The URL can be used to link to this page

Home My WebLink AboutVIII-08 Approve Business Service Agreement with Digitech Computer LLC for Ambulance & EMS Billing ServicesCity of Hastings  101 Fourth Street East  Hastings, MN 55033-1944  Phone: 651-480-2350  www.hastingsmn.gov City Council Memorandum To: Mayor Fasbender & City Council Members From: John Townsend, Fire Chief Date: March 24, 2023 Item: Approve Agreement with Digitech Computer LLC Council Action Requested: Council is asked to approve agreement with Digitech Computer LLC for ambulance/EMS billing services. Background Information: The department is terminating our current ambulance/EMS billing service agreement with Expert T Billing and transitioning this service with Digitech. This change is to improve customer service and internal efficiencies. Financial Impact: N/A Advisory Commission Discussion: N/A Council Committee Discussion: N/A Attachments: Billing Service Agreement VIII-08 1 BILLING SERVICE AGREEMENT This BILLING SERVICE AGREEMENT, dated April 3, 2023 (“Agreement”) between DIGITECH COMPUTER LLC ("DIGITECH") maintaining its principal place of business at 480 Bedford Road, building 600, 2nd floor, Chappaqua, NY 10514 and CITY OF HASTINGS (“CLIENT”) maintaining its principal place of business at 101 4th Street East, Hastings, MN 55033. W I T N E S S E T H: The parties hereby agree as follows: I. SERVICES A. DIGITECH will provide CLIENT the services (“Services”) specified in Sections I, II and III of Rider A. II. PAYMENT A. CLIENT agrees to compensate DIGITECH for the Services as described in Rider A, as applicable. B. DIGITECH shall invoice CLIENT based upon the invoicing information provided by CLIENT in Rider A-1. C. All payments will be due within thirty (30) days of receipt of DIGITECH’s invoice. D. In the event an invoice is disputed in good faith, CLIENT is entitled to withhold only that part of the invoice that is in dispute. If an invoice is in dispute, the parties agree to consult in good faith to resolve any disputes regarding the invoice. E. If the uncontested invoice or uncontested portion of an invoice remains unpaid sixty (60) days from the invoice date, DIGITECH, at its option, may elect to suspend its Services under this Agreement upon fifteen (15) days prior written notice to CLIENT or terminate this contract upon forty- five (45) days prior written notice to CLIENT. III. CONFIDENTIALITY A. With regard to CLIENT’s Protected Health Information (“PHI”), DIGITECH will perform the Services hereunder in accordance with the HIPAA Business Associate Agreement set forth in Rider B and applicable law. B. DIGITECH acknowledges and agrees that any and all information and material supplied by CLIENT to DIGITECH hereunder shall remain the property of CLIENT. DIGITECH will not make copies of such information or material, except to the extent necessary to perform the Services under this Agreement. DIGITECH, its employees, agents, assigns, subcontractors and successors shall keep strictly confidential all VIII-08 2 information designated by CLIENT as “confidential”. C. CLIENT acknowledges and agrees that the software, and all other systems and documentation, including training materials, related to the provision of Services hereunder, are DIGITECH's confidential proprietary information, and CLIENT agrees that it will disclose such material only to those of its employees and agents who have a need to know, that it will use such material only in connection with the Services hereunder, and that it will take all reasonable precautions to prevent the disclosure of such confidential information to, or use by, any other party. CLIENT acknowledges and agrees that all software and documentation developed by DIGITECH for CLIENT using CLIENT's specifications, or DIGITECH's specifications, or a combination of both, will remain DIGITECH's confidential proprietary property, unless the parties have otherwise agreed in writing. D. CLIENT will not be obligated to provide DIGITECH with any information, which by law or its own policy may not be provided to DIGITECH. Upon any termination of this Agreement, PHI will be treated as set forth in Rider B and applicable law. E. Each party agrees that during the term of this Agreement, and for a period of one year thereafter, it shall not hire or retain, as an employee or otherwise, any of the other party’s employees, unless the parties have otherwise agreed in writing. IV. TERM, TERMINATION AND RENEWAL A. The initial term (“Initial Term”) of this Agreement shall comprise the following: (i) a pre-go-live implementation period commencing with the date of this Agreement, which period may be extended for good faith reasons upon mutual agreement of the parties, ending with a go-live date, on which billable incident processing commences (“Go-Live Date”); and (ii) a three (3) year billable incident processing period commencing with the Go-Live Date. DIGITECH will be entitled to its fees as described in Rider A for all collections for transports with dates of service from the Go-Live Date through those transports with dates of service prior to the end of the Initial Term. B. Provided that this Agreement has not been terminated, at the end of the Initial Term, this contract will automatically renew for successive one-year renewal periods unless either party notifies the other party, in writing, at least ninety (90) days before the end of the then current term that it elects to cancel this Agreement. DIGITECH, at its option, may send a renewal notice to CLIENT one hundred and twenty (120) days prior to the end of the then current term stipulating new pricing for the next renewal period. If CLIENT does not agree in writing to the new pricing within thirty (30) days of the date of the renewal notice, then this Agreement shall be deemed terminated at the end of the then current term. VIII-08 3 C. Except as otherwise provided in the Business Associate Agreement regarding a basis for termination for violation of the obligations of the Business Associate Agreement, either party may, upon thirty (30) days written notice, via certified mail, identifying specifically the basis for such notice, terminate this agreement for breach of a material term or condition of this Agreement, provided that the party in breach shall not have cured such breach, or taken substantial steps toward curing such breach, within the thirty (30) day period of being notified in writing, via certified mail, of the breach. This paragraph does not apply to nonpayment, which is addressed in paragraph II (E) above. D. Notwithstanding anything to the contrary in this Agreement, either party may immediately terminate this Agreement upon five (5) days prior written notice in the event: 1. The other party becomes insolvent, bankrupt, files a voluntary petition in bankruptcy, makes an assignment for the benefit of creditors, or consents to appointment of a trustee or receiver, or has an involuntary petition of bankruptcy filed against it: or 2. The legal authority of the other party to operate its facility or provide services as required hereunder is suspended or terminated; or 3. A party hereto is excluded from participation in any state and/or federal health care program; or 4. The Business Associate Agreement between DIGITECH and CLIENT is terminated. E. Upon the expiration (by non-renewal or otherwise) or termination of this Agreement, the parties shall proceed in accordance with Section XI – Transition Following Termination or Expiration below. F. Either party may terminate this Agreement, without cause, with 120 days prior written notice. G. If CLIENT terminates early, CLIENT shall reimburse DIGITECH for the unamortized cost of any hardware purchased by DIGITECH for CLIENT. V. INDEMNITY AND LIABILITY A. Each party to this Agreement shall indemnify and hold harmless the other party and its agents, employees and subcontractors (“Indemnified Party”) from and against losses, liability, fines, suits, demands, arbitration fees, damages and VIII-08 4 expenses (including reasonable attorney’s fees) due to claims made by third parties against an Indemnified Party arising from any act, omission, misrepresentation, fraud, violation of any law, breach of confidentiality, breach of the Business Associate Agreement, intellectual property violation, or any willful, wanton, reckless, or grossly negligent act committed by the defaulting party, or its agents, employees and subcontractors. Notwithstanding the foregoing, the defaulting party’s liability shall be limited as set forth below in paragraphs V(B) through (I). B. To the extent permitted by law, DIGITECH’s liability shall be limited to amounts paid by DIGITECH’s errors and omissions insurance policy, excluding any applicable deductible or retention under that policy, for which DIGITECH shall remain liable. DIGITECH agrees to maintain no less than $3,000,000 in errors and omissions insurance covering the performance of its duties set forth herein for the duration of this Agreement. Except as covered by insurance, in no event shall either party be liable to the other for any loss in profits, or for any special, incidental, indirect, consequential or other similar damages (but excluding penalties and fines) suffered in whole, or in part, in connection with this Agreement, even if a party or its agents have been advised of the possibility of such damages. Except as covered by insurance, in no event shall either party be liable for any delay or failure of performance that is due to causes or conditions beyond that party’s reasonable control (this clause does not apply to CLIENT’s payment obligations). C. Both DIGITECH and CLIENT are independent contractors. Neither party, by virtue of this Agreement, assumes any liability for any debts or obligations of either a financial or legal nature incurred by the other party, except as set forth herein. D. CLIENT specifically agrees that it is responsible to repay any overpayments, denials, recoupments and/or offsets, including interest, penalties and other fees, sought, demanded or initiated by any governmental or commercial carrier, payer or insurer in the event it is determined that CLIENT is not entitled to payment for its services rendered, or if any such carrier, payer or insurer determines that CLIENT has been paid any amounts in excess of what is otherwise due and payable under the terms of the applicable governmental or commercial benefit program or insurance policy. Except to the extent covered by insurance (including payment of deductible) or as a result of a fine or penalty, DIGITECH’s liability regarding any such bill or billable incident will not exceed the fee paid to DIGITECH to process such item, except this limitation of liability shall not apply to any claims or liability that may arise out of misrepresentation, fraud, or violation of any law, or any willful, wanton, or reckless or negligent conduct by DIGITECH. Notwithstanding the foregoing, DIGITECH shall pay any penalties and fees caused by its own negligence or willful misconduct. E. DIGITECH will not be liable in the event of a recoupment caused by a change in federal or state regulations, a change in the interpretation of federal or state regulations, a refund caused by an EMS crew member’s or CLIENT’s expired license VIII-08 5 or certification, or if DIGITECH is directed by the CLIENT to bill against DIGITECH’s advice and an audit determines that a billable incident should not have been billed. CLIENT will not be entitled to any refund or credit of any fee paid to DIGITECH, and DIGITECH will have no liability whatsoever in the event of such recoupment, except where DIGITECH failed to conduct sufficient due diligence to remain current on any changes to, or the interpretation of, applicable regulations. F. In the event that an internal or external audit of paid billable incidents determines that there was an overpayment for which DIGITECH collected a fee based on billable incidents given a disputed level of service and/or inaccurate rates, DIGITECH will issue a credit to CLIENT for an amount equal to the DIGITECH fee earned on the amount overpaid and returned. Except as set forth above, the credit will be capped at the amount of the fee paid to DIGITECH for each adjusted billable incident. G. In the event that the CLIENT receives a duplicate payment or overpayment and must refund the payer (e.g., the insurance company paid the same invoice twice, or the insurance company and patient paid the same billable incident, or two different insurance companies paid the same billable incident), DIGITECH will give the CLIENT a credit in an amount equal to the portion of DIGITECH’s fee that applies to the duplicate payment or overpayment after CLIENT has refunded the payer. H. CLIENT acknowledges that DIGITECH is not a guarantor of collection, and that it shall not be responsible for any uncollected bills. CLIENT may subcontract with any third party to follow up regarding accounts that DIGITECH deems uncollectible after attempting to collect pursuant to the terms of this Agreement and Rider A. I. The rights and remedies in this Section constitute the exclusive rights and remedies of the parties with respect to matters identified under this Section. VI. EXCLUSIVITY A. CLIENT agrees that all billing Services outlined herein will be performed by DIGITECH exclusively during the term of this Agreement and for a period of at least ninety (90) days from the last transport date prior to the termination or expiration of this Agreement (the “Winding Down Period”), and any extensions or renewals thereof. VII. COMPLIANCE A. DIGITECH warrants and represents that it maintains adherence to the Office of Inspector General of the Department of Health and Human Services Compliance Program Guidance for billing companies as published in the Federal Register, by the DHHS or OIG in other publications or by the Medicare Administrative Contractor for CLIENT’s service area, including verification that no one on DIGITECH’s staff is excluded from participation in any state and/or federal health care program. VIII-08 6 B. DIGITECH agrees to comply with all applicable federal and state laws, including “anti-kickback,” “excessive charges,” and other regulations relevant to this Agreement. C. CLIENT represents and warrants that it is not excluded from participation in any state and/or federal health care programs. CLIENT further agrees that they shall be responsible for verifying that none of CLIENT’s employees are excluded from participation in any state and/or federal health care program and that every EMS crew member’s license and certification are current and valid. CLIENT agrees to notify DIGITECH within five (5) business days of CLIENT’s discovery that it is the subject of any actions, investigations or other proceedings that could lead to its exclusion from any state and/or federal health care programs. D. CLIENT warrants that it will not send DIGITECH any trips provided by any excluded or improperly credentialed individuals. E. DIGITECH warrants that it will not utilize any excluded individuals to perform any work on any of CLIENT’s billable incidents. F. CLIENT represents and warrants that it is permitted by law to charge a fee and/or otherwise bill and be paid for its services, and that all fees and charges of CLIENT are solely determined by CLIENT, and are consistent with CLIENT’s legal obligations under any local, state and/or federal laws. G. CLIENT represents and warrants that it shall submit only truthful and accurate facts and documentation to DIGITECH for billing purposes. CLIENT is hereby advised that DIGITECH shall rely upon the documentation and factual representations made to it by CLIENT regarding the eligibility of the services rendered for payment according to applicable reimbursement laws, rules or policies. VIII. INSURANCE A. During the term of this Agreement, DIGITECH shall maintain the following insurance coverages/policies: 1. General liability insurance coverage (which shall include Premises and Operations, Contractual Liability, Independent Contractor's Liability, and Broad Form Property Damage Liability coverage) with limits no less than $1M per occurrence and $2M in the aggregate; 2. Errors and omissions insurance coverage with limits of no less than $3,000,000 per occurrence and in the aggregate; VIII-08 7 3. Cybersecurity coverage with limits of no less than $5,000,000 per occurrence and in the aggregate; 4. Employee dishonesty and crime with limits of no less than $1,000,000 per occurrence and in the aggregate; and 5. Workers comp with limits of no less than the statutory limits. B. Upon request, DIGITECH shall provide a Certificate of Insurance evidencing such coverage(s) to CLIENT. IX. NOTICES A. All notices or other communications required or contemplated herein shall be in writing, sent by certified mail return-receipt-requested, overnight delivery, or personal delivery, addressed to the party at the address indicated below, or as same may be changed from time to time by notice similarly given. Notices shall be deemed given three (3) business days after mailing, if by certified mail, the next business day, if by overnight delivery, or, if hand delivered, on the date of such delivery. If to DIGITECH: Mark Schiowitz President & CEO Digitech Computer LLC 480 Bedford Road, Bldg. 600, 2nd floor Chappaqua, NY 10514 Email: contracts@digitechcomputer.com If to CLIENT: City of Hastings Fire Chief 101 4th Street East Hastings, MN 55033 Email: JTownsend@hastingsmn.gov X. CLIENT RESPONSIBILITIES A. CLIENT agrees to provide DIGITECH all information required to perform the Services. Furthermore, CLIENT agrees to deliver said information by automated field data: Automated Field Data Collection CLIENT’S ePCR vendor (currently ImageTrend) shall: VIII-08 8 a) Produce a daily billing file in the standard NEMSIS XML file format. The daily billing file will be one file containing all billable incidents approved for billing since the last daily billing file; b) Include all data elements in the daily billing file required for billing. This includes, but is not limited to date of service, signature information (both a signature signal & image instructions), unique ID per transport, unique ID per transport agency. c) Produce and provide a PDF copy of the PCR for each call included in the NEMSIS XML file. The PDF must be named with the unique ID of the call. d) Automatically push the daily billing files via SFTP to DIGITECH’s FTP server; Mutually agree on custom data elements with both CLIENT and DIGITECH for items such as treatments, supplies, etc. f) Allow DIGITECH employees to login to secure website to: (1) Manually produce a billing file based on the same billable incident criterion used to produce the daily billing file; (2) Easily look up transports by a unique ID, Date of Service and Patient Name; (3) View details of transport including additional documentation such as PCS, Hospital Face Sheet, etc. e) Provide a method for DIGITECH to produce a Reconciliation Report. The report will: (1) Be an Excel spreadsheet; (2) Include all billable incidents for the specified date of service date range (3) Include columns for Unique Transport ID, Patient Name, Date of Service f) Work with DIGITECH to produce a seamless transport look up integration between DIGITECH’s Ambulance Commander System and the ePCR System. g) CLIENT or CLIENT’s ePCR vendor shall pay all third party costs incurred to purchase, support, integrate and maintain the CLIENT’s field data collection system B. CLIENT agrees to provide copies of all remittances or electronic remittance files necessary for posting by DIGITECH within four (4) business days of receipt of remittance(s). DIGITECH requires the original, unaltered or “raw” electronic payer file that is produced by the payer. DIGITECH will not accept files which have been modified by any non-payer party. DIGITECH will not accept paper remittances in lieu of electronic remittances. CLIENT agrees to pay charges incurred to convert a payer file back to its original, unaltered or “raw” state. C. In cases where DIGITECH has verified payment, but CLIENT cannot provide remittance advice, DIGITECH will provide such listing to CLIENT and CLIENT agrees to allow DIGITECH to apply such payments. CLIENT agrees that the application of VIII-08 9 such payments by DIGITECH will entitle DIGITECH to earn the fees described in Rider A, Section IV above. D. DIGITECH agrees to pay for all fees associated with the establishment and maintenance of a CLIENT controlled cash receipt/check bank lock box and deposit account. E. CLIENT agrees to pay for all credit card transaction fees. F. CLIENT agrees to establish and maintain a broadband or high speed internet connection, with static IP address, from its place of business to the Internet. CLIENT shall maintain a bandwidth of at least 1MB free for every 5 active users. G. CLIENT agrees to complete and submit all Registration/Change of Information Applications with the insurance processors, including, but not limited to Medicare, Medicaid and Blue Cross Blue Shield. DIGITECH shall confirm receipt of applications and continue follow-up with insurance processors until final approval where possible. DIGITECH will inform CLIENT if the CLIENT’s intervention is required by processor. H. CLIENT agrees to authorize DIGITECH to execute and submit all Registration/Change of Information Applications with the insurance processors, including, but not limited to Medicare, Medicaid and Blue Cross/Blue Shield, where necessary. I. CLIENT agrees to pay for any enrollment or revalidation fees imposed by payers. J. Where possible, CLIENT agrees to flag non-billable incidents prior to submission to DIGITECH for procedure coding. K. CLIENT agrees to email DIGITECH cash posting manager with EFT/ACH amounts deposited and deposit dates for each payer paying via EFT/ACH on a daily basis. L. CLIENT acknowledges and accepts that it is responsible for acquiring any and all Physician Certification Statements (PCS) and prior authorizations required for non- emergency transports. XI. TRANSITION A. In the event this Agreement terminates or expires under the provisions described in Section IV of this Agreement, the following four phases shall occur (certain Service exclusions apply and may require an additional fee during the 120 day Winding Down Period period): 1. Phase I - DIGITECH shall continue with services until the Termination Date. The VIII-08 10 “Termination Date” shall be defined as the last date of service/transport that DIGITECH shall be responsible for processing. 2. Phase II – DIGITECH shall cease all processing including the collection services described in Rider A, Section II above, sixty (60) days from the Termination Date. For greater clarity, DIGITECH shall cease importing new billable incidents with dates of service after the Termination Date, but for sixty (60) days after the Termination Date, DIGITECH shall continue processing billable incidents with dates of service prior to the Termination date. 3. Phase III – Upon the conclusion of Phase II, DIGITECH shall cease all billable incident processing and collections. For an additional sixty (60) days, CLIENT will continue to provide DIGITECH with remittance advice or cash receipt data, as described in Section X.B., for all deposits within this 120 day Winding Down Period, and shall pay to DIGITECH its fees on these receipts pursuant to Section IV of Rider A. DIGITECH will be entitled to all fees for its Services for the full 120 days of deposits after the Termination Date for which CLIENT receives remittances. Should the parties agree in writing to extend the Winding Down Period, DIGITECH shall be entitled to all fees for its Services for the entire time that the Winding Down Period is extended. 4. Phase IV - Subsequent to the conclusion of Phase III and the Winding Down Period, DIGITECH will provide client with its data in SQL format once DIGITECH has been fully paid for services rendered. 5. Upon expiration or termination of this Agreement, all additional services under Sections V and VI of Rider A shall cease, unless the parties agree in writing to extend the term of such services to include the Winding Down Period. 6. Upon termination or expiration of this Agreement, DIGITECH agrees to reasonably cooperate with CLIENT in transitioning from DIGITECH to another service provider of CLIENT’s choosing. 7. At the expiration of the Winding Down Period, CLIENT shall cease using all of DIGITECH’S materials and products, including training manuals. CLIENT shall either return all materials to DIGITECH or delete such materials. XII. MODIFICATION; GOVERNING LAW; ARBITRATION; ENTIRE AGREEMENT; FURTHER ASSURANCES; SEVERABILITY; WAIVER; AUTHORITY; SUCCESSORS AND ASSIGNS A. This Agreement may be supplemented, amended or modified only by the mutual agreement of the parties. No waiver, supplement, amendment or modification of any provision of this Agreement shall be binding unless it is in writing and signed by VIII-08 11 all parties. B. This Agreement shall be governed by the laws of the State of New York without giving effect to any choice of law or conflicts of laws, rules or provisions. C. The parties agree that any claim or dispute between them, whether related to this Agreement or otherwise, including the validity of this arbitration clause, shall be resolved by binding arbitration by the American Arbitration Association (“AAA”), under the AAA arbitration rules then in effect, before one (1) arbitrator in Westchester County, New York State. Any award of the arbitrator may be entered as a judgment in any court of competent jurisdiction. Either party may commence such arbitration upon no less than thirty (30) days written notice to the other. D. This Agreement, including the attached rider(s) and exhibit(s), contains the entire agreement between the parties relating to this transaction and supersedes all previous understandings and agreements between the parties relating to this subject matter. Each party acknowledges that it has not relied on any representation, warranty, or other assurance made by, or on behalf of, the other party, except as expressly set forth herein. E. From time to time, each party will execute and deliver such further instruments, and will take such other action as the other party may reasonably request, in order to discharge and perform its respective obligations and agreements hereunder. F. Any provision of this Agreement prohibited by applicable law will be ineffective to the extent of such prohibition without invalidating the remaining provisions hereof. G. This Agreement may be the basis for an Interlocal or Cooperative Procurement Agreement. In the event that this Agreement is the basis for an Interlocal or Cooperative Procurement, the fees paid by the CLIENT described herein shall not change for the CLIENT; however, the fees to be paid by another agency shall be modified so that Digitech may project payment by the other agency of at least $15 per service/transport based on the other agency’s service/transport volume and payor mix. H. The failure of either party to require strict performance of any provision will not diminish that party’s right thereafter to require strict performance of any provision. I. The signatories below have the authority to sign on behalf of the respective parties. J. This Agreement shall be binding on, and will inure to the benefit of, the parties hereto and their respective successors and assigns. VIII-08 12 K. This Agreement, and the duties and obligations placed on the parties, may not be assigned, except with the express written consent of the other party. [Signature page follows] VIII-08 13 The parties hereto have executed this Agreement on the day and year first above written. CITY OF HASTINGS, MN DIGITECH COMPUTER LLC By: ____________________________ By: ____________________________ Name: _Mary Fasbender______________ Name: MARK SCHIOWITZ______________ Title: _Mayor______________________ Title: PRESIDENT AND CEO____________ Date: ____________________________ Date: _____________________________ By: _____________________________ Name: Kelly Murtaugh________________ Title: City Clerk______________________ Date:______________________________ VIII-08 14 RIDER A DESCRIPTION OF SERVICES, FEES AND CLIENT RESPONSIBILITIES This Rider is a part of the Agreement between DIGITECH COMPUTER LLC (“DIGITECH”) and CITY OF HASTINGS, MN (“CLIENT”). I. BILLING SERVICES A. DIGITECH shall provide the following billing and collection services which are contingent upon CLIENT fulfilling the responsibilities outlined in Section X of the Agreement: 1. DIGITECH shall perform Patient Care Report (“PCR”) processing including: a) Review client-prepared PCR’S for content, level of service and diagnosis; b) Procedure Coding; and c) Eligibility and Insurance Research and Verification. 2. DIGITECH shall perform billing as follows: a) Electronic Invoicing (1) Medicare; (2) Commercial Insurance; and (3) Medicaid (billed weekly). (b) Paper Invoicing (1) CMS-1500 for Commercial Insurance; (2) Self-Pay; (3) Facility (where applicable); and (4) CMS-1500 for Medicaid (where applicable). 3. DIGITECH shall provide customer services hours from 8AM to 4:30PM CST. II. COLLECTION SERVICES A. DIGITECH will provide the following collection services covering the following types of providers: 1. Facility a) Submit a maximum of 3 invoices/notices, at 30 day intervals; and b) Perform follow up as needed, in DIGITECH’s discretion. 2. Patient or Self Pay a) Mail a maximum of 3 invoices/notices, at 30 day intervals; b) Make a maximum of 2 follow-up calls; and c) Recommend to CLIENT amounts to be placed in legal proceeding upon the VIII-08 15 earlier of DIGITECH’S determination that the amount is uncollectible or 120 days from the first invoice date. 3. Insurance a) Submit a maximum of 3 invoices/notices, at 45 day intervals; b) Perform follow up as needed, per DIGITECH’s discretion; and c) File appeals upon notice of denial, where applicable. 4. Medicaid a) Process denials; b) Follow-up on pending billable incidents; and c) Resubmissions. 5. Medicare a) Process denials; b) Follow-up on pending billable incidents; and c) Resubmissions. 6. Billable incidents resolution and appeals 7. Remittance Posting 8. Resubmission of denials, pending and held items 9. Interfacing with carriers on behalf of CLIENT 10. All payments received by payers for CLIENT shall be deposited into one or more bank accounts controlled by CLIENT, pursuant to CLIENT’s written instructions. B. DIGITECH will interface with CLIENT’s collection agency as follows: 1. Create and download one collection file per month using the industry standard XML collection file format; and 2. In the event CLIENT’S collection agency requires a format that differs from DIGITECH’s standard XML format or requires more than one file submission per month, DIGITECH reserves the right to charge CLIENT additional fees as necessary. DIGITECH will not commence any such additional work without CLIENT’S written approval. 3. DIGITECH reserves the right to withdraw billable incidents from collections if payment is received within 10 business days of sending the billable incident to collections. VIII-08 16 III. REPORTING SERVICES A. DIGITECH will grant CLIENT access to its billing services reporting system. Such reporting includes but is not limited to, Master Files, Receivable Tracking, Receivable Reporting, Financial Scorecard and System Reporting. B. DIGITECH shall send to CLIENT, via email, its standard monthly reporting package which shall include: 1. Accounting Reports a) Sales original, sales payer re-class, adjustments, cash and aged accounts receivable (accounts receivable roll forward for general ledger entry); and 2. Transport Reports a) Per Trip Data and Collection Percentages. IV. FEES/BILLING, COLLECTION AND REPORTING SERVICES A. DIGITECH will charge a fee for the Services described above as follows: CLIENT shall pay to DIGITECH a fee equal to 5.75% of net monthly EMS billing collections, less refunds. DIGITECH’S percentage fee for service covers billable incidents with a date of service commencing on the go-live date of the contract. CLIENT shall pay to DIGITECH its collection fee as set forth in this Section IV on all payments received by CLIENT on any billable incident processed by DIGITECH, including but not limited to revenue received by CLIENT related to any State administered Ambulance Services Supplemental Payment Program. Said payment shall be in addition to any other fees CLIENT is obligated to pay to any other entity or subcontractor to analyze and report costs that will help CLIENT realize said revenue. Notwithstanding the foregoing, DIGITECH acknowledges that billable incidents for which DIGITECH provided no processing services and that have been processed prior to the go-live date may be assigned by CLIENT to other third party collectors and that DIGITECH has no interest in or responsibility for such billable incidents. Provided that CLIENT’s ePCR system can provide a standard NEMSIS file extract, DIGITECH shall provide an interface from CLIENT’s existing ePCR system to DIGITECH’s billing software at no charge to CLIENT. Note that in the event CLIENT’s ePCR vendor charges DIGITECH for any aspect of the ePCR interface, VIII-08 17 Digitech will pass through such charges to CLIENT. Pricing is based on the accuracy of the transport and billing data provided by the CLIENT during the RFP process. Should the data provided to us prove to be in error, we reserve the right to renegotiate or exit the contract, provided DIGITECH gives CLIENT a 45 day notice of termination. Note: DIGITECH’s fee in Section IV(A) above does not include the processing of billable incidents in which the CLIENT has a contractual obligation to transport and not bill (and are therefore uncollectible), such as financial hardship cases and prisoner transports. In addition, DIGITECH’s fee does not cover non- ambulance transports such as ambulette, wheelchair, and medivan transports. Such additional fees will be negotiated per Rider A, Section V – Fees/Other below. B. The DIGITECH fees do not cover costs or additional fees associated with the placement of delinquent accounts with a third party collection agency. Any fees earned by third partly collection agencies from the collection or settlement of past due accounts placed with such agency shall be the responsibility of the CLIENT. V. FEES/OTHER A. Fees for the processing and/or collection of billable incidents not covered by this Agreement shall be negotiated on a case-by-case basis. Such billable incidents may include, but are not limited to, billable incidents with dates of service not covered by this Agreement, non-ambulance billable incidents, non-billable incidents and incidents where critical processing information may be available at an unreasonable cost. B. Time expended by DIGITECH, on behalf of CLIENT, to cover services not covered by this Agreement or tasks that fall under the responsibility of the CLIENT shall be billed at a rate to be negotiated, per clerk. Such services include, but are not limited to, data entry, scanning and call taking/input. No fees may be charged unless they are preapproved by the CLIENT, in writing, before performed. C. Time expended by DIGITECH programming staff on behalf of CLIENT, to cover programming changes or additions not covered by this Agreement shall be billed at the then current hourly rate for the resources requirement. D. Provision of services not specifically set forth in this Agreement, including but not limited to significant assistance with reporting, reporting projects, projections, interfacing or working with separate entities that are part of or affiliated with Client’s organization, shall be subject to a separate compensation VIII-08 18 agreement covering such additional services. The parties agree to act in good faith to draft mutually acceptable terms of service. E. DIGITECH may require a work order prior to the provision of such services. VI. REIMBURSABLE EXPENSES CLIENT will reimburse DIGITECH for preapproved travel expenses (at cost). Such expenses shall be included in the invoice to CLIENT in the month following the date of such travel. [Signature page follows] VIII-08 19 The parties hereto have executed this Rider on the day and year first above written on the Agreement. CITY OF HASTINGS, MN DIGITECH COMPUTER LLC By: ____________________________ By: ____________________________ Name: _Mary Fasbender______________ Name: MARK SCHIOWITZ______________ Title: _Mayor______________________ Title: PRESIDENT AND CEO____________ Date: ____________________________ Date: _____________________________ By: _____________________________ Name: Kelly Murtaugh________________ Title: City Clerk______________________ Date:______________________________ VIII-08 20 RIDER A-1 CLIENT INVOICING INFORMATION Mailing Address: 101 East 4th Street, Hastings, MN 55033 Email Address (General): LFoss@hastingsmn.gov Email Address (Invoicing): LFoss@hastingsmn.gov A/P Contact Name: Lauren Foss A/P Contact Phone Number: 651-480-2341 Tax ID: 41-6005220 VIII-08 21 RIDER B BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (“Agreement”), is made and entered into by and between CITY OF HASTINGS, MN (“Covered Entity”) and DIGITECH COMPUTER LLC (“Business Associate”). This Agreement shall form a part of all agreements and other engagements as are currently in effect between the parties under which Protected Health Information (“PHI”) (as defined in Article 1 of this Agreement) is provided, created or received by Business Associate from or on behalf of Covered Entity, and shall supersede and replace any business associate agreement or amendment previously entered into between Covered Entity and Business Associate in accordance with the requirements of HIPAA (as defined below) and/or the HITECH Act (as defined below). This Agreement is effective as of the effective date of the Billing Service Agreement (the “Effective Date”). RECITALS WHEREAS, in connection with the performance of their respective obligations under the terms of the Billing Service Agreement, Covered Entity may disclose certain information to Business Associate, and Business Associate may use and/or disclose certain information, some of which may constitute PHI; and WHEREAS, Covered Entity and Business Associate intend to protect the privacy and provide for the security of PHI disclosed to, or created, utilized or disclosed by, Business Associate pursuant to the Billing Service Agreement in compliance with the Health Insurance Portability and Accountability Act of 1996, and its implementing regulations and guidance issued by the Secretary of the U.S. Department of Health and Human Services (the “Secretary”), all as amended from time to time (“HIPAA”), as well as the requirements of the Health Information Technology for Economic and Clinical Health Act, as incorporated in the American Recovery and Reinvestment Act of 2009, and its implementing regulations and guidance issued by the Secretary, all as amended from time to time (the “HITECH Act”), and other applicable laws; The parties do hereby agree as follows: Article 1: Definitions 1.1 Definitions. For the purposes of this Agreement, the following defined terms shall have the following definitions. All capitalized terms used in this Agreement but not otherwise defined herein shall have the meaning given in HIPAA or the HITECH Act, as applicable. VIII-08 22 (a) “Breach” has the meaning given to such term under HIPAA and the HITECH Act, including, but not limited to, at § 13400(1) of the HITECH Act and 45 CFR § 164.402. (b) “Data Aggregation” has the meaning given to such term under the Privacy Standards (as defined below), including, but not limited to, at 45 CFR § 164.50l. (c) “Designated Record Set” has the meaning given to such term under the Privacy Standards, including, but not limited to, at 45 CFR § 164.501. (d) “Health Care Operations” has the meaning given to such term under the Privacy Standards, including, but not limited to, at 45 CFR § 164.501. (e) “Limited Data Set” has the meaning given to such term under the Privacy Standards, including, but not limited to, at 45 CFR § 164.514. (f) “Privacy Standards” means the HIPAA Privacy Rule and HIPAA Security Rule codified at 45 CFR Parts 160, 162 and 164. (g) “Protected Health Information” or “PHI” has the meaning given to such term under HIPAA, the HITECH Act, and the Privacy Standards, including, but not limited to, at 45 CFR § 160.103. (h) “Unsecured Protected Health Information” has the meaning given to such term under HIPAA and the HITECH Act, including, but not limited to, at § 13402(h) of the HITECH Act and 45 CFR §164.402. Article 2: Duties of Business Associate 2.1 Compliance with Privacy Provisions. Business Associate shall only use and disclose PHI in performance of its obligations under the Billing Service Agreement and as permitted or required by law. Business Associate agrees to be in compliance with each applicable requirement of 45 CFR § 164.504(e) and all requirements of the HITECH Act applicable to Business Associate. 2.2 Compliance with Security Provisions. Business Associate shall: (a) implement and maintain administrative safeguards as required by 45 CFR § 164.308, physical safeguards as required by 45 CFR § 164.310 and technical safeguards as required by 45 CFR § 164.312; (b) implement and document reasonable and appropriate policies and procedures as required by 45 CFR § 164.316; (c) use its best efforts to implement and maintain technologies and methodologies that render PHI unusable, unreadable or indecipherable to unauthorized individuals as specified in the HITECH Act; and (d) VIII-08 23 be in compliance with all requirements of the HITECH Act related to security and applicable to Business Associate. 2.3 Breach of Unsecured PHI. (a) With respect to any suspected or actual unauthorized acquisition, access, use or disclosure (“Acquisition”) of Covered Entity’s PHI by Business Associate, its agents or subcontractors, and/or any Acquisition of data in violation of any applicable federal or state law, Business Associate shall (i) investigate such Acquisition; (ii) determine whether such Acquisition constitutes a reportable Breach under HIPAA, the HITECH Act, and/or applicable federal or state law ; (iii) document and retain its findings under clauses (i) and (ii); and (iv) take any action pertaining to such Acquisition required by applicable federal or state law. (b) If Business Associate discovers that a Breach has occurred, Business Associate shall notify Covered Entity in writing without unreasonable delay and in no case later than five (5) days after discovery of the Breach. Business Associate’s written notice shall include all available information required by 45 CFR § 164.410 and other applicable law. Business Associate’s written report shall be promptly supplemented with any new or additional information. Business Associate agrees to cooperate with Covered Entity in meeting Covered Entity’s obligations under the HITECH Act and other applicable law with respect to such Breach. Covered Entity shall have sole control over the timing and method of providing notification of such Breach to the affected individual(s) or others as required by the HITECH Act and other applicable law. 2.4 Permitted Uses of PHI. Satisfactory performance of its obligations under the Billing Service Agreement by Business Associate may require Business Associate to receive or use PHI obtained from Covered Entity, or created or received by Business Associate on behalf of Covered Entity; provided, however, that Business Associate shall not use PHI other than for the purpose of performing Business Associate’s obligations under the Billing Service Agreement (including this Agreement), as permitted or required under the Billing Service Agreement (including this Agreement), or as required by law. Business Associate shall not use PHI in any manner that would constitute a violation of HIPAA if so used by Covered Entity. 2.5 Permitted Disclosures of PHI. Business Associate shall not disclose PHI other than for the purpose of performing Business Associate’s obligations under the Billing Service Agreement (including this Agreement), as permitted or required under the Billing Service Agreement (including this Agreement), or as required by law. Business Associate shall not disclose PHI in any manner that would constitute a violation of HIPAA if so disclosed by Covered Entity. To the extent that Business Associate VIII-08 24 discloses PHI to a third party in carrying out its obligations under the Billing Service Agreement, Business Associate must obtain, prior to making any such disclosure, (i) reasonable assurances from such third party that such PHI will be held confidential as provided pursuant to this Agreement and only disclosed as required by law or for the purposes for which it was disclosed to such third party, and (ii) an agreement from such third party to immediately notify Business Associate of any breaches of confidentiality of the PHI, to the extent the third party has obtained knowledge of such breach. 2.6 Minimum Necessary. Business Associate shall limit its use, disclosure or request of PHI to only the minimum necessary as required by law. 2.7 Retention of PHI. Unless otherwise specified in the Billing Service Agreement, Business Associate shall maintain and retain PHI for the term of the Billing Service Agreement, and make such PHI available to Covered Entity as set forth in this Agreement. 2.8 Safeguarding PHI. Business Associate shall use appropriate safeguards to prevent the use or disclosure of PHI other than as permitted by the Billing Service Agreement and this Agreement. Business Associate will appropriately safeguard electronic PHI in accordance with the standards specified at 45 CFR § 164.314(a). In particular, Business Associate will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of electronic PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. 2.9 Agents and Subcontractors. Business Associate shall ensure that any agents (including subcontractors) of Business Associate to whom Business Associate provides PHI received from Covered Entity, or PHI created or received by Business Associate on behalf of Covered Entity, agree in writing to the same restrictions and conditions that apply to Business Associate with respect to such PHI, including the requirement to implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of PHI. Business Associate shall implement appropriate sanctions against agents and subcontractors that violate such restrictions and conditions, including termination of the agency or subcontractor relationship, if feasible, and shall mitigate the effects of any such violations. 2.10 Reporting Unauthorized Use or Disclosure. Business Associate shall report in writing to Covered Entity any use or disclosure of PHI not provided for under the Billing Service Agreement or this Agreement as soon as possible after Business Associate becomes aware of such an incident but in no case later than five (5) days after the VIII-08 25 date on which Business Associate becomes aware of any such incident; provided, however, that the Parties acknowledge and agree that this Section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security Incidents (as defined below). “Unsuccessful Security Incidents” will include, but not be limited to, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of PHI. Business Associate shall take (i) prompt corrective action to cure any deficiencies that caused the unauthorized use or disclosure, and (ii) any corrective action required by applicable federal and state law. 2.11 Access to Information. Within five (5) days of Covered Entity’s request, Business Associate shall provide Covered Entity with access to Covered Entity’s PHI maintained by Business Associate or its agents or subcontractors to enable Covered Entity to fulfill its obligations under the Privacy Standards, including, but not limited to, 45 CFR § 164.524. 2.12 Availability of PHI for Amendment. The parties acknowledge that the Privacy Standards permit an individual who is the subject of PHI to request certain amendments of their records. Upon Covered Entity’s request for an amendment of PHI or a record about an individual contained in a Designated Record Set, but not later than five (5) days after receipt of such request, Business Associate and its agents or subcontractors shall make such PHI available to Covered Entity for amendment and incorporate any such amendment to enable Covered Entity to fulfill its obligations under the Privacy Standards, including, but not limited to, 45 CFR § 164.526. If any individual requests an amendment of PHI directly from Business Associate or its agents or subcontractors, Business Associate must notify Covered Entity in writing within five (5) days of the request. Covered Entity has the sole authority to deny a request for amendment of PHI received or created under the terms of the Billing Service Agreement and maintained by Business Associate or its agents or subcontractors. 2.13 Accounting of Disclosures. Upon Covered Entity’s request, Business Associate, its agents and subcontractors shall make available the information required to provide an accounting of disclosures to enable Covered Entity to fulfill its obligations under the Privacy Standards, including, but not limited to, 45 CFR § 164.528. For this purpose, Business Associate shall retain a record of disclosure of PHI for at least six (6) years from the date of disclosure. Business Associate agrees to implement a process that allows for an accounting to be collected and maintained by Business Associate and its agents or subcontractors for at least six (6) years prior to the request, but not before the effective date of the Billing Service Agreement. At a minimum, such VIII-08 26 information shall include: (i) the date of disclosure; (ii) the name of the entity or person who received PHI and, if known, the address of the entity or person; (iii) a brief description of PHI disclosed; and (iv) a brief statement of the purpose of the disclosure that reasonably informs the individual of the basis for the disclosure, or a copy of the individual’s authorization, or a copy of the written request for disclosure. Where a request for an accounting is delivered directly to Business Associate or its agents or subcontractors, Business Associate shall within five (5) days of a request forward it to Covered Entity in writing. It shall be Covered Entity’s responsibility to prepare and deliver any such reply to the requested accounting. 2.14 Agreement to Restriction on Disclosure. If Covered Entity is required to comply with a restriction on the disclosure of PHI pursuant to § 13405 of the HITECH Act, then Covered Entity shall provide written notice to Business Associate of the name of the individual requesting the restriction and the PHI affected thereby. Business Associate shall, upon receipt of such notification, not disclose the identified PHI to any health plan for the purposes of carrying out Payment or Health Care Operations, except as otherwise required by law. 2.15 Accounting of Disclosures of Electronic Health Records (“EHR”). If Business Associate is deemed to use or maintain an EHR on behalf of Covered Entity, then Business Associate shall maintain an accounting of any disclosures made through an EHR for Treatment, Payment and Health Care Operations, as required by law. Upon request by Covered Entity, Business Associate shall provide such accounting to Covered Entity in the time and manner specified by law. Alternatively, if Covered Entity responds to an individual’s request for an accounting of disclosures made through an EHR by providing the requesting individual with a list of all business associates acting on behalf of Covered Entity, then Business Associate shall provide such accounting directly to the requesting individual in the time and manner specified by the HITECH Act. 2.16 Access to Electronic Health Records. If Business Associate is deemed to use or maintain an EHR on behalf of Covered Entity with respect to PHI, then, to the extent an individual has the right to request a copy of the PHI maintained in such EHR pursuant to 45 CFR § 164.524 and makes such a request to Business Associate, Business Associate shall provide such individual with a copy of the PHI in the EHR in an electronic format and, if the individual so chooses, transmit such copy directly to an entity or person designated by the individual. Business Associate may charge a fee, not to exceed Contractor’s labor costs to respond, to the individual for providing the copy of the PHI. The provisions of 45 CFR § 164.524, including the exceptions to the requirement to provide a copy of PHI, shall otherwise apply and Business Associate shall comply therewith as if Business Associate were Covered Entity. At Covered Entity’s request, Business Associate shall provide Covered Entity with a copy of an VIII-08 27 individual’s PHI maintained in an EHR in an electronic format and in a time and manner designated by Covered Entity in order for Covered Entity to comply with 45 CFR § 164.524, as amended by the HITECH Act. 2.17 Remuneration for PHI. Business Associate agrees that it shall not, directly or indirectly, receive remuneration in exchange for any PHI of Covered Entity except as otherwise permitted by law. 2.18 Governmental Access to Books and Records. For purposes of determining Covered Entity’s compliance with the HIPAA, Business Associate agrees to make available to the Secretary its internal practices, books, and records relating to the use and disclosure of PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. 2.19 Data Ownership. Business Associate acknowledges that Business Associate has no ownership rights with respect to the PHI. 2.20 Insurance. Business Associate shall maintain commercial general liability insurance, with commercially reasonable liability limits, that includes coverage for damage to persons or property arising from any breach of the terms of this Agreement. 2.21 Audits, Inspection and Enforcement. Within ten (10) days of a written request by Covered Entity, Business Associate and its agents or subcontractors shall allow Covered Entity to conduct a reasonable inspection of the facilities, systems, books, records, agreements, policies and procedures relating to the use or disclosure of PHI pursuant to this Agreement for the purpose of determining whether Business Associate has complied with this Agreement; provided, however, that (i) Business Associate and Covered Entity shall mutually agree in advance upon the scope, timing and location of such an inspection; (ii) Covered Entity shall protect the confidentiality of all confidential and proprietary information of Business Associate to which Covered Entity has access during the course of such inspection; and (iii) Covered Entity shall execute a nondisclosure agreement, upon terms mutually agreed upon by the parties, if requested by Business Associate. Covered Entity and its authorized agents or contractors, may, at Covered Entity’s expense, examine Business Associate’s facilities, systems, procedures and records as may be necessary for such agents or contractors to certify to Covered Entity the extent to which Business Associate’s security safeguards comply with HIPAA, the HITECH Act or this Agreement, to the extent that Covered Entity determines that such examination is necessary to comply with Covered Entity’s legal obligations pursuant to HIPAA or the HITECH Act relating to certification of its security practices. The fact that Covered Entity inspects, or fails to inspect, or has the right to inspect, Business Associate’s facilities, systems, books, records, agreements, policies and procedures does not relieve Business Associate of its VIII-08 28 responsibility to comply with this Agreement, nor does Covered Entity’s (i) failure to detect or (ii) detection, but failure to notify Business Associate or require Business Associate’s remediation of any unsatisfactory practices, constitute acceptance of such practices or a waiver of Covered Entity’s enforcement rights under the Billing Service Agreement or this Agreement. 2.22 Return of PHI at Termination. Upon termination of the Billing Service Agreement, Business Associate shall, where feasible, destroy or return to Covered Entity all PHI received from Covered Entity, or created or received by Business Associate or its agents or subcontractors on behalf of Covered Entity. Where return or destruction is not feasible, the duties of Business Associate under this Agreement shall be extended to protect the PHI retained by Business Associate. Business Associate agrees not to further use or disclose information for which the return or destruction is infeasible. Business Associate shall certify in writing the destruction of the PHI and to the continued protection of PHI that is not feasible to destroy. 2.23 Retention of PHI. Business Associate and its contractors or agents shall retain communications and documents required to be maintained by HIPAA for six (6) years after termination of the Billing Service Agreement. 2.24 Business Associate’s Performance of Obligations of Covered Entity. To the extent the Business Associate is to carry out one or more of Covered Entity’s obligation(s) under the HIPAA Privacy Rule, Business Associate shall comply with the requirements of the Privacy Rule that apply to Covered Entity when it carries out such obligation(s). Article 3: Duties of Covered Entity 3.1 Using Appropriate Safeguards. Covered Entity shall be responsible for using appropriate safeguards to maintain and ensure the confidentiality, privacy and security of PHI transmitted to Business Associate pursuant to the Billing Service Agreement, in accordance with the standards and requirements of HIPAA. Article 4: Term and Termination 4.1 Term. The provisions of this Agreement shall become effective on the Effective Date and shall continue in effect until all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy the PHI, protections are extended to such information in accordance with the termination provisions in Section 4.2 of this Agreement. 4.2 Termination by Covered Entity. VIII-08 29 (a) A breach by Business Associate of any material provision of this Agreement, as determined by Covered Entity, shall constitute a material breach of the Billing Service Agreement and shall provide grounds for immediate termination of the Billing Service Agreement by Covered Entity. (b) If Covered Entity knows of a pattern of activity or practice of Business Associate that constitutes a material breach or violation of Business Associate’s obligations under the provisions of this Agreement or another arrangement and does not terminate the Billing Service Agreement pursuant to Section 4.2(a) of this Agreement, then Business Associate shall take reasonable steps to cure such breach or end such violation, as applicable. If Business Associate’s efforts to cure such breach or end such violation are unsuccessful, Covered Entity shall either (i) terminate the Billing Service Agreement, if feasible or (ii) if termination of the Billing Service Agreement is not feasible, Covered Entity shall report Business Associate’s breach or violation to the Secretary. 4.3 Termination by Business Associate. If Business Associate knows of a pattern of activity or practice of Covered Entity that constitutes a material breach or violation of Covered Entity’s obligations under the Billing Service Agreement or this Agreement, then Business Associate shall immediately notify Covered Entity. With respect to such breach or violation, Business Associate shall (i) take reasonable steps to cure such breach or end such violation, if possible; or (ii) if such steps are either not possible or are unsuccessful, upon written notice to Covered Entity, terminate the Billing Service Agreement; or (iii) if such termination is not feasible, report Covered Entity’s breach or violation to the Secretary. 4.4 Termination by Either Party. Either party may terminate the Billing Service Agreement, effective immediately, if (i) the other party is named as a defendant in a criminal proceeding for a violation of HIPAA, the HITECH Act or other security or privacy laws, or (ii) a finding or stipulation that the other party has violated any standard or requirement of HIPAA, the HITECH Act or other security or privacy laws is made in any administrative or civil proceeding in which the party has been joined. Article 5: Miscellaneous 5.1 Acknowledgment. Business Associate recognizes and agrees that it is obligated by law to comply with the applicable provisions of the HITECH Act. 5.2 Change in Law. The parties agree to promptly enter into negotiations concerning the terms of the Billing Service Agreement (including this Agreement), and to negotiate in good faith, if, in either party’s business judgment, modification of the Billing Service VIII-08 30 Agreement (including this Agreement) becomes necessary due to legislative, regulatory, or judicial developments regarding HIPAA or the HITECH Act. Covered Entity may terminate the Billing Service Agreement upon thirty (30) days written notice in the event (i) Business Associate does not promptly enter into negotiations to amend the Billing Service Agreement when requested by Covered Entity pursuant to this § 5.2, or (ii) Business Associate does not enter into an amendment to the Billing Service Agreement providing assurances regarding the safeguarding of PHI that Covered Entity, in its sole discretion, deems sufficient to satisfy the standards and requirements of HIPAA and the HITECH Act. 5.3 Disclaimer. Covered Entity makes no warranty or representation that compliance by Business Associate with HIPAA, the HITECH Act or this Agreement will be adequate or satisfactory for Business Associate’s own purposes. Business Associate is solely responsible for all decisions made by Business Associate regarding the safeguarding of PHI. 5.4 Assistance in Litigation or Administrative Proceedings. Business Associate shall make itself, and any subcontractors, employees or agents assisting Business Associate in the performance of its obligations under the Billing Service Agreement or this Agreement, available to Covered Entity, at no cost to Covered Entity, to testify as witness, or otherwise, in the event of litigation or administrative proceedings being commenced against Covered Entity, its members/shareholders, managers/directors, officers or employees based upon a claimed violation of HIPAA or the HITECH Act or other laws relating to security and privacy, except where Business Associate, or its subcontractor, employee or agent is a named adverse party. 5.5 No Third-Party Beneficiaries. Nothing express or implied in this Agreement is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity, Business Associate and their respective successors or assigns, any rights, remedies, obligations or liabilities whatsoever. 5.6 Interpretation. Section titles in this Agreement are for convenience only, and shall not be used in interpreting this Agreement. Any ambiguity in this Agreement shall be resolved to permit the parties to comply with the requirements of HIPAA and the HITECH Act. In the event of conflict between the Billing Service Agreement and this Agreement, the provisions of this Agreement shall prevail. Any reference in this Agreement to a section in the Standards for Privacy of Individually Identifiable Health Information at 45 CFR part 160 and part 164, subparts A and E, the Security Standards for the Protection of Electronic Protected Health Information at 45 CFR part 164, subpart C, or the HITECH Act means the section as in effect or as amended. [Signature page follows] VIII-08 31 The parties hereto have executed this Rider on the day and year first above written on the Billing Service Agreement. CITY OF HASTINGS, MN DIGITECH COMPUTER LLC By: ____________________________ By: ___________________________ Name: _Mary Fasbender______________ Name: MARK SCHIOWITZ______________ Title: _Mayor______________________ Title: PRESIDENT AND CEO____________ Date: ____________________________ Date: _____________________________ By: _____________________________ Name: Kelly Murtaugh________________ Title: City Clerk______________________ Date:______________________________ VIII-08