, will remain DIGITECH'S confidential proprietary property, unless the parties have otherwise agreed in writing. C. CLIENT will not be obligated to provide DIGITECH with any information, which by law or its own policy, may not be provided to DIGITECH. Upon any termination of this Agreement, PHI will be treated as set forth in Rider B. D. Each party agrees that during the term of this Agreement, and for a period of one year thereafter, it shall not hire or retain, as an employee or otherwise, any Page 2 of 29 of the other party's employees, unless the parties have otherwise agreed in writing. IV. TERM, TERMINATION AND RENEWAL A. The initial term ( "Initial Term ") of this Agreement shall comprise the following: (i) a pre -go -live implementation period commencing with the date of this Agreement, which period may be extended for good faith reasons upon mutual agreement of the parties, ending with a go -live date on January 1, 2014, on which claim processing commences ( "Go -Live Date "); and (ii) a one (1) year claim processing period commencing with the Go -Live Date. DIGITECH will be entitled to its fees as described in Rider A for all transports conducted from the Go -Live Date through the end of the Initial Term. After the expiration/termination of this Agreement, DIGITECH shall be responsible for continuing to process collections for transports that occurred during the term of this Agreement for a period of up to sixty (60) days after the date of expiration/termination. B. At the end of the Initial Term, either party shall have the option to renew the agreement for 2 successive one -year renewal periods unless either party notifies the other party, in writing, at least ninety (90) days before the end of the then current term that it elects to cancel this Agreement. DIGITECH, at its option, may send a renewal notice to CLIENT sixty (60) days prior to the end of the then current term stipulating new pricing for the next renewal period. If CLIENT does not agree to the new pricing within thirty (30) days of the date of the renewal notice, then this Agreement shall be deemed terminated at the end of the then current term. C. Either party may, upon thirty (30) days written notice identifying specifically the basis for such notice, terminate this agreement for breach of a material term or condition of this Agreement, provided that the party in breach shall not have cured such breach, or taken substantial steps toward curing such breach, within the thirty (30) day period. This paragraph does not apply to nonpayment, which is addressed in paragraph II(D) above. D. Notwithstanding anything to the contrary in this Agreement, either party may immediately terminate this Agreement in the event: 1. The other party becomes insolvent, bankrupt, files a voluntary petition in bankruptcy, makes an assignment for the benefit of creditors, or consents to appointment of a trustee or receiver, or has an involuntary petition of bankruptcy filed against it: or 2. the legal authority of the other party to operate its facility or provide services as required hereunder is suspended or terminated; or Page 3 of 29 3. a party hereto is excluded from participation in any state and/or federal health care program. V. INDEMNITY AND LIABILITY A. Each party shall indemnify, defend and save the other, and its agents, employees and subcontractors ( "Indemnified Parties ") harmless from (i) any and all claims against the Indemnified Parties of whatever nature, arising from any act, omission, misrepresentation, fraud, violation of any law, breach of confidentiality, breach of Rider B, intellectual property violation, or any willful, wanton, reckless, or grossly negligent act committed by the defaulting party, or its agents, employees and subcontractors, and (ii) any breach, violation or non - performance of any covenant or condition in this Agreement, including nonpayment. This indemnity and hold harmless agreement shall include indemnity from and against any and all liability, fines, suits, demands, arbitration fees, costs and expenses of any kind or nature (including reasonable attorney's fees) incurred in connection with any covered claim or proceeding, including the defense of this Agreement. Notwithstanding the foregoing, the parties liability shall be limited as set forth below in paragraphs V(B) through (H). B. To the extent permitted by law, DIGITECH'S liability shall be limited to amounts paid by DIGITECH'S errors and omissions insurance policy, excluding any applicable deductible or retention under that policy, for which DIGITECH shall remain liable. DIGITECH agrees to maintain no less than $2,000,000 in errors and omissions insurance for the duration of this Agreement. Further, in no event shall either party be liable to the other for any loss in profits, or for any special, incidental, indirect, consequential or other similar damages suffered in whole, or in part, in connection with this Agreement, even if a parry or its agents have been advised of the possibility of such damages. Further, in no event shall either party be liable for any delay or failure of performance that is due to causes or conditions beyond that party's reasonable control (this clause does not apply to CLIENT'S payment obligations). C. Both DIGITECH and CLIENT are independent contractors. Neither party, by virtue of this Agreement, assumes any liability for any debts or obligations of either a financial or legal nature incurred by the other party. D. CLIENT specifically agrees that it is solely responsible to repay any overpayments, denials, recoupments and /or offsets, including interest, penalties and other fees, sought, demanded or initiated by any governmental or commercial carrier, payer or insurer in the event it is determined that CLIENT is not entitled to payment for its services rendered, or if any such Page 4 of 29 carrier, payer or insurer determines that CLIENT has been paid any amounts in excess of what is otherwise due and payable under the terms of the applicable governmental or commercial benefit program or insurance policy. In no event will DIGITECH' S liability regarding any such bill or claim exceed the fee paid to DIGITECH to process such item, except this limitation of liability shall not apply to any claims or liability that may arise out of misrepresentation, fraud, or violation of any law, or any willful, wanton, or reckless conduct by DIGITECH. E. DIGITECH will not be liable in the event of a recoupment caused by a change in federal or state regulations, or a change in the interpretation of federal or state regulations, or if DIGITECH is directed by the CLIENT to bill against DIGITECH' S advice and an audit determines that the item/trip should not have been billed. CLIENT will not be entitled to any refund or credit of any fee paid to DIGITECH, and DIGITECH will have no liability whatsoever in the event of such recoupment, except where DIGITECH failed to conduct sufficient due diligence to remain current on any changes to, or the interpretation of, applicable regulations. F. In the event that an internal or external audit of paid claims determines that there was an overpayment for which DIGITECH collected a fee based on claims given an incorrect level of service and/or inaccurate rates, DIGITECH will issue a credit to CLIENT for an amount equal to the DIGITECH fee earned on the amount overpaid and returned. The credit will be capped at the amount of the fee paid to DIGITECH for each adjusted claim. G. In the event that the CLIENT receives a duplicate payment or overpayment and must refund the payer (e.g., the insurance company paid the same invoice twice, or the insurance company and patient paid the same claim, or two different insurance companies paid the same claim), DIGITECH will give the CLIENT a credit in an amount equal to the portion of DIGITECH'S fee that applies to the duplicate payment or overpayment. H. CLIENT acknowledges that DIGITECH is not a guarantor of collection, and that it shall not be responsible for any uncollected bills. CLIENT may subcontract with any third party collection agency to follow up regarding accounts that DIGITECH deems uncollectible after attempting to collect pursuant to the terms of this Agreement and Rider A. VI. EXCLUSIVITY A. CLIENT agrees that all billing Services outlined herein will be performed by DIGITECH exclusively during the term of this Agreement. Page 5 of 29 VII. COMPLIANCE A. DIGITECH warrants and represents that it maintains adherence to the Office of Inspector General of the Department of Health and Human Services Compliance Program Guidance for billing companies as published in the Federal Register. B. DIGITECH agrees to comply with all applicable federal and state laws, including "anti- kickback," "excessive charges," and other regulations relevant to this Agreement. C. CLIENT represents and warrants that it is not excluded from participation in any state and/or federal health care programs. CLIENT further agrees to notify DIGITECH within five (5) business days of CLIENT'S discovery that it is the subject of any actions, investigations or other proceedings that could lead to its exclusion from any state and /or federal health care programs. D. CLIENT represents and warrants that it is permitted by law to charge a fee and /or otherwise bill and be paid for its services, and that all fees and charges of CLIENT are solely determined by CLIENT, and are consistent with CLIENT'S legal obligations under any local, state and/or federal laws. E. CLIENT represents and warrants that it shall submit only truthful and accurate facts and documentation to DIGITECH for billing purposes. CLIENT is hereby advised that DIGITECH shall rely upon the documentation and factual representations made to it by CLIENT regarding the eligibility of the services rendered for payment according to applicable reimbursement laws, rules or policies. 1i/ I IJIIWKURt11 A. DIGITECH shall maintain, at its expense, at minimum, the following insurance coverage during the term of this Agreement: 1. Comprehensive General Liability. Comprehensive General Liability Insurance, including Premises and Operations, Contractual Liability, Independent Contractor's Liability, and Broad Form Property Damage Liability coverage: a) General Aggregate $2,000,000 Products and Completed Operations $2,000,000 Personal and Advertising $1,000,000 Each Occurrence $1,000,000 Medical Expense any one Person $5,000 Page 6 of 29 2. DIGITECH also shall maintain errors and omissions insurance coverage in an amount not less than $2,000,000. Prior to the execution of this Agreement, DIGITECH shall provide proof of such coverage to CLIENT. IX. SALES TAX A. CLIENT agrees to reimburse DIGITECH for any and all sales tax liabilities that may arise as a result of this Agreement. X. NOTICES A. All notices or other communications required or contemplated herein shall be in writing, sent by certified mail return- receipt- requested, overnight delivery, or personal delivery, addressed to the party at the address indicated below, or as same may be changed from time to time by notice similarly given. Notices shall be deemed given three (3) business days after mailing, if by certified mail, the next business day, if by overnight delivery, or, if hand delivered, on the date of such delivery. If to DIGITECH: Mr. Mark Schiowitz President DIGITECH COMPUTER, INC. 555 Pleasantville Road, Ste 110N Briarcliff Manor, NY 10510 If to CLIENT: City of Grapevine Karen L. Walker, Controller 200 S. Main Grapevine, TX 76051 A. Purchases will be made as required and in accordance with an Interlocal Cooperative Purchasing Agreement with the City of Plano, Texas as allowed by the Interlocal Cooperation Act, Texas Government Code, Chapter 791 and Texas Local Government Code, Section 27 1. 101 and 271.102. The parties are Page 7 of 29 entering into an Inter -local agreement under the Plano Contract 2011 -36 -C extending the same terms and conditions, except for: 1. Plano Contract Section I — Scope of Services. The items listed on page 19 -A of DIGITECH' S Plano Proposal (Accounting Staff and On- Going Training). This Plano agreement provision will not apply to this agreement. 2. Plano Contract Section II — Term of Agreement. This provision shall be modified to allow all contract renewals to be mutual. 3. Plano Contract Section IV — Performance Measurers, Monthly Reports & Meetings. a) Maintain an average billing system uptime percentage rate of 99.9 %. This Plano agreement provision shall not apply to this agreement. b) DIGITECH shall maintain an error rate for CMS overbilling and under billing of less than or equal to 1% per the results of both the biennial claim audits noted herein. This Plano agreement provision shall not apply to this agreement. 4. Plano Contract Section V — Billing and Audit Standards a) DIGITECH shall review a sampling of CITY's EMS documentation and provide one on -site training session for field staff that will be recorded for use by CITY to train other internal field personnel. DIGITECH shall provide report to CITY of specific findings after review including necessary improvements. This Plano agreement provision shall not apply to this agreement. b) Independent 3rd Party Biennial Claim Audit of Plano (CLIENT) Claims. This Plano agreement provision shall not apply to this agreement. 5. Plano Contract Section VI — Additional Compliance Plan and Review. a) Compliance Program Development and Implementation for The City of Plano (CLIENT) EMS Department ( "Compliance Plan "). This Plano agreement provision shall not apply to this agreement. b) Independent 3rd Party Annual Review of the Compliance Plan. This Plano agreement provision shall not apply to this agreement. 6. Plano Best and Final Offer #3, Dated June 22, 2011, from Glenna Hayes and DIGITECH'S response thereto. a) The selected vendor shall pay all associated costs for two City of Plano (CLIENT) employees to receive ambulance bill coding certification by an industry recognized institution and will maintain all certifications for the term of the contract. This Plano agreement provision shall not apply to this agreement. Page 8 of 29 b) The selected vendor shall facilitate the biennial evaluation of the City's electronic patient care reporting software and make recommendations to ensure the system functions in a manner that meets or exceeds industry standards and "best practices ", operates efficiently and effectively, and maximizes revenue collections for the City. The initial evaluation shall take place within the first 18 months of the contract, at a mutually agreed upon date. This Plano agreement provision shall not apply to this agreement. III. MODIFICATION; GOVERNING LAW; ARBITRATION; ENTIRE AGREEMENT; FURTHER ASSURANCES; SEVERABILITY; WAIVER; AUTHORITY; SUCCESSORS AND ASSIGNS A. No provision of this Agreement shall be deemed waived, amended or modified by either party unless such waiver, amendment or modification is in writing and signed by the party against whom enforcement is sought. B. This Agreement shall be governed by the laws of the State of Texas without regard to the principles of conflicts of laws. C. This Agreement, including the attached rider(s) and exhibit(s), contains the entire agreement between the parties relating to this transaction and supersedes all previous understandings and agreements between the parties relating to this subject matter. Each party acknowledges that it has not relied on any representation, warranty, or other assurance made by, or on behalf of, the other party, except as expressly set forth herein. D. From time to time, each party will execute and deliver such further instruments, and will take such other action as the other party may reasonably request, in order to discharge and perform its respective obligations and agreements hereunder. E. Any provision of this Agreement prohibited by applicable law will be ineffective to the extent of such prohibition without invalidating the remaining provisions hereof. F. The failure of either party to require strict performance of any provision will not diminish that party's right thereafter to require strict performance of any provision. G. The signatories below have the authority to sign on behalf of the respective parties. Page 9 of 29 H. This Agreement shall be binding on, and will inure to the benefit of, the parties hereto and their respective successors and assigns. IN WITNESS WHEREOF, the parties hereto have executed this Agreement on the day and year first above written. COMPUTER, CITY OF GRAPEVINE DIGITECH By: By:_ Name: Name: Title: Title: Date: Date: Page 10 of 29 RIDER A DESCRIPTION OF SERVICES, FEES AND CLIENT RESPONSIBILITIES This Rider is a part of the Agreement between DIGITECH and CLIENT dated October 16, 2013. I. BILLING SERVICES A. DIGITECH shall provide the following billing and collection services which are contingent upon CLIENT fulfilling the responsibilities outlined in Rider A, Section IX below: DIGITECH shall perform Patient Care Report ( "PCR ") processing including: a) Review client prepared PCR'S for content, level of service and diagnosis; b) Procedure Coding; and c) Eligibility and Insurance Research and Verification. 2. DIGITECH shall perform billing as follows: a) Electronic Invoicing (1) Medicare; (2) Commercial Insurance; and (3) Medicaid (billed weekly). b) Paper Invoicing (1) CMS -1500 for Commercial Insurance; (2) Self -Pay; (3) Facility (where applicable); and (4) CMS -1500 for Medicaid (where applicable). A. DIGITECH will provide the following collection services covering the following types of providers: 1. Facility a) Submit a maximum of 3 invoices /notices, at 30 day intervals; and b) Make a maximum of 2 follow -up calls. 2. Patient or Self Pay a) Mail a maximum of 3 invoices /notices, at 30 day intervals; b) Make a maximum of 2 follow -up calls; and c) Recommend to CLIENT amounts to be placed in legal proceeding upon the earlier of DIGITECH' S determination that Page 11 of 29 the amount is uncollectible or 120 days from the first invoice date. 3. Insurance a) Submit a maximum of 3 invoices /notices, at 45 day intervals; b) Make a maximum of 3 follow -up calls; and c) File appeals upon notice of denial, where applicable. 4. Medicaid a) Process denials; b) Follow -up on pending claims; and c) Resubmissions. 5. Medicare a) Process denials; b) Follow -up on pending claims; and c) Resubmissions. B. Claims resolution and appeals C. Remittance Posting D. Resubmission of denials, pending and held items E. Interfacing with carriers on behalf of CLIENT F. All payments received by payers for CLIENT shall be deposited into one or more bank accounts controlled by CLIENT, pursuant to CLIENT'S written instructions. G. DIGITECH will interface with CLIENT'S collection agency as follows: 1. Create and download one collection file per month using the industry standard XML collection file format as described in Exhibit l; and 2. In the event CLIENT'S collection agency requires a format that differs from the industry standard XML format or requires more than one file submission per month, DIGITECH reserves the right to charge CLIENT additional fees as necessary. DIGITECH will not commence any such additional work without CLIENT'S approval. 3. DIGITECH reserves the right to withdraw claims from collections if payment is received within 10 business days of sending the claim to collections. Page 12 of 29 III. REPORTING SERVICES A. DIGITECH will grant CLIENT access to its billing services reporting system. Such reporting includes but is not limited to, Master Files, Receivable Tracking, Receivable Reporting, Financial Scorecard and System Reporting. B. DIGITECH shall send to CLIENT, via email, its standard monthly reporting package which shall include: 1. Accounting Reports a) Sales original, sales payer re- class, adjustments, cash and aged accounts receivable (accounts receivable roll forward for general ledger entry); and 2. Transport Reports a) Per Trip Data and Collection Percentages. A. DIGITECH will charge a fee for the Services described above as follows: CLIENT shall pay to DIGITECH a fee equal to 4.95% of monthly EMS billing collections. DIGITECH' S percentage fee for service covers claims with a date of service commencing on the go -live date of the contract. Unprocessed claims with dates of service that are 15 days prior to the go live date will be processed at 4.95% of monthly EMS collections. Unprocessed claims with dates of service that are greater than 15 days prior to the go live date will be processed for a fee of $30 per claim whether or not they are paid. DIGITECH shall provide one interface from DIGITECH'S EMS billing software to CLIENT'S existing ePCR vendor at no charge to CLIENT. Pricing is based on the accuracy of the transport and billing data provided by the CLIENT during the RFP process. Should the data provided to us prove to be in error, we reserve the right to exit the contract, provided DIGITCH gives CLIENT a 45 day notice of termination. Page 13 of 29 Note: DIGITECH' S fee does not include the processing of claims in which the CLIENT has a contractual obligation to transport and not bill, such as financial hardship cases and prisoner transports. In addition, DIGITECH' S fee does not cover non - ambulance transports such as ambulette, wheelchair, and medivan transports. See Rider A, Section VII — Fees /Other below. B. The fees are invoiced monthly approximately ten (10) days after the end of each month. C. The DIGITECH fees do not cover costs or additional fees associated with the placement of delinquent accounts with a third party collection agency. Any fees earned by third partly collection agencies from the collection or settlement of past due accounts placed with such agency shall be the responsibility of the CLIENT. V. FEES /TRAINING A. DIGITECH shall grant CLIENT an initial one (1) time training allotment of ten (10) hours. The initial training allotment shall expire three (3) months after the date of this Agreement. CLIENT training shall be billed at a rate of $125 per hour, per trainer, whether done in person or remotely via telephone or the Internet. Training includes menu navigation, report generation, claim input processing, and claim scanning. B. DIGITECH may require a work order prior to the provision of such services. i A. Time requested for special projects, including but not limited to, custom software development, non - standard report creation, data conversions and platform work will be billed at DIGITECH'S current hourly rate of $200 per hour, per programmer. B. DIGITECH may require a work order prior to the provision of such services. A. Fees for the processing and/or collection of claims not covered by this Agreement shall be negotiated on a case -by -case basis. Such claims may include, but are not limited to, claims with dates of service not covered by this Agreement, non - ambulance claims, and non - billable claims. Page 14 of 29 B. Time expended by DIGITECH, on behalf of CLIENT, to cover services not covered by this Agreement or tasks that fall under the responsibility of the CLIENT shall be billed at a rate of $50 per hour, per clerk. Such services include, but are not limited to, data entry, scanning and call taking/input. C. DIGITECH may require a work order prior to the provision of such services. CLIENT will reimburse DIGITECH for travel expenses (at cost). IX. CLIENT RESPONSIBILITIES A. CLIENT agrees to provide DIGITECH all information required to perform the Services. Furthermore, CLIENT agrees to deliver said information in one of the following two ways: Standard Data Entry Protocol CLIENT agrees to enter all transport data into the DIGITECH system within one (1) business day of transport. Such information includes, but is not limited to: a) Client Information; b) Date of Service; c) Level of Service; d) Transport "From" Address; e) Transport "To" Address; and f) Other Transport Information, as needed; g) Please refer to Exhibit 2 — PCR Requirements for Billing for additionally required fields. CLIENT shall scan PCRs into the DIGITECH system within one (1) business day of transport. CLIENT shall scan into the DIGITECH system all other required paperwork, including but not limited to, Medicare Assignment of Benefits Signature and Physicians Certification Statement ( "PCS ") forms for repetitive and non - repetitive transports, where applicable. CLIENT shall procure scanner(s) that are compatible with SecureDocs order to scan PCR' S and other required forms as stated above into DIGITECH'S system. Page 15 of 29 2. Automated Field Data Collection CLIENT'S ePCR vendor shall: a) Produce a daily billing file in the standard NEMSIS XML file format. The daily billing file will be one file containing all claims approved for billing since the last daily billing file; b) Include all data elements in the daily billing file required for billing. This includes, but is not limited to date of service, signature information (both a signature signal & image instructions), unique ID per transport, unique ID per transport agency. Please refer to Exhibit 2 — PCR Requirements for Billing for additionally required fields; c) Automatically push the daily billing files via SFTP to DIGITECH's FTP server; d) Mutual agree upon custom data elements with both CLIENT and DIGITECH for items such as treatments, supplies, etc. e) Allow DIGITECH employees to login to secure website to: (1) Manually produce a billing file based on the same billable claim criterion used to produce the daily billing file; (2) Easily look up transports by a unique ID, Date of Service and Patient Name; (3) View details of transport including additional documentation such as PCS, Hospital Face Sheet, etc. f) Provide a method for DIGITECH to produce a Reconciliation Report. The report will: (1) Be an Excel spreadsheet; (2) Include all billable claims for the specified date of service date range (3) Include columns for Unique Transport ID, Patient Name, Date of Service g) Work with DIGITECH to produce a seamless transport look up integration between DIGITECH's Ambulance Commander System and the ePCR System. h) CLIENT or CLIENT'S ePCR vendor shall pay all third party costs incurred to purchase, support, integrate and maintain the CLIENT'S field data collection system B. CLIENT agrees to provide copies of all remittances or electronic remittance files necessary for posting by DIGITECH within four (4) business days of receipt of remittance(s). DIGITECH requires the original, unaltered or "raw" electronic payer file that is produced by the payer. DIGITECH will not accept Page 16 of 29 files which have been modified by any non -payer party. DIGITECH will not accept paper remittances in lieu of electronic remittances. CLIENT agrees to pay charges incurred to convert a payer file back to its original, unaltered or "raw" state. C. In cases where DIGITECH has verified payment, but CLIENT cannot provide remittance advice, DIGITECH will provide such listing to CLIENT and CLIENT agrees to allow DIGITECH to apply such payments. CLIENT agrees that the application of such payments by DIGITECH will entitle DIGITECH to earn the fees described in Rider A, Section IV above. D. CLIENT agrees to pay for all fees associated with the establishment and maintenance of a cash receipt /check bank lock box. E. In the event CLIENT chooses not to use a bank lock box, CLIENT agrees to process bank deposits and provide scanned images of checks, remittance advice and correspondence to DIGITECH within four (4) business days of receipt. a) Paper checks & EOB's will be scanned to one PDF file per deposit date in succession (check followed by corresponding EOB) and transmitted to DIGITECH's server via secure FTP on a daily basis. Each PDF file will either: (1) Be named with the deposit date and deposit amount in the file name. for example, Dep20130516_5045.90.PDF, OR (2) Contain a cover sheet as page 1 of the PDF with the deposit date and amount of deposit b) Correspondence will be scanned to one PDF file per date received and transmitted to DIGITECH's server via secure FTP on a daily basis. F. CLIENT agrees to establish and maintain a broadband or high speed internet connection, with static IP address, from its place of business to the Internet. G. CLIENT agrees to complete and submit all Registration/Change of Information Applications with the insurance processors, including, but not limited to Medicare, Medicaid and Blue Cross Blue Shield. DIGITECH shall confirm receipt of applications and continue follow -up with insurance processors until final approval where possible. DIGITECH will inform CLIENT if the CLIENT'S intervention is required by processor. Page 17 of 29 H. CLIENT agrees to authorize DIGITECH to execute and submit all Registration/Change of Information Applications with the insurance processors, including, but not limited to Medicare, Medicaid and Blue Cross Blue Shield, where necessary. I. CLIENT agrees to pay for any enrollment or revalidation fees imposed by payers. J. Where applicable, CLIENT agrees to flag non - billable claims prior to submission to DIGITECH for procedure coding. K. Client agrees to email DIGITECH cash posting manager with EFT /ACH amounts deposited and deposit dates for each payer paying via EFT /ACH on a daily basis L. CLIENT will provide DIGITECH with Administrative Policy for allowing Client account write -offs, reductions, waivers and other payment arrangements /issues. A. In the event either party terminates under the provisions described in Agreement Section IV — Term, Termination and Renewal, DIGITECH and CLIENT agree to the following: DIGITECH will cease all processing including the collection services described in Rider A, Section II above, sixty (60) days from the last transport date covered by this Agreement. 2. CLIENT will provide DIGITECH with remittance advice or cash receipt data for a period of at least one hundred twenty (120) days from the last transport date covered by this Agreement. 3. Subsequent to termination, for a period not to exceed ninety (90) days, DIGITECH will provide client with its data in SQL format. SIGNATURES ON FOLLOWING PAGE Page 18 of 29 IN WITNESS WHEREOF, the parties hereto have executed this Rider on the day and year first above written on the Agreement. CITY OF GRAPEVINE DIGITECH COMPUTER, INC. By: Name: Title: Date: Page 19 of 29 Name: Title: Date: BUSINESS ASSOCIATE ADDENDUM THIS BUSINESS ASSOCIATE ADDENDUM ( "Addendum "), is made and entered into by and between CITY OF GRAPEVINE ( "Covered Entity ") and DIGITECH COMPUTER INC. ( "Business Associate "). This Addendum shall form a part of all agreements and other engagements as are currently in effect between the parties under which Protected Health Information ( "PHI ") (as defined in Article I of this Addendum) is provided, created or received by Business Associate from or on behalf of Covered Entity, and shall supersede and replace any business associate agreement or amendment previously entered into between Covered Entity and Business Associate in accordance with the requirements of HIPAA (as defined below) and /or the HITECH Act (as defined below). This Addendum is effective as of the effective date of the Billing Service Agreement (the "Effective Date "). WHEREAS, in connection with the performance of their respective obligations under the terms of the Billing Service Agreement, Covered Entity may disclose certain information to Business Associate, and Business Associate may use and/or disclose certain information, some of which may constitute PHI; and WHEREAS, Covered Entity and Business Associate intend to protect the privacy and provide for the security of PHI disclosed to, or created, utilized or disclosed by, Business Associate pursuant to the Billing Service Agreement in compliance with the Health Insurance Portability and Accountability Act of 1996, and its implementing regulations and guidance issued by the Secretary of the U.S. Department of Health and Human Services (the "Secretary "), all as amended from time to time ( "HIPAA "), as well as the requirements of the Health Information Technology for Economic and Clinical Health Act, as incorporated in the American Recovery and Reinvestment Act of 2009, and its implementing regulations and guidance issued by the Secretary, all as amended from time to time (the "HITECH Act "), and other applicable laws; NOW, THEREFORE, in consideration of the mutual agreements herein contained and for other good and valuable consideration, the receipt and adequacy of which are hereby acknowledged, the parties do hereby agree as follows: Article 1: Definitions 1.1 Definitions. For the purposes of this Addendum, the following defined terms shall have the following definitions. All capitalized terms used in this Addendum but not otherwise defined herein shall have the meaning given in HIPAA or the HITECH Act, as applicable. (a) "Breach" shall have the meaning given to such term under HIPAA and the HITECH Act, including, but not limited to, at § 13400(1) of the HITECH Act and 45 CFR § 164.402. Page 20 of 29 (b) "Data Aggregation" shall have the meaning given to such term under the Privacy Standards (as defined below), including, but not limited to, at 45 CFR § 164.501. (c) "Designated Record Set" shall have the meaning given to such term under the Privacy Standards, including, but not limited to, at 45 CFR § 164.501. (d) "Health Care Operations" shall have the meaning given to such term under the Privacy Standards, including, but not limited to, at 45 CFR § 164.501. (e) "Limited Data Set" shall have the meaning given to such term under the Privacy Standards, including, but not limited to, at 45 CFR § 164.514. (f) "Privacy Standards" shall mean the HIPAA Privacy Rule and HIPAA Security Rule codified at 45 CFR Parts 160, 162 and 164. (g) "Protected Health Information" or "PHI" shall have the meaning given to such term under HIPAA, the HITECH Act, and the Privacy Standards, including, but not limited to, at 45 CFR § 160.103. (h) "Unsecured Protected Health Information" shall have the meaning given to such term under HIPAA and the HITECH Act, including, but not limited to, at § 13402(h) of the HITECH Act and 45 CFR § 164.402. Article 2: Duties of Business Associate 2.1 Compliance with Privacy_ Provisions. Business Associate shall only use and disclose PHI in performance of its obligations under the Billing Service Agreement and as permitted or required by law. Business Associate agrees to be in compliance with each applicable requirement of 45 CFR § 164.504(e) and all requirements of the HITECH Act applicable to Business Associate. 2.2 Compliance with Security Provisions. Business Associate shall: (a) implement and maintain administrative safeguards as required by 45 CFR § 164.308, physical safeguards as required by 45 CFR § 164.310 and technical safeguards as required by 45 CFR § 164.312; (b) implement and document reasonable and appropriate policies and procedures as required by 45 CFR § 164.316; (c) use its best efforts to implement and maintain technologies and methodologies that render PHI unusable, unreadable or indecipherable to unauthorized individuals as specified in the HITECH Act; and (d) be in compliance with all requirements of the HITECH Act related to security and applicable to Business Associate. Page 21 of 29 2.3 Breach of Unsecured PHI. (a) With respect to any suspected or actual unauthorized acquisition, access, use or disclosure ( "Acquisition ") of Covered Entity's PHI by Business Associate, its agents or subcontractors, and/or any Acquisition of data in violation of any applicable federal or state law, Business Associate shall (i) investigate such Acquisition; (ii) determine whether such Acquisition constitutes a reportable Breach under HIPAA, the HITECH Act, and /or applicable federal or state law ; (iii) document and retain its findings under clauses (i) and (ii); and (iv) take any action pertaining to such Acquisition required by applicable federal or state law. (b) If Business Associate discovers that a Breach has occurred, Business Associate shall notify Covered Entity in writing without unreasonable delay and in no case later than two (2) days after discovery of the Breach. Business Associate's written notice shall include all available information required by 45 CFR § 164.410 and other applicable law. Business Associate's written report shall be promptly supplemented with any new or additional information. Business Associate agrees to cooperate with Covered Entity in meeting Covered Entity's obligations under the HITECH Act and other applicable law with respect to such Breach. Covered Entity shall have sole control over the timing and method of providing notification of such Breach to the affected individual(s) or others as required by the HITECH Act and other applicable law. 2.4 Permitted Uses of PHI. Satisfactory performance of its obligations under the Billing Service Agreement by Business Associate may require Business Associate to receive or use PHI obtained from Covered Entity, or created or received by Business Associate on behalf of Covered Entity; provided, however, that Business Associate shall not use PHI other than for the purpose of performing Business Associate's obligations under the Billing Service Agreement (including this Addendum), as permitted or required under the Billing Service Agreement (including this Addendum), or as required by law. Business Associate shall not use PHI in any manner that would constitute a violation of HIPAA if so used by Covered Entity. 2.5 Permitted Disclosures of PHI. Business Associate shall not disclose PHI other than for the purpose of performing Business Associate's obligations under the Billing Service Agreement (including this Addendum), as permitted or required under the Billing Service Agreement (including this Addendum), or as required by law. Business Associate shall not disclose PHI in any manner that would constitute a violation of HIPAA if so disclosed by Covered Entity. To the extent that Business Associate discloses PHI to a third party in carrying out its obligations under the Billing Service Agreement, Business Associate must obtain, prior to making any such disclosure, (i) reasonable assurances from such third party that such PHI will be held confidential as provided pursuant to this Addendum and only disclosed as required by law or for the purposes for which it Page 22 of 29 was disclosed to such third party, and (ii) an agreement from such third party to immediately notify Business Associate of any breaches of confidentiality of the PHI, to the extent the third party has obtained knowledge of such breach. 2.6 Minimum Necessary. Business Associate shall limit its use, disclosure or request of PHI to only the minimum necessary as required by law. 2.7 Retention of PHI. Unless otherwise specified in the Billing Service Agreement, Business Associate shall maintain and retain PHI for the term of the Billing Service Agreement, and make such PHI available to Covered Entity as set forth in this Addendum. 2.8 Safeguarding PHI. Business Associate shall use appropriate safeguards to prevent the use or disclosure of PHI other than as permitted by the Billing Service Agreement and this Addendum. Business Associate will appropriately safeguard electronic PHI in accordance with the standards specified at 45 CFR § 164.314(a). In particular, Business Associate will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of electronic PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. 2.9 Agents and Subcontractors. Business Associate shall ensure that any agents (including subcontractors) of Business Associate to whom Business Associate provides PHI received from Covered Entity, or PHI created or received by Business Associate on behalf of Covered Entity, agree in writing to the same restrictions and conditions that apply to Business Associate with respect to such PHI, including the requirement to implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of PHI. Business Associate shall implement appropriate sanctions against agents and subcontractors that violate such restrictions and conditions, including termination of the agency or subcontractor relationship, if feasible, and shall mitigate the effects of any such violations. 2.10 Reporting Unauthorized Use or Disclosure. Business Associate shall report in writing to Covered Entity any use or disclosure of PHI not provided for under the Billing Service Agreement or this Addendum as soon as possible after Business Associate becomes aware of such an incident but in no case later than (2) days after the date on which Business Associate becomes aware of any such incident. Business Associate shall take (i) prompt corrective action to cure any deficiencies that caused the unauthorized use or disclosure, and (ii) any corrective action required by applicable federal and state law. 2.11 Access to Information. Within five (5) days of Covered Entity's request, Business Associate shall provide Covered Entity with access to Covered Entity's PHI maintained by Business Associate or its agents or subcontractors to enable Covered Entity to fulfill its obligations under the Privacy Standards, including, Page 23 of 29 but not limited to, 45 CFR § 164.524. 2.12 Availability of PHI for Amendment. The parties acknowledge that the Privacy Standards permit an individual who is the subject of PHI to request certain amendments of their records. Upon Covered Entity's request for an amendment of PHI or a record about an individual contained in a Designated Record Set, but not later than five (5) days after receipt of such request, Business Associate and its agents or subcontractors shall make such PHI available to Covered Entity for amendment and incorporate any such amendment to enable Covered Entity to fulfill its obligations under the Privacy Standards, including, but not limited to, 45 CFR § 164.526. If any individual requests an amendment of PHI directly from Business Associate or its agents or subcontractors, Business Associate must notify Covered Entity in writing within five (5) days of the request. Covered Entity has the sole authority to deny a request for amendment of PHI received or created under the terms of the Billing Service Agreement and maintained by Business Associate or its agents or subcontractors. 2.13 Accounting of Disclosures. Upon Covered Entity's request, Business Associate, its agents and subcontractors shall make available the information required to provide an accounting of disclosures to enable Covered Entity to fulfill its obligations under the Privacy Standards, including, but not limited to, 45 CFR § 164.528. For this purpose, Business Associate shall retain a record of disclosure of PHI for at least six (6) years from the date of disclosure. Business Associate agrees to implement a process that allows for an accounting to be collected and maintained by Business Associate and its agents or subcontractors for at least six (6) years prior to the request, but not before the effective date of the Billing Service Agreement. At a minimum, such information shall include: (i) the date of disclosure; (ii) the name of the entity or person who received PHI and, if known, the address of the entity or person; (iii) a brief description of PHI disclosed; and (iv) a brief statement of the purpose of the disclosure that reasonably informs the individual of the basis for the disclosure, or a copy of the individual's authorization, or a copy of the written request for disclosure. Where a request for an accounting is delivered directly to Business Associate or its agents or subcontractors, Business Associate shall within five (5) days of a request forward it to Covered Entity in writing. It shall be Covered Entity's responsibility to prepare and deliver any such reply to the requested accounting. 2.14 Agreement to Restriction on Disclosure. If Covered Entity is required to comply with a restriction on the disclosure of PHI pursuant to § 13405 of the HITECH Act, then Covered Entity shall provide written notice to Business Associate of the name of the individual requesting the restriction and the PHI affected thereby. Business Associate shall, upon receipt of such notification, not disclose the identified PHI to any health plan for the purposes of carrying out Payment or Health Care Operations, except as otherwise required by law. 2.15 Accounting of Disclosures of Electronic Health Records ( "EHR"). If Business Page 24 of 29 Associate is deemed to use or maintain an EHR on behalf of Covered Entity, then Business Associate shall maintain an accounting of any disclosures made through an EHR for Treatment, Payment and Health Care Operations, as required by law. Upon request by Covered Entity, Business Associate shall provide such accounting to Covered Entity in the time and manner specified by law. Alternatively, if Covered Entity responds to an individual's request for an accounting of disclosures made through an EHR by providing the requesting individual with a list of all business associates acting on behalf of Covered Entity, then Business Associate shall provide such accounting directly to the requesting individual in the time and manner specified by the HITECH Act. 2.16 Access to Electronic Health Records. If Business Associate is deemed to use or maintain an EHR on behalf of Covered Entity with respect to PHI, then, to the extent an individual has the right to request a copy of the PHI maintained in such EHR pursuant to 45 CFR § 164.524 and makes such a request to Business Associate, Business Associate shall provide such individual with a copy of the PHI in the EHR in an electronic format and, if the individual so chooses, transmit such copy directly to an entity or person designated by the individual. Business Associate may charge a fee, not to exceed Contractor's labor costs to respond, to the individual for providing the copy of the PHI. The provisions of 45 CFR § 164.524, including the exceptions to the requirement to provide a copy of PHI, shall otherwise apply and Business Associate shall comply therewith as if Business Associate were Covered Entity. At Covered Entity's request, Business Associate shall provide Covered Entity with a copy of an individual's PHI maintained in an EHR in an electronic format and in a time and manner designated by Covered Entity in order for Covered Entity to comply with 45 CFR § 164.524, as amended by the HITECH Act. 2.17 Remuneration for PHI. Business Associate agrees that it shall not, directly or indirectly, receive remuneration in exchange for any PHI of Covered Entity except as otherwise permitted by law. 2.18 Limitations on Use of PHI for Marketing Purposes. Business Associate shall not use or disclose PHI for the purpose of making a communication about a product or service that encourages recipients of the communication to purchase or use the product or service, unless such communication: (a) complies with the requirements of subparagraph (i), (ii) or (iii) of paragraph (1) of the definition of marketing contained in 45 CFR § 164.501, and (b) complies with the requirements of subparagraphs (A), (B) or (C) of § 13406(a)(2) of the HITECH Act. Covered Entity shall cooperate with Business Associate to determine if the foregoing requirements are met with respect to any such marketing communication. 2.19 Governmental Access to Books and Records. For purposes of determining Covered Entity's compliance with the HIPAA, Business Associate agrees to make available to the Secretary its internal practices, books, and records relating to the Page 25 of 29 use and disclosure of PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. 2.20 Data Ownership. Business Associate acknowledges that Business Associate has no ownership rights with respect to the PHI. 2.21 Insurance. Business Associate shall maintain commercial general liability insurance, with commercially reasonable liability limits, that includes coverage for damage to persons or property arising from any breach of the terms of this Addendum. 2.22 Audits, Inspection and Enforcement. Within ten (10) days of a written request by Covered Entity, Business Associate and its agents or subcontractors shall allow Covered Entity to conduct a reasonable inspection of the facilities, systems, books, records, agreements, policies and procedures relating to the use or disclosure of PHI pursuant to this Addendum for the purpose of determining whether Business Associate has complied with this Addendum; provided, however, that (i) Business Associate and Covered Entity shall mutually agree in advance upon the scope, timing and location of such an inspection; (ii) Covered Entity shall protect the confidentiality of all confidential and proprietary information of Business Associate to which Covered Entity has access during the course of such inspection; and (iii) Covered Entity shall execute a nondisclosure agreement, upon terms mutually agreed upon by the parties, if requested by Business Associate. Covered Entity and its authorized agents or contractors, may, at Covered Entity's expense, examine Business Associate's facilities, systems, procedures and records as may be necessary for such agents or contractors to certify to Covered Entity the extent to which Business Associate's security safeguards comply with HIPAA, the HITECH Act or this Addendum, to the extent that Covered Entity determines that such examination is necessary to comply with Covered Entity's legal obligations pursuant to HIPAA or the HITECH Act relating to certification of its security practices. The fact that Covered Entity inspects, or fails to inspect, or has the right to inspect, Business Associate's facilities, systems, books, records, agreements, policies and procedures does not relieve Business Associate of its responsibility to comply with this Addendum, nor does Covered Entity's (i) failure to detect or (ii) detection, but failure to notify Business Associate or require Business Associate's remediation of any unsatisfactory practices, constitute acceptance of such practices or a waiver of Covered Entity's enforcement rights under the Billing Service Agreement or this Addendum. 2.23 Return of PHI at Termination. Upon termination of the Billing Service Agreement, Business Associate shall, where feasible, destroy or return to Covered Entity all PHI received from Covered Entity, or created or received by Business Associate or its agents or subcontractors on behalf of Covered Entity. Where return or destruction is not feasible, the duties of Business Associate under this Addendum shall be extended to protect the PHI retained by Business Associate. Page 26 of 29 Business Associate agrees not to further use or disclose information for which the return or destruction is infeasible. Business Associate shall certify in writing the destruction of the PHI and to the continued protection of PHI that is not feasible to destroy. 2.24 Retention of PHI. Business Associate and its contractors or agents shall retain communications and documents required to be maintained by HIPAA for six (6) years after termination of the Billing Service Agreement. Article 3: Duties of Covered Entity 3.1 Using Appropriate Safeguards. Covered Entity shall be responsible for using appropriate safeguards to maintain and ensure the confidentiality, privacy and security of PHI transmitted to Business Associate pursuant to the Billing Service Agreement, in accordance with the standards and requirements of HIPAA. Article 4: Term and Termination 4.1 Term. The provisions of this Addendum shall become effective on the Effective Date and shall continue in effect until all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy the PHI, protections are extended to such information in accordance with the termination provisions in Section 4.2 of this Addendum. 4.2 Termination by Covered Entity. (a) A breach by Business Associate of any material provision of this Addendum, as determined by Covered Entity, shall constitute a material breach of the Billing Service Agreement and shall provide grounds for immediate termination of the Billing Service Agreement by Covered Entity. (b) If Covered Entity knows of a pattern of activity or practice of Business Associate that constitutes a material breach or violation of Business Associate's obligations under the provisions of this Addendum or another arrangement and does not terminate the Billing Service Agreement pursuant to Section 4.2(a) of this Addendum, then Business Associate shall take reasonable steps to cure such breach or end such violation, as applicable. If Business Associate's efforts to cure such breach or end such violation are unsuccessful, Covered Entity shall either (i) terminate the Billing Service Agreement, if feasible or (ii) if termination of the Billing Service Agreement is not feasible, Covered Entity shall report Business Associate's breach or violation to the Secretary. 4.3 Termination by Business Associate. If Business Associate knows of a pattern of activity or practice of Covered Entity that constitutes a material breach or Page 27 of 29 violation of Covered Entity's obligations under the Billing Service Agreement or this Addendum, then Business Associate shall immediately notify Covered Entity. With respect to such breach or violation, Business Associate shall (i) take reasonable steps to cure such breach or end such violation, if possible; or (ii) if such steps are either not possible or are unsuccessful, upon written notice to Covered Entity, terminate the Billing Service Agreement; or (iii) if such termination is not feasible, report Covered Entity's breach or violation to the Secretary. 4.4 Termination by Either Party. Either party may terminate the Billing Service Agreement, effective immediately, if (i) the other party is named as a defendant in a criminal proceeding for a violation of HIPAA, the HITECH Act or other security or privacy laws, or (ii) a finding or stipulation that the other party has violated any standard or requirement of HIPAA, the HITECH Act or other security or privacy laws is made in any administrative or civil proceeding in which the party has been joined. Article 5: Miscellaneous 5.1 Acknowledgment. Business Associate recognizes and agrees that it is obligated by law to comply with the applicable provisions of the HITECH Act. 5.2 Change in Law. The parties agree to promptly enter into negotiations concerning the terms of the Billing Service Agreement (including this Addendum), and to negotiate in good faith, if, in either party's business judgment, modification of the Billing Service Agreement (including this Addendum) becomes necessary due to legislative, regulatory, or judicial developments regarding HIPAA or the HITECH Act. Covered Entity may terminate the Billing Service Agreement upon thirty (30) days written notice in the event (i) Business Associate does not promptly enter into negotiations to amend the Billing Service Agreement when requested by Covered Entity pursuant to this § 5.2, or (ii) Business Associate does not enter into an amendment to the Billing Service Agreement providing assurances regarding the safeguarding of PHI that Covered Entity, in its sole discretion, deems sufficient to satisfy the standards and requirements of HIPAA and the HITECH Act. 5.3 Disclaimer. Covered Entity makes no warranty or representation that compliance by Business Associate with HIPAA, the HITECH Act or this Addendum will be adequate or satisfactory for Business Associate's own purposes. Business Associate is solely responsible for all decisions made by Business Associate regarding the safeguarding of PHI. 5.4 Assistance in Litigation or Administrative Proceedings. Business Associate shall make itself, and any subcontractors, employees or agents assisting Business Associate in the performance of its obligations under the Billing Service Agreement or this Addendum, available to Covered Entity, at no cost to Covered Entity, to testify as witness, or otherwise, in the event of litigation or Page 28 of 29 administrative proceedings being commenced against Covered Entity, its members /shareholders, managers /directors, officers or employees based upon a claimed violation of HIPAA or the HITECH Act or other laws relating to security and privacy, except where Business Associate, or its subcontractor, employee or agent is a named adverse party. 5.5 No Third -Party Beneficiaries. Nothing express or implied in this Addendum is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity, Business Associate and their respective successors or assigns, any rights, remedies, obligations or liabilities whatsoever. 5.6 Interpretation. Section titles in this Addendum are for convenience only, and shall not be used in interpreting this Addendum. Any ambiguity in this Addendum shall be resolved to permit the parties to comply with the requirements of HIPAA and the HITECH Act. In the event of conflict between the Billing Service Agreement and this Addendum, the provisions of this Addendum shall prevail. Any reference in this Addendum to a section in the Standards for Privacy of Individually Identifiable Health Information at 45 CFR part 160 and part 164, subparts A and E, the Security Standards for the Protection of Electronic Protected Health Information at 45 CFR part 164, subpart C, or the HITECH Act means the section as in effect or as amended. IN WITNESS WHEREOF, the parties hereto have executed this Rider on the day and year first above written on the Billing Service Agreement. CITY OF GRAPEVINE DIGITECH COMPUTER, INC. By: By: Name: Name: Title: Date: Page 29 of 29 Title: Date: