The URL can be used to link to this page

Home My WebLink AboutContract 52242 DocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 CITY SECRETARY �E0 � �d`r CONTRACT NO. 5 aq a 1 I Audit Services DEPENDENT ELIGIBILITY AUDIT SERVICES AGREEMENT THIS AGREEMENT is made as of April 17, 2019 between CITY OF FORT WORTH,TEXAS("Client")and BMI AUDIT SERVICES,LLC ("Auditor"). In the event of a conflict in the provisions of any attachments hereto and the provisions set forth in this Agreement,the provisions of such attachments shall govern. 1. Services. Auditor agrees to perform for Client the Scope of Services ("Services") described in Attachment A hereto, which is incorporated fully herein by this reference. 2. Payment for Services. Client agrees to pay Auditor for Services in accordance with the Professional Fees described in Attachment A. Client shall pay Auditor the amounts agreed to herein upon receipt of invoices from Auditor. 3. Confidential Information. Each party hereto ("Such Party") shall hold in trust for the other party hereto ("Such Other Party"), and shall not disclose to any non-party to the Agreement, any confidential information of Such Other Party. Confidential information is information which relates to Such Other Party's research, development, trade secrets or business affairs, but does not include information which is generally known or easily ascertainable by non-parties of ordinary skill in computer systems design and programming. Auditor hereby acknowledges that during the performance of this Agreement, the Auditor may learn or receive confidential Client information and therefore Auditor hereby confirms that all such information relating to the Client's business will be kept confidential by the Auditor. Auditor and Client further agree to comply with the terms and conditions of the Business Associate Agreement executed by the parties. 4. Staff. Auditor is an independent contractor and neither Auditor nor Auditor's staff is or shall be deemed to be employed by Client. Client is hereby contracting with Auditor for Services and Auditor reserves the right to determine the method, manner and means by which the Services will be performed. The Services shall be performed by Auditor or Auditor's staff, and Client shall not be required to hire, supervise or pay any assistants to help Auditor who performs the Services under this Agreement. Auditor shall not be required to devote Auditor's full time nor the full time of Auditor's staff to the performance of the Services required hereunder, and it is acknowledged that Auditor has other clients and Auditor offers services to the general public. The order or sequence in which the work is to be performed shall be under the control of Auditor. All materials used in providing the Services shall be provided by Auditor. Auditor will notify Client as soon as possible in advance of any planned system changes that would impact performance of work as outlined. Auditor's Services hereunder cannot be terminated or cancelled short of completion of the Services agreed upon except for Auditor's failure to perform to the Agreement's specification as required hereunder and conversely, subject to Client's, or its representative's, obligation to make full and timely payment(s) for Auditor's Services in accordance with the Professional Fees described in Attachment A. In the event of termination prior to completion, Auditor shall be entitled to payment for the portion of the Services performed prior to the date of termination. Client shall not provide any insurance coverage of any kind for Auditor or Auditor's staff,Auditor shall take appropriate measures to ensure that Auditor's staff is competent and that they do not breach Section 3 hereof. 5. Administrative Support. Client, or its representative, will provide to Auditor information relative to eligibility records maintained as follows: EFT. WOSITH, EQ,')Ro�ET RV Dependent Eligibility Audit Services Agreement TX � 1 DocuSign Envelope ID_8E73BD71-BE67-4015-9490-85862B7866C3 BRME BMI Audit Services • An enrollment file containing a list of 1,000 randomly selected employees with dependents eligible to receive benefits at the time of the audit. • Record layouts and data descriptions appropriate to all pertinent computer files and records. • All current published plan documentation including Summary Plan Description(s) (SPD(s)), plan amendments,and any other correspondence or directives prepared for the purpose of interpreting and/or clarifying plan eligibility. Additional data processing fees for handling multiple files and/or formats or requests for reports from Client or Client's representative beyond Auditor's standard scope of services m�ty apply, provided Client approves such fees in writing in advance. 6.Disputes.Any disputes that arise between the parties with respect to the performance of this Agreement shall be submitted to binding arbitration by the American Arbitration Association, to be determined and resolved by said Association under its rules and procedures in effect at the time of submission and the parties hereby agree to share equally in the costs of said arbitration. The Parties agree that said binding arbitration shall take place in St. Joseph County, Indiana, at a location mutually agreed upon by the Parties or selected by the arbitrator if the Parties are unable to agree upon a location. The final arbitration decision shall be enforceable by any court of competent jurisdiction. In the event that this arbitration provision. is held unenforceable by any court of competent jurisdiction, then this Agreement shall be as binding and enforceable as if this section 6 were not a part hereof. 7.Warranty.Auditor warrants to Client that the material, analysis,data,programs and services to be delivered or rendered hereunder,will be of the kind and quality designated and A ill be performed by qualified personnel. Auditor makes no other warranties,whether written, oral or implied. S. Liability. Auditor shall not be liable for any failure or delay in performance under this Agreement to the extent said failures or delays are caused by conditions beyond its control. Such conditions include, but are not limited to, acts of God, government restrictions,wars, insurrections and/or any other cause beyond reasonable control of the party whose performance is affected. As a condition to the claim of non-liability, Auditor shall give Client prompt written notice,with full details following the occurrence of the cause relied upon. Dates by which performance obligations are scheduled to be met will be extended for a period of time equal to the time lost due to any delay so caused. 9. Complete Agreement. This Agreement contains the entire Agreement between the parties hereto with respect to the matters covered herein.No other agreements,representations, warranties or other matters, oral or written, purportedly agreed to or represented by or on behalf of Auditor by any of its employees or agents, or contained in any sales materials or brochures, shall be deemed to bind the parties hereto with respect to the subject matter hereof. Client acknowledges that it is entering into this Agreement solely on the basis of the representations contained herein. Notwithstanding anything to the contrary, the parties shall be bound by the terms and conditions set forth in the Business Associate Agreement entered into between the parties. 10. Applicable Law. Auditor shall comply with all applicable laws in performing Services. This Agreement shall be construed in accordance with the laws of the State of Indiana. 11. Additional Work and Modification. Auditor and Client must agree, in writing,to any services requested by Client, but not included in Attachment A. Auditor will submit a new project proposal for Client to approve Dependent Eligibility Audit Services Agreement 2 DocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 .F4 1 'r BMI Audit Services prior to the performance of the requested additional services by Auditor. Furthermore, this Agreement may be amended only by a subsequent written agreement signed by both Parties and specifically reciting that it is an amendment to this Agreement. 12. Assignment. This Agreement may not be assigned by either party without the prior written consent of the other party, except that Auditor may without the consent of Client assign its rights and delegate its obligations to any affiliate or to any person acquiring all or substantially all of Auditor's assets. Except for the prohibition on assignment contained in the preceding sentence, this Agreement shall be binding upon and inure to the benefits of the heirs, successors and assigns of the parties hereto. 13. Miscellaneous. Notwithstanding paragraph 6 above, any action to enforce the terms of this Agreement, to construe the terms of this Agreement, and/or to enforce the terms of any arbitration award and/or order must be filed in the federal or state courts of St. Joseph County, Indiana. The Parties hereby consent to jurisdiction in the aforementioned courts. The headings of sections in this Agreement are provided for convenience only and will not affect its construction or interpretation. All Parties hereto have been given the opportunity to consult with counsel and other advisors of their choice. All Parties knowingly,voluntarily and without duress, coercion, unlawful restraint, intimidation or compulsion, enter into this Agreement. This Agreement will be construed as to its fair meaning and not strictly for or against any party. IN WITNESS WHEREOF, the parties hereto have signed this Agreement as of the date first above written. THIS CONTRACT CONTAINS A BINDING ARBITRATION PROVISION WHICH MAY BE ENFORCED BY THE PARTIES. Approvals: BMI AUDIT SERVICES,LLC CITY OF FORT WORTH,TEXAS (Auditor) (Client) F�DOCUSIgned by:�uf -t'L,A s SIGNATU UR 6o88f7F4EDe6478... IGNATTE Robert Temples l`eV;1-X- PRINT NAME PRINT NAME Director, Operations Iv A C TITLE TITLE 4/17/2019 y 2v/'. ]DATE x }`; DATE f Ate y: S``kR�S _ #, J��At Asa K ity � istant City Attorney '1�he r er of is page is intentionally left blank.] Dependent Eligibility Audit Services Agreement 3 DocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 MUmoo` t BMI Audit Services ATTACHMENT A 1. Scope of Services. Specific to this Agreement, Auditor will provide the following Services for Client. Necessary Materials • Client will provide Auditor with one electronic file of data containing the 1,000 randomly selected members by Client to be included in the audit(such as names,addresses,unique employee identification numbers, relationship codes, locations, dates of birth, and coverage election) per the enrollment file layout provided by the Auditor. Auditor will accept the file either from Client and/or administrator(s) responsible for administering the medical, dental, vision and/or prescription drug plans. • Client will provide Auditor with all current published plan documentation including Summary Plan Description(s) (SPD(s), plan amendments, and any other correspondence or directives prepared for the purpose of interpreting and/or clarifying plan eligibility. Auditor will review all dependent eligibility criteria established in Client's benefits documents. Planning Phase • Auditor will provide Client with an Audit Process Guide outlining any materials required for the audit. Following receipt and prior to commencing any audit functions. Auditor will hold a"kick-off call" with all pertinent Client personnel. The objectives of the call will be to realize the roles of each party involved, determine the proper communication channels, review steps of the audit, create a tentative timeline, and obtain a full and complete mutual understanding of Client's benefit plans, dependent eligibility criteria and Auditor's audit process. • Auditor's communications must be approved by all parties in advance of all planned mailing dates as determined and agreed upon following the creation of the audit's timeline. Client shall provide Auditor a copy of any internal communication notices sent to audit participants at any time during the audit at least 3 business days in advance of distribution to allow for proper planning of customer service that could be required. • Following the kick-off call and prior to any mailings Auditor will conduct an internal orientation session between Auditor's Project Manager and all Auditor staff assigned to Client's audit. The orientation will review Client's industry and geographic makeup, eligibility criteria, the timeline as well as any additional Client concerns. Initial Mailing (Phase 1) • Auditor will produce a Verification Mailing, consisting of an "Audit Letter"and"Dependent Verification Form", to be approved by Client that will be mailed to all employees who have enrolled at least one dependent. The audit mailing will advise employees included in the audit of eligibility requirements for the plan(s), advise of an audit close date, ask questions pertaining to the plan(s) requirements, and request documentation specific to each dependent. The mailing will also include "Helpful Reminders and Eligibility Information"to assist the employee in understanding documentation requirements, and in obtaining replacement documents if needed. The mailing will also contain a postage-paid and addressed return envelope. The employee will be asked to fax, mail or upload the required information to Auditor via a secure fax line, P.O. Box or web portal. Dependent Eligibility Audit Services Agreement 4 DocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 ldm�n� 1a;W. BMI Audit Services If Auditor receives all the requested documentation, a confirming"Thank You Postcard" will be sent to the employee, advising that all information required to complete the audit has been received. If Auditor does not receive all requested documentation, Auditor will send hard copy follow-up requests referred to as an "Incomplete Letter", indicating the member-specific missing or incomplete documentation and deadline for submission. Second Mailing (Phase 2) .... ....._....... ............. . ............. .................._......................................................................................-............_.....................................................-...................................................................._.................................._.......................... ...................... a Five business days after the end of Phase 1, Auditor will produce an "Extension/Reminder Letter", to be approved by Client, and to be mailed to all employees in the audit who have not responded or have at least one dependent who is incomplete. The mailing will include a copy of a"Dependent Verification Form" and/or a member specific "Incomplete Letter"requesting all documentation specific to each dependent that is necessary for Auditor to complete its verification review. The employee will be asked to fax, mail or upload the required information to Auditor via a secure fax line, P.O. Box or web portal. If Auditor receives all the requested documentation, a confirming"Thank You Postcard"will be sent to the employee, advising that all information required to complete the audit has been received. If Auditor does not receive all requested documentation, Auditor will send hard copy follow-up requests referred to as an"Incomplete Letter", indicating the member-specific missing or incomplete documentation and deadline for submission. Third Mailing(Phase 3) ............................................----....................._......................._......._................................................................................................................................................................................_....._...............................-.._..........._..._....................................................................................._........._........................................-_.........._... a Five business days after the end of Phase 2, Auditor will produce a "Notice of Dependent Coverage Termination Letter", to be approved by Client, and to be mailed to all employees in the audit who have not responded or have at least one dependent whose eligibility verification is incomplete. Client may also elect Auditor to place automated outbound phone calls in conjunction with the mailing. Each letter and phone call will advise the employee that the deadline has passed and that unless they take immediate action by a specified extension date, benefits for their dependents will be dropped on a stated date/time. The mailing will include a copy of a "Dependent Verification Form" and/or a member specific "Incomplete Letter" requesting all documentation specific to each dependent that is necessary for Auditor to complete its verification review. The mailing and optional phone call will instruct the employee to fax, mail or upload the required information to Auditor via a secure fax line, P.O. Box or web portal. Auditor will continue to post all responses through the end of this drop benefit period. Ap .................._.................._............._.................................................................................................................................................._....._....................................................................._......................................................................................................................._.........._..........................._..........._....._................. • Client will have the option to elect a four week appeals/reinstatement period following the close of audit after notifying employees that benefits will be terminated for one or more of their dependents. During the appeals/reinstatement period, Auditor will handle any related calls or correspondence from an employee concerning their dependent(s). • At the end of the appeals/reinstatement period, Auditor will report to Client any changes in a dependent's audit disposition and eligibility as a result. Call Center Operations All mailings and all follow-up correspondence will refer to Auditor's Call Center for additional support and guidance. Features of Auditor's in-house Call Center include: Dependent Eligibility Audit Services Agreement 5 DocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 ten` BMI Audit Services o A toll-free telephone line will be staffed during extended business hours (Mondays— Thursdays 8:00 AM to 8:00 PM Eastern Time; Fridays 8:00 AM to 5:00 PM Eastern Time) and supported with 24/7 voice messaging, o Spanish speaking representatives and availability of a live translation service providing translation in 170 languages. o Tracking of all in-bound and out-bound messaging and return any missed calls within 1 business day. All identified calls will be logged by date. time, and Call-Center team initials. Calls can be recorded if needed and clients can patch into any calls upon request. Secure Web Portals All mailings and all follow-up correspondence will refer to Auditor's secure employee web portal with built-in Spanish translation for additional support and guidance. The employee portal is 100% secure and confidential that will allow employees to: o Upload their dependent eligibility verification documents directly to the Auditor dependent eligibility processing center. o Download forms and letters o Determine the overall status of their audit in real time. o View detailed explanations and guidance on how to complete the audit if their status is "Incomplete" or"No Response". o Receive returned mail instruction and confirm dates doc aments were sent or received. o Access FAQs with answers. o Review privacy and security policies. o Resources for those who may be losing coverage as a result of the audit. • Only authorized Auditor personnel will have access to the documents once they have been uploaded. Before an employee can gain access to the portal, they must authenticate by using their audit ID and employee date-of-birth. • Auditor will provide key contacts at Client a secure employer web portal that will contain an area for its sole access and use for management of its audit. Specified users, with permission levels set by Client, can log in to view and download up-to-date summaries and detailed information about the status of the audit, the project timeline, samples of audit communications, and documentation of the verification process. In addition, Client can upload revisions to audit communication documents where applicable. Verification& Document Processing I • All incoming secure faxes, secure web portal uploads, mail and emails will be captured in Auditor's document management system. In addition, documents received that contain Auditor's unique family barcode will automatically be assigned to the corresponding family record in AUDIT iQTM while also providing real-time document receipt status on our secure web portal. Auditor handles all mail returns and address updates. All changes and updates logged throughout the audit and are reported to Client on a periodic basis. • Documentation submitted by employees will be reviewed by Auditor to determine completeness of the submission. Auditor will not assume any responsibility or liability associated with the receipt of falsified or altered documents. Documentation supplied by employees will be presumed to be authentic. Dependent Eligibility Audit Services Agreement 6 DocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 BMI Audit Services If a question as to an item's validity is raised by Auditor, it will be forwarded to Client for a determination. • Processing of documentation received will cease following the release of the Final Summary Update or at the end of an appeals/reinstatement period. • Auditor will securely destroy all collected hard copy documentation 30 days from the close of audit date. However, Client may request an alternate disposition for their collected hard copy documentation up to 30 days prior to its scheduled destruction. All necessary postage required to mail the collected hard copy documentation will be the responsibility of Client. • Documentation stored electronically in Auditor's systems shall be kept for a period not to exceed six (6) months from the close of audit date. After six (6)months, electronic data will be securely purged from our systems. However, if notified prior to this, Client may choose to have Auditor securely purge their electronic documents sooner. • At the close of the audit, Client may elect to have Auditor provide them with an electronic copy of all documents received during the course of the audit. Reporting . .........................................._.........._..._.........................._....................................._....................................................-............................................................................................................................_............................._......_....._....._................._....._....................................._...._.........__...........-.............__..........._...................... • Beginning each week after the Initial Mailing is mailed Auditor will provide a"Weekly Summary Update" containing a status summary as well as details of audit participants who are listed as no response, incomplete, ineligibles suspended as well as mail returns or address updates. At any point throughout the process, an up-to-date summary of findings can be generated with real-time results. • After the Third Mailing (Phase 3) is completed, a"Final Summary Update"will be provided. An "Executive Report" containing narratives,tables and graphs to Client will also be provided following the summary or after the end of the appeals/reinstatement period if elected. • Auditor will also provide teleconference support to discuss the results in order to ensure Client receives optimal benefit from our services. Client will make the final determination of any action to be taken as a result of the audit findings. [The remainder of this page is intentionally left blank.] Dependent Eligibility Audit Services Agreement 7 DocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 M��LL t�s BMI Audit Services 2. Professional Fees. Fees are based upon Services stated in above Scope of Services. Client will pay Auditor Professional Fees as follows within 10 days of receipt of an invoice: All services including printing, phones, fax, and postage: $ 19,460.00 Invoicirm Schedule a) After fully-executing this Agreement and before the Initial Mailing: $ 7,784.00 b)After the Initial Mailing: $ 7,784.00 c) After release of Final Report: $ 3,892.00 Should any invoice remain unpaid for more than thirty(30)days,interest shall accrue on all unpaid amounts at a rate of 1.5%per month. Auditor shall be relieved of all obligations to provide services described in this Agreement during any period in which payments are delinquent. All project activities are subject to change and will be revised at Auditor's sole discretion based upon the nature of the delinquent payment(s). Note: Fees stated above are based upon the count of 1,000 randomly selected employees identified by Client with one or more dependents (includes active employees, retirees and 4 disabled dependents). If this count varies more than +/- 2%, Auditor reserves the right to increase or decrease fees at the rate of $19.46 per each added/deducted employee covering one or more dependents. Should Client elect to perform subsequent audits, Auditor will honor the pricing of$19.46 per employee with one or more dependents until December 31, 2020. 3. Savings Guarantee. Subject to the provisions described here within and for groups with over 175 employees covering dependents,Auditor guarantees that Client will realize calculated savings equal to or greater than the Professional Fees stated in this Agreement. Otherwise, the Professional Fees will be adjusted to be equal to the calculated savings. Auditor's guarantee does not apply to any audit scope other than the scope of services described within this Agreement. Guarantee is available only for Plan Sponsors which have not conducted a dependent eligibility audit or otherwise taken systemic action to remove ineligible dependents from its health benefit plan(s) within the last twenty-four months. Calculated savings is defined as the number of non-verified dependents included in Auditor's Final Report multiplied by $3,500, whether or not the plan sponsor actually removes those dependents from benefits coverage. Sources of non-verified dependents include, but are not limited to those who don't prove that they meet the plan's eligibility requirements, voluntary withdrawals during an amnesty period, dependents for whom the associated subscriber fails to submit all documentation requested, and dependents whose audit status is suspended by the Plan Sponsor during the audit. 4.Performance Guarantee. Subject to the provisions described here within,Auditor offers the following guarantees to Client with up to 10% of fees at risk for failing to meet the defined goals. • 3% of overall Professional Fees at risk for accuracy of documents processed: 99% of documents received will be processed accurately as determined by a random sampling of processed documents upon project completion. • 2% of overall Professional Fees at risk for timeliness of documents processed: On average, inbound documents (physical or electronic) will be processed within 3 business days based on the receipt date for each item. Dependent Eligibility Audit Services Agreement 8 pocji&gn•Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 ' BMI Audit Services • 5% of overall Professional Fees at risk for call center answering: On average, all calls will be answered within 45 seconds. • 2% of overall Professional Fees at risk for email inquiry responses: On average, inbound email inquiries will be responded to within 2 business days based on the recorded date/time for each inquiry. • 2% of overall Professional Fees at risk for web-portal availability: Excluding any planned maintenance,the employee web portal and client web portal will be available 99% of the time. • 5%of overall Professional Fees at risk for project timeline: Upon confirmation of the agreed upon timeline and any agreed upon subsequent changes to the timeline for this project by Auditor and Client, all dates will be met or exceeded. 5. Expenses. All postage,printing, phone, fax, expenses will be the responsibility of Auditor. Dependent Eligibility Audit Services Agreement 9 DocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 BM11C, BMI Audit Services BUSINESS ASSOCIATE AGREEMENT This Agreement, made as of the date subscribed below, between the health plan(s) ("Covered Entity") sponsored by CITY OF FORT WORTH, TEXAS and BMI AUDIT SERVICES, LLC, (the "Business Associate"). Covered Entity is receiving and Business Associate is providing services in connection with the operation of Covered Entity, pursuant to the terms of an agreement between them dated 11 , .7014(the"Services Agreement"). This Agreement sets forth certain terms that apply to the relationship between Covered Entity and Business Associate that arises out of the Services Agreement, and which are required by the Health Insurance Portability and Accountability Act, Public Law 104-191, as amended and its associated Privacy, Security, and Breach Notification Rules, 45 CFR Part 160 and 164 (collectively, "HIPAA"). The terms of this Agreement shall be interpreted and applied consistently with HIPAA. NOW, THEREFORE, in consideration of the mutual covenants and agreements contained in this Agreement and for other good and valuable consideration, the receipt and sufficiency of which is acknowledged by the parties, the parties intend to be legally bound and agree as follows: SECTION 1 DEFINITIONS Unless otherwise specified in this Agreement, all capitalized terms not otherwise defined shall have the meanings established for purposes of Title 45, Parts 160, 162 and 164, of the United States Code of Federal Regulations, as amended from time to time. For purposes of clarification, the following terms are defined as set forth herein below: 1.1 "Breach" means the acquisition, access, use, or disclosure of protected health information in a manner not permitted which compromises the security or privacy of the protected health information. Breach does not include the three exceptions contained in 45 C.F.R. § 164.402(1). 1.2 "Breach Notification Rule" means the HIPAA Regulations pertaining to breaches of Unsecured PHI as codified in 45 C.F.R. Parts 160 and 164. 1.3 "Discovery" means the first day on which a Breach is known to Business Associate (including any person,other than the individual committing the breach,that is a workforce member or other agent of Business Associate), or by exercising reasonable diligence would have been known to Business Associate, to have occurred. 1.4 "Electronic PHI" or "EPHI" means PHI that is transmitted by or maintained in electronic media. 1.5 "Electronic Transactions Rule" shall mean the final regulations issued by the Department of Health and Human Services ("HHS") concerning standard transactions and code sets under 45 CFR Parts 160 and 162 1.6 "Privacy Rule"means the HIPAA Regulations as codified in 45 C.F.R. Parts 160 and 164. Business Associate Agreement 1 DocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 BMITA BMI Audit Services 1.7 "Protected Health Information"or"PHI" shall have the meaning given to such term in the Privacy Rule at 45 CFR 160.103. 1.8 "Security Incident" has the meaning set out in the Security Rule. Generally, a "Security Incident" means any attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or systems operations in an electronic: information system. 1.9 "Security Rule" means the Security Standards and Implementation Specifications at 45 C.F.R. Parts 160 and 164. 1.10 "Unsecured PHI"means PHI that is not rendered unusable,unreadable, or indecipherable to unauthorized individuals through the use of either the encryption method or the destruction method, as defined in Department of HHS guidance Issued under section 13403(h)(2) of Public Law 111-5. SECTION 2 PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE 2.1 General Permitted Uses and Disclosures. Except as otherwise limited in this Agreement, Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Services Agreement, provided that such use or disclosure would not violate the Privacy Rule(or Covered Entity's policies and procedures)if done by Covered Entity. Business Associate will, in its performance of the functions, activities, services, and operations specified above or detailed in the Services Agreement, make reasonable efforts to use, to disclose, and to request only the minimum amount of Covered Entity's PHI reasonably necessary to accomplish the intended purpose of the use, disclosure or request, except that Business Associate will not be obligated to comply with this minimum-necessary limitation if neither Business Associate nor Covered Entity is required to limit its use, disclosure or request to the minimum necessary. Business Associate and Covered Entity acknowledge that the phrase "minimum necessary" shall be interpreted in accordance with the Health Information Technology for Economic and Clinical Health Act("HITECH Act"),passed as part of the American Recovery and Reinvestment Act of 2009, Public Law 111-5, and government guidance of the definition. 2.2 Permitted Uses and Disclosures for Legal Responsibilities. Except as otherwise limited in this Agreement, Business Associate may use PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate. 2.3 Permitted Uses and Disclosures for Administration. Except as otherwise limited in this Agreement, Business Associate may disclose PHI for the proper management and administration of Business Associate,provided that disclosures are required by law or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and be used or further disclosed only as required by law or for the purpose for which it was disclosed to the person,and the person notifies Business Associate of any instances of which he/she is aware in which the confidentiality of the information has been breached. 2.4 Permitted Uses and Disclosures for Data Auregation. Except as otherwise limited in this Agreement, Business Associate may use PHI to provide to Covered Entity Data Aggregation services that relate to the health care operations of Covered Entity. Business Associate Agreement 2 DocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 BMUIII BMI Audit Services 2.5 Permitted Uses and Disclosures to Federal and State Authorities. Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with Federal and State laws and regulations, provided that Business Associate believes in good faith that Covered Entity had engaged in conduct that is unlawful or otherwise violates professional or clinical standard, or that the care, services, or conditions provided by Covered Entity potentially endangers one or more patients, workers, or the public and the disclosure is to a health oversight agency or public health authority, or an attorney retained by or on behalf of Business Associate. SECTION 3 OBLIGATIONS OF BUSINESS ASSOCIATE 3.1 Use of PHI. Business Associate shall not use or further disclose PHI other than as expressly permitted or required by this Agreement or as required by law. However,Business Associate may use PHI for the purpose of managing its internal business processes relating to its functions under this Agreement. 3.2 Disclosure of PHI. Business Associate shall: (a) not disclose PHI to any person other than employees or subcontractors of Business Associate, except as approved by Covered Entity in writing and in accordance to any Notice of Privacy Practices provided to Business Associate by Covered Entity. Any such disclosure to a subcontractor shall be made only upon the execution of a separate business associate agreement as provided in Paragraph 3.5; (b) not disclose PHI to its employees unless Business Associate has advised them of Business Associate's obligations under this Agreement, and the consequences for employees and for Business Associate of violating them. Business Associate shall take appropriate disciplinary action against any employee who uses or discloses PHI in contravention of this Agreement; and 3.3 Appropriate Safeguards. Business Associate shall use appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this Agreement. Business Associate shall provide Covered Entity with such information concerning such safeguards as Covered Entity may from time to time request. 3.4 Compliance with the Security Rule. The Business Associate will comply,when applicable, with the Security Rule with respect to EPHI. 3.5 Subcontractors. Business Associate shall ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of Business Associate agree to comply with the applicable requirements of HIPAA by entering into a Subcontractor Business Associate Agreement or other arrangement that complies with the Privacy Rule, Security Rule, Breach Notification Rule, and this Agreement. Business Associate Agreement 3 DocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 BMU BMI Audit Services 3.6 Delegation of Covered Entity's Duties. To the extent Business Associate is to carry out Covered Entity's obligations under the Privacy Rule, Business Associate will comply with the requirements of the Privacy Rule in performance of such obligations. 3.7 Access to Networks. Business Associate agrees that while present at any Covered Entity facility and/or when accessing the Covered Entity's computer network(s), it and all of its employees, agents, representatives and subcontractors shall at all times comply with any network access and other security practices, procedures and/or policies established by the Covered Entity including, without limitation, those established pursuant to HIPAA's Security Rules. 3.8 Reporting. Business Associate shall provide Covered Entity with information regarding all unauthorized uses and disclosures of PHI by Business Associate, its employees or subcontractors not permitted by this Agreement and of which it becomes aware, including Breaches of Unsecured PHI as required by the Breach Notification Rule, and the remedial action taken or proposed to be taken with respect to such prohibited use or disclosure. 3.9 Mitipation. Business Associate shall mitigate,to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this Agreement. 3.10 Access to PHI. Business Associate shall, at the request of Covered Entity, provide PHI in a Designated Record Set to Covered Entity or, as directed by Covered Entity, to an individual in order to meet the requirements of an individual's right of access and requests for access to his or her PHI. If the PHI is maintained electronically and the individual requests an electronic copy,the Business Associate must provide the PHI in the form and format requested if readily producible, or, if not, in a readable electronic form and format as agreed to by the Business Associate and individual. 3.11 Accountiniz of Disclosures. Business Associate shall document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an individual for an accounting of disclosures of PHI; and provide to Covered Entity or an individual, information collected in accordance with this Agreement, to permit Covered Entity to respond to a request by an individual for an accounting of disclosures of PHI by providing the requested documentation of disclosures promptly to Covered Entity. If it is determined that the Business Associate maintains an electronic health record as defined by the HITECH Act,the Business Associate will,in addition to documenting disclosures for purposes other than for treatment,payment,or health care operations,document disclosures for the purposes of treatment,payment, or health care operations in accordance with the provisions of the HITECH Act. 3.12 Amendment to PHI. Business Associate shall make any amendment(s) to PHI in a Designated Record Set that Covered Entity directs or agrees to at the request of Covered Entity or an individual, and in the time and manner designated by Covered Entity. 3.13 Unauthorized Uses and Disclosures. In the event Business Associate becomes aware of a Security Incident involving EPHI, by itself or any of its agents or subcontractors, Business Associate shall promptly notify Covered Entity, in writing, of such Security Incident. For any Business Associate Agreement 4 bocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 BMU",- BMI Audit Services Security Incidents that are attempted but unsuccessful, Business Associate may notify Covered Entity in a monthly aggregate report. Covered Entity and Business Associate agree to act together in good faith to take reasonable steps to investigate and mitigate any harm caused by such unauthorized use or Security Incident. 3.14 Breach of Unsecured PHI. A Breach occurs when a use or disclosure of PHI violates the Privacy Rule and compromises the security or privacy of the PHI. Once a violation is discovered, the Business Associate must presume that a breach has occurred unless it can demonstrate that there is a "low probability" that the PHI has been compromised based on a risk assessment consisting of the four factors described below. Prior to conducting the risk assessment described herein, the Business Associate must provide an initial notification to the Covered Entity of a suspected Breach as described in(a). (a) Initial Notification. The Business Associate shall notify the Covered Entity on the same business day it discovers a Breach or suspected Breach of Unsecured PHI. (b) Risk Assessment. The risk assessment is fact specific and should consider the following at a minimum: (i) The nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification; (ii) The unauthorized person who used the PHI or to whom the disclosure was made; (iii) Whether the PHI was actually acquired or viewed and (iv) The extent to which the risk to the PHI has been mitigated. If after the risk assessment the Business Associate concludes there is more than a "low probability" that the PHI has been compromised, and no exception from 45 C.F.R. § 164.402(2) applies, then notifications must be provided in accordance with (c), (d), and (e) below. (c) Follow Up Notification. When a Business Associate discovers a Breach of Unsecured PHI, the Business Associate shall notify the Covered Entity with the following information, to the extent possible, as soon as it becomes available: (i) identification of each individual whose Unsecured PHI has been, or is reasonably believed to have been Breached; (ii) a brief description of the Breach, including the type of Breach(e.g.,theft, loss, improper disposal, hacking), location of the Breach (e.g., laptop, desktop, paper), how the Breach occurred, the date the Breach occurred and the date the Breach was discovered, if known; Business Associate Agreement 5 DocuSign Envelope ID: 8E73BD71-BE67-4015-9490-85862B7866C3 VBM■t,, BMI Audit Services (iii) a description of the type of Unsecured PHI involved (e.g., social security number, diagnosis, or disability code), including the type of media, but not the Breached PHI itself; (iv) a description of the safeguards in place prior to the Breach (e.g., firewalls, packet filtering, secure browser sessions, strong authentication); and (v) a description of the actions taken in response to the Breach (e.g., additional safeguards, mitigation, sanctions, policies and procedures). (d) Notification to Individual(s). When a Business Associate discovers a Breach of Unsecured PHI that occurs while the Business Associate is responsible for the privacy and security of the information, the Covered Entity shall notify each affected individual in accordance with the requirements of 45 C.F.R. § 164-.404. (e) Notification to Media. When a Business Associate discovers a Breach of Unsecured PHI affecting more than 500 individuals that occurs while the Business Associate is responsible for the privacy and security of the information, the Covered Entity shall provide a notice in the form of a press release to a prominent media outlet in accordance with the requirements of 45 C.F.R. § 164.406. (f) Documentation and Retention. The Business Associate must retain a copy of all risk assessment documentation.and notifications created or sent in compliance with this Section 3.14 for six years. Upon request, the Business Associate shall provide to the Plan a copy of any documentation or notification created or sent in compliance with this Section 3.14 that was not previously required to be provided to the Covered Entity. 3.15 Sale of PHI. Business Associate is prohibited from exchanging PHI for direct or indirect remuneration without obtaining the individual's authorization. 3.16 Compliance. Business Associate shall make its internal practices, books, and records, including policies and procedures relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of, Covered Entity, documentation required by the Security Rule relating to safeguards,and documentation required by the Breach Notification Rule available to Covered Entity, or to the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the Privacy Rule, Security Rule, and Breach Notification Rule. 3.17 Compliance With Electronic Transactions Rule. If Business Associate conducts in whole or part electronic Transactions on behalf of Covered Entity for which HHS has established standards, Business Associate will comply, and will require any of its own subcontractors it involves with the conduct of such Transactions to comply,with each applicable requirement of the Electronic Transactions Rule and of any operating rules adopted by HHS with respect to Transactions. Business Associate Agreement 6 DocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 BMU)i,. BMI Audit Services 3.18 Amendment of Agreement. Upon the enactment of any law or regulation affecting the use or disclosure of PHI, or the publication of any decision of a court of the United States or of this state relating to any such law, or the publication of any interpretive policy or opinion of any governmental agency charged with the enforcement of any such law or regulation, Covered Entity may, by written notice to Business Associate, amend this Agreement in such manner as Covered Entity determines necessary to comply with such law or regulation. SECTION 4 OBLIGATIONS OF COVERED ENTITY 4.1 Obligations of Covered Entity. The Covered Entity shall: (a) provide Business Associate with a copy of its Notice of Privacy Practices, if requested, and will notify Business Associate of any limitation(s)in its Notice of Privacy Practices,to the extent that such limitation may affect Business Associate's use or disclosure of PHI; (b) notify Business Associate of any changes in, or revocation of, permission by individual to use or disclose PHI, to the extent that such changes may affect Business Associate's use or disclosure of PHI; (c) notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity agreed to with an individual,to the extent that such restriction may affect Business Associate's use or disclosure of PHI. The Covered Entity is required to agree to a restriction, and the Business Associate must comply with the restriction, in the case of a disclosure to a health plan for payment or health care operations (and is not for the purposes of carrying out treatment) and the PHI pertains solely to a health care item or service for which the health care provider involved has been paid by the patient or participant in full and not by the health plan; and (d) notify Business Associate if an individual has requested that PHI be provided directly to a third party pursuant to a written request signed by the individual that clearly identifies the third party. SECTION 5 REQUESTS BY COVERED ENTITY 5.1 Permissible Requests by Covered Entity. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under HIPAA if done by Covered Entity. SECTION 6 TERM AND TERMINATION 6.1 Term. The Term of this Agreement shall be effective as of the date first written above, and shall terminate when the Services Agreement between Covered Entity and Business Associate terminates or if Covered Entity terminates for cause as authorized in Paragraph 6.2 of this Business Associate Agreement 7 DocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 BM■L- ta" BMI Audit Services Agreement or if Business Associate terminates for cause as authorized in Paragraph 6.3 of this Agreement. 6.2 Business Associate's Failure to Comply with HIPAA Obligations. (a) Opportunity to Cure: Termination. If Business Associate notifies Covered Entity, or Covered Entity otherwise has reason to believe, that Business Associate has violated a material term of any of the requirements set forth in this Agreement and Covered Entity determines that a cure of such violation is possible, not later than five (5) business days following Covered Entity's request, the Parties shall meet (in person or by telephone) to discuss Covered Entity's concerns. Following such meeting, Business Associate shall advise Covered Entity whether it agrees or disagrees with Covered Entity's concerns. If Business Associate agrees with Covered Entity's concerns,not later than five (5) business days after such meeting, Business Associate shall propose to Covered Entity a course of action to address Covered Entity's concerns (a "Corrective Plan") and, if necessary, the Parties thereafter shall engage in good faith discussions in an effort to reach agreement on the terms of the Corrective Plan. If Business Associate materially fails to implement the terms of the mutually agreed Corrective Plan, then, in addition to any other rights and remedies that may be available to Covered Entity,upon written notice to Business Associate, Covered Entity shall have the right to terminate the Agreement in its entirety. If Business Associate disagrees with Covered Entity's concerns, then the Parties will engage in good faith discussions at successively higher levels of management until the dispute has been resolved. Notwithstanding the foregoing, if the Parties are unable to reach agreement on the terms of the Corrective Plan or otherwise are unable to reach agreement with respect to Covered Entity's concerns within sixty(60)calendar days following Covered Entity's initial request for a meeting as described above, and Covered Entity has determined that Business Associate has violated a material term of any of the requirements set forth in this Agreement then, upon written notice to Business Associate, Covered Entity shall have the right to terminate the Agreement in its entirety. (b) No Opportunity to Cure: Termination. If Business Associate notifies Covered Entity, or Covered Entity otherwise has reason to believe, that Business Associate has violated a material term of any of the requirements set forth in this Agreement and the Covered Entity believes that a cure of such violation is not possible, then Covered Entity shall have the right upon written notice to Business Associate to terminate the Agreement in its entirety. If Covered Entity determines that the termination of the Agreement is not feasible, it shall report the violation to the Secretary of Health and Human Services. 6.3 Covered Entity's Failure to Comply with HIPAA Obligations. (a) Opportunity to Cure: Termination. If Covered Entity notifies Business Associate, or Business Associate otherwise has reason to believe, that Covered Entity has violated a material term of any of the requirements set forth in this Agreement and Business Associate determines that a cure Business Associate Agreement 8 DocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 BMIII-, BMI Audit Services of such violation is possible, not later than five (5) business days following Business Associate's request, the Parties shall meet (in person or by telephone) to discuss Business Associate's concerns. Following such meeting, Covered Entity shall advise Business Associate whether it agrees or disagrees with Business Associate's concerns. If Covered Entity agrees with Business Associate's concerns, not later than five (5) business days after such meeting, Covered Entity shall propose to Business Associate a course of action to address Business Associate's concerns (a "Corrective Plan") and, if necessary, the Parties thereafter shall engage in good faith discussions in an effort to reach agreement on the terms of the Corrective Plan. If Covered Entity materially fails to implement the terms of the mutually agreed Corrective Plan, then, in addition to any other rights and remedies that may be available to Business Associate, upon written notice to Covered Entity, Business Associate shall have the right to terminate the Agreement in its entirety. If Covered Entity disagrees with Business Associate's concerns, then the Parties will engage in good faith discussions at successively higher levels of management until the dispute has been resolved. Notwithstanding the foregoing, if the Parties are unable to reach agreement on the terms of the Corrective Plan or otherwise are unable to reach agreement with respect to Business Associate's concerns within sixty (60) calendar days following Business Associate's initial request for a meeting as described above, and Business Associate has determined that Covered Entity has violated a material term of any of the requirements set forth in this Agreement then, upon written notice to Covered Entity, Business Associate shall have the right to terminate the Agreement in its entirety. (b) No Opportunity to Cure: Termination. If Covered Entity notifies Business Associate, or Business Associate otherwise has reason to believe, that Covered Entity has violated a material term of any of the requirements set forth in this Agreement and the Business Associate believes that a cure of such violation is not possible,then Business Associate shall have the right upon written notice to Covered Entity to terminate the Agreement in its entirety. If Business Associate determines that the termination of the Agreement is not feasible, it shall report the violation to the Secretary of Health and Human Services. 6.4 Effect of Termination. Except as provided in the following paragraph, upon termination of this Agreement for any reason, Business Associate shall return or destroy all PHI received from Covered Entity that it maintains in any form or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to PHI that is in the possession of subcontractors of Business Associate. Business Associate shall retain no copies of the PHI. In the event that Business Associate determines that returning or destroying the PHI is not feasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the parties that return or destruction of PHI is not feasible, Business Associate shall extend the protections of this Agreement to such PHI and Business Associate Agreement 9 DocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 BMI< BMI Audit Services limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI. 6.5 Remedies. Covered Entity's remedies under this section shall be cumulative, and the exercise of any remedy shall not preclude the exercise of any other. If Business Associate breaches its obligations under this Agreement, Covered Entity may, at its option: (a) access and inspect all books and records oi'Business Associate, as outlined in Section 3.14 of this Agreement; (b) require Business Associate to submit to a plan of monitoring and reporting, as Covered Entity may determine necessary to maintain compliance with this Agreement; or (c) terminate this Agreement, in accordance with Paragraph 6.2 of this Agreement. SECTION 7 MISCELLANEOUS 7.1 Amendment and Addenda. The parties agree to amend this Agreement from time to time as necessary for Covered Entity to comply with the requirements of HIPAA. Any addenda attached as an appendix to this Agreement shall be an integral part of'this Agreement, and this Agreement and any such addenda shall be interpreted as one and the same instrument unless otherwise stated in such addenda. 7.2 Survival. The respective rights and obligations of Business Associate under Section 6.4 of this Agreement shall survive the termination of this Agreement. 7.3 Interpretation. Any ambiguity in this Agreement shall be resolved to permit Covered Entity and Business Associate to comply with HIPAA. 7.4 Counterpart Signatures. This Agreement may be executed in one or more counterparts, each of which shall be deemed an original but all of which taken together constitute one and the same instrument. 7.5 No Third-Party Beneficiaries. The parties agree that there shall be no incidental or intended third-party beneficiaries under this agreement. Nor shall any other person or entity have rights arising from the same. [SIGNATURES ON FOLLOWING PAGE] Business Associate Agreement 10 DocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 ■ ,., BMI Audit Services IN WITNESS WHEREOF, the parties have c-used this Agreement to be duly executed effective the/ of , 20 . CITY OF FORT WORTH,TEXAS BMI AUDIT SERVICES,LLC Plan Sponsor Signing on Business Associate Behalf of Covered Entity D«asipmd by: By. By: 808817REDB8478... Name: <2,v1�-, �-wH,,,,. Name: Robert Temples Title: �` >< ti Title: Director, operations Aj Date: 'Gdl Date: 4/17/2019 s Mary J. fWktr, e 0 . Strong,Ass' City Attorney r AC OFFICIAL RECORD CITY CRE �rBusiness s� Tjg DocuSign,'Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 ADDENDUM TO DEPENDENT ELIGIBILITY AUDIT SERVICES AGREEMENT BETWEEN THE CITY OF FORT WORTH AND BMI AUDIT SERVICES, LLC This Addendum to Dependent Eligibility Audit Services Agreement ("Addendum") is entered into by and between BMI Audit Services, LLC ("Seller") and the City of Fort Worth ("City"), collectively the "parties", for a purchase of licenses. The Contract documents shall include the following: 1. The Dependent Eligibility Audit Services Agreement; and 2. This Addendum. Notwithstanding any language to the contrary in the attached Dependent Eligibility Audit Services Agreement (the "Agreement"), the Parties hereby stipulate by evidence of execution of this Addendum below by a representative of each party duly authorized to bind the parties hereto, that the parties hereby agree that the provisions in this Addendum below shall be applicable to the Agreement as follows: 1. Term. The Agreement shall become effective upon the signing of the Agreement (the "Effective Date") and shall expire on December 31, 2020 (the Expiration Date"), unless terminated earlier in accordance with the provisions of the Agreement or otherwise extended by the parties. 2. Termination. a. Convenience.Either City or Seller may terminate the Agreement at any time and for any reason by providing the other party with 30 days written notice of termination. b. Breach. If either party commits a material breach of the Agreement,the non- breaching Party must give written notice to the breaching party that describes the breach in reasonable detail. The breaching party must cure the breach ten(10) calendar days after receipt of notice from the non-breaching party, or other time frame as agreed to by the parties. If the breaching party fails to cure the breach within the stated period of time, the non-breaching party may, in its sole discretion, and without prejudice to any other right under the Agreement, law, or equity, immediately terminate this Agreement by giving written notice to the breaching party. C. Fiscal Funding Out. In the event no funds or insufficient funds are appropriated by City in any fiscal period for any payments due hereunder, City will notify Seller of such occurrence and the Agreement shall terminate on the last day of the fiscal period for which appropriations were received without penalty or expense to the City of Addendum to Software License Agreement Page 1 of 5 DocuSign Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 any kind whatsoever, except as to the portions of the payments herein agreed upon for which funds have been appropriated. d. Duties and Obligations of the Parties. In the event that the Agreement is terminated prior to the Expiration Date, City shall pay Seller for services actually rendered up to the effective date of termination and Seller shall continue to provide City with services requested by City and in accordance with the Agreement up to the effective date of termination. Upon termination of the Agreement for any reason, Seller shall provide City with copies of all completed or partially completed documents prepared under the Agreement. In the event Seller has received access to City information or data as a requirement to perform services hereunder, Seller shall return all City provided data to City in a machine readable format or other format deemed acceptable to City. 3. Attorneys' Fees, Penalties, and Liquidated Darrlages. To the extent the attached Agreement requires City to pay attorneys' fees for any action contemplated or taken, or penalties or liquidated damages in any amount, City objects to these teens and any such terms are hereby deleted from the Agreement and shall have no force or effect. 4. Law and Venue.The Agreement and the rights and obligations of the parties hereto shall be governed by, and construed in accordance with the laws of the United States and state of Texas, exclusive of conflicts of laws provisions. Venue for any suit brought under the Agreement shall be in a court of competent jurisdiction in Tarrant County,Texas. To the extent the Agreement is required to be governed by any state law other than Texas or venue in Tarrant County, City objects to such terms and any such terms are hereby deleted from the Agreement and shall have no force or effect. 5. Insurance. The City is a governmental entity under the laws of the state of Texas and pursuant to Chapter 2259 of the Texas Government Code, entitled "Self-Insurance by Governmental Units," is self-insured and therefore is not required to purchase insurance. To the extent the Agreement requires City to purchase insurance, City objects to any such provision, the parties agree that any such requirement shall be null and void and is hereby deleted from the Agreement and shall have no force or effect. City will provide a letter of self-insured status as requested by Seller. 6. Sovereign Immunity. Nothing herein constitutes a waiver of City's sovereign immunity. To the extent the Agreement requires City to waive its rights or immunities as a government entity; such provisions are hereby deleted and shall have no force or effect. 7. Limitation of Liability and Indemnity. To the extent the Agreement, in any way, limits the liability of Seller or requires City to indemnify or hold Seller or any third party harmless from damages of any kind or character, City objects to these terms and any such terms are hereby deleted from the Agreement and shall have no force or effect. 8. No Debt. In compliance with Article 11 § 5 of the Texas Constitution, it is understood and agreed that all obligations of City hereunder are subject to the availability of funds. Addendum to Software License Agreement Page 2 of 5 QocuSign,Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 If such funds are not appropriated or become unavailable, City shall have the right to terminate the Agreement except for those portions of funds which have been appropriated prior to termination. 9. Confidential Information. City is a government entity under the laws of the State of Texas and all documents held or maintained by City are subject to disclosure under the Texas Public Information Act. To the extent the Agreement requires that City maintain records in violation of the Act, City hereby objects to such provisions and such provisions are hereby deleted from the Agreement and shall have no force or effect. In the event there is a request for information marked Confidential or Proprietary, City shall promptly notify Seller. It will be the responsibility of Seller to submit reasons objecting to disclosure. A determination on whether such reasons are sufficient will not be decided by City, but by the Office of the Attorney General of the State of Texas or by a court of competent jurisdiction. 10. Addendum Controlling. If any provisions of the attached Agreement, conflict with the terms herein, are prohibited by applicable law, conflict with any applicable rule, regulation or ordinance of City, the terms in this Addendum shall control. 11. Immigration Nationality Act. City actively supports the Immigration&Nationality Act(INA)which includes provisions addressing employment eligibility,employment verification, and nondiscrimination. Seller shall verify the identity and employment eligibility of all employees who perform work under the Agreement. Seller shall complete the Employment Eligibility Verification Form(I-9),maintain photocopies of all supporting employment eligibility and identity documentation for all employees, and upon request, provide City with copies of all I-9 forms and supporting eligibility documentation for each employee who performs work under the Agreement. Seller shall establish appropriate procedures and controls so that no services will be performed by any employee who is not legally eligible to perform such services. Seller shall provide City with a certification letter that it has complied with the verification requirements required by the Agreement. Seller shall indemnify City from any penalties or liabilities due to violations of this provision. City shall have the right to immediately terminate the Agreement for violations of this provision by Seller. 12. No Boycott of Israel. Seller acknowledges that in accordance with Chapter 2270 of the Texas Government Code, City is prohibited from entering into a contract with a company for goods or services unless the contract contains a written verification from the company that it: (1) does not boycott Israel; and (2) will not boycott Israel during the term of the contract. The terms "boycott Israel" and "company" shall have the meanings ascribed to those terms in Section 808.001 of the Texas Government Code. By signing this Addendum, Seller certifies that Seller's signature provides written verification to City that Seller: (1) does not boycott Israel; and(2) will not boycott Israel during the term of the Agreement. 13. Right to Audit. Seller agrees that City shall, until the expiration of three (3) years after final payment under the Agreement, have access to and the right to examine any directly pertinent books, documents, papers and records of Seller involving transactions relating to the Agreement. Seller agrees that City shall have access during normal working hours to all necessary Seller facilities and shall be provided adequate and appropriate workspace in order to conduct Addendum to Software License Agreement Page 3 of 5 Docusig,Envelope ID:8E73BD71-BE67-4015-9490-85862B7866C3 Executed this they day of 1-2-0+8. CITY: City of Fort Worth Contract Compliance Manager: By signing I acknowledge that I am the person responsible for the monitoring and administration of this contract, including ensuring all By: �- performance and reporting requirements. Name: kera.i Title: Assistant ity Manager - fie, Date: y 2 gal By: Name: ,,,, Approval Recommended: Title: __e Approved as to Form and Legality: By: f — Name: Title: By: ,,J/911"e, 7 Name: rssistant ong Attest: Title: City Attorney Xontract Authorization: t M�cC: By: w` m Name: Title: City Secretary SELLER: BMI Audit Services, LLC EP!DocuSigned by: 8B17FfDB6478 �c,y�F fi'c Mr -s By.Name: Ro�iert emples Title: Director, Operations Date: 4/17/2019 OFFICIAL RECORD CITY SECRETARY FT. WORTH,TX Addendum to Software License Agreement Page 5 of 5