The URL can be used to link to this page

Home My WebLink AboutContract 45388 clTy SECMAW CMMCT MOO BUSINESS ASSOCIAT17i, AGREi EMENT i This Business -ssoc.ate Agreement (the "Agreement") 's emtered into by and ctween Cat Fort Worth �`� n Sponsor") aiid Higginbotham botham nsuranc Agency ("Business Associate") (together refor ed to as the "Parties") effective 09/01/2013 WHEREAS,, the Group Health Plan ("Pian") sponsored by Plan Sponsor is a grOa 1-ICarth pl in as defiried in T tle , -Karts 1,60 and 164 of the Code. of Federal R giflati ns try. "Privacy Regulations") and Tit 5�, Part's 160, 162,and 1.64 of the Code of Feder cal Regulations (the "Se ur ty Reg-u,l tlon " (together, tho ,"Privacy and Security Regulations") adopted -Lrr tiant to the Health Insurance Portability and Accountability Act of 1996 ("HIPAA11). WHEREAS, Business Associate and Pla n Sponsor e:aitered into all agreemeilt ("Underlying Agreement")whereby Business Associate will r orm services vices o behalf of the Plan ja WHEREAS, the Parties wish. to set forth their understandings with i-eg r to the use 'rand disclosure of Protected health Information ("'PHI"" Business Associate ill performance off,its, obtigatlons in compliance with the Privacy y a Security Re.gtilatiolls (as amended to r Corp rw to Subtitle D of the :tenth Information Technology for Economic and Clijiical Health Act,, Title X111 of u c . w . - (42 U.S. .A. Section 17921 et sect., subehapter 111, Privacy) ("H.1lTEC.1-1")) ,grid the Faxes Health Safety Code sections -L81 and 182 mended by H 3 0 (82"d ,e islaturwC , M c nsider tior o the mut,rra rom ses set forth below, the parties hereby agree as oWws t w Dtfinitio p . Cap4afized torin lrall have the meanings given to them fr tile e Priv acy Ind Security Re ulatiofls, W11,1cli arc incorporalec] 1)erein by reference. 2w Us e nd, Disclosure w.tec m ' fo r-rrrt on The 'rr Sponsor and Business Associate er, y agree to comply w1th the privacy and S 1,11" ty requi,rements of H PAA, (,Is, set forth in the privacy axed Security R .gul rtions. s -flan Associate shall rise, and/or disclose H] only to thc� extent necessary inkirtlierance of f us f ss Associate's obligations and duties under tie . nder yi Agrcernenl with the rSponsor t r a t r r r r-mitted y t. Pc*� acy au.�,� SCC'L1r.w ty egtil-rtions, Business associate shall disclose P111 to other bLisiraess s dcrt of t. e Para to tile, c xtc t necessary for purposes, car tie Tarr"s Payr ent and Health Care Operatioxr prow str� t1r�r' t . � , sociates r.a e business rs .ac ate �agreera er is ire place w tr the Flan Spotisorw as re uh-ed by tbo fir. v r y regulations ((-md a, cony of th applicable : ro sons of'such other usiaaess associrate. agreernent.s. wilt be r ovide to B sirress Associate upon request). Business Associate. shall disclose J`F11 to the Plan Sponsor to the extent t necessary for the n Spun ro-OwilAeke" � #. 'A es th' t COustit tte " rr rrt r Health 1th ` rTe Operations, pr, errt gas hoer rrnende s [CITY SOCRETARY pt wo"T"O TX1 CLI 4 RECEIVED required by the Privacy Reg ulatlojis (and ca copy of the applicabfi provisloiis of the Plan doctiment will be provided' to Business Associate, upori request). Rusiness Associate may disclose Stimniary Health Infori*n(ation to tlie Phin Sponsor for the purj.),ose of (a) obtaining bids for health or s[op loss insurance fof the Plan, oi- (b) modifying, l amending or terminating the Plan, 3. P on Una,uthorlzed Use or Disclosure of PHJ. Busilless Associate shall not use or disclose any PHI received from or on be.l1alf of the Plan, except pe rm'tted or required by the Underlyffig Agrecinent, this Agreenlent, the Privacy and as l Sec-Lirlty Regulations, and as required by law or as otherwise authofized In writing by the, Plan. Business Associate shall comply with the applicable provisions of-, (a) the Privacy and Security RogulaJons; (b) state laws, rules aril regulations Capplicable to individually- i'de .1 .-ntlfiable licalth hiformation not preenipted by federcal law, and (c), the Plan's health inform ation privacy policies and procedures. 4. 'Business Associate's Op—erations. Business Assn late may use PI-11 its creates for or receives from the Plan, in its capacity as ca business Associate, to the extent nece,ssary 1-or Bustriess Assocmte-s f)roper i-nangem aeni and a&n inistfation or to carry out Business Associate's, legal responsibili ties but orily 0 (a) rl"'he disclosure is requircd by law; c (b) Bu-sincss Associate obtains reasonable assurance, evideiictd by written contract, from any person or organizalloi-I to which Bustntss Associate shall disclose such P141 that such person or ofganization shall; (1) Ffold such PHI liri. cojifidetice and LISC or further disclose it only f'or the purpose, for which BUSiness Associate disclosed it to the Person or organization or as req it edley law; and (ii) Notify BLISiness Associate (Who shcrill Sri turn promptly notify the Plan) of any i-Dstance oaf which the person or orgaTnzation becomes aware ill which the con fidente cality Of Stich PJJI Was l eachpd as soon as possible, 5. Data A_ rpg, tl on S(n-vices. BlIsiness Associate, Mtayusc. PHI to pirolvide Date Aggregation Scrvices related to the Plan's 'Health Care Oper-atiolls. 6. 11M, SaLe Busine ss Associate sIiL i ll develop, iniplen-=L maintain and use <appropr1ate adininistrative, technical and physiccal safeguards to, l eve,-w the improper use or disclosure, of ajiy PHI relating to the flan, 7. ElJectfoaic Flealth Information Security and Intmily, Bust-ness Associate represents and warrants tfiat it is compli<arit wiffi, zil➢ appliccablc requirements of the Sectirity Regulfations. Business Associatc ftijlher represents and warrants ttial it lies fully developed (,Ind i,rnplernented, arid i-naintal"ns, and uses appropriate adniinistrative, technica I and physical security nica sea res, consistent. with Crinci iTi cornplicrineu with [he Sbeurity, Regulations to preserve the integrity, confidenluality anal availability of all Clearonic,PHI th,(at it creates, receives, Maintains or trans.i.-nits on behal"l-of the Plan. Btisiness Assocl"ate. shall doctinient and keep its security ine astir es current in 'CACcordiance witli the Security. Regulations. Pfotect'lotiofExch,(tng�ditifoi-.iii,(iti,ojiiiiElectroi-iiel"raiis,�ictions, If Busliness Associate conducts any Standard Transaction for or on behalf of the Plan, Business Associate shrall comply, and shall reqUire any siibcontractor or agent conducting silch Standard Transaction to comply, with each applicable. re(]U]"Ye I'll en t of the Privacy and' Security Regulations, 9. Subcontnc-lctors g, d A ent . Busl'riess Assoc ate shall require each of *Its s'ubcontractors, or agents to whom Business, Assocl'ate may provide Pill on bchalfofthe Plan to, agree to written contractual provisions that inipose at leapt the same obligations to protect such P as are 'imposed ofl BUSiness Associate by this AgreerntnA and the ,Privacy and Security Regulations, ffiisiness Associate shall maintain a list of all subcontractors and agents, to which it provides the Plan's PI-11, ,,-ind it will provide Nit,, list to the Plan upon request. 10. 'Access to "PHI, Business Associate shall provide e access,, at the request of thoPlan, to PHI In a Designated Record Set, to the Plan or, as directed by the, Plaii, to all Individual to moct the requirenieiits wider Title 45, Section 1.64,524 of the CFR oi- <applleable state law. Business Associate sliall provide access In the tines and n-ianner set forth in the Plan's health infor-niation privacy policies mid proved-r11-CS, 11.. A- mendj'ng_LH1. Business Associate shall makc any an-i(,:),ridmenL(s) to PLII In Ca DesigMated Rec,ord S .t fast the Phan directs or agrees to Pursuant to Title 45, 0 1 Section 164.526 of the CFR at the reqijest of the Plan or an tfl,,dwicnjal I n the time and manner set forth M' the Plan's health inforination privacy policies and procedtires. 12. Accotinting-- fQ�Disq1ostjjp5 o Pf.41. (a) Business Associate shall docuryient all disclosures of PHI and information related, to stich disclostires as woL)ld be required for the Plan to respond to ca request by can tndividual Im- (an te-,iccounting of disclosures of PHI in accordance, with Tille 45, Section 1,64.528 of the CFR- (b) Business Associate �tgnts to provide the Plan, 1hi the time and 111,cInner set forth in the Plaii's health Mfotmati .gin Privacy policie's and pi-ocedurts, infoi.-niation collected in accordance with Section 12(a) above, to pci-mit [lie Plan to, respond to a requicst by (-,in Irldivid.ual for an accounting of disclostires of.p141 1`11 't "' accordance wf*th Title 45, Sectioin 164.528 of the CFR, BusiTiess Associate shall pr-o vid the accounting directly to an frith-vidtial upon rcqttest by the Plan. 13. Access to Book(s acid Records. Business AssocRate, stiall mcake its l'i-Iternal practices. , books and records relating to the use and disclosure of P-1-11 nee i've d froni or on bc,,half of the Pkin avaiRlbie to the P'lan, and to D1-114S or its de'signee for the ptirpose of d(--,-,tcrmI'nJ,ng 1.he 131,an'S cornplian.ce with the Privacy Regulations, 14. Rep 1 1. 1 Q g. As deser'bed bolow,t o , Associc7itc sliall report to the Plan in writing any "Eveiif,." (a) Definition. For purposes of this, Agreement, "E'vent" shall mean any tise or disclosure of'I?H*f not perr-nitted (1) t)ride.r the Privacy R(,Agijlatl'ons, 'Including events that ri'se to the level of a Breach, (2) i.inder this Agmement or (3) by law, or that is a Security Incident. (b) E-yon Rea. ��rtiji Businuss Associate shall provide written not' ice as soon as practicable to the Plan's Privacy Official (contact i-nforniatlion listed below) of any Event of which it has rea soy able sLispiclon or discovers, is notice shall identify a contact person with whom the I'lan may correspoind regarding the Event. Within sixty (60) days from the date, of initial notice, Busi-noss Associate shall provide the Plan a writteri report identifying or describing: (1) the affected Individual whose Unsecured PI-11 has been or is reasonably he"llieved to have becn accessed, acquired or disclosed- (ii), the ,incident, including the d e of the Event and the date of the discovery of the Event, if known; (111) who viade the unauthorized use and/or received the unauthorized disclostife; (iv) the types of Unsecured PH f involved it) the Event; (v) ,Cany specifl'c steps tht affected Individual should, taint to P 1, m fier protect hi or sedf fro m �)otentjal harrn related to the Event, (vi) what the Business Associate is doing to inve.s1Ig,,,,-ite the Event,, tomi1igate losses an d to protect against further Events; (vii) cont(,,,Ict p roc echires for how the affected Indlivi'dwal can obtain -further information `roin the Business Associate; (viii) a recom-ni end ed plan of notifications to affected Individuals, .1-IBS and/or the, niedja> as Maybe (1ppropriate oi- required by law, and (ix) such othef information, including the fisk ass assn ient aiialysis, prepared by the, BL)siness Associate, as reasonably requested by the Plan's, Privacy Official. Business Associate seal.] conchictflie risk assessment to deterniinc whether ca Breach OCCUrred and ijiform the FIC-in of its assessment, If its the opi Tilon of the Man the 0 'de-jit qualifies as a Breach, the Busi-ness Ass oc"ate shall carry out the approp rig te Incl nottfication responsibilitics, rift,or receiving the Plan's approval of the Btisiness Associate's plan of proposed notifications aid the specific content of siich nod-fications, Business Associate shall reqtdre all of its subcontractors and ag3tits who experience an Event related to the Plan toi-eport the Event to [lie Bushiess Associate in such it dMe SO that the Business Associate shall comply with the notification requirements described 1D [JIVS qeclion. Pla-n Privacy Official: Margaret Wise, Assistant HR D�irecto�r 1000 Throckmorton Street Fort Worth,Texas 76102 17,a 817.392-8869 Higginboth(arn Privacy 0.- ric'al: Ross Carmichael or VP of Coup 500 W, 13"" Street Foq't Worilij _6102 Fax '7 882-9341. X15. Sale of PHI. Business Associate sliall not receive direct oi- illdirect payn,ient in exchrange for any PI-11 relating to the I laii or its Individuals in such a way as to violate Texas Health and Safety Code sections 181 and 182 as ameTided by HB3100 (82 n d Le 0,slature iinless Business Assoc* IN 1 1 91 uite receives author' by all affictItcl Individuals, except as peri.,nitted under the Privacy Regulations, including 45 CFR Part t64. 16. Markel a . Busliness Associate shall not receive direct or indirect 0 payriient for juarke[Ing col-limmucations which include PHI relati'-ng to, the Plan oIr its, Individuals witliout authorization fa-om the affected Indi-viduals M suh a way as to IN nd vLolate, Texas Bec-11th and Safety Code sections 181 (--"Ind 182 as amended by HB300 (82 1 � IN 0 LegislaLtire), unless such communic(C-Itioll IS Permitted under the Privacy Re&rulatiolIS7 including 45 CFR Part 1.64, 17. Restrictions on liscs i c losu r es a: nd Re,qt st, S (a) Business Associ(ate Will IiMit all. Uses, discloswes, mid requests of PI-11, including electronic 111-11, to the Limited D ata Set to the extent possible or, i.f that is not Sufficient tothe miniDJUni mcessary to sac co]III)II'sh [tie intended purposle of stic h use, discloure or reqUeSt, to the, extent required by the Privacy Re,gil I at.ions. Business Associate shall mal-nlaera a written policy delineating the st�.mdards it will use in determining the i-nininium necessary infornlation for its uses, and di'sclosures, of PHI ill accordance. with standcards set forth in the Plrt*vacy Regulatio"Fis. (b), Upon the request of an 1-ndividual, Busit'iess,Associate will not d4sclose. such In dividu,,Lt I's PHI for purposes of Playment or Health Care Operations if the Individual paid in full out of pocket for t,he health care ttcrn or service to whi"ch the PHI re,late in accoi-dance, with 45 CFR section 1614,522., s l M, M.iti i i. Rusiness Assoc'ate, agrees to rnit*gato, to the, extent ga t j o I" I paw actic,able, any harmful eff�ect that is known to Busi--ness, Associate o usc r disclosure ot'Pffl by Business Associate, M vlolation of the requirem-ents of this Agreement. 19. Ter m i,tiation for Cause. As required by the, Privacy Regulations, 'if tilt Plan or Business Associate ("Non-Breaching Party")becorrics aware. that the other entity 11311.e 11 to t.his Agroememl has eng-rageld fill a material breach 'Relling Party ) the the Non- Breaching Party shall., (a) Provide a,n opporl.utifty for the Breachl T.Ig Party to cure the breach. If the Breaching Party does, not cur e. the brerach or end, the viol(djon with-In the tiffl e spec'Pied by [lie Non-Breaching Party, then Lhe Non-Breaching Party shall have the right to termitiate this Agreerrient an(I thc� Underlyirig Agrees" tit, if tear-nal'nation is feasible. (b) Imilie diately termina.te dais A,greenienL Zaril the Underlying Agreemem If cure is not possible, and if tcri-nination 'is foasible, (c) If riefther [ei-nimation nor cure is s Business, Associate shall report the violation to the Secretary. 20, Return or Destruction of Health Information. (a) Except as provided in Section 2 b) below, and subject to any record retention pro isions of' the Underlying Agreement, upon termination, cancellation, expiration or the conclusion of this Agreement and the Underlying Agreement, Business Associate shall return to the Plan or destroy all PHI created or received by Business Associate on behalf of the Plan. This provision shall also a ply to PI-11 tliat is in the possession of subcontractors or agents of Business Associate. (b) In the event that the Business Associate determines, in its discretion, that returning or destroying the PHI is infeasible, Business Associate shall, retain the PHI, extend the protections of this Agreement to such PHI and maintain the confidentiality of all such PHI, for so long as Business Associate maintains such PHI, The obligations of Business Associate under this Section 20(b) shall survive termination of this Agreement and the Underlying Agreement., 21. Obliga,t,ions of Plan Sp.Qnsor. (a) `F he Plan Sponsor shall provide Business Associate a copy of the Plan's Notice of Privacy Practices. (b) The Plan Sponsor shall notify Business Associate of any restriction to the use or disclosure of PHI that the Plan has agreed to and any revocation of such a restriction), to the extent that such restriction may affect Business Associate's use or disclosure of PHI. (c) The Plan Sponsor shall notify Business, As,sociate of any change in, or revocation of, permission by and fridividtial to Use or disclose PH1, to the extent that such change or revocation may affect Business Associate'suse or disclosure of PHI. (d) 'fhe Plan Sponsor shall not request Business Associate to use or disclose PHI, in any manner that would not be permissible under the Privacy Regulations if done by the Plan, except as permitted in Sections 4 and 5 above., 22. Automatic Amendiijent. 'Upon the effective date of any amendment to the Privacy and Security Regulations and any applicable regulations -thereunder w1th respect to PHI, the Agreement shall automatically be deemed to be amended to incorporate such an-iendi-nent to the Privacy and Security Regulations and applicable regulations so that Business Associate and the Plan remain in compliance with the Privacy and Security Regulations and applicable regulations. 23, Hold Harmless. Business Associate shall inden-tnlf� and hold Plan Sponsor and its affiliates, employees, d1rectors, trustees and agents 1,-iarmless from and against all obligations, liabilities, penalties, taxes, costs, damages, losses or expenses (InclUding reasonable attorneys' fees) of any sort which may be 'imposed on or incurred by the Plan in connection with, or arising out of, a Breach by Bus,iness Associate or any of its subcontractors or the performance or breach of Business, Associate's or any of its subcontractors' responsibilities an,d obligations under the Privacy and Security Regulations or this Agreement. To the extent allowed by Texas law, Plan Sponsor shall indemnify and hold Business Associate and its affiliates, ernployees, directors, trustees and agents harmless from and against all obligations,, liabilities, penalties, taxes, cots, dasnares, losses or txpenses (inclLiding reasonable 8ttornclys'fees) of any sort which may be impose d on or incurred by the Plan '111 Connection wfth, or arising out of, a Breach. by ffie Plan or any of its subcontrractors or the per-formance or breach of the. Plan's or- arily of its su beon tractors' responsi 1) t i t ities and l r_1 oblig<ations under t[ie Privacy apa �)ecuri'ty Regulations or this Agreeinent. 24. (,.�ounteiparts. This Agreernerit rnay be executed in any number of counterparts, each of wfilch shall be deern ed cin ot,Lginal aiid such counterparts sheall consti'tute one and the saine instrument. 25. lLid.��roc leiit Contractor. "Fhe Partits CITe and shall remain independent 4 contractors throughout the tei,rri of th ts Agrecrrient, Nothing fii this A eernent or other shall be construed to constitute Business Associate and the Plaii Spoiisor as pCartilers,joint venttires, (agents or aDything other flaafi J`ndependent contractors. I 1-nile e- 26, Facsinqile, Si rnattu- Nignature pages may be trajismitted by facs't i H or other cl cctronic moans. Upoii delivery vi.i facsimile, e-mail oi- other electronic ii a 1, n1el(Ifis, a signature shall, be deemed a.n orig uial rind shall be adtnissible in evidence, 27, Govern'p I I I _g 11's AgreenieTit shall be governed bly the taws of the, State of Texas (withotit tegard to conJ."'lict of laws principles), except to the cater t such laws arc preempted by applicable federal law. Any chaini, di'SPLItC, controversy or' other matter ari'si'ng tinder or related to this Agreement shall be subject to th ole. and eXCILisive jurl'sd ct n of the fedcral and state COLMIS located in Tarrant County, Texas, cqiid all Parties hereto waive any Claims of 1,11colivel"11C11C.0 or h,"ICK 101 per sollal Jurisdiction, with respect to such courts. This Agrcenic'm enibodles the entire agreement arid 0 0 28. Entire Ao,fccnierit- i,inderstanding between the Fall es hereto witli respect to, the sijbject niatttr hereof, and :.64 supersedes all prior oral or written ag-rcements and understai-idings relating to the SU bject :1 0 nicatter hereof. No statemeiit representadoll warranty, coveriarit or agreement of any kind 0 ? > :0 ro not expressly se forLb 1-n this Agreement shall cat-Teel 01, be used to interpret, chcange or M Mi M, L -4 0 restrict the, ox press terms and provisions, of this Agrcenient, X :0- 29, Fhial A reement. "Flils Agrecmen[ sLipcirsedes Call prior Busincss, Associate cli i Agreei-f'ients between tht part es With rcspect to the Underlying Agreement. IN WITNESS WHO*R' EOF, each of 1he Lindersi'giied has caused this Agreenitnt to Ive as of 0 2013 ffe --6 be, dtily executed ir) its name and on its bichalf e c ILY1,L_ 'Ffiggiiibolhanj Insunanct Ag.�jic Inc,. t-A B y By Ross armicha esident or Coll Lq i2qp�a I ts. I ts, vic,e, P1 -od-0, Aq1 of F 00 A,PP'RO All T9 ` 0i GAL11 WOW 4* -go Mj 0 11't _0 A NIT M19tty "t IV 0000000 ATTORNEY S IN