The URL can be used to link to this page

Home My WebLink AboutContract 63386CSC No. 63386 BILLING SERVICES AGREEMENT THIS BILLING SERVICES AGREEMENT (hereinafter "Agreement") is entered into this 1st day of July, 2025, between EMS MANAGEMENT & CONSULTANTS, INC. (hereinafter "EMSIMC") and City of Fort Worth, TX, (hereinafter "Client"). WITNESSETH: WHEREAS, EMSIMC is an ambulance billing service company with experience in providing medical billing and collection services to medical transport providers, including fire and rescue and emergency medical service (EMS) providers; and WHEREAS, Client is normally engaged in the business of providing emergency medical services, and billable medical transportation services; and WHEREAS, Client wishes to retain EMSIMC to provide medical billing, collection and related services as set forth in this Agreement. NOW, THEREFORE, in consideration of the mutual agreements described below and other good and valuable consideration, the receipt and sufficiency of which are acknowledged, the parties agree as follows: 1. Agreement The Agreement shall consist of this Agreement and the executed Client Specification Sheet that is anticipated to be completed and executed by the Parties after execution of this document. It is agreed that the Client Specification Sheet, a blank template of which is attached hereto as Exhibit C, will be incorporated as a part of this Agreement for all purposes upon execution by both Parties. It is further agreed that as the Client Specification Sheet is revised, the amended and updated version shall be incorporated into this Agreement upon execution by the Parties and shall replace prior versions of the Client Specification Sheet. 2. ENGAGEMENT. a. During the term of this Agreement, EMSIMC shall provide routine billing, bill processing and fee collection services reasonably required and customary for service providers of similar size and situation to Client (the "Revenue Cycle Management Services" or "RCM Services"). The RCM Services shall include: (1) preparing and submitting initial and secondary claims and bills for Client to insurers and others OFFICIAL RECORD 31822782v2 CITY SECRETARY FT. WORTH, TX responsible for payment; (2) performing reasonable and diligent collection efforts to secure payments from primary and secondary payers and patients or other entities,; (3) issuing up to three patient statements for all unpaid balances; 4) identifying available Third -Party Liability (TPL) carriers for transports that are identified as having been as a result of motor vehicle accidents (MVA Claim Processing), (5) pre -collection safety -net health coverage identification (Safety -Net Health Coverage Identification) ;and (6) referring accounts which have not been collected during EMSIMC normal billing cycle to an outside collection agency if so directed by Client. b. Collectively, the RCM Services that EMSIMC provides to Client shall be referred to as the "Services". 3. EMSIMC Responsibilities. a. EMSIMC will provide the RCM Services in material compliance with all applicable local, state, and federal laws and regulations. b. EMS/MC will provide Client with periodic reports at the request of Client and as specifically noted in the executed Client Specification Sheet between Client and EMS/MC. c. EMSIMC will submit all "Completed Claims" to the applicable payer. A "Completed Claim" is a claim for emergency medical services and billable medical transportation services that (i) is received by EMSIMC and supported by an ePCR record that contains all necessary and accurate information; (ii) has been reviewed and any identified issues sent to Client for remediation have been rectified; (iii) is for a patient encounter that has been electronically signed off by Client in the ePCR; (iv) has been deemed by Client ready for billing; and (v) is not subject to a billing hold. EMSIMC will not have any responsibility for any adverse impact to Client that may result from any delay of Client in completing claims. d. Accounts with outstanding balances after the insurance and/or third -party payer has determined benefits due will be billed by EMSIMC to the patient. EMSIMC will send up to three patient statements to the patient or responsible party, except as to those accounts on which an insurance carrier or third -party payer has accepted responsibility to pay. Once Client has submitted all necessary information, EMSIMC will bill all uninsured patients directly. e. Within five (5) business days of the last business day of the month, EMSIMC will provide to Client a month end report, which shall include an account analysis report, 2 31822782v9 aging report and accounts receivables reconciliation report for the previous month. Deposit reports will be provided daily. f. During the term of this Agreement, EMSIMC shall maintain, provide appropriate storage and data back-up for all billing records pertaining to the RCM Services provided by EMSIMC hereunder. Upon at least one (1) business day prior written notice, EMSIMC shall make such records accessible to Client during EMSIMC business hours. Upon termination of this Agreement, trip data pertaining to the RCM Services shall be returned to Client within seven (7) business days in a mutually agreeable format. Notwithstanding anything to the contrary herein, Client acknowledges and agrees that EMSIMC is not a custodian of clinical records nor a clinical records repository. Client is responsible for maintaining all clinical records in accordance with Section 3(d). g. EMSIMC shall notify Client of (i) all patient complaints about clinical services within one (1) business day of receipt; (ii) all patient complaints about billing within five (5) business days of receipt; and (iii) all notices of audit, requests for medical records or other contacts or inquiries out of the normal course of business from representatives of Medicare, Medicaid or private payers with which Client contracts or any law enforcement or government agency ("Payer Inquiries") no later than one (1) business day from receipt, unless such agency prohibits EMSIMC from disclosing its inquiry to Client. h. EMSIMC will reasonably assist Client in responding to Payer Inquiries which occur in the normal course of Client's business and arise from EMSIMC's provision of the Services. Any concerns about the level of utilization or Payor inquiries will be resolved by mutual agreement of the Parties. i. EMSIMC is appointed as the agent of Client under this Agreement solely for the express purposes of this Agreement relating to billing and receiving payments and mail, receiving and storing documents, and communicating with hospitals and other entities to facilitate its duties. EMSIMC will have no authority to pledge credit, contract, or otherwise act on behalf of Client except as expressly set forth herein. j. As to all payments received from Medicare, Medicaid and other government funded programs, the parties specifically acknowledge that EMSIMC will only prepare claims for Client and will not negotiate checks payable or divert electronic fund transfers to Client from Medicare, Medicaid or any other government funded program. All Medicare, Medicaid and any other government funded program payments, including all electronic fund transfers, will be deposited directly into a bank account designated by Client to receive such payments and as to such account only Client, through its officers and directors, shall have access. 3 31822782v9 k. The Services provided by EMSMC to Client under this Agreement are conditioned on Client's fulfillment of the responsibilities set forth in this Agreement. services: I. EMSMC shall have no responsibility to provide any of the following Determining the accuracy or truthfulness of documentation and information provided by Client concerning medical treatment provided by Client personnel; ii. Providing services outside the EMSMC billing system; iii. Submitting any claim that EMSMC believes to be inaccurate or fraudulent; or iv. Providing any service not expressly required of EMSMC by this Agreement. m. For Client's service dates that occurred prior to the mutually agreed go live date for the Services, Client agrees and understands that EMSMC is not responsible for any services including, but not limited to, submitting claims or managing any denials, refunds or patient calls. As between Client and EMSIMC, Client is fully responsible for the proper billing and accounting of any remaining balances related to service dates that occurred prior to such go live date. n. EMSMC shall ensure any refunds are processed within 30 days, to allow Client sufficient time to ensure any such refund is issued to the Patient with 60 days as required by Centers for Medicare & Medicaid Services regulations. o. EMSMC agrees to maintain a Service Level Agreement (SLA) where timely filing denials do not exceed 3.0% of Transport Volume per month. EMSMC calculates this SLA based on 3.0% of the Transport Volume for the same month. This SLA is limited to denials in which the insurance demographics were provided to EMSMC within timely filing period for the payer that is responsible for the claim. This SLA excludes timely filing denials in which EMSMC was not notified of insurance coverage until after the timely filing period has expired. If timely filing denials exceed 3.0% of the Transport Volume in a given month, EMSMC agrees to reimburse the client for the amount the payer would have paid if the claim had been filed on time. 4. RESPONSIBILITIES OF CLIENT. The following responsibilities of Client are a condition of EMSIMC's services under this Agreement, and EMSMC shall have no 4 31822782v9 obligation to provide the Services to the extent that Client has not fulfilled these responsibilities: a. Client will pay all amounts owed to EMSIMC under this Agreement. b. Client will implement standard commercially reasonable actions and processes as may be requested by EMSIMC from time -to -time to allow EMSIMC to properly and efficiently provide the RCM Services. These actions and processes include, but are not limited to, the following: i. Providing EMSIMC with complete and accurate demographic and charge information necessary for the processing of professional and/or technical component billing to third parties and/or patients including, without limitation, the following: patient identification (name, address, phone number, birth date, gender); guarantor identification and address; insurance information; report of services; special claim forms; pre - authorization numbers; and such additional information as is requested by EMSIMC; ii. Providing EMSIMC with complete and accurate medical record documentation for each incident or patient service rendered for reimbursement, which is necessary to ensure proper billing and secure claim payment; iii. Providing EMSIMC, in a timely manner, with Patient Care Reports (PCRs) that thoroughly detail the patient's full medical condition at the time of service and include a chronological narrative of all services and treatment rendered; iv. Obtaining authorizations and signatures on all required forms, including consent to treat, assignment of benefits, release of information and claims; V. Obtaining physician certification statements (PCS) forms for all non - emergency transports and other similar medical necessity forms or prior authorization statements as deemed necessary by the payer; vi. Obtaining or executing all forms or documentation required by Medicare, Medicaid, CHAMPUS, and any other payer or insurance carriers to allow EMSIMC to carry out its billing and other duties under this Agreement; and vii. Implementing reasonable and customary charges for complete, compliant billing. 5 31822782v9 c. Client represents and warrants that the PCR and any and all associated medical records, forms and certification statements provided to EMSIMC are true and accurate and contain only factual information observed and documented by the attending field technician during the course of the treatment and transport. d. Client shall maintain Client's own files with all original or source documents, as required by law, and only provide to EMSIMC copies of such documents. Clienl acknowledges that EMSIMC is not the agent of Client for storage of source documentation. e. Client will provide EMSIMC with a copy of any existing billing policy manuals or guidelines, Medicare or Medicaid reports, or any other record or document related to services or billing of Client's accounts. f. Client will report to EMSIMC within ten (10) business days of payments received directly by Client, and promptly notify EMSIMC of any cases requiring special handling or billing. Client shall advise EMSIMC of any Payer Inquiries within ten (10) business days of receipt. g. Client shall ensure that any refunds posted by EMSIMC are actually issued and paid to the patient, insurer, or other payer as appropriate. h. Client agrees to provide EMSIMC with administrative access to the ePCR system or similar access in order to run reports and review documents and attachments to better service Client's account. i. Client shall provide EMSIMC, or a qualified independent third party, with access to certain Client facilities and personnel, as determined by Client in its sole discretion, for the purpose of providing on -site and/or online training to such personnel. Client shall cooperate with EMSIMC and facilitate any training that EMSIMC wishes to provide. j. Client shall complete EMSJMC's online training course within 90 days of the contract start date and all new hires will complete EMSIMC's online documentation training within 90 days of hire date. Newly developed training materials by EMSIMC should be mutually agreed upon by the parties to be required training. k. Client shall comply with all applicable federal, state, and local laws, rules, regulations, and other legal requirements that in any way affect this Agreement or the duties and responsibilities of the parties hereunder. 5. EMSJMC WEB PORTALS. 6 31822782v9 a. EMSJMC shall provide Client and those individuals appointed by Client ("Users") with access to EMSJMC Web Portals (the "Portals"), which shall be subject to the applicable Terms of Use found on the Portals. To be appointed as a User, the individual must be an employee of Client or otherwise approved by Client and EMSIMC. Client is responsible for all activity of Users and others accessing or using the Portals through or on behalf of Client including, but not limited to, ensuring that Users do not share credentials for accessing the Portals. Client is also responsible for (i) identifying individuals who Client determines should be Users; (ii) determining and notifying EMSJMC of each User's rights; (iii) monitoring Users' access to and use of the Portals; (iv) acting upon any suspected or unauthorized access of information through the Portals; (v) ensuring each User's compliance with this Agreement and the Terms of Use governing the use of the Portals; and (vi) notifying EMSJMC to deactivate a User account whenever a User's employment, contract or affiliation with Client is terminated or Client otherwise desires to suspend or curtail a User's access to and use of the Portals. Client agrees to follow best practices to ensure compliance with this provision. b. Client acknowledges that EMSIMC may suspend or terminate any User's access to the Portals (i) for noncompliance with this Agreement or the applicable Terms of Use; (ii) if such User poses a threat to the security or integrity of the Portals or information available therein; (iii) upon termination of Client; or (iv) upon notice of suspension or termination of such User by Client. Client may suspend or terminate a User's access to the Portals at any time. 6. COMPENSATION OF EMSIMC. a. Client shall pay a fee for the Services of ENISJMC hereunder, on a monthly basis, in an amount equal to 3.25% percent of "Net Collections" for accounts billed as Emergency transports and 2.00% percent of Net Collections for accounts billed as Non - Emergency transports as defined below (the "RCM Fee. For MVA Claim Processing, an all-inclusive rate of 19.50% of the net revenue collected on from TPL carriers on MVA accounts (the "MVA Fee") where a paid third -party software or program is the source of the TPL carrier information to EMSIMC. In the event EMSJMC is unable to find TPL coverage on a MVA account and a payment is received by a non-TPL payer (e.g. health insurance or self -pay not as a result of remitting TPL settlement proceeds) then EMSIMC will charge the RCM Fee. Net Collections shall mean all cash and check amounts including electronic fund transfers (EFTs) received by EMSJMC from payers, patients, attorney's offices, court settlements, government institutions, debt set-off programs, group health insurance plans, private payments, credit cards, healthcare facilities or any person or entity submitting funds on a patient's account, or any amounts paid directly to Client with or without the knowledge of EMSJMC that are paid, tendered, received or 7 31822782v9 collected each month for Client's transports, less refunds processed or any other necessary adjustments to those amounts. For payments not received within one hundred and twenty days from the date that the first collection invoice was sent by EMSIMC, the City shall have the right to request the amount either be written off or sent to a debt collector of the City's choosing. In the event the City uses a debt collection agency, no payment shall be paid to EMSIMC unless expressly approved in writing by the City as either an amendment to this Agreement or through a separate agreement. Price adjustments for such services shall be allowed at the completion of each contract year. Price adjustments shall not exceed the change in the average of the Consumer Price Index (CPI) for all Urban Consumers, Not Seasonally Adjusted, Area: U.S. city average, Item: All item, Base Period: 1982-84=100 over the twelve months prior. b. The RCM Fee and the MVA Fee are referred to as the "Compensation". c. EMSIMC shall submit an invoice to Client by the tenth (loth) day of each month for the Compensation due to EMSJMC for the previous calendar month. Invoices must be submitted electronically to Supplierinvoices(a�,fortworthtexas.aov. The Compensation amount reflected on the invoice shall be paid in full within 30 days of when a correct and accurate invoice is presented to Client (the "Payment Date"). Such amount shall be paid without offset unless the calculation of the amount is disputed in good faith, in which case Client shall pay the undisputed amount and shall provide EMSIMC with detailed written notice of the basis for the disputed portion no later than the Payment Date. Any invoices not disputed in writing by the Payment Date shall be deemed "undisputed" for all purposes of the Agreement. All invoices are to be paid directly from Client's banking institution to EMSIMC via paper check, direct deposit or ACH draft initiated by EMSJMC into EMSJMC's bank account. d. In the event of a material change to applicable law, the billing process and/or scope of Services provided in this Agreement or a material difference in any of the patient demographics provided by the Client and set forth in Exhibit A, EMSIMC reserves the right to negotiate a fee change with Client and amend this Agreement accordingly or terminate this Agreement. e. EMSIMC may, in its sole discretion, immediately cease to provide Services for Client should the outstanding balance owed to EMSIMC become in arrears. Claims processing will not resume until all outstanding balances are paid in full or arrangements approved by EMSIMC have been made to wholly resolve any outstanding balances. 7. TERM OF AGREEMENT. NO 31822782v9 a. This Agreement shall be effective commencing on July 1, 2025 and shall thereafter continue through June 30, 2026, ("Initial Term"). This Agreement shall be binding upon the parties hereto and their respective successors, assigns, and transferees. The Parties may mutually agree to renew the Agreement on the same terms and conditions as stated herein for up to three successive one (1) year terms (each a "Renewal Term"). Notwithstanding anything herein to the contrary, this Agreement may be terminated under the provisions provided below. (The Initial Term and any Renewal Terms are referred to as the "Term".) b. Termination for Cause. Notwithstanding Section 6(a), either party may terminate this Agreement if the other party materially breaches this Agreement, unless (i) the breaching party cures the breach within 10 days following receipt of notice describing the breach in reasonable detail, or (ii) with respect to a breach which may not reasonably be cured within a 10-day period, the breaching party commences, is diligently pursuing cure of, and cures the breach as soon as practical following receipt of notice describing the breach in reasonable detail, (iii) EMSMC fails to achieve a net Cash Per Trip (CPT) of $375 for an emergent transport or a net CPT of $575 for a non -emergent transport for a mature trip for two consecutive months, or (iv) EMS/MC fails to provide the reports specified in Section 3(b) in a timely and consistent manner. A mature trip shall be defined as a transport that is at least six months from the date of service. It is understood by the Parties that substantial changes to service level mix and payor mix may impact recovery amounts, and it is agreed that the Parties will discuss in good faith any changes to these metrics that may impact the recovery amounts listed in this section. It is understood that in the event either party exercises its right to terminate this agreement for Cause as described herein, the City may immediately engage another entity to perform the same or similar services as described herein and EMS/MC will receive no additional EPRCs from the City, but EMS/MC will have the right to continue processing existing EPRCs through the Wind Down period. c. Termination for Convenience. Beginning in the first renewal term of this Agreement, if exercised, either Party may terminate this Agreement at any time and for any reason by providing the other party with 180 days written notice of termination. It is understood that in the event either party exercises its right to terminate this agreement for convenience the City may, upon conclusion of the 180 day written notice period, engage another entity to perform the same or similar services as described herein and EMS/MC will receive no additional EPRCs from the City, but EMS/MC shall continue processing existing EPRCs through the end of the Wind Down period but no longer thereafter. 9 31822782v9 d. Immediate Termination. Either party may terminate this Agreement immediately as a result of the following: i. Failure of Client to make timely payments due under this Agreement; ii. Injury to any customer, independent contractor, employee or agent of the other party hereto arising from the gross negligence or willful misconduct of a party; iii. Harassment of any employee or contractor of a party or commitment of any act by a party which creates an offensive work environment; or iv. Commitment of any unethical or immoral act which harms the other party or could have the effect of harming the other party. V. Fiscal Funding Out. In the event no funds or insufficient funds are appropriated by the Client in any fiscal period for any payments due hereunder, the Client will notify EMSJMC of such occurrence and this Agreement shall terminate on the last day of the fiscal period for which appropriations were received without penalty or expense to the Client of any kind whatsoever, except as to the portions of the payments herein agreed upon for which funds have been appropriated. 8. RESPONSIBILITIES UPON TERMINATION. a. Subject to Client's payment of all amounts due hereunder, upon any termination of this Agreement, and during the period of any notice of termination, EMSJMC will make available to Client or its authorized representatives data from the billing system regarding open accounts in an electronic format, and will otherwise reasonably cooperate and assist in any transition of the Services to Client, or its successor billing agent. Upon request, EMSIMC will provide to Client trip data associated with the claims submitted by EMSJMC on behalf of Client pursuant to this Agreement. EMSJMC shall retain financial and billing records not tendered or returned to Client on termination hereof for at least ten (10) years following the date of service. b. Following termination of this Agreement, for a period of ninety (90) days (the "Wind Down"), EMSJMC will continue its billing and collection efforts as to those accounts with dates of services prior to termination, subject to the terms and conditions of this Agreement including, but not limited to, Section 5. Client will continue to provide EMSIMC with copies of checks and payments on those accounts which were filed by EMSJMC under this Agreement. EMSIMC shall have no further responsibilities as to such accounts after the Wind Down, however, EMSIMC shall be entitled to compensation as provided in 10 31822782v9 Section 5(a) for such amounts filed by EMSIMC and collected by Client during the wind down period. During the Wind Down and for up to twelve months following termination of this Agreement, EMSIMC shall continue to make the Portals available to Client, subject the applicable Terms of Use. Notwithstanding the foregoing, in the event EMSIMC terminated this Agreement pursuant to Sections 6(b) or 6(c), EMSIMC shall have no obligation to provide any Services after the date of termination. 9. EXCLUSIVITY AND MISCELLANEOUS BILLING POLICIES. a. During the term of this Agreement, EMSIMC shall be Client's exclusive provider of the RCM Services. Client may not directly file, submit or invoice for any medical or medical transportation services rendered while this Agreement is in effect. b. In addition, Client agrees not to collect or accept payment for services from any patient unless the service requested does not meet coverage requirements under any insurance program in which the patient is enrolled or the patient is uninsured. Payments received directly by Client for these services must be reported to EMSIMC as provided in Section 3(f) hereof and shall be treated as Net Collections for purposes of Section 5(a) hereof. c. In compliance with CMS regulations, Medicare patients will not be charged by Client a higher rate or amount for identical covered services charged to other insurers or patients. Accordingly, only one fee schedule shall exist and be used in determining charges for all patients regardless of insurance coverage. d. EMSIMC reserves the right not to submit a claim for reimbursement on any patient in which the PCR and/or associated medical records are incomplete or appear to be inaccurate or do not contain enough information to substantiate or justify reimbursement. This includes missing patient demographic information, insurance information, Physician Certification Statements (PCS) or any required crew and/or patient signatures, or otherwise contradictory medical information. In the event EMSIMC decides not to submit a claim for reimbursement under this subsection, EMSIMC must notify Client within five (5) business days and send the file back to Client for review. e. Client and EMSIMC shall implement and maintain a working compliance plan ("Compliance Plan") in accordance with the most current guidelines of the U.S. Department of Health and Human Services ("HHS"). The Compliance Plan must include, but not be limited to, formal written policies and procedures and standards of conduct, designation of a compliance officer, quality assurance policy and effective training and education programs. 11 31822782v9 f. In accordance with the HHS Office of Inspector General ("OIG") Compliance Program Guidance for Third -Party Medical Billing Companies, EMSIMC is obligated to report misconduct to the government, if EMSIMC discovers credible evidence of Client's continued misconduct or flagrant, fraudulent or abusive conduct. In the event of such evidence, EMSIMC has the right to (a) refrain from submitting any false or inappropriate claims, (b) terminate this Agreement and/or (c) report the misconduct to the appropriate authorities. 10. NON-INTERFERENCE/NON-SOLICITATION OF EMSIMC EMPLOYEES. The Parties understand and agree that the relationship between the Parties and each of its respective employees constitutes a valuable asset of the other. Accordingly, the Parties agree that both during the term of this Agreement and for a period beginning on the date of termination of this Agreement, whatever the reason, and ending one (1) year after the date of termination of this Agreement (the "Restricted Period"), the Parties shall not, without the other Party's prior written consent, directly or indirectly, solicit or recruit for employment; attempt to solicit or recruit for employment; or attempt to hire or accept as an employee, consultant, contractor, or otherwise, or accept any work from the other Party's employees with whom the other Party had material contact during the term of this Agreement, in any position where the other Party would receive from such employees the same or similar services that the other Party performed for the other Party during the term of this Agreement. The Parties' also agree during the Restricted Period not to unlawfully urge, encourage, induce, or attempt to urge, encourage, or induce any employee of the other Party to terminate his or her employment with their employer. The Parties have carefully read and considered the provisions of Section 9 hereof, and having done so, agree that the restrictions set forth in such section (including, but not limited to, the time period) are fair and reasonable and are reasonably required for the protection of the legitimate interests of the Parties, their officers, directors, shareholders, and employees. 11. PRIVACY. a. Confidentiality. The Parties acknowledge that they will each provide to the other Confidential Information as part of carrying out the terms of this Agreement. EMSIMC and Client will be both a Receiving Party and a Disclosing Party at different times. The Receiving Party agrees that it will not (i) use any such Confidential Information in any way, except for the exercise of its rights and performance of its obligations under this Agreement, or (ii) disclose any such Confidential Information to any third party, other than furnishing such Confidential Information to its employees, consultants, and subcontractors, who are subject to the safeguards and confidentiality obligations contained in this Agreement and who require access to the Confidential Information in the performance of the obligations under this Agreement. In the event that the Receiving 12 31822782v9 Party is required by applicable law to make any disclosure of any of the Disclosing Party's Confidential Information, by subpoena, judicial or administrative order or otherwise, the Receiving Party will first give written notice of such requirement to the Disclosing Party, and will permit the Disclosing Party to intervene in any relevant proceedings to protect its interests in the Confidential Information, and provide reasonable cooperation to the Disclosing Party in seeking to obtain such protection, at the Disclosing Party's sole expense. The above notwithstanding, Client is a government entity under the laws of the State of Texas and all documents held or maintained by Client are subject to disclosure under the Texas Public Information Act. In the event there is a request for information that is considered Confidential or Proprietary by EMSIMC, Client shall promptly notify EMSIMC. It will be the responsibility of EMSIMC to submit reasons objecting to disclosure. A determination on whether such reasons are sufficient will not be decided, by Client, but by the Office of the Attorney General of the State of Texas or by a court of competent jurisdiction. "Confidential Information" means the provisions of the Agreement (including, but not limited to, the financial terms herein) and any information disclosed by a Party (the "Disclosing Party") to the other Party (the "Receiving Party"). Information will not be deemed Confidential Information hereunder if the Receiving Party can prove by documentary evidence that such information: (a) was known to the Receiving Party prior to receipt from the Disclosing Party directly or indirectly from a source other than one having an obligation of confidentiality to the Disclosing Party; (b) becomes known (independently of disclosure by the Disclosing Party) to the Receiving Party directly or indirectly from a source other than one having an obligation of confidentiality to the Disclosing Party; (c) becomes publicly known or otherwise ceases 'to be secret or confidential, except through a breach of this Agreement by the Receiving Party; or (d) is independently developed by the Receiving Party without the use of any Confidential Information of the Disclosing Party. b. HIPAA Compliance. The parties agree to comply with the Business Associate Addendum, attached hereto and incorporated by reference herein as Attachment 1, documenting the assurances and other requirements respecting the use and disclosure of Protected Health Information. It is Client's responsibility to ensure that it obtains all appropriate and necessary authorizations and consents to use or disclose any individually identifiable health information in compliance with all federal and state privacy laws, rules and regulations, including but not limited to the Health Insurance Portability and Accountability Act. In the event that this Agreement is, or activities permitted or required by this Agreement are, inconsistent with or do not satisfy the requirements of any applicable privacy or security law, rule or regulation, the parties shall take any reasonably necessary action to remedy such inconsistency. 13 318227820 12. DISCLAIMERS, LIMITATIONS OF LIABILITY AND DISPUTE RESOLUTION a. Each Party acknowledges that the liability limitations and warranty disclaimers in the Agreement are independent of any remedies hereunder and shall apply regardless of whether any remedy fails of its essential purpose. Client acknowledges that the limitations of liability set forth in this Agreement are integral to the amount of consideration offered and charged in connection with the Services and that, were EMSIMC to assume any further liability other than as provided in the Agreement, such consideration would of necessity be set substantially higher. b. EMSIMC and Client acknowledge and agree that despite their best efforts, billing errors may occur from time to time. Each party will promptly, but in no event later than three (3) business days, notify the other party of the discovery of a billing error. EMSIMC's sole obligation in the event of a billing error will be to correct the error by making appropriate changes to the information in its system, posting a refund to the client if appropriate, refunding any payment made by Client to EMSIMC related to the refunded amount, re -billing the underlying claim if permissible, and payment of any fines assessed by a third party due a billing error. c. Except for any express warranty provided herein or in the applicable exhibit, the services are provided on an "as is," "as available" basis. Client agrees that use of the services is at client's sole risk; and, to the maximum extent permitted by law, EMSIMC expressly disclaims any and all other express or implied warranties with respect to the services including, but not limited to, warranties of merchantability, fitness for a particular purpose, title, non -infringement or warranties alleged to arise as a result of custom and usage. d. A "Claim" is defined as any claim or other matter in dispute between EMSIMC and Client that arises from or relates in any way to this Agreement or to the Services, or data provided by EMSIMC hereunder, regardless of whether such claim or matter is denominated as a contract claim, tort claim, warranty claim, indemnity claim, statutory claim, arbitration demand, or otherwise. e. To the fullest extent allowed by law, the total liability of EMSIMC to Client regarding any and all Claims shall be capped at, and shall in no event exceed, limitations of insurance as defined by the Certificate of Insurance (COI) (the "Liability Cap"). All amounts that may be potentially awarded against EMSIMC in connection with a Claim are included in and subject to the Liability Cap and shall not cause the Liability Cap to be exceeded, including, without limitation, all direct compensatory damages, interest, costs, expenses, and attorneys' fees. Provided, however, that nothing in the foregoing shall be construed as an admission of liability by EMSIMC in any amount or as a waiver or 14 31822782v9 compromise of any other defense that may be available to EMSIMC regarding any Claim. The liability cap shall exclude violations under the Health Insurance Portability and Accountability Act (HIPAA) or the Health Information Technology for Economic and Clinical Health Act (HITECH). f. Client agrees that any Claim Client may have against EMSIMC, including EMSIMC's past or present employees or agents, shall be brought individually and Client shall not join such Claim with claims of any other person or entity or bring, join or participate in a class action against EMSIMC. g. To the fullest extent allowed by law, EMSIMC and Client waive claims against each other for consequential, indirect, incidental, special damages in excess of three times the average monthly RCM Fee in the most recent twelve month period as well as punitive, exemplary, and treble damages, and for any other damages in excess of direct, compensatory damages including, but not limited to, loss of profits, loss of data, or loss of business, regardless of whether such claim or matter is denominated as a contract claim, tort claim, warranty claim, statutory claim, arbitration demand, or otherwise, even if a party has been apprised of the possibility or likelihood of such damages occurring (the "Non -Direct Damages Waiver"). The Non -Direct Damages Waiver shall not apply in the event there is an award of damages against Client to a third party. h. EMSIMC HEREBY COVENANTS AND AGREES TO INDEMNIFY, HOLD HARMLESS, AND DEFEND CLIENT, ITS OFFICERS, AGENTS, REPRESENTATIVES, SERVANTS, AND EMPLOYEES, FROM AND AGAINST ANY AND ALL CLAIMS OR LAWSUITS OF ANY KIND OR CHARACTER, WHETHER REAL OR ASSERTED, FOR EITHER PROPERTY DAMAGE OR LOSS (INCLUDING ALLEGED DAMAGE OR LOSS TO CLIENT BUSINESS AND ANY RESULTING LOST PROFITS) AND PERSONAL INJURY, INCLUDING, BUT NOT LIMITED TO, DEATH, TO ANY AND ALL PERSONS, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, TO THE EXTENT CAUSED BY THE NEGLIGENT ACTS OR OMISSIONS OR MALFEASANCE OF EMSIMC, ITS OFFICERS, AGENTS, REPRSENTATIVES, SERVANTS, EMPLOYEES, CONTRACTORS, OR SUBCONTRACTORS. Provided, however, that this indemnity is subject to the following further conditions and limitations: (i) Client must allow EMSIMC the opportunity to direct and control the defense and handling of the matter for which indemnity is or may be sought so long as EMSIMC keeps Client reasonably informed, which shall include advanced notice of all filings, statements, and other actions, and provides Client the opportunity to provide input regarding such actions; (ii) Client must not agree to any settlement or other voluntary resolution of a matter for which indemnity is or may be sought without EMSIMC`s express consent; and (iv) Client shall not seek or be entitled to indemnify for amounts that Client reimburses or refunds to Medicaid, Medicare, 15 31822782v9 any governmental entity, any insurer, or any other payer as a result of medical services or medical transportation services for which Client should not have received payment in the first place under applicable rules, regulations, standards and policies; provided, however, that EMSIMC must reimburse Client for amounts Client paid to EMSIMC in connection with this agreement if Client is required to provide a reimbursement or refund to Medicaid, Medicare, any governmental entity, any insurer, or any other payer as a result of medical services or medical transportation services for which Client s should not have received payment. Client waives all rights of indemnity against EMSIMC not in accordance with this subsection. 13.GENERAL. a. Status of Parties. Nothing contained in this Agreement shall be construed as establishing a partnership or joint venture relationship between EMSIMC and Client, or as establishing an agency relationship beyond EMSIMC's service as a billing and collection agent of Client under the express terms of this Agreement. EMSIMC and its employees and representatives shall have no legal authority to bind Client. b. Assignment. Neither this Agreement nor any rights or obligations hereunder shall be assigned by either party without prior written consent of the other party. Any purported assignment in violation of this Section 12(b) shall be null and void. c. Bindinq Effect. This Agreement shall inure to the benefit of and be binding upon the parties hereto and their respective successors, assigns (where permitted), and transferees. d. Notices. All notices required or permitted by this Agreement shall be in writing and shall be deemed to have been given: (i) on the day received, if personally delivered; (ii) on the day received if sent by a recognized overnight delivery service, according to the courier's record of delivery; and (iii) on the 5th (fifth) calendar day after the date mailed by certified or registered mail. Such notices shall be addressed as follows: Client: City of Fort Worth c/o Anthony Rousseau, Deputy Finance Director, Financial Management Services 100 Fort Worth Trail, 12th Floor Fort Worth, Texas 76102 EMSIMC: 16 31822782v9 EMS Management & Consultants, Inc. Chief Executive Officer 2540 Empire Drive Suite 100 Winston-Salem, NC 27103 Either party may change its address for notices under this Agreement by giving written notice of such change to the other party in accordance with the terms of this section. e. Governinq Law. This Agreement and the rights and obligations of the parties hereunder shall be construed in accordance with and governed by the laws of the State of Texas, notwithstanding any conflicts of law rules to the contrary. f. Integration of Terms. This instrument together with all attachments, exhibits and schedules constitutes the entire agreement between the parties, and supersedes all prior negotiations, commitments, representations and undertakings of the parties with respect to its subject matter. Without limiting the foregoing, this Agreement supersedes and takes precedence over any inconsistent terms contained in any Request for Proposal ("RFP") from Client and any response to that RFP from EMSIMC. g. Amendment and Waiver. This Agreement maybe amended or modified only by an instrument signed by all of the parties. A waiver of any provision of this Agreement must be in writing, designated as such, and signed by the party against whom enforcement of the waiver is sought. The waiver of a breach of any provision of this Agreement shall not operate or be construed as a waiver of any subsequent or other breach thereof. h. Severability. If any provision of this Agreement shall not be valid for any reason, such provision shall be entirely severable from, and shall have no effect upon, the remainder of this Agreement. Any such invalid provision shall be subject to partial enforcement to the extent necessary to protect the interest of the parties hereto. i. Force Majeure. City and Vendor shall exercise their best efforts to meet their respective duties and obligations as set forth in this Agreement, but shall not be held liable for any delay or omission in performance due to force majeure or other causes beyond their reasonable control, including, but not limited to, compliance with any government law, ordinance or regulation, acts of God, acts of the public enemy, fires, strikes, lockouts, natural disasters, wars, riots, epidemics or pandemics, material or labor restrictions by any governmental authority, transportation problems, restraints or prohibitions by any court, board, department, commission, or agency of the United States 17 31822782v9 or of any States, civil disturbances, other national or regional emergencies, and/or any other similar cause not enumerated herein but which is beyond the reasonable control of the Party whose performance is affected (collectively "Force Majeure Event"). The performance of any such obligation is suspended during the period of, and only to the extent of, such prevention or hindrance, provided the affected Party provides notice of the Force Majeure Event, and an explanation as to how it hinders the party's performance, as soon as reasonably possible, as determined in the City's discretion, after the occurrence of the Force Majeure Event. The form of notice required by this section shall be the same as section 12(d) above. Third Party Beneficiaries. There are no third -party beneficiaries to this Agreement. j. Counterparts. This Agreement may be executed in multiple counterparts by a duly authorized representative of each party. k. Survival. All terms which by their nature survive termination shall survive termination or expiration of the Agreement including, but not limited to, Sections 3(c), 3(f) — (h), 5(a), 5(c), 7, 9 —12. I. Riqht to Audit. EMSIMC agrees that the Client shall, until the expiration of three (3) years after final payment under this Agreement, have access to and the right to examine at reasonable times any directly pertinent books, documents, papers and records of the EMSIMC involving transactions relating to this Agreement at no additional cost to the Client. EMSIMC agrees that the Client shall have access during normal working hours to all necessary EMSIMC facilities and shall be provided adequate and appropriate work space in order to conduct audits in compliance with the provisions of this section. The Client shall give EMSIMC not less than 10 days written notice of any intended audits. m. Prohibition on Bovcottinq Enerqv Companies. EMSIMC acknowledges that in accordance with Chapter 2276 of the Texas Government Code, the Client is prohibited from entering into a contract for goods or services that has a value of $100,000 or more that is to be paid wholly or partly from public funds of the Client with a company with 10 or more full-time employees unless the contract contains a written verification from the company that it: (1) does not boycott energy companies; and (2) will not boycott energy companies during the term of the contract. The terms "boycott energy company" and "company" have the meaning ascribed to those terms by Chapter 2276 of the Texas Government Code. To the extent that Chapter 2276 of the Government Code is applicable to this Agreement, by signing this Agreement, EMSIMC certifies that Contractor's signature provides written verification to the Client that Contractor: (1) does not boycott 31822782v9 energy companies; and (2) will not boycott energy companies during the term of this Agreement. n. Prohibition on Discrimination Against Firearm and Ammunition Industries. EMSIMC acknowledges that except as otherwise provided by Chapter 2274 of the Texas Government Code, the Client is prohibited from entering into a contract for goods or services that has a value of $100,000 or more that is to be paid wholly or partly from public funds of the Client with a company with 10 or more full-time employees unless the contract contains a written verification from the company that it: (1) does not have a practice, policy, guidance, or directive that discriminates against a firearm entity or firearm trade association; and (2) will not discriminate during the term of the contract against a firearm entity or firearm trade association. The terms "discriminate," "firearm entity" and "firearm trade association" have the meaning ascribed to those terms by Chapter 2274 of the Texas Government Code. To the extent that Chapter 2274 of the Government Code is applicable to this Agreement, by signing this Agreement, EMSIMC certifies that Contractor's signature provides written verification to the Client that Contractor: (1) does not have a practice, policy, guidance, or directive that discriminates against a firearm entity or firearm trade association; and (2) will not discriminate against a firearm entity or firearm trade association during the term of this Agreement. o. No Bovcott of Israel. If EMSIMC has fewer than 10 employees or the Agreement is for less than $100,000, this section does not apply. EMSIMC acknowledges that in accordance with Chapter 2271 of the Texas Government Code, Client is prohibited from entering into a contract with a company for goods or services unless the contract contains a written verification from the company that it: (1) does not boycott Israel; and (2) will not boycott Israel during the term of the contract. The terms "boycott Israel" and "company" shall have the meanings ascribed to those terms in Section 2271 of the Texas Government Code. By signing this Addendum, EMSIMC certifies that EMSIMC's signature provides written verification to Client that EMSIMC: (1) does not boycott Israel; and (2) will not boycott Israel during the term of the Agreement. p. Data Breach. EMSIMC further agrees that it will monitor and test its data safeguards from time to time, and further agrees to adjust its data safeguards from time to time in light of relevant circumstances or the results of any relevant testing or monitoring. If EMSIMC suspects or becomes aware of any unauthorized access to any financial or personal identifiable information ("Personal Data") by any unauthorized person or third party, or becomes aware of any other security breach relating to Personal Data held or stored by EMSIMC under the Agreement or in connection with the performance of any services performed under the 19 31822782v9 Agreement or any Statement(s) of Work ("Data Breach"), EMSIMC shall as soon as practicable but in no event later than 3 business days notify Client in writing and shall fully cooperate with Client at EMSIMC's expense to prevent or stop such Data Breach. In the event of such Data Breach, EMSIMC shall fully comply with applicable laws, and shall take the appropriate steps to remedy such Data Breach. EMSIMC will defend, indemnify and hold Client, its Affiliates, and their respective officers, directors, employees and agents, harmless from and against any and all claims, suits, causes of action, liability, loss, costs and damages, including reasonable attorney fees, arising out of or relating to any third party claim arising from breach by EMSIMC of its obligations contained in this Section, except to the extent resulting from the acts or omissions of Client. All Personal Data to which EMSIMC has access under the Agreement, as between EMSIMC and Client, will remain the property of Client. Client hereby consents to the use, processing and/or disclosure of Personal Data only for the purposes described herein and to the extent such use or processing is necessary for EMSIMC to carry out its duties and responsibilities under the Agreement, any applicable Statement(s) of Work, or as required by law. EMSIMC will not transfer Personal Data to third parties other than through its underlying network provider to perform its obligations under the Agreement, unless authorized in writing by Client. EMSJMC's obligation to defend, hold harmless and indemnify Client shall remain in full effect if the Data Breach is the result of the actions of a third party. All Personal Data delivered to EMSIMC shall be stored in the United States or other jurisdictions approved by Client in writing and shall not be transferred to any other countries or jurisdictions without the prior written consent of Client. q. Review of Counsel. The parties acknowledge that each party and its counsel have reviewed this Agreement and that the normal rules of construction to the effect that any ambiguities are to be resolved against the drafting party shall not be employed in the interpretation of this Agreement or exhibits hereto. r. Electronic Sianatures. This Agreement may be executed by electronic signature, which will be considered as an original signature for all purposes and have the same force and effect as an original signature. For these purposes, "electronic signature" means electronically scanned and transmitted versions (e.g. via pdf file or facsimile transmission) of an original signature, or signatures electronically inserted via software such as Adobe Sign. s. Insurance. 20 31822782v9 1.1. The EMSIMC shall carry the following insurance coverage with a company that is licensed to do business in Texas or otherwise approved by the Client: 1.1.1. Commercial General Liability: 1.1.1.1. Combined limit of not less than $2,000,000 per occurrence; $4,000,000 aggregate; or 1.1.1.2. Combined limit of not less than $1,000,000 per occurrence; $2,000,000 aggregate and Umbrella Coverage in the amount of $4,000,000. Umbrella policy shall contain a follow -form provision and shall include coverage for personal and advertising injury. 1.1.1.3. Defense costs shall be outside the limits of liability. 1.1.2. Statutory Workers' Compensation and Employers' Liability Insurance requirements per the amount required by statute. 1.1.3. Technology Liability (Errors & Omissions) 1.1.3.1. Combined limit of not less than $2,000,000 per occurrence; $4million aggregate or 1.1.3.2. Combined limit of not less than $1,000,000 per occurrence; $2,000,000 aggregate and Umbrella Coverage in the amount of $4,000,000. Umbrella policy shall contain a follow -form provision and shall include coverage for personal and advertising injury. The umbrella policy shall cover amounts for any claims not covered by the primary Technology Liability policy. Defense costs shall be outside the limits of liability. 1.1.3.3. Coverage shall include, but not be limited to, the following: 1.1.3.3.1. Failure to prevent unauthorized access; 1.1.3.3.2. Unauthorized disclosure of information; 1.1.3.3.3. Implantation of malicious code or computer virus; 1.1.3.3.4. Fraud, Dishonest or Intentional Acts with final adjudication language; 1.1.3.3.5. Intellectual Property Infringement coverage, specifically including coverage for intellectual property infringement claims and for indemnification and legal defense of any claims of intellectual property infringement, including infringement of patent, copyright, trade mark or trade secret, brought against the Client for use of Deliverables, Software or Services provided by EMSIMC 21 31822782v9 under this Agreement; 1.1.3.3.6. Technology coverage may be provided through an endorsement to the Commercial General Liability (CGL) policy, a separate policy specific to Technology E&O, or an umbrella policy that picks up coverage after primary coverage is exhausted. Either is acceptable if coverage meets all other requirements. Technology coverage shall be written to indicate that legal costs and fees are considered outside of the policy limits and shall not erode limits of liability. Any deductible will be the sole responsibility of the EMSIMC and may not exceed $50,000 without the written approval of the Client. Coverage shall be claims -made, with a retroactive or prior acts date that is on or before the effective date of this Agreement. Coverage shall be maintained for the duration of the contractual agreement and for two (2) years following completion of services provided. An annual certificate of insurance, or a full copy of the policy if requested, shall be submitted to the Client to evidence coverage; and 1.1.3.3.7. Any other insurance as reasonably requested by Client. 1.2. General Insurance Requirements: 1.2.1. All applicable policies shall name the Client as an additional insured thereon, as its interests may appear. The term Client shall include its employees, officers, officials, agents, and volunteers in respect to the contracted services. Coverage shall be provided on a primary non-contributory basis with any other insurance and self- insurance. 1.2.2. The workers' compensation policy shall include a Waiver of Subrogation (Right of Recovery) in favor of the Client. 1.2.3. A minimum of Thirty (30) days' notice of cancellation or reduction in limits of coverage shall be provided to the Client. Ten (10) days' notice shall be acceptable in the event of non-payment of premium. Notice shall be sent to the Risk Manager, City of Fort Worth, 1000 Throckmorton, Fort Worth, Texas 76102, with copies to the City Attorney at the same address. 1.2.4. The insurers for all policies must be licensed and/or approved to do business in the State of Texas. All insurers must have a minimum rating of A- VII in the current A.M. Best Key Rating Guide, or have reasonably equivalent financial strength and solvency to the satisfaction of Risk Management. If the rating is below that required, written approval of Risk Management is required. 1.2.5. Any failure on the part of the Client to request required insurance documentation shall not constitute a waiver of the insurance requirement. 1.2.6. Certificates of Insurance evidencing that the EMSIMC has obtained all required insurance shall be delivered to and approved by the Client's Risk Management Division prior to execution of this Agreement. 22 31822782v9 23 3, 8val820 IN WITNESS WHEREOF, the undersigned have caused this Agreement to be duly executed on the later of the dates set forth below. Each person whose signature appears hereon represents, warrants and guarantees that he/she has been duly authorized and has full authority to execute this Agreement on behalf of the party on whose behalf this Agreement is executed. ACCEPTED AND AGREED: CITY OF FORT WORTH: CONTRACT COMPLIANCE MANAGER: By signing I acknowledge that I the person responsible for the monitoring and administration of By: this contract, including ensuring all performance and Name: Jesus "Jay" Chapa reporting requirements. Title: City Manager Date: By: Anthony Rousseau(Jun 5, 202512:52CDT) Naive: Anthony "Tony" Rousseau APPROVAL RECOMMENDED: Title: FMS, Deputy Director APPROVED AS TO FORM AND LEGALITY: By: RegitlA— nal(Jun 5, 202513:08 CDT) Name: Reginald Zeno Title: FMS, Director By: Name: Taylor Paris ATTEST: FO 4F Rro�°a Title: Assistant City Attorney Cog °r-1P CONTRACT AUTHORIZATION: /j dIl QEXPsa'O4 M&C: By: 1295: Name: Jannette S. Goodall Title: City Secretary VENDOR: By. — Name: George Abatjoglou Title: President Date: 06/05/2025 24 OFFICIAL RECORD 31822782v9 CITY SECRETARY FT. WORTH, TX Exhibit A Exhibit P Patient Demographics Provided by Client 1. Projected annual billable trip volume: 2. Payor mix: Medicare — Medicare HMO - Medicaid — Medicaid HMO - Insurance (including auto and comp, etc.) — Self -Pay — Treat No Transport — Jail Transports (billed to JPS if no private insurance) - 3. Run mix: ALS-E — BL-E — ALS-II SCT- ET- III MIH Dead On Scene 4. Loaded mileage: 25 31822782v9 Exhibit B Business Associate Addendum This Business Associate Addendum (the "Addendum") is made effective the 1 st day of July, 2025, by and between City of Fort Worth, TX, hereinafter referred to as "Covered Entity," and EMS Management & Consultants, Inc., hereinafter referred to as "Business Associate" (individually, a "Party" and collectively, the "Parties"). WITNESSETH: WHEREAS, the Parties wish to enter into a Business Associate Addendum to ensure compliance with the Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA Privacy and Security Rules") (45 C.F.R. Parts 160 and 164); and WHEREAS, the Health Information Technology for Economic and Clinical Health ("HITECH") Act of the American Recovery and Reinvestment Act of 2009, Pub. L. 111-5, modified the HIPAA Privacy and Security Rules (hereinafter, all references to the "HIPAA Privacy and Security Rules" include all amendments thereto set forth in the HITECH Act and any accompanying regulations); and WHEREAS, the Parties have entered into a Billing Services Agreement (the "Agreement") whereby Business Associate will provide certain services to Covered Entity and, pursuant to such Agreement, Business Associate may be considered a "business associate" of Covered Entity as defined in the HIPAA Privacy and Security Rules; and WHEREAS, Business Associate may have access to Protected Health Information or Electronic Protected Health Information (as defined below) in fulfilling its responsibilities under the Agreement; and WHEREAS, Covered Entity wishes to comply with the HIPAA Privacy and Security Rules, and Business Associate wishes to honor its obligations as a Business Associate to Covered Entity. THEREFORE, in consideration of the Parties' continuing obligations under the Agreement, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties agree to the provisions of this Addendum. DEFINITIONS Except as otherwise defined herein, any and all capitalized terms in this Addendum shall have the definitions set forth in the HIPAA Privacy and Security Rules. In the event of an inconsistency between the provisions of this Addendum and mandatory provisions of the HIPAA Privacy and Security Rules, as amended, the HIPAA Privacy and Security Rules in effect at the time shall control. Where provisions of this Addendum are different than those mandated by the HIPAA 26 31822782v9 Privacy and Security Rules, but are nonetheless permitted by the HIPAA Privacy and Security Rules, the provisions of this Addendum shall control. The term "Breach" means the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information. The term "Breach" does not include: (1) any unintentional acquisition, access, or use of protected health information by any employee or individual acting under the authority of a covered entity or business associate if (a) such acquisition, access, or use was made in good faith and within the course and scope of the employment or other professional relationship of such employee or individual, respectively, with the covered entity or business associate, and (b) such information is not further acquired, accessed, used, or disclosed by any person; or (2) any inadvertent disclosure from an individual who is otherwise authorized to access protected health information at a facility operated by a covered entity or business associate to another similarly situated individual at same facility; and (3) any such information received as a result of such disclosure is not further acquired, accessed, used, or disclosed without authorization by any person. The term "Electronic Health Record" means an electronic record of health -related information on an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff. The term "HIPAA Privacy and Security Rules" refers to 45 C.F.R. Parts 160 and 164 as currently in effect or hereafter amended. The term "Protected Health Information" means individually identifiable health information as defined in 45 C.F.R § 160.103, limited to the information Business Associate receives from, or creates, maintains, transmits, or receives on behalf of, Covered Entity. The term "Electronic Protected Health Information" means Protected Health Information which is transmitted by or maintained in Electronic Media (as now or hereafter defined in the HIPAA Privacy and Security Rules). The term "Secretary" means the Secretary of the Department of Health and Human Services. The term "Unsecured Protected Health Information" means Protected Health Information that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary in guidance published in the Federal Register at 74 Fed. Reg. 19006 on April 27, 2009 and in annual guidance published thereafter. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE a. Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Agreement or this Addendum, provided that such use or disclosure would not violate the HIPAA Privacy and Security Rules if done by Covered Entity. Until such time as the Secretary issues regulations pursuant to the HITECH Act specifying what constitutes "minimum necessary" for purposes of the HIPAA Privacy and Security Rules, Business Associate shall, to the extent practicable, disclose only Protected Health Information that is contained in a limited data set (as defined in Section 164.514(e)(2) of the HIPAA Privacy and Security Rules), unless the person or entity to whom Business Associate is making the disclosure requires certain direct identifiers in order to 27 31822782v9 accomplish the intended purpose of the disclosure, in which event Business Associate may disclose only the minimum necessary amount of Protected Health Information to accomplish the intended purpose of the disclosure. b. Business Associate may use Protected Health Information in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of Business Associate, provided that such uses are permitted under state and federal confidentiality laws. c. Business Associate may disclose Protected Health Information in its possession to third parties for the purposes of its proper management and administration or to fulfill any present or future legal responsibilities of Business Associate, provided that: 1. the disclosures are required by law; or 2. Business Associate obtains reasonable assurances from the third parties to whom the Protected Health Information is disclosed that the information will remain confidential and be used or further disclosed only as required by law or for the purpose for which it was disclosed to the third party, and that such third parties will notify Business Associate of any instances of which they are aware in which the confidentiality of the information has been breached. d. Until such time as the Secretary issues regulations pursuant to the HITECH Act specifying what constitutes "minimum necessary" for purposes of the HIPAA Privacy and Security Rules, Business Associate shall, to the extent practicable, access, use, and request only Protected Health Information that is contained in a limited data set (as defined in Section 164.514(e)(2) of the HIPAA Privacy and Security Rules), unless Business Associate requires certain direct identifiers in order to accomplish the intended purpose of the access, use, or request, in which event Business Associate may access, use, or request only the minimum necessary amount of Protected Health Information to accomplish the intended purpose of the access, use, or request. Covered Entity shall determine what quantum of information constitutes the "minimum necessary" amount for Business Associate to accomplish its intended purposes. e. Business Associate may use Protected Health Information to de -identify such information in accordance with 45 C.F.R. § 164.514(b) for Business Associate's own business purposes or in connection with the services provided pursuant to the Agreement or to provide Data Aggregation services to Customer as permitted by 45 C.F.R. 164.504(e)(2)(i)(b). Once the Protected Health Information has been de -identified or aggregated, it is no longer considered Protected Health Information governed by this Addendum. III. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE a. Business Associate acknowledges and agrees that all Protected Health Information that is created or received by Covered Entity and disclosed or made available in any form, including paper record, oral communication, audio recording, and electronic display by Covered Entity or its operating units to Business Associate or is created or received by Business Associate on Covered Entity's behalf shall be subject to this Addendum. b. Business Associate agrees to not use or further disclose Protected Health Information other than as permitted or required by the Agreement, this Addendum or as required by law. 31822782v9 c. Business Associate agrees to use appropriate safeguards to prevent use or disclosure of Protected Health Information other than as provided for by this Addendum. Specifically, Business Associate will: 1. implement the administrative, physical, and technical safeguards set forth in Sections 164.308, 164.310, and 164.312 of the HIPAA Privacy and Security Rules that reasonably and appropriately protect the confidentiality, integrity, and availability of any Protected Health Information that it creates, receives, maintains, or transmits on behalf of Covered Entity, and, in accordance with Section 164.316 of the HIPAA Privacy and Security Rules, implement and maintain reasonable and appropriate policies and procedures to enable it to comply with the requirements outlined in Sections 164.308, 164.310, and 164.312; and 2. report to Covered Entity any use or disclosure of Protected Health Information not provided for by this Addendum of which Business Associate becomes aware. Business Associate shall report to Covered Entity any Security Incident of which it becomes aware. Notice is deemed to have been given for unsuccessful Security Incidents, such as (i) "pings" on an information system firewall; (ii) port scans; (iii) attempts to log on to an information system or enter a database with an invalid password or user name; (iv) denial -of -service attacks that do not result in a server being taken offline; or (v) malware (e.g., a worms or a virus) that does not result in unauthorized access, use, disclosure, modification or destruction of Protected Health Information. d. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply through this Addendum to Business Associate with respect to such information. e. Business Associate agrees to comply with any requests for restrictions on certain disclosures of Protected Health Information to which Covered Entity has agreed in accordance with Section 164.522 of the HIPAA Privacy and Security Rules and of which Business Associate has been notified by Covered Entity. In addition, and notwithstanding the provisions of Section 164,522 (a)(1)(ii), Business Associate agrees to comply with an individual's request to restrict disclosure of Protected Health Information to a health plan for purposes of carrying out payment or health care operations if the Protected Health Information pertains solely to a health care item or service for which Covered Entity has been paid by in full by the individual or the individual's representative. f. At the request of the Covered Entity and in a reasonable time and manner, not to extend ten (10) business days, Business Associate agrees to make available Protected Health Information required for Covered Entity to respond to an individual's request for access to his or her Protected Health Information in accordance with Section 164.524 of the HIPAA Privacy and Security Rules. If Business Associate maintains Protected Health Information electronically, it agrees to make such Protected Health Information available electronically to the applicable individual or to a person or entity specifically designated by such individual, upon such individual's request. g. At the request of Covered Entity and in a reasonable time and manner, Business Associate agrees to make available Protected Health Information required for amendment by Covered Entity in accordance with the requirements of Section 164.526 of the HIPAA Privacy and Security Rules. 29 31822782v9 h. Business Associate agrees to document any disclosures of and make Protected Health Information available for purposes of accounting of disclosures, as required by Section 164.528 of the HIPAA Privacy and Security Rules. i. Business Associate agrees that it will make its internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity, available to the Secretary for the purpose of determining Covered Entity's compliance with the HIPAA Privacy and Security Rules, in a time and manner designated by the Secretary, subject to attorney -client and other applicable privileges. j. Business Associate agrees that, while present at any Covered Entity facility and/or when accessing Covered Entity's computer network(s), it and all of its employees, agents, representatives and subcontractors will at all times comply with any network access and other security practices, procedures and/or policies established by Covered Entity including, without limitation, those established pursuant to the HIPAA Privacy and Security Rules. k. Business Associate agrees that it will not directly or indirectly receive remuneration in exchange for any Protected Health Information of an individual without the written authorization of the individual or the individual's representative, except where the purpose of the exchange is: for public health activities as described in Section 164.512(b) of the Privacy and Security Rules; 2. for research as described in Sections 164.501 and 164.512(i) of the Privacy and Security Rules, and the price charged reflects the costs of preparation and transmittal of the data for such purpose; 3. for treatment of the individual, subject to any further regulation promulgated by the Secretary to prevent inappropriate access, use, or disclosure of Protected Health Information; 4. for the sale, transfer, merger, or consolidation of all or part of Business Associate and due diligence related to that activity; 5. for an activity that Business Associate undertakes on behalf of and at the specific request of Covered Entity; 6. to provide an individual with a copy of the individual's Protected Health Information pursuant to Section 164.524 of the Privacy and Security Rules; or 7. other exchanges that the Secretary determines in regulations to be similarly necessary and appropriate as those described in this Section Ill.k. I. Business Associate agrees that it will not directly or indirectly receive remuneration for any written communication that encourages an individual to purchase or use a product or service without first obtaining the written authorization of the individual or the individual's representative, unless: 1. such payment is for a communication regarding a drug or biologic currently prescribed for the individual and is reasonable in amount (as defined by the Secretary); or 30 31822782v9 2. the communication is made on behalf of Covered Entity and is consistent with the terms of this Addendum. m. Business Associate agrees that if it uses or discloses patients' Protected Health Information for marketing purposes, it will obtain such patients' authorization before making any such use or disclosure. n. Business Associate agrees to implement a reasonable system for discovery of breaches and method of risk analysis of breaches to meet the requirements of HIPAA, The HITECH Act, and the HIPAA Regulations, and shall be solely responsible for the methodology, policies, and procedures implemented by Business Associate. o. State Privacy Laws. Business Associate shall understand and comply with state privacy laws to the extent that state privacy laws are not preempted by HIPAA or The HITECH Act. IV. BUSINESS ASSOCIATE'S MITIGATION AND BREACH NOTIFICATION OBLIGATIONS a. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Addendum. b. Following the discovery of a Breach of Unsecured Protected Health Information, Business Associate shall notify Covered Entity of such Breach without unreasonable delay and in no case later than three (3) calendar days after discovery of the Breach. A Breach shall be treated as discovered by Business Associate as of the first day on which such Breach is known to Business Associate or, through the exercise of reasonable diligence, would have been known to Business Associate. c. Notwithstanding the provisions of Section IV.b., above, if a law enforcement official states to Business Associate that notification of a Breach would impede a criminal investigation or cause damage to national security, then: 1. if the statement is in writing and specifies the time for which a delay is required, Business Associate shall delay such notification for the time period specified by the official; or 2. if the statement is made orally, Business Associate shall document the statement, including the identity of the official making it, and delay such notification for no longer than thirty (30) days from the date of the oral statement unless the official submits a written statement during that time. Following the period of time specified by the official, Business Associate shall promptly deliver a copy of the official's statement to Covered Entity. d. The Breach notification provided shall include, to the extent possible: 1. the identification of each individual whose Unsecured Protected Health Information has been, or is reasonably believed by Business Associate to have been, accessed, acquired, used, or disclosed during the Breach; 31 31822782v9 2. a brief description of what happened, including the date of the Breach and the date of discovery of the Breach, if known; 3. a description of the types of Unsecured Protected Health Information that were involved in the Breach, if known (such as whether full name, social security number, date of birth, home address, account number, diagnosis, disability code, or other types of information were involved); 4. any steps individuals should take to protect themselves from potential harm resulting from the Breach; and 5. a brief description of what Business Associate is doing to investigate the Breach, to mitigate harm to individuals, and to protect against any further Breaches. e. Business Associate shall provide the information specified in Section IVA., above, to Covered Entity at the time of the Breach notification if possible or promptly thereafter as information becomes available. Business Associate shall not delay notification to Covered Entity that a Breach has occurred in order to collect the information described in Section IVA. and shall provide such information to Covered Entity even if the information becomes available after the three (3)-day period provided for initial Breach notification. V. OBLIGATIONS OF COVERED ENTITY a. Upon request of Business Associate, Covered Entity shall provide Business Associate with the notice of privacy practices that Covered Entity produces in accordance with Section 164.520 of the HIPAA Privacy and Security Rules. b. Covered Entity shall provide Business Associate with any changes in, or revocation of, permission by an individual to use or disclose Protected Health Information, if such changes affect Business Associate's permitted or required uses and disclosures. c. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of Protected Health Information to which Covered Entity has agreed in accordance with Section 164.522 of the HIPAA Privacy and Security Rules, and Covered Entity shall inform Business Associate of the termination of any such restriction, and the effect that such termination shall have, if any, upon Business Associate's use and disclosure of such Protected Health Information. VI. TERM AND TERMINATION a. Term. The Term of this Addendum shall be effective as of the date first written above, and shall terminate upon the later of the following events: (i) in accordance with Section Vll.c., when all of the Protected Health Information provided by Covered Entity to Business Associate or created or received by Business Associate on behalf of Covered Entity is destroyed or returned to Covered Entity or, if such return or destruction is infeasible, when protections are extended to such information; or (ii) upon the expiration or termination of the Agreement. b. Termination for Cause. Upon Covered Entity's knowledge of a material breach of this Addendum by Business Associate and Business Associate's failure to cure such breach within thirty (30) days of receiving notice of same from Covered Entity, Covered Entity shall have the right to terminate this Addendum and the Agreement. 32 31822782v9 c. Effect of Termination. 1. Except as provided in paragraph 2. of this subsection, upon termination of this Addendum, the Agreement or upon request of Covered Entity, whichever occurs first, Business Associate shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Neither Business Associate nor its subcontractors or agents shall retain copies of the Protected Health Information. 2. In the event that Business Associate determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible and shall extend the protections of this Addendum to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information. VII. MISCELLANEOUS a. No Rights in Third Parties. Except as expressly stated herein, the Parties to this Addendum do not intend to create any rights in any third parties. b. Survival. The obligations of Business Associate under Section VI I(c) of this Addendum shall survive the expiration, termination, or cancellation of this Addendum, the Agreement, and/or the business relationship of the parties, and shall continue to bind Business Associate, its agents, employees, contractors, successors, and assigns as set forth herein. c. Amendment. This Addendum may be amended or modified only in a writing signed by the Parties. The Parties agree that they will negotiate amendments to this Addendum to conform to any changes in the HIPAA Privacy and Security Rules as are necessary for Covered Entity to comply with the current requirements of the HIPAA Privacy and Security Rules. In addition, in the event that either Party believes in good faith that any provision of this Addendum fails to comply with the then -current requirements of the HIPAA Privacy and Security Rules or any other applicable legislation, then such Party shall notify the other Party of its belief in writing. For a period of up to thirty (30) days, the Parties shall address in good faith such concern and amend the terms of this Addendum, if necessary to bring it into compliance. If, after such thirty (30)-day period, the Addendum fails to comply with the HIPAA Privacy and Security Rules or any other applicable legislation, then either Party has the right to terminate this Addendum and the Agreement upon written notice to the other party. d. Independent Contractor. None of the provisions of this Addendum are intended to create, nor will they be deemed to create, any relationship between the Parties other than that of independent parties contracting with each other solely for the purposes of effecting the provisions of this Addendum and any other agreements between the Parties evidencing their business relationship. e. Interpretation. Any ambiguity in this Addendum shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Privacy and Security Rules. 33 31822782v9 f. Certain Provisions Not Effective in Certain Circumstances. The provisions of this Addendum relating to the HIPAA Security Rule shall not apply to Business Associate if Business Associate does not receive any Electronic Protected Health Information from or on behalf of Covered Entity. g. Ownership of Information. Covered Entity holds all right, title, and interest in and to the PHI and Business Associate does not hold and will not acquire by virtue of this Addendum or by virtue of providing goods or services to Covered Entity, any right, title, or interest in or to the PHI or any portion thereof. h. Entire Agreement. This Addendum is incorporated into, modifies and amends the Agreement, inclusive of all other prior amendments or modifications to such Agreement. The terms and provisions of this Addendum shall control only to the extent necessary to ensure compliance with HIPAA and HITECH. Otherwise, the terms and provisions of the Agreement shall remain in full force and effect and apply to this Addendum, including all indemnity obligations. 34 31822782v9 IN WITNESS WHEREOF, the Parties have executed this Addendum as of the day and year written above. Each person whose signature appears hereon represents, warrants and guarantees that he/she has been duly authorized and has full authority to execute this Agreement on behalf of the party on whose behalf this Agreement is executed. Business Associate: EMS Management & Consultants, Inc By: �/— Print: George Abatjoglou Title: President Date: 06/05/2025 35 31822782v9 Covered Entity: City of Fort Worth, TX By. f�dhoiiti kvOgf ea o An Print: Anthony Rousseau Title: Date: